Minutes 03 Apr 2025

Host: Paul Albertella

Participants: Leonardo Rosesetti, Florian Wuehr, Igor Stoppa, Daniel Krippner, Gabriele Paoloni, Pete Brink

Agenda

Updates on documents
Building on the ‘Minimal use case’
RAFIA, STPA and TSF

No real updates on documents

Minimal use case

Igor: More formalised form of what we’ve been trying to describe

So a buildable example of a Linux ‘hello world’ for analysis
Objective evidence of some of the things we have been saying
- Intricate dependencies between subsystems
- This applies even to the the simplest program
- Local memory caches are used per-core

Benefits:

Clear test bed to illustrate the problem space
A way to counter claims that the problem can be simplified to ignore some of these ‘inconvenient truths’
A way to open the ‘black box’ and test our assumptions

Pete: Based on this, we could ask whether some of the complexity we are seeing is actually necessary - or could we create a configuration that omits (some of) it.

Igor: We don’t have to solve / remove it all, but we do need to be aware of it, or make it configurable where it is not

The kernel has mostly been developed with desktop or server performance in mind

Describing it comprehensively would give us an idea of what we need to deal with

Paul: Also we may want to make use of some of the performance features

Igor: First goal was to make it evident why some of those higher order solutions are not credible if the lower level aspects are not credible

Useful output would be a list of aspects that you need to take into account
Not claiming to be comprehensive, but a minimal set to be addressed
Not just a list, but a set of dependent aspects

Paul: An approach to describing these things is to use STPA

Adds the idea that not all problems make a system unsafe
Gab: Challenge we found when trying to apply STPA to kernel was that you needed a detailed specification of the functionality you are analysing
Igor: Perhaps we can take the outputs of the minimal use case analysis and apply STPA to it?

Next time:

Look at questions / responses for Pete’s list of review criteria

Minutes 03 Apr 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!