Assessment of the Quality of Safety Cases: A Research Preview

Proceedings of the 25th International Working Conference, REFSQ 2019, Essen, Germany, March 18–21, 2019.[Context and motivation] Safety-critical systems in application domains such as aerospace, automotive, healthcare, and railway are subject to assurance processes to provide confidence that the systems do not pose undue risks to people, property, or the environment. The development of safety cases is usually part of these processes to justify that a system satisfies its safety requirements and thus is dependable. [Question/problem] Although safety cases have been used in industry for over two decades, their management still requires improvement. Important weaknesses have been identified and means to assess the quality of safety cases are limited. [Principal ideas/results] This paper presents a research preview on the assessment of the quality of safety cases. We explain how the area should develop and present our preliminary work towards enabling the assessment with Verification Studio, an industrial tool for system artefact quality analysis. [Contribution] The insights provided allow researchers and practitioners to gain an understanding of why safety case quality requires further investigation, what aspects must be considered, and how quality assessment could be performed in practice.The research leading to this paper has received funding from the AMASS project (H2020-ECSEL ID 692474; Spain’s MINECO ref. PCIN-2015-262). We also thank REFSQ reviewers for their valuable comments to improve the paper

Using STPA in an ISO 26262 compliant process

Conference of 35th International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2016 ; Conference Date: 21 September 2016 Through 23 September 2016; Conference Code:181379International audienceISO 26262 is the de facto standard for automotive functional safety, and every automotive Original Equipment Manufacturer (OEM), as well as their major suppliers, are striving to ensure that their development processes are ISO 26262 compliant. ISO 26262 mandates both hazard analysis and risk assessment. Systems Theoretic Process Analysis (STPA) is a relatively new hazard analysis technique, that promises to overcome some limitations of traditional hazard analysis techniques. In this paper, we analyze how STPA can be used in an ISO 26262 compliant process. We also provide an excerpt of our application of STPA on an automotive subsystem as per the concept phase of ISO 26262

Formal Verification of the Implementability of Timing Requirements

Abstract. While there has been a large amount of work on validation of timing requirements, there has been relatively little work on the implementability of timing requirements. We have previously provided definitions of fundamental timing operators that explicitly considered tolerances on property durations and intersample jitter [1]. In this work we refine the model and formalize the analysis of the Held for operator of [1] in the PVS theorem prover. We formalize different implementation environments incorporating nonuniform samples with bounded jitter and for one of the environments provide a full formal proof of necessary and sufficient conditions for when it is possible to implement a Held for requirement. We briefly describe how these results can then be used to formally verify a sample module implementing a requirement that utilizes the Held for operator and describe an example application.

Describing and analyzing behaviours over tabular specifications using (Dyn)alloy

We propose complementing tabular notations used in requirements specifications, such as those used in the SCR method, with a formalism for describing specific, useful, subclasses of computations, i.e., particular combinations of the atomic transitions specified within tables. This provides the specifier with the ability of driving the execution of transitions specified by tables, without the onerous burden of having to introduce modifications into the tabular expressions; thus, it avoids the problem of modifying the object of analysis, which would make the analysis indirect and potentially confusing. This is useful for a number of activities, such as defining test harnesses for tables, and concentrating the analyses on particular, interesting, subsets of computations. Unlike previous approaches, ours allows for the description of a wider class of combinations of the transitions defined by tables, by means of a rich operational language. This language is an extension of the Alloy language, called DynAlloy, whose notation is inspired by that of dynamic logic. The use of DynAlloy enables us to provide an extra mechanism for the analysis of tabular specifications, based on SAT solving. We will illustrate this and the features of our approach via an example based on a known tabular specification of a simple autopilot system.Fil:Frias, M.F. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales; Argentina

Experiences with a Compositional Model Checker in the Healthcare Domain

Contains fulltext : 91792.pdf (publisher's version ) (Closed access)Foundations of Health Information Engineering and Systems - FHIES 2011: First International Symposium Johannesburg, South Africa, September 201

Timing tolerances in safety-critical software

Many safety-critical software applications are hard real-time systems. They have stringent timing requirements that have to be met. We present a description of timing behaviour that includes precise definitions as well as analysis of how functional timing requirements interact with performance timing requirements, and how these concepts can be used by software designers. The definitions and analysis presented explicitly deal with tolerances in all timing durations. Preliminary work indicates that some requirements may be met at significantly reduced CPU bandwidth through reduced variation in cycle time