Development Of A Cognitive Work Analysis Framework Tutorial Using Systems Modeling Language

At the present time, most systems engineers do not have access to cognitive work analysis information or training in terms they can understand. This may lead to a disregard of the cognitive aspect of system design. The impact of this issue is system requirements that do not account for the cognitive strengths and limitations of users. Systems engineers cannot design effective decision support systems without defining cognitive work requirements. In order to improve system requirements, integration of cognitive work requirements into the systems engineering process has to be improved. One option to address this gap is the development of a Cognitive Work Analysis (CWA) framework using Systems Modeling Language (SysML). The study had two phases. The first involved aligning the CWA terminology with the SysML to produce a CWA framework using SysML. The second was the creation of an instruction using SysML to inform systems engineers of the process of integrating cognitive work requirements into the systems engineering process. This methodology provides a structured framework to define, manage, organize, and model cognitive work requirements. Additionally, it provides a tool for systems engineers to use in system design which supports a user’s cognitive functions, such as situational awareness, problem solving, and decision making

Hazard Relation Diagramme - Definition und Evaluation

Der Entwicklungsprozess sicherheitskritischer, software-intensiver eingebetteter Systeme wird im Besonderen durch die Notwendigkeit charakterisiert, zu einem frühestmöglichem Zeitpunkt im Rahmen des Safety Assessments sogenannte Hazards aufzudecken, welche im Betrieb zu Schaden in Form von Tod oder Verletzung von Menschen sowie zu Beschädigung oder Zerstörung externer Systeme führen können. Um die Sicherheit des Systems im Betrieb zu fördern, werden für jeden Hazard sogenannte Mitigationen entwickelt, welche durch hazard-mitigierende Anforderungen im Rahmen des Requirements Engineering dokumentiert werden. Hazard-mitigierende Anforderungen müssen in dem Sinne adäquat sein, dass sie zum einen die von Stakeholdern gewünschte Systemfunktionalität spezifizieren und zum anderen die Wahrscheinlichkeit von Schaden durch Hazards im Betrieb minimieren. Die Adäquatheit von hazard-mitigierenden Anforderungen wird im Entwicklungsprozess im Rahmen der Anforderungsvalidierung bestimmt. Die Validierung von hazard-mitigierenden Anforderungen wird allerdings dadurch erschwert, dass Hazards sowie Kontextinformationen über Hazards ein Arbeitsprodukt des Safety Assessments darstellen und die hazard-mitigierenden Anforderungen ein Arbeitsprodukt des Requirements Engineering sind. Diese beiden Arbeitsprodukte sind in der Regel nicht schlecht integriert, sodass den Stakeholdern bei der Validierung nicht alle Informationen zur Verfügung stehen, die zur Bestimmung der Adäquatheit der hazard-mitigierenden Anforderungen notwendig sind. In Folge könnte es dazu kommen, dass Inadäquatheit in hazard-mitigierenden Anforderungen nicht aufgedeckt wird und das System fälschlicherweise als ausreichend sicher betrachtet wird. Im Rahmen dieses Dissertationsvorhabens wurde ein Ansatz entwickelt, welcher Hazards, Kontextinformationen zu Hazards, hazard-mitigierende Anforderungen sowie die spezifischen Abhängigkeiten in einem graphischen Modell visualisiert und somit für die Validierung zugänglich macht. Zudem wird ein automatisierter Ansatz zur Generierung der graphischen Modelle vorgestellt und prototypisch implementiert. Darüber hinaus wird anhand von vier detaillierten empirischen Experimenten der Nutzen der graphischen Modelle für die Validierung hazard-mitigierender Anforderungen nachgewiesen. Die vorliegende Arbeit leistet somit einen Beitrag zur Integration der Arbeitsergebnisse des Safety Assessments und des Requirements Engineerings mit dem Ziel die Validierung der Adäquatheit hazard-mitigierender Anforderungen zu unterstützen.The development process of safety-critical, software-intensive embedded systems is characterized by the need to identify hazards during safety assessment in early stages of development. During operation, such hazards may lead to harm to come to humans and external systems in the form of death, injury, damage, or destruction, respectively. In order to improve the safety of the system during operation, mitigations are conceived for each hazard, and documented during requirements engineering by means of hazard-mitigating requirements. These hazard-mitigating requirements must be adequate in the sense that they must specify the functionality required by the stakeholders and must render the system sufficiently safe during operation with regard to the identified hazards. The adequacy of hazard-mitigating requirements is determined during requirements validation. Yet, the validation of the adequacy of hazard-mitigating requirements is burdened by the fact that hazards and contextual information about hazards are a work product of safety assessment and hazard-mitigating requirements are a work product of requirements engineering. These work products are poorly integrated such that the information needed to determine the adequacy of hazard-mitigating requirements are not available to stakeholders during validation. In consequence, there is the risk that inadequate hazard-mitigating requirements remain covert and the system is falsely considered sufficiently safe. In this dissertation, an approach was developed, which visualizes hazards, contextual information about hazards, hazard-mitigating requirements, as well as their specific dependencies in graphical models. The approach hence renders these information accessible to stakeholders during validation. In addition, an approach to create these graphical models was developed and prototypically implemented. Moreover, the benefits of using these graphical models during validation of hazard-mitigating requirements was investigated and established by means of four detailed empirical experiments. The dissertation at hand hence provides a contribution towards the integration of the work products of safety assessment and requirements engineering with the purpose to support the validation of the adequacy of hazard-mitigating requirements

Integrating system modelling with safety activities

Increasing enforcement of safety standards – such as the new ISO 26262 – requires developers of embedded systems to supplement their development processes with safety-related activities, such as hazard analysis or creation of technical safety concepts. Since these activities are often only loosely coupled with core development tasks, their addition reduces efficiency and causes a lack of consistency and traceability. This paper presents an approach to the integration of architectural modelling, modelling of failure nets, allocation safety mechanisms to architectural elements, and finally traceability to requirements and test coverage. The presented methodology gives clear instructions for the comprehensive usage of existing techniques. The process is demonstrated using a real-world example from the automotive sector. In two industrial projects a significant increase of productivity could be achieved, solely using standard tools such as DOORS and IQ-RM. Nevertheless, the paper concludes with some suggestions for further enhancement of the method through formalization, e.g. using SysML, and tool integration