In each application domain for safety-critical systems, international organizations have issued regulations concerned with the development, implementation, validation and maintenance of safety-critical systems. In particular, each of them indicate a definition of what safety means, proper qualitative and quantitative properties for evaluating the quality of the system under development, and a set of methodologies to be used for assessing the fulfilment of the mentioned properties. These standards are today and essential tool for ensuring the required safety levels in many domains that require extremely high dependability. This paper summarizes the analysis on a set of well-known safety standards in different domains of critical systems with the intend of highlighting similarities and differences among them, pointing out common areas of interest and reporting on which features the newest (and upcoming) standards are focusing.
{"title":"Investigation on Safety-Related Standards for Critical Systems","authors":"C. Esposito, Domenico Cotroneo, N. Silva","doi":"10.1109/WoSoCER.2011.9","DOIUrl":"https://doi.org/10.1109/WoSoCER.2011.9","url":null,"abstract":"In each application domain for safety-critical systems, international organizations have issued regulations concerned with the development, implementation, validation and maintenance of safety-critical systems. In particular, each of them indicate a definition of what safety means, proper qualitative and quantitative properties for evaluating the quality of the system under development, and a set of methodologies to be used for assessing the fulfilment of the mentioned properties. These standards are today and essential tool for ensuring the required safety levels in many domains that require extremely high dependability. This paper summarizes the analysis on a set of well-known safety standards in different domains of critical systems with the intend of highlighting similarities and differences among them, pointing out common areas of interest and reporting on which features the newest (and upcoming) standards are focusing.","PeriodicalId":318139,"journal":{"name":"2011 First International Workshop on Software Certification","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122552440","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kumiko Tadano, Jianwen Xiang, F. Machida, Y. Maeno, Takao Osaki, Atsushi Kobayashi
For mission critical systems, many companies and governmental organizations require certified software products and/or development processes. Companies developing such systems need to achieve certain system availability requirements by domain-specific certification standards or informal assurance techniques at competitive cost and time. System availability is an important metric for certification of the systems, and it is affected by design of operation procedures for the systems. To improve system availability to the required level with the minimal effort, it is essential to find the operations whose improvements can achieve the system availability requirements. This paper proposes a method to identify the operations whose improvements are necessary to achieve desired system availability in operation procedures, and to recommend means to improve the operations. We demonstrate a case study of applying the proposed method to an operation procedure of a real database. We succeeded in identifying operations to be improved to achieve certain system availability requirements in an operation procedure and providing a reasonable recommendation to improve system availability.
{"title":"Design Improvement of System Administrative Operations for Certification","authors":"Kumiko Tadano, Jianwen Xiang, F. Machida, Y. Maeno, Takao Osaki, Atsushi Kobayashi","doi":"10.1109/WoSoCER.2011.12","DOIUrl":"https://doi.org/10.1109/WoSoCER.2011.12","url":null,"abstract":"For mission critical systems, many companies and governmental organizations require certified software products and/or development processes. Companies developing such systems need to achieve certain system availability requirements by domain-specific certification standards or informal assurance techniques at competitive cost and time. System availability is an important metric for certification of the systems, and it is affected by design of operation procedures for the systems. To improve system availability to the required level with the minimal effort, it is essential to find the operations whose improvements can achieve the system availability requirements. This paper proposes a method to identify the operations whose improvements are necessary to achieve desired system availability in operation procedures, and to recommend means to improve the operations. We demonstrate a case study of applying the proposed method to an operation procedure of a real database. We succeeded in identifying operations to be improved to achieve certain system availability requirements in an operation procedure and providing a reasonable recommendation to improve system availability.","PeriodicalId":318139,"journal":{"name":"2011 First International Workshop on Software Certification","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124216217","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Application of formal notations and verifications techniques helps to deliver systems that are free from engineering defects. A code generator is an essential tool for formal development of real-world systems; it transforms models into runnable software quickly, consistently and reproducibly. Commonly, a code generator is a program constructed informally and producing an output that is not formally traced to an input. Industrial standards to the development of safety-critical systems, such as IEC 61508, require a justification for any tool used in a development: extensive prior experience or a formal certification. An extensive experience is often not an option as there are very few sufficiently mature modelling toolsets. The certification of a code generator is a major effort increasing costs and development time. We propose an approach where a modeller places no trust whatsoever in the code generation stage but rather obtains software that is certifiable without any further effort. The essence of the approach is in the transformation of a formal model into runnable software that is demonstratively correct in respect to a given set of verification criteria, coming from a requirements document. A Hoare logic is used to embedd correctness criteria into the resultant program; the approach supports design-by-contract annotations to allow developer to mix formal and informal parts with a fair degree of rigour.
