Software Certification: Is There a Case against Safety Cases?

Wassyng, Alan; Maibaum, Tom; Lawford, Mark; Bherer, Hans

doi:10.1007/978-3-642-21292-5_12

Cited by 35 publications

(16 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Non-graphical alternatives to GSN have been discussed by Holloway [18], who points out that those who are not predisposed to a visual learning style "seem likely to find a GSN representation of an argument confusing, or at the very least, unappealing, and may struggle to create those representations of their own arguments." Wassyng et al [19] have argued that methods such as GSN are not well-founded in terms of scientific and measurement principles.…”

Section: Safety Casesmentioning

confidence: 99%

System Safety: Where Next?

Cant¹

2013

8th IET International System Safety Conference Incorporating the Cyber Security Conference 2013

View full text Add to dashboard Cite

System safety is a widely practised discipline that is built on the familiar everyday notions of risk and hazard. There are a number of well-known standards covering the safety of defence systems, railway systems, automotives and aircraft. Central to system safety is the idea of a safety case: a reasoned argument for safety of a system that is based on evidence. However, the concepts on which system safety is built, i.e. risk and hazard, can sometimes be confusing, are often poorly understood and are frequently misapplied in the context of safety engineering for software-intensive systems. In this paper we discuss these matters, and speculate on where system safety might be heading. We describe some common issues with -and desirable attributes of -safety standards and safety cases. We present the idea of a structured document as a means of understanding these issues. We discuss first how the notion of structured document was used in a lightweight way in the Australian Defence standard DEF(AUST)5679, and how the HiVe tool, currently under development at DSTO, offers a more powerful means of building structured documents. We conclude with brief comments on how the notion of hazard could be replaced by that of a safety protocol.

show abstract

Section: Safety Casesmentioning

confidence: 99%

System Safety: Where Next?

Cant¹

2013

8th IET International System Safety Conference Incorporating the Cyber Security Conference 2013

View full text Add to dashboard Cite

show abstract

“…Once explicit, these arguments of assurance can more easily be evaluated, criticized, and improved. Assurance claimed predominantly from the identification and demonstration of attributes, properties and behaviour of the product is often termed product-based [79]. Although standards with process-based criteria predominate, an increasing number of standards and assurance regimes require the production and evaluation of assurance cases, such as the automotive domain ISO 26262 [36], railway domain EN 50128 [14], and defence (in the UK) [69].…”

Section: The Nature Of Criteria In Safety Certificationmentioning

confidence: 99%

Certifiably safe software-dependent systems: challenges and directions

Hatcliff

Wassyng

Kelly

et al. 2014

Future of Software Engineering Proceedings

Self Cite

View full text Add to dashboard Cite

The amount and impact of software-dependence in critical systems impinging on daily life is increasing rapidly. In many of these systems, inadequate software and systems engineering can lead to economic disaster, injuries or death. Society generally does not recognize the potential of losses from deficiencies of systems due to software until after some mishap occurs. Then there is an outcry, reflecting societal expectations; however, few know what it takes to achieve the expected safety and, in general, loss-prevention.On the one hand there are unprecedented, exponential increases in size, inter-dependencies, intricacies, numbers and variety in the systems and distribution of development processes across organizations and cultures. On the other hand, industry's capability to verify and validate these systems has not kept up. Mere compliance with existing standards, techniques, and regulations cannot guarantee the safety properties of these systems. The gap between practice and capability is increasing rapidly.This paper considers the future of software engineering as needed to support development and certification of safety-critical softwaredependent systems. We identify a collection of challenges and document their current state, the desired state, gaps and barriers to reaching the desired state, and potential directions in software engineering research and education that could address the gaps and barriers.

show abstract

“…Additionally, since safety cases are intended to be a basis for various decisions (e.g., whether or not a system is acceptably safe, should additional evidence be required to accept a claim, whether or not an argument is fallacious, etc.) we (and others [6]) believe that there is also a need for a theoretical foundation: both for the basic concepts of a safety case, and for more advanced notions, such as hierarchy and its (automated) creation. The broad goal is to make safety cases amenable to formal analysis, thereby providing greater assurance.…”

Section: Introductionmentioning

confidence: 97%

Formal Foundations for Hierarchical Safety Cases

Denney

Pai

Whiteside

2015

2015 IEEE 16th International Symposium on High Assurance Systems Engineering

View full text Add to dashboard Cite

Safety cases are increasingly being required in many safety-critical domains to assure, using structured argumentation and evidence, that a system is acceptably safe. However, comprehensive system-wide safety arguments present appreciable challenges to develop, understand, evaluate, and manage, partly due to the volume of information that they aggregate, such as the results of hazard analysis, requirements analysis, testing, formal verification, and other engineering activities. Previously, we have proposed hierarchical safety cases, hicases, to aid the comprehension of safety case argument structures. In this paper, we build on a formal notion of safety case to formalise the use of hierarchy as a structuring technique, and show that hicases satisfy several desirable properties. Our aim is to provide a formal, theoretical foundation for safety cases. In particular, we believe that tools for high assurance systems should be granted similar assurance to the systems to which they are applied. To this end, we formally specify and prove the correctness of key operations for constructing and managing hicases, which gives the specification for implementing hicases in AdvoCATE, our toolset for safety case automation. We motivate and explain the theory with the help of a simple running example, extracted from a real safety case and developed using AdvoCATE.

show abstract

Software Certification: Is There a Case against Safety Cases?

Cited by 35 publications

References 11 publications

System Safety: Where Next?

System Safety: Where Next?

Certifiably safe software-dependent systems: challenges and directions

Formal Foundations for Hierarchical Safety Cases

Contact Info

Product

Resources

About