Weaving an Assurance Case from Design: A Model-Based Approach

Hawkins, Richard; Habli, Ibrahim; Kolovos, Dimitrios S.; Paige, Richard F.; Kelly, Tim

doi:10.1109/hase.2015.25

Cited by 74 publications

(59 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Pattern instantiation is often a manual process that involves comprehension of the GSN patterns and replacing the roles with actual system information. There has been work on automating the pattern instantiation process using MDE with the use of a weaving model [12]. In this section, we briefly discussed the elements provided by GSN.…”

Section: Modulementioning

confidence: 99%

“…GSN pattern instantiation is often a manual procedure as safety case developers need to comprehend the GSN pattern and replace the roles in the pattern with actual system information. In [12], a model-based approach is proposed, which makes use of a weaving model to link the elements in the GSN with elements in system models. This is typically due to the fact that in GSN there are no means to specify instantiation rules for GSN patterns.…”

Section: Example: Argumentation Patternsmentioning

confidence: 99%

See 1 more Smart Citation

Model based system assurance using the structured assurance case metamodel

Wei

Kelly

Dai

et al. 2019

Journal of Systems and Software

Self Cite

View full text Add to dashboard Cite

Assurance cases are used to demonstrate confidence in system properties of interest (e.g. safety and/or security). A number of system assurance approaches are adopted by industries in the safety-critical domain. However, the task of constructing assurance cases remains a manual, trivial and informal process. The Structured Assurance Case Metamodel (SACM) is a standard specified by the Object Management Group (OMG). SACM provides a richer set of features than existing system assurance languages/approaches. SACM provides a foundation for model-based system assurance, which has great potentials in growing technology domains such as Open Adaptive Systems. However, the intended usage of SACM has not been sufficiently explained. In addition, there has been no support to interoperate between existing assurance case (models) and SACM models.In this article, we explain the intended usage of SACM based on our involvement in the OMG specification process of SACM. In addition, to promote a model-based approach, we provide SACM compliant metamodels for existing system assurance approaches (the Goal Structuring Notation and Claims-Arguments-Evidence), and the transformations from these models to SACM. We also briefly discuss the tool support for model-based system assurance which helps practitioners to make the transition from existing system assurance approaches to model-based system assurance using SACM.

show abstract

Section: Modulementioning

confidence: 99%

Section: Example: Argumentation Patternsmentioning

confidence: 99%

Model based system assurance using the structured assurance case metamodel

Wei

Kelly

Dai

et al. 2019

Journal of Systems and Software

Self Cite

View full text Add to dashboard Cite

show abstract

“…Model-based assurance [72,77] uses system models to structure assurance cases and represents another opportunity for formal methods in (through-life) assurance. Assurance arguments that are purely informal can be difficult to evaluate, and may be subject to argumentation fallacies [68].…”

Section: The Desire For Early Removal Of Severe Errorsmentioning

confidence: 99%

“…Such systems are set to be more broadly deployed in society, thereby increasing their level of safety criticality [70] and requiring a stringent regulatory regime. A successful method for regulatory acceptance is provided by structured assurance cases, which provide comprehensible and indefeasible safety arguments supported by evidence [72,77,104]. However, such assurance cases-whether or not compliant with standards like IEC 61508 1 and DO-178C 2 -can be laborious to create, complicated to maintain and evolve, and must be rigorously checked by the evaluation process to ensure that all obligations are met and confidence in the arguments is achieved [68,160].…”

Section: Introductionmentioning

confidence: 99%

New Opportunities for Integrated Formal Methods

2019

View full text Add to dashboard Cite

Formal methods have provided approaches for investigating software engineering fundamentals and also have high potential to improve current practices in dependability assurance. In this article, we summarise known strengths and weaknesses of formal methods. From the perspective of the assurance of robots and autonomous systems (RAS), we highlight new opportunities for integrated formal methods and identify threats to the adoption of such methods. Based on these opportunities and threats, we develop an agenda for fundamental and empirical research on integrated formal methods and for successful transfer of validated research to RAS assurance. Furthermore, we outline our expectations on useful outcomes of such an agenda. AcronymsAI artificial intelligence ASIL automotive safety integrity level DA dependability assurance DAL design assurance level DSE dependable systems engineering DSL domain-specific language FDA Food and Drug Administration FI formal inspection FM formal method HCI human-computer interaction iFM integrated formal method IT information technology MBD model-based development MDE model-driven engineering ML machine learning RAS robots and autonomous systems RCA root cause analysis RE requirements engineering SACM Structured Assurance Case Meta-model SC systematic capability SIL safety integrity level SMT Satisfiability Modulo Theory SWOT strengths, weaknesses, opportunities, and threats SysML Systems Modelling Language UML Unified Modelling Language UTP Unifying Theories of ProgrammingWe view robots and autonomous systems as both dependable systems and highly automated machines capable of achieving a variety of complex tasks in support of humans. We can consider such systems by looking at four layers: the plant or process composed of the operational environment and the machine; the machine itself; the machine's controller, and the software embedded into this controller. Based on these layers, we treat "embedded system" and "embedded software" as synonyms. Machine, controller, and software can all be distributed.By dependable systems engineering, we refer to error-avoidance and error-detection activities in control system and embedded software development (e.g. according to the V-model). Avizienis et al.[7] devised a comprehensive terminology and an overview of the assessment and handling of a variety of faults, errors, and failures. For critical systems, such activities are expected to be explicit (e.g. traceable, documented), to employ best practices (e.g. design patterns), and to be driven by reasonably qualified personnel (e.g. well-trained and experienced engineers or programmers).The need for dependability often arises from the embedding of software into a cyber-physical context (i.e., an electronic execution platform, a physical process to be controlled, and other systems or human users to interact with). Dependability assurance (DA), or assurance for short, encompasses the usually cross-disciplinary task of providing evidence for an assurance case (e.g. safety, security, reliability) for a sys...

show abstract

“…In FMEA, different component failures might directly/indirectly contribute to the occurrence of hazards in each TFC variant. Variation in fault trees and FMEA are further propagated throughout assurance cases, which can be generated from these assets with the support of model-based techniques [16]. The application of DEPendable-SPLE steps enabled the systematic analysis of the impact of variation in TFC-SPL product/context features in both SPL design and dependability analysis.…”

Section: Dependable-sple: Domain Engineeringmentioning

confidence: 99%

Variability Management in Safety-Critical Software Product Line Engineering

Oliveira

Braga

Masiero

et al. 2018

New Opportunities for Software Reuse

Self Cite

View full text Add to dashboard Cite

Abstract. Safety-critical systems developed upon SPLE approach have to address safety standards, which establish guidance for analyzing and demonstrating dependability properties of the system at different levels of abstraction. However, the adoption of an SPLE approach for developing safety-critical systems demands the integration of safety engineering into SPLE processes. Thus, variability management in both system design and dependability analysis should be considered through SPLE life-cycle. Variation in design and context may impact on dependability properties during Hazard Analysis and Risk Assessment (HARA), allocation of functional and non-functional safety requirements, and component fault analysis. This paper presents DEPendable-SPLE, a modelbased approach that extends traditional SPLE methods, to support variability modeling/management in dependability analysis. The approach is illustrated in a case study from the aerospace domain. As a result, the approach enabled efficient management of the impact of design and context variations on HARA and component fault modeling.

show abstract

Weaving an Assurance Case from Design: A Model-Based Approach

Cited by 74 publications

References 11 publications

Model based system assurance using the structured assurance case metamodel

Model based system assurance using the structured assurance case metamodel

New Opportunities for Integrated Formal Methods

Variability Management in Safety-Critical Software Product Line Engineering

Contact Info

Product

Resources

About