Assurance Aware Contract-based Design for Safety-critical Systems

Safety-critical systems are those systems whose malfunctioning can result in harm or loss of human life, or damage to property or the environment. Such systems usually need to comply with a domain-specific safety standard, which often require a safety case in form of an explained argument supported by evidence to show that the system is acceptably safe to operate in a given context. Developing safety-critical systems to comply with safety standards is a time-consuming and costly process. It can often be the case that the development of the safety case is more costly than the development of the system itself. Component-based development is a method that separates the development of the components of a system from the development of the system itself. The latter is done by composing reusable components that are developed independently of the system. Safety-critical systems require that the safety case of such components is integrated in the overall safety case of the system. For this purpose, the reusable components, together with their safety case, can be described via specifications called contracts. By checking the contracts of each component of the system against each other, it is possible to determine if the components can be composed together and still fulfil the contract specifications. Contract-based design combined with component-based development has the potential to reduce the cost and time needed to develop both the system and the accompanying safety case. Such contract-based design can then be used to facilitate reuse of parts of the system as well as verifying that the system fulfils certain requirements. While contract-based design can be used to verify that a system meets certain requirements based on its contract-specification, actually assuring that the system behaves according to the verification results require additional evidence. Hence, reuse of safety-relevant components via contract-based design is not sufficient without the reuse of the accompanying safety case artefacts, which include both the safety argument and the supporting evidence. In this thesis we focus on developing the notion of safety contracts that can be used to make a contract-based design aware of the needs of safety assurance. The goals of such assurance aware contract-based design are to promote reuse of the assurance-related artefacts such as arguments and evidence, as well as to automate creation of parts of the safety assurance case. To address this, we explore the following research goals in more detail: (1) to facilitate automated contract-driven assurance, (2) to facilitate reuse of safety-relevant components and their accompanying assurance-relevant artefacts, and (3) to align such assurance-aware contract-based design with existing failure logic analysis. To meet the first goal, we identify the additional information needed for contract-based assurance and structure it in form of argumentation patterns of reusable reasoning. Then, we define a meta-model to connect the system modelling elements related to the contracts with the safety case elements, such as evidence and arguments. Based on this meta-model, we define an algorithm for automated instantiation of the proposed argumentation patterns from system models compliant with the proposed meta-model. To facilitate reuse of the assurance-related artefacts (goal (2)), we define variability on the contract level to distinguish between contracts that are relevant for all systems and those that are system-specific. Furthermore, we align the assurance-aware contract-based design with the ISO 26262 automotive safety standard and its reuse concepts. Finally, in addressing the third goal, we connect the assurance-aware contract-based design with an existing failure logic analysis and show how such combination can be used to automate instantiation of existing argumentation patterns. In a number of real-world examples we demonstrate and evaluate the feasibility of our contributions.SYNOPSIS - Safety Analysis for Predictable Software Intensive SystemsAMASS - Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical SystemsSafeCOP - Safe Cooperating Cyber-Physical Systems using Wireless CommunicationFiC - Future factories in the Clou

Safety and Security Co-Analyses : A Systematic Literature Review

Latest technological trends lead toward systems connected to public networks even in critical domains. Bringing together safety and security work is becoming imperative, as a connected safety-critical system is not safe if it is not secure. The main objective of this study is to investigate the current status of safety and security co-analysis in system engineering by conducting a systematic literature review. The steps of the review are the following: the research questions identification; agreement upon a search string; applying the search string to chosen databases; a selection criterion formulation for the relevant publications filtering; selected papers categorization and analysis. We focused on the early system development stages and identified 33 relevant publications categorized as follows: combined safety and security approaches that consider the mutual influence of safety and security; safety-informed security approaches that consider influence of safety on security; and security-informed safety approaches that consider influence of security on safety. The results showed that a number of identified approaches are driven by needs in fast developing application areas, e.g., automotive, while works focusing on combined analysis are mostly application area independent. Overall, the study shows that safety and security co-analysis is still a developing domain.SafeCOP - Safe Cooperating Cyber-Physical Systems using Wireless Communicatio

Constructing Product-Line Safety Cases from Contract-Based Specifications

Safety cases are used to argue that safety-critical systems satisfy the requirements that are determined to mitigate the potential hazards in the systems operating environment. Although typically a manual task, safety cases have been successfully created for systems without many configuration options. However, in highly configurablesystems, typically developed as a Product Line (PL), arguing about each possible configuration, and ensuring the completeness of the safety case are still open research problems. This paper presentsa novel and general approach, based on Contract-Based Specification(CBS), for the construction of a safety case for an arbitrary PL. Starting from a general CBS framework, we present a PL extension that allows expressing configurable systems and preserves the properties of the original CBS framework. Then, we define the transformation from arbitrary PL models, created using extended CBS framework, to a safety case argumentation-structure, expressed using the Goal Structuring Notation. Finally, the approach is exemplified on a simplified, but real, and currently produced system by Scania CV AB.QC 20190521</p