Model-based specification of safety compliance needs for critical systems : A holistic generic metamodel

Abstract Context: Many critical systems must comply with safety standards as a way of providing assurance that they do not pose undue risks to people, property, or the environment. Safety compliance is a very demanding activity, as the standards can consist of hundreds of pages and practitioners typically have to show the fulfilment of thousands of safety-related criteria. Furthermore, the text of the standards can be ambiguous, inconsistent, and hard to understand, making it difficult to determine how to effectively structure and manage safety compliance information. These issues become even more challenging when a system is intended to be reused in another application domain with different applicable standards. Objective: This paper aims to resolve these issues by providing a metamodel for the specification of safety compliance needs for critical systems. Method: The metamodel is holistic and generic, and abstracts common concepts for demonstrating safety compliance from different standards and application domains. Its application results in the specification of “reference assurance frameworks” for safety-critical systems, which correspond to a model of the safety criteria of a given standard. For validating the metamodel with safety standards, parts of several standards have been modelled by both academic and industry personnel, and other standards have been analysed. We further augment this with feedback from practitioners, including feedback during a workshop. Results: The results from the validation show that the metamodel can be used to specify safety compliance needs for aerospace, automotive, avionics, defence, healthcare, machinery, maritime, oil and gas, process industry, railway, and robotics. Practitioners consider that the metamodel can meet their needs and find benefits in its use. Conclusion: The metamodel supports the specification of safety compliance needs for most critical computer-based and software-intensive systems. The resulting models can provide an effective means of structuring and managing safety compliance information

An experimental evaluation of the understanding of safety compliance needs with models

Proceedings of: 36th International Conference on Conceptual Modeling, ER 2017, Valencia, Spain, November 6–9, 2017Context: Most safety-critical systems have to fulfil compliance needs specified in safety standards. These needs can be difficult to understand from the text of the standards, and the use of conceptual models has been proposed as a solution. Goal: We aim to evaluate the understanding of safety compliance needs with models. Method: We have conducted an experiment to study the effectiveness, efficiency, and perceived benefits in understanding these needs, with text of safety standards and with UML object diagrams. Results: Sixteen Bachelor students participated in the experiment. Their average effectiveness in understanding compliance needs and their average efficiency were higher with models (17% and 15%, respectively). However, the difference is not statistically significant. The students found benefits in using models, but on average they are undecided about their ease of understanding. Conclusions: Although the results are not conclusive enough, they suggest that the use of models could improve the understanding of safety compliance needs.The research leading to this paper has received funding from the AMASS project (H2020-ECSEL grant agreement no 692474; Spain’s MINECO ref. PCIN-2015-262) and the AMoDDI project (Ref. 11130583). We also thank the subjects that participated in the experiment

Using model-driven engineering to support the certification of safety -critical systems

Critical systems such as those found in the avionics, automotive, maritime, and energy domains are often subject to a formal process known as certification. The goal of certification is to ensure that such systems will operate safely in the presence of known hazards, and without posing undue risks to the users, the public, or the environment. Certification bodies examine such systems based on evidence that the system suppliers provide, to ensure that the relevant safety risks have been sufficiently mitigated. Typically, generic safety standards set forth the general evidence requirements across different industry sectors, and then derived standards specialize the generic standards according to the needs of a specific industry sector. Regardless of whether a generic or sector-specific standard is being used, a key prerequisite for effective collection of evidence is that the supplier be aware of the requirements stipulated in the relevant standard and the evidence they require. This often proves to be a very challenging task because of the sheer size of the standards and the fact that the textual standards are amenable to subjective interpretation. Notably, suppliers find it hard to interpret the evidence requirements imposed by the safety standards within the domain of application; little support exists for recording, querying, and reporting evidence in a structured manner; and there is a general absence of guidelines on how the collected evidence supports the safety objectives. This thesis proposes the application of Model-Driven Engineering as an enabler for performing the various tasks related to safety evidence management. The position taken is that models should serve as the main source of certification information - documents, when needed, should be generated from models. Models are beneficial for the purpose of safety certification in many respects, most notably: (1) Models can be employed to clarify the expectations of safety standards and recommended practices, and develop concrete guidelines for system suppliers; (2) Models expressed in standard notations avoid the ambiguity and redundancy problems associated with text-based documentation; (3) Models provide an ideal vehicle for preserving traceability and the chain of evidence between hazards, requirements, design elements, implementation, and test cases; (4) Models can represent different levels of abstraction and an explicit mapping between the different levels; (5) Models present opportunities for partial or full automation of many laborious safety analysis tasks. The main contribution of this thesis is a model-driven process that enables the automated verification of compliance to standards based on evidence. Specifically, a UML profile is created, based on a conceptual model of a given standard, which provides a succinct and explicit interpretation of the underlying standard. The profile is augmented with constraints that help system suppliers with establishing a relationship between the concepts in the safety standard of interest and the concepts in the application domain. This in turn enables suppliers to demonstrate how their system development artifacts achieve compliance to the standard. Additionally, UML profiles are further used to systematically capture how the evidence requirements of a generic standard are specialized in a particular domain. This provides a means of explicitly showing the relationship between a generic and a sector-specific standard. This tackles the certification issues that arise from poorly-stated or implicit relationships between a generic standards and their sector-specific interpretations. Finally, the tool infrastructure needs for supporting the collection and management of safety evidence data is tackled by proposing tools for upfront planning of evidence collection activities and the storage of evidence information outside of modelling environments

Planning for safety standards compliance: A model-based tool-supported approach

Safety-critical software-dependent systems such as those found in the avionics, automotive, maritime, and energy domains often require certification based on one or more safety standards. To demonstrate compliance with software safety standards, such as IEC 61508, suppliers must collect evidence that the certifiers can use. Without an upfront agreement between the system supplier and the certifier about the necessary evidence to collect, omissions invariably occur and must be remedied after the fact and at significant costs. The authors present a flexible approach and a supporting tool for assisting suppliers and certifiers in developing an agreement about the evidence necessary to demonstrate compliance to a safety standard. The approach is model-basedspecifically, it expresses the safety standard of interest via an information model. The supporting tool, which is available online, takes this information model as input and helps system suppliers and certifiers reach a documented, consistent agreement about the safety evidence to be collected. © 1984-2012 IEEE