A presentation by:
Rong Gu
Cincy Francis
Amitkumar Dhameja
CS575 - Software Design

SDI: A Violation of Professional
Responsibility
Contents:
1.
SDI – An Overview
2.
Parnas & SDI
3.
4.
5.
6.
The Role of Computers
The Decision to Act
Some Critical Issues
Broader Questions
7.
8.
9.
Parnas’ Advice
Questions
Our Opinion
CS575 - Software Design

SDI - An Overview
Strategic Defense Initiative:

A U.S. government program responsible for research and development of a space-based system to defend the nation from attack by strategic ballistic missiles

Popularly referred to as “Star Wars”

Announced by President Ronald Reagan in a speech in
March of 1983
CS575 - Software Design

SDI - An Overview
Strategic Defense Initiative:

Administered by the Strategic Defense Initiative
Organization (renamed Ballistic Missile Defense
Organization, 1993)

Under Department of Defense, assisted by NASA
CS575 - Software Design

SDI - An Overview
SDI Aims:

To develop a network of satellites carrying sensors, weapons and computers

To detect ICBMs and intercept them in mid-air

To free us from the fear of nuclear weapons, and make nuclear strategic missiles impotent and obsolete
CS575 - Software Design

SDI - An Overview
“Some say it will bring war to the heavens. But its purpose is to deter war in the heavens and on earth. Now some say the research would be expensive. Perhaps, but it could save millions of lives, indeed, humanity itself.”
- President Ronald Reagan
CS575 - Software Design

SDI – A Software Classification
Four Classes of Usage
1.
2.
Man-rated: Software so important and critical that lives may depend on it. Examples: SDI, ATC,
Medical device software
Enterprise-rated: Software critical to the uninterrupted operation of an enterprise.
Examples: ATMs, Web-commerce software.
CS575 - Software Design

SDI – A Software Classification
Four Classes of Usage
3.
4.
Good-enough: Business software not critical but maybe used frequently. Examples: Personal productivity applications, much client & single user software
Don’t-care: Non-critical, business or personal entertainment software. Examples: Games, seldom used utilities
CS575 - Software Design

Parnas & SDI
Parnas’ Involvement in SDI :

Approached by the SDIO in May of 1985

$1000/day SDIO Panel on Computing in
Support of Battle Management

Resigned 2 months later
CS575 - Software Design

Parnas & SDI
Professional Responsibility:
A professional

Is responsible for his own actions and cannot rely on any external authority to make his decisions for him

Cannot ignore ethical and moral issues

Must make sure that he is solving the real problem, not simply providing short-term satisfaction to his supervisor

Shouldn’t hesitate to “blow the whistle”
CS575 - Software Design

Parnas & SDI
Parnas’ Early Doubts:

Whether any such system could meet the requirements


Possible conflict of interests
Whether such a system would be trustworthy

Would it be useful to build a system we did not trust
CS575 - Software Design

Parnas & SDI
Why trustworthiness is essential:
If the system is not trustworthy

US will not abandon deterrence and nuclear missiles

Seeing both a “shield” and missiles, USSR would feel impelled to improve its offensive forces

US not trusting its defense, would join in, in the arms race

Result – a more dangerous world, instead of a safer one
CS575 - Software Design

The Role of Computers
Computers must:

Process and analyze vast amounts of data produced by the sensors

Detect missile firings, determine source, compute trajectories

Discriminate between warheads and decoys

Aim and fire the weapons
Software is the glue that holds the system together, if software is not trustworthy, the system isn’t either!
CS575 - Software Design

The Role of Computers
Limits of Software Technology:

Lack of validation methods mean we cannot expect a real program to work properly the first time it’s used

Tests/simulations fail to uncover all serious problems

Reliability & trustworthiness – only through extensive use.
CS575 - Software Design

Why Software for
SDI is Difficult

Based on assumptions about target and decoy characteristics controlled by attacker

Espionage could render it worthless, so could overloading

Dependence on communicating computers in satellites makes it vulnerable
CS575 - Software Design

Why Software for
SDI is Difficult

A satellite will require data from other satellites to assist in tracking, discrimination & countering noise

Realistic testing of hardware & software through “practice” nuclear wars impossible

MUST WORK THE FIRST TIME
CS575 - Software Design

The Decision to Act

Research money would advance the state of computer science!

The money was going to be spent anyway and Parnas should help to see it well spent!

There could be 100,000 errors in the software and it would still work properly!
CS575 - Software Design

The Decision to Act

There was no fundamental law of computer science that said the problem could not be solved!

