Integration of safety risk assessment techniques into requirement elicitation

Incomplete and incorrect requirements may cause the safety-related software systems to fail to achieve their safety goals. It is crucial to ensure software safety by identifying proper software safety requirements during the requirements elicitation activity. Practitioners apply various Safety Risk Assessment Techniques (SRATs) to identify, analyze and assess safety risk.Nevertheless, there is a lack of guidance on how appropriate SRATs and safety process can be integrated into requirements elicitation activity to bridge the gap between the safety and requirements engineering practices. In this research, we proposed an Integration Framework that integrates safety activities and techniques into existing requirements elicitation activity

Hazard Relation Diagramme - Definition und Evaluation

Der Entwicklungsprozess sicherheitskritischer, software-intensiver eingebetteter Systeme wird im Besonderen durch die Notwendigkeit charakterisiert, zu einem frühestmöglichem Zeitpunkt im Rahmen des Safety Assessments sogenannte Hazards aufzudecken, welche im Betrieb zu Schaden in Form von Tod oder Verletzung von Menschen sowie zu Beschädigung oder Zerstörung externer Systeme führen können. Um die Sicherheit des Systems im Betrieb zu fördern, werden für jeden Hazard sogenannte Mitigationen entwickelt, welche durch hazard-mitigierende Anforderungen im Rahmen des Requirements Engineering dokumentiert werden. Hazard-mitigierende Anforderungen müssen in dem Sinne adäquat sein, dass sie zum einen die von Stakeholdern gewünschte Systemfunktionalität spezifizieren und zum anderen die Wahrscheinlichkeit von Schaden durch Hazards im Betrieb minimieren. Die Adäquatheit von hazard-mitigierenden Anforderungen wird im Entwicklungsprozess im Rahmen der Anforderungsvalidierung bestimmt. Die Validierung von hazard-mitigierenden Anforderungen wird allerdings dadurch erschwert, dass Hazards sowie Kontextinformationen über Hazards ein Arbeitsprodukt des Safety Assessments darstellen und die hazard-mitigierenden Anforderungen ein Arbeitsprodukt des Requirements Engineering sind. Diese beiden Arbeitsprodukte sind in der Regel nicht schlecht integriert, sodass den Stakeholdern bei der Validierung nicht alle Informationen zur Verfügung stehen, die zur Bestimmung der Adäquatheit der hazard-mitigierenden Anforderungen notwendig sind. In Folge könnte es dazu kommen, dass Inadäquatheit in hazard-mitigierenden Anforderungen nicht aufgedeckt wird und das System fälschlicherweise als ausreichend sicher betrachtet wird. Im Rahmen dieses Dissertationsvorhabens wurde ein Ansatz entwickelt, welcher Hazards, Kontextinformationen zu Hazards, hazard-mitigierende Anforderungen sowie die spezifischen Abhängigkeiten in einem graphischen Modell visualisiert und somit für die Validierung zugänglich macht. Zudem wird ein automatisierter Ansatz zur Generierung der graphischen Modelle vorgestellt und prototypisch implementiert. Darüber hinaus wird anhand von vier detaillierten empirischen Experimenten der Nutzen der graphischen Modelle für die Validierung hazard-mitigierender Anforderungen nachgewiesen. Die vorliegende Arbeit leistet somit einen Beitrag zur Integration der Arbeitsergebnisse des Safety Assessments und des Requirements Engineerings mit dem Ziel die Validierung der Adäquatheit hazard-mitigierender Anforderungen zu unterstützen.The development process of safety-critical, software-intensive embedded systems is characterized by the need to identify hazards during safety assessment in early stages of development. During operation, such hazards may lead to harm to come to humans and external systems in the form of death, injury, damage, or destruction, respectively. In order to improve the safety of the system during operation, mitigations are conceived for each hazard, and documented during requirements engineering by means of hazard-mitigating requirements. These hazard-mitigating requirements must be adequate in the sense that they must specify the functionality required by the stakeholders and must render the system sufficiently safe during operation with regard to the identified hazards. The adequacy of hazard-mitigating requirements is determined during requirements validation. Yet, the validation of the adequacy of hazard-mitigating requirements is burdened by the fact that hazards and contextual information about hazards are a work product of safety assessment and hazard-mitigating requirements are a work product of requirements engineering. These work products are poorly integrated such that the information needed to determine the adequacy of hazard-mitigating requirements are not available to stakeholders during validation. In consequence, there is the risk that inadequate hazard-mitigating requirements remain covert and the system is falsely considered sufficiently safe. In this dissertation, an approach was developed, which visualizes hazards, contextual information about hazards, hazard-mitigating requirements, as well as their specific dependencies in graphical models. The approach hence renders these information accessible to stakeholders during validation. In addition, an approach to create these graphical models was developed and prototypically implemented. Moreover, the benefits of using these graphical models during validation of hazard-mitigating requirements was investigated and established by means of four detailed empirical experiments. The dissertation at hand hence provides a contribution towards the integration of the work products of safety assessment and requirements engineering with the purpose to support the validation of the adequacy of hazard-mitigating requirements

Integrating safety analysis and requirements engineering

Some systems failures are due to defects in manufacturing and design, however that there are a significant number of system failures which result from errors, omissions and inconsistencies in the system requirements. We thus need methods to support a `safe' requirements engineering process whose objectives are to specify system requirements such that system states which compromise safety are avoided and to include, along with the requirements, a justification or safety case which explains why the specified system is indeed safe. This paper describes the extension of a viewpoint-based requirements method to incorporate safety analysis

Integrating safety analysis and requirements engineering

Some systems failures are due to defects in manufacturing and design, however that there are a significant number of system failures which result from errors, omissions and inconsistencies in the system requirements. We thus need methods to support a 'safe' requirements engineering process whose objectives are to specify system requirements such that system states which compromise safety are avoided and to include, along with the requirements, a justification or safety case which explains why the specified system is indeed safe. This paper describes the extension of a viewpoint-based requirements method to incorporate safety analysis.</p

Integrating Safety Analysis and Requirements Engineering

requirements Analyse requirements Identify viewpoint Proposed changes to requirements Figure 1 The VORD process model 4. Safety Analysis System safety analysis is concerned with ensuring and certifying that a delivered system does not pose an unacceptable danger to its end-users or to the environment in which the system is installed. The widely accepted model of the system critical systems life cycle (IEE 1989) as shown in Figure 2, identifies two stages in the safety analysis process: 1. Safety requirements discovery. The establishment of global safety requirements or constraints which the system must satisfy. This involves hazard identification and analysis, risk assessment and the formulation of system safety requirements. This stage may be carried out in some generic way (e.g. for all aircraft) and the generic requirements are then instantiated for a specific system. 2. Safety validation. The analysis of the system requirements against these global safety constraints to ensure that..

Integrating Safety Analysis and Requirements Engineering

requirements Analyse requirements Identify viewpoint Proposed changes to requirements Figure 1 The VORD process model 4. Safety Analysis System safety analysis is concerned with ensuring and certifying that a delivered system does not pose an unacceptable danger to its end-users or to the environment in which the system is installed. The widely accepted model of the system critical systems life cycle (IEE 1989) as shown in Figure 2, identifies two stages in the safety analysis process: 1. Safety requirements discovery. The establishment of global safety requirements or constraints which the system must satisfy. This involves hazard identification and analysis, risk assessment and the formulation of system safety requirements. This stage may be carried out in some generic way (e.g. for all aircraft) and the generic requirements are then instantiated for a specific system. 2. Safety validation. The analysis of the system requirements against these global safety constraints to ensure that..

Integrating Safety Analysis and Requirements Engineering

Some systems failures are due to defects in manufacturing and design, however that there are a significant number of system failures which result from errors, omissions and inconsistencies in the system requirements. We thus need methods to support a `safe&apos; requirements engineering process whose objectives are to specify system requirements such that system states which compromise safety are avoided and to include, along with the requirements, a justification or safety case which explains why the specified system is indeed safe. This paper describes the extension of a viewpoint-based requirements method to incorporate safety analysis