Generation of model-based safety arguments from automatically allocated safety integrity levels

To certify safety-critical systems, assurance arguments linking evidence of safety to appropriate requirements must be constructed. However, modern safety-critical systems feature increasing complexity and integration, which render manual approaches impractical to apply. This thesis addresses this problem by introducing a model-based method, with an exemplary application based on the aerospace domain.Previous work has partially addressed this problem for slightly different applications, including verification-based, COTS, product-line and process-based assurance. Each of the approaches is applicable to a specialised case and does not deliver a solution applicable to a generic system in a top-down process. This thesis argues that such a solution is feasible and can be achieved based on the automatic allocation of safety requirements onto a system’s architecture. This automatic allocation is a recent development which combines model-based safety analysis and optimisation techniques. The proposed approach emphasises the use of model-based safety analysis, such as HiP-HOPS, to maximise the benefits towards the system development lifecycle.The thesis investigates the background and earlier work regarding construction of safety arguments, safety requirements allocation and optimisation. A method for addressing the problem of optimal safety requirements allocation is first introduced, using the Tabu Search optimisation metaheuristic. The method delivers satisfactory results that are further exploited for construction of safety arguments. Using the produced requirements allocation, an instantiation algorithm is applied onto a generic safety argument pattern, which is compliant with standards, to automatically construct an argument establishing a claim that a system’s safety requirements have been met. This argument is hierarchically decomposed and shows how system and subsystem safety requirements are satisfied by architectures and analyses at low levels of decomposition. Evaluation on two abstract case studies demonstrates the feasibility and scalability of the method and indicates good performance of the algorithms proposed. Limitations and potential areas of further investigation are identified

Managing Epistemic Uncertainties in the Underlying Models of Safety Assessment for Safety-Critical Systems

When conducting safety assessment for safety-critical systems, epistemic uncertainty is an ever-present challenge when reasoning about the safety concerns and causal relationships related to hazards. Uncertainty around this causation thus needs to be managed well. Unfortunately, existing safety assessment tends to ignore unknown uncertainties, and stakeholders rarely track known uncertainties well through the system lifecycle. In this thesis, an approach is described for managing epistemic uncertainties about the system and safety causal models that are applied in a safety assessment. First, the principles that define the requirements for the approach are introduced. Next, these principles are used to construct three distinct steps that constitute an approach to manage such uncertainties. These three steps involve identifying, documenting and tracking the uncertainties throughout the system lifecycle so as to enable intervention to address the uncertainties. The approach is evaluated by integrating it with two existing safety assessment techniques, one using models from a system viewpoint and the other with models from a component viewpoint. This approach is also evaluated through peer reviews, semi-structured interviews with practitioners, and by review against requirements derived from the principles. Based on the evaluation results, it is plausible that our approach can provide a feasible and systematic way to manage epistemic uncertainties in safety assessment for safety-critical systems

MATrA: meta-modelling approach to traceability for avionics

PhD ThesisTraceability is the common term for mechanisms to record and navigate relationships between artifacts produced by development and assessment processes. Effective management of these relationships is critical to the success of projects involving the development of complex aerospace products. Practitioners use a range of notations to model aerospace products (often as part of a defined technique or methodology). Those appropriate to electrical and electronic systems (avionics) include Use Cases for requirements, Ada for development and Fault Trees for assessment (others such as PERT networks support product management). Most notations used within the industry have tool support, although a lack of well-defined approaches to integration leads to inconsistencies and limits traceability between their respective data sets (internal models). Conceptually, the artifacts produced using such notations populate four traceability dimensions. Of these, three record links between project artifacts (describing the same product), while the fourth relates artifacts across different projects (and hence products), and across product families within the same project. The scope of this thesis is to define a meta-framework that characterises traceability dimensions for aerospace projects, and then to propose a concrete framework capturing the syntax and semantics of notations used in developing avionics for such projects which enables traceability across the four dimensions. The concrete framework is achieved by exporting information from the internal models of tools supporting these notations to an integrated environment consisting of. i) a Workspace comprising a set of structures or meta-models (models describing models) expressed in a common modelling language representing selected notations (including appropriate extensions reflecting the application domain); ii) well-formedness constraints over these structures capturing properties of the notations (and again, reflecting the domain); and iii) associations between the structures. To maintain consistency and identify conflicts, elements of the structures are verified against a system model that defines common building blocks underlying the various notations. The approach is evaluated by (partial) tool implementation of the structures which are populated using case study material derived from actual commercial specifications and industry standards

Managing the Evolution of Dependability Cases for Systems of Systems

. Dependability is a composite property consisting of attributes such as reliability, availability, safety and security. The achievement of these attri~utes is often essential for the operational success of systems undertaking critical and complex tasks. .Assurance that the fmal system will demonstrate the required dependability qualities, can be crucial to the acceptance of the system into service. Safety cases are a well established c,oncept used to establish assurance about the safety properties of a system. However, safety cases focus only on one attribute of dependability. The principles and processes ofcreating an integrated dependability case - that assures all aspects of dependable system behaviour - are less well understood. A number of challenges are faced when attempting to support dependability case development. These include the systematic elicitation of dependability goals, the management and justification of trade-offs, and the evolution of multi-attribute arguments in step with the design process. This thesis addresses these challenges by defming a rigorous framework, accompanied by a set of methods, for establishing dependability cases. Firstly, a method for eliciting dependability requirements is defmed by extending existing safety deviational analysis techniques. Secondly, a method for systematically identifying and managing justified trade-offs is presented. Thirdly, the thesis describes the co-evolution of depen~bility . case arguments alongside system development - using a dependability case architecture that corresponds to system structures. Finally, the thesis unifies these contributions by defming a metamodel that captures and interrelates the 'concepts underlying the proposed methods. Evaluation of the work is presented by means of peer review, pilot studies and industrial examples