Parnas – and other SDI critics – are demanding perfection!
CS575 - Software Design

The Decision to Act
Parnas Resigns…

Found no scientist who disagreed with his conclusions

Every reply argued with statements other than those Parnas had published

“Taking money allocated for a shield against nuclear missiles, while knowing that such a shield was impossible, seemed like fraud to me” – Parnas
CS575 - Software Design

Some Critical Issues
The “90%” Distraction

3 layers, each 90% effective – overall leakage is less than 1% as effectiveness multiplies
Parnas reveals


90% figure picked for illustration

Assumes performance of each layer is independent of others
Percentage???
CS575 - Software Design

Some Critical Issues

Phase I architectures – excessively tight coordination between “battle stations”

Software difficulties could be overcome with loose coordination

New Phase I studies be started
CS575 - Software Design

Critical Issues

Loose coordination???

Loose coordination – reduced communication between stations

Later sections discuss need for extensive communication – Inconsistency
CS575 - Software Design

Critical Issues

Battle stations do not need data from other satellites to perform their functions
 False!!!

Data from other satellites is essential for accurate tracking and discrimination between warheads & decoys
CS575 - Software Design

Critical Issues

An simple battle station is a small software project that will not run into software difficulties described before
 False!!!

Each battle station is unlikely to work, impossible to test, impossible to trust
CS575 - Software Design

Critical Issues

The only interaction between the stations is by explicit communication
 False!!!

Communication through weapons, sensors and through shared targets. Weapons, destruction of targets creates noise.
CS575 - Software Design

Critical Issues
Eastport Group’s Unstated Assumptions

A collection of communicating systems differs in fundamental ways from a single system
 False!!!

A collection of communication programs is mathematically equivalent to a single program. In practice, distribution makes the problem harder, not easier
CS575 - Software Design

Some Critical Issues
1985 CPSR-MIT Debate:
David Parnas,
Joseph Weinazenbaum
(Against SDI) v.s.
Charles Seitz,
Danny Cohen
(In favor of SDI)
CS575 - Software Design

Some Critical Issues
Parnas’ arguments:

Specifications cannot be known in advance


Realistic testing is essentially impossible
Hard real-time deadlines do not allow repair during use

No foreseeable advance in software tech changes this

Therefore – It is not possible to construct SDI software that you could trust to work
CS575 - Software Design

Some Critical Issues
Steitz’s arguments:

The current objective of SDI is to conduct the vigorous research necessary to build a defense system

Such a system can be written using conventional software techniques coupled with radical hardware architecture

This will greatly aid in the testing, simulation and modification of SDI
CS575 - Software Design

Some Data on SDI
TOP 10 SDI contractors 1983-1986:($Thousand)
800,000
700,000
600,000
500,000
400,000
300,000
200,000
100,000
0
720,961
612,698
375,433
Lockheed* General
Motors
DOE
Lawrence
Livermore
Nat'l Lab*
373,697
Boeing
373,117
TRW
360,300
Company
338,224
327,542
285,588
EG&G* McDonnell
Douglas
MIT Lincoln
Lab
DOE Los
Alamos Nat'l
Lab*
260,797
General
Electric
Source : Council on Economic Priorities 1987 CS575 - Software Design

Some Data on SDI
Distribution of requested SDI funding in major research areas in
FY1985:($ Million)
Survivability, lethality & key support technology Systems concepts & battle
8%
Management
HQ, SDI
1% management
7%
Kinetic energy weapons
19%
Surveillance, acquisition, tracking & kill assessment
40%
Directedenergy weapons
25%
Total: $ 1357.299
Source: Waller et al. 1986: 15
CS575 - Software Design

Broader Questions

Is SDIO sponsored work of good quality?

Phase I studies – Eastport vs. SDIO contractors/evaluators

Big promises, low quality

Bypasses scientific review processes, no real scientific contribution
CS575 - Software Design

Broader Questions

Do those who take SDIO funds really disagree with Parnas?

Remember the reasons Parnas got in support of
SDI?

The blind led by those with their eyes shut

Often people indulge in unprofessional behavior just to not displease the customer
CS575 - Software Design

Broader Questions

The role of academic institutions

Institutional pressures in favor of accepting research funds from any source

A researcher judged on his ability to attract funds

DoD is a major administrator of research funds – consequently many institutions are working on SDIO
CS575 - Software Design

Broader Questions

Should we pursue SDI for other reasons?
Parnas says

“Good research stands on its own merits; poor research must masquerade as something else”

“Over funded research is like heroin, it leads to addiction, weakens the mind, and leads to prostitution” – Prof. Janusz Makowski
CS575 - Software Design

Parnas’ Advices


Considering effectiveness of project

Prioritizing legitimate defense interests of the country
Emphasizing individual responsibility
CS575 - Software Design

Our Opinion
Is SDI really impossible???


As our technologies evolve the system becomes more realistic
Present systems show some signs of success

Reliability/trustworthiness can be achieved through testing

Testing can be done via computer simulations (e.g. Nuclear Tests are no longer necessary)

Changes in hardware (Sensors, weapon delivery systems, etc.) can compensate for no advances in Software technology

Better algorithms should be developed to counter noise, detect decoys, etc.

“SDI is the way to go” – Amit, Cincy, Rong
CS575 - Software Design

Questions
CS575 - Software Design