{"title":"Generation of Certifiably Correct Programs from Formal Models","authors":"A. Iliasov","doi":"10.1109/WoSoCER.2011.14","DOIUrl":"https://doi.org/10.1109/WoSoCER.2011.14","url":null,"abstract":"Application of formal notations and verifications techniques helps to deliver systems that are free from engineering defects. A code generator is an essential tool for formal development of real-world systems; it transforms models into runnable software quickly, consistently and reproducibly. Commonly, a code generator is a program constructed informally and producing an output that is not formally traced to an input. Industrial standards to the development of safety-critical systems, such as IEC 61508, require a justification for any tool used in a development: extensive prior experience or a formal certification. An extensive experience is often not an option as there are very few sufficiently mature modelling toolsets. The certification of a code generator is a major effort increasing costs and development time. We propose an approach where a modeller places no trust whatsoever in the code generation stage but rather obtains software that is certifiable without any further effort. The essence of the approach is in the transformation of a formal model into runnable software that is demonstratively correct in respect to a given set of verification criteria, coming from a requirements document. A Hoare logic is used to embedd correctness criteria into the resultant program; the approach supports design-by-contract annotations to allow developer to mix formal and informal parts with a fair degree of rigour.","PeriodicalId":318139,"journal":{"name":"2011 First International Workshop on Software Certification","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131553579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract- An error-based approach to certification is described. A classical theory of error is reviewed and a software interpretation of the theory is developed. The interpretation suggests a strategy for testing and analysis. The strategy was evaluated by comparing its potential effectiveness with that of certification standards based on individual methods.
{"title":"Error Models and Software Certification","authors":"W. Howden","doi":"10.1109/WoSoCER.2011.11","DOIUrl":"https://doi.org/10.1109/WoSoCER.2011.11","url":null,"abstract":"Abstract- An error-based approach to certification is described. A classical theory of error is reviewed and a software interpretation of the theory is developed. The interpretation suggests a strategy for testing and analysis. The strategy was evaluated by comparing its potential effectiveness with that of certification standards based on individual methods.","PeriodicalId":318139,"journal":{"name":"2011 First International Workshop on Software Certification","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117101233","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Certification is a major prerequisite for most safety-critical systems before they can be put into operation. During certification, system suppliers often have to present a coherent body of evidence demonstrating that the developed systems are safe for operation. Regardless of the certification approach taken (process-based or product-based), collection of proper evidence at the proper stage ofdevelopment is critical for successful certification. Currently,system suppliers and certification bodies alike are facing various challenges in relation to safety evidence collection. Notably, they find it hard to interpret the evidence requirements imposed by the safety standards within the domain of application; little support exists for recording, querying, and reporting evidence in a structured manner; and there is a general absence of guidelines on how the collected evidence supports the safety objectives. This paper states our position on how safety evidence should be characterized and managed. Specifically, we propose the application of Model-Driven Engineering as an enabler for performing the various tasks related to safety evidence management. We outline our current work on the specification of safety evidence requirements, upfront planning of evidence collection activities, tailoring of evidence information to domain-specific needs, and storage of evidence information. Based on this work, we identify a number of challenges that need further investigation and provide a future research agenda for managing safety evidence for software safety certification.
{"title":"Using Model-Driven Engineering for Managing Safety Evidence: Challenges, Vision and Experience","authors":"R. Panesar-Walawege, M. Sabetzadeh, L. Briand","doi":"10.1109/WoSoCER.2011.8","DOIUrl":"https://doi.org/10.1109/WoSoCER.2011.8","url":null,"abstract":"Certification is a major prerequisite for most safety-critical systems before they can be put into operation. During certification, system suppliers often have to present a coherent body of evidence demonstrating that the developed systems are safe for operation. Regardless of the certification approach taken (process-based or product-based), collection of proper evidence at the proper stage ofdevelopment is critical for successful certification. Currently,system suppliers and certification bodies alike are facing various challenges in relation to safety evidence collection. Notably, they find it hard to interpret the evidence requirements imposed by the safety standards within the domain of application; little support exists for recording, querying, and reporting evidence in a structured manner; and there is a general absence of guidelines on how the collected evidence supports the safety objectives. This paper states our position on how safety evidence should be characterized and managed. Specifically, we propose the application of Model-Driven Engineering as an enabler for performing the various tasks related to safety evidence management. We outline our current work on the specification of safety evidence requirements, upfront planning of evidence collection activities, tailoring of evidence information to domain-specific needs, and storage of evidence information. Based on this work, we identify a number of challenges that need further investigation and provide a future research agenda for managing safety evidence for software safety certification.","PeriodicalId":318139,"journal":{"name":"2011 First International Workshop on Software Certification","volume":"282 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124512736","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Independent verification and validation (IVV) has been a key process for decades, and is highlighted in several international certification standards. Some require independent safety auditors, others require particular process objectives to be satisfied with independence, others force an independent testing team or quality assurance team, or even independent resources for several different SDP processes. In the area of IVV, recently ESA contracted the creation of an "ESA ISVV Guide" with the description of all the possible tasks that can be carried out with independence in order to guarantee maximum quality, but especially to gather all the good practices and define uniform guidelines on how to carry out IVV activities. One of those activities is independent tests verification (stated as Integration/Unit Test Procedures and Test Data Verification). This activity is commonly overlooked since customers do not really see the added value of checking thoroughly the validation team work. This article presents the results of a large set of independent tests verification, including the main difficulties, results obtained and advantages/disadvantages for the industry of these activities. This study will support customers in opting-in or opting-out for this task in future IVV contracts since we provide factual results from a few real case studies. Case studies details and companies involved are not disclosed for obvious reasons.
{"title":"Independent Test Verification: What Metrics Have a Word to Say","authors":"N. Silva, Rui Lopes","doi":"10.1109/WoSoCER.2011.10","DOIUrl":"https://doi.org/10.1109/WoSoCER