6 research outputs found
Generation of model-based safety arguments from automatically allocated safety integrity levels
To certify safety-critical systems, assurance arguments linking evidence of safety to appropriate requirements must be constructed. However, modern safety-critical systems feature increasing complexity and integration, which render manual approaches impractical to apply. This thesis addresses this problem by introducing a model-based method, with an exemplary application based on the aerospace domain.Previous work has partially addressed this problem for slightly different applications, including verification-based, COTS, product-line and process-based assurance. Each of the approaches is applicable to a specialised case and does not deliver a solution applicable to a generic system in a top-down process. This thesis argues that such a solution is feasible and can be achieved based on the automatic allocation of safety requirements onto a system’s architecture. This automatic allocation is a recent development which combines model-based safety analysis and optimisation techniques. The proposed approach emphasises the use of model-based safety analysis, such as HiP-HOPS, to maximise the benefits towards the system development lifecycle.The thesis investigates the background and earlier work regarding construction of safety arguments, safety requirements allocation and optimisation. A method for addressing the problem of optimal safety requirements allocation is first introduced, using the Tabu Search optimisation metaheuristic. The method delivers satisfactory results that are further exploited for construction of safety arguments. Using the produced requirements allocation, an instantiation algorithm is applied onto a generic safety argument pattern, which is compliant with standards, to automatically construct an argument establishing a claim that a system’s safety requirements have been met. This argument is hierarchically decomposed and shows how system and subsystem safety requirements are satisfied by architectures and analyses at low levels of decomposition. Evaluation on two abstract case studies demonstrates the feasibility and scalability of the method and indicates good performance of the algorithms proposed. Limitations and potential areas of further investigation are identified
Managing Epistemic Uncertainties in the Underlying Models of Safety Assessment for Safety-Critical Systems
When conducting safety assessment for safety-critical systems, epistemic uncertainty is an ever-present challenge when reasoning about the safety concerns and causal relationships related to hazards. Uncertainty around this causation thus needs to be managed well. Unfortunately, existing safety assessment tends to ignore unknown uncertainties, and stakeholders rarely track known uncertainties well through the system lifecycle.
In this thesis, an approach is described for managing epistemic uncertainties about the system and safety causal models that are applied in a safety assessment. First, the principles that define the requirements for the approach are introduced. Next, these principles are used to construct three distinct steps that constitute an approach to manage such uncertainties. These three steps involve identifying, documenting and tracking the uncertainties throughout the system lifecycle so as to enable intervention to address the uncertainties.
The approach is evaluated by integrating it with two existing safety assessment techniques, one using models from a system viewpoint and the other with models from a component viewpoint. This approach is also evaluated through peer reviews, semi-structured interviews with practitioners, and by review against requirements derived from the principles. Based on the evaluation results, it is plausible that our approach can provide a feasible and systematic way to manage epistemic uncertainties in safety assessment for safety-critical systems
MATrA: meta-modelling approach to traceability for avionics
PhD ThesisTraceability is the common term for mechanisms to record and navigate relationships between artifacts
produced by development and assessment processes. Effective management of these relationships is
critical to the success of projects involving the development of complex aerospace products.
Practitioners use a range of notations to model aerospace products (often as part of a defined technique
or methodology). Those appropriate to electrical and electronic systems (avionics) include Use Cases
for requirements, Ada for development and Fault Trees for assessment (others such as PERT networks
support product management). Most notations used within the industry have tool support, although a
lack of well-defined approaches to integration leads to inconsistencies and limits traceability between
their respective data sets (internal models).
Conceptually, the artifacts produced using such notations populate four traceability dimensions. Of
these, three record links between project artifacts (describing the same product), while the fourth relates
artifacts across different projects (and hence products), and across product families within the same
project.
The scope of this thesis is to define a meta-framework that characterises traceability dimensions for
aerospace projects, and then to propose a concrete framework capturing the syntax and semantics of
notations used in developing avionics for such projects which enables traceability across the four
dimensions. The concrete framework is achieved by exporting information from the internal models of
tools supporting these notations to an integrated environment consisting of. i) a Workspace comprising
a set of structures or meta-models (models describing models) expressed in a common modelling
language representing selected notations (including appropriate extensions reflecting the application
domain); ii) well-formedness constraints over these structures capturing properties of the notations (and
again, reflecting the domain); and iii) associations between the structures. To maintain consistency and
identify conflicts, elements of the structures are verified against a system model that defines common
building blocks underlying the various notations.
The approach is evaluated by (partial) tool implementation of the structures which are populated using
case study material derived from actual commercial specifications and industry standards
Managing the Evolution of Dependability Cases for Systems of Systems
. Dependability is a composite property consisting of attributes such as reliability,
availability, safety and security. The achievement of these attri~utes is often essential
for the operational success of systems undertaking critical and complex tasks.
.Assurance that the fmal system will demonstrate the required dependability qualities,
can be crucial to the acceptance of the system into service.
Safety cases are a well established c,oncept used to establish assurance about the safety
properties of a system. However, safety cases focus only on one attribute of
dependability. The principles and processes ofcreating an integrated dependability case
- that assures all aspects of dependable system behaviour - are less well understood. A
number of challenges are faced when attempting to support dependability case
development. These include the systematic elicitation of dependability goals, the
management and justification of trade-offs, and the evolution of multi-attribute
arguments in step with the design process.
This thesis addresses these challenges by defming a rigorous framework, accompanied
by a set of methods, for establishing dependability cases. Firstly, a method for eliciting
dependability requirements is defmed by extending existing safety deviational analysis
techniques. Secondly, a method for systematically identifying and managing justified
trade-offs is presented. Thirdly, the thesis describes the co-evolution of depen~bility .
case arguments alongside system development - using a dependability case architecture
that corresponds to system structures. Finally, the thesis unifies these contributions by
defming a metamodel that captures and interrelates the 'concepts underlying the
proposed methods. Evaluation of the work is presented by means of peer review, pilot
studies and industrial examples