Building a Safety Case for a Safety-Critical NASA Space Vehicle Software System

Feather, Martin S.; Markosian, Lawrence Z.

doi:10.1109/smc-it.2011.17

Cited by 6 publications

(2 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The overall purpose of this is to have AFDNR base its determinations on only good ("qualified") sensor data. The AFDNR software safety case must argue the correctness of the contribution this external system makes -in [2] we offered a simple "safety case pattern" applicable to this -see figure 1. This is an instance of what is termed a "decomposition strategy" [7] -in particular, it's a specific kind of their "architecture" decomposition.…”

Section: B Unreliable Sensor Hazardsmentioning

confidence: 99%

“…That software is the Abort Failure Detection, Notification, and Response system, described in [1] as a "system capable of detecting and confirming conditions that may lead to catastrophic failure, notifying the crew of the problem, and responding in time to allow the crew to escape safely." Our safety case [2] focused on the software's detecting and confirming role, not the reaction to follow. In particular, our focus was on how a safety case would express the assurance that it would not give "false positives" (i.e., make the determination that a catastrophic failure condition existed when in fact it did not -what might informally be termed a "false alarm").…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Architecting and generalizing a safety case for critical condition detection software an experience report

Feather¹,

Markosian²

2013

2013 1st International Workshop on Assurance Cases for Software-Intensive Systems (ASSURE)

Self Cite

View full text Add to dashboard Cite

Safety cases and, specifically, software safety cases, have had virtually no presence in engineering practice in the US. Recent interest, in addition to an early attempt to introduce them into practice in the NASA Constellation Program, motivated us to develop a partial safety case for a safety critical subsystem for the Ares I vehicle, namely the abort detection, notification and response (AFDNR) system. This paper relates our experience applying the safety case concept to AFDNR, particularly from the perspective of generalizing the safety issues to similar fault management systems. We also provide lessons learned, including a discussion of issues that led to our current refactoring of our initial safety case.

show abstract

Section: B Unreliable Sensor Hazardsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Architecting and generalizing a safety case for critical condition detection software an experience report

Feather¹,

Markosian²

2013

2013 1st International Workshop on Assurance Cases for Software-Intensive Systems (ASSURE)

Self Cite

View full text Add to dashboard Cite

show abstract

The Agile Safety Case

Stålhane¹,

Myklebust²

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

An extended systematic literature review on provision of evidence for safety certification

Nair

Vara

Sabetzadeh³

et al. 2014

Information and Software Technology

View full text Add to dashboard Cite

Abstract:Context: Critical systems in domains such as aviation, railway, and automotive are often subject to a formal process of safety certification. The goal of this process is to ensure that these systems will operate safely without posing undue risks to the user, the public, or the environment. Safety is typically ensured via complying with safety standards. Demonstrating compliance to these standards involves providing evidence to show that the safety criteria of the standards are met. Objective:In order to cope with the complexity of large critical systems and subsequently the plethora of evidence information required for achieving compliance, safety professionals need in-depth knowledge to assist them in classifying different types of evidence, and in structuring and assessing the evidence. This paper is a step towards developing such a body of knowledge that is derived from a largescale empirically rigorous literature review. Method:We use a Systematic Literature Review (SLR) as the basis for our work. The SLR builds on 218 peer-reviewed studies, selected through a multi-stage process, from 4,963 studies published between 1990 and 2012. Results:We develop a taxonomy that classifies the information and artefacts considered as evidence for safety. We review the existing techniques for safety evidence structuring and assessment, and further study the relevant challenges that have been the target of investigation in the academic literature. We analyse commonalities in the results among different application domains and discuss implications of the results for both research and practice. Conclusion:The paper is, to our knowledge, the largest existing study on the topic of safety evidence. The results are particularly relevant to practitioners seeking a better grasp on evidence requirements as well as to researchers in the area of system safety. As a major finding of the review, the results strongly suggest the need for more practitioner-oriented and industry-driven empirical studies in the area of safety certification.

show abstract

Building a Safety Case for a Safety-Critical NASA Space Vehicle Software System

Cited by 6 publications

References 8 publications

Architecting and generalizing a safety case for critical condition detection software an experience report

Architecting and generalizing a safety case for critical condition detection software an experience report

The Agile Safety Case

An extended systematic literature review on provision of evidence for safety certification

Contact Info

Product

Resources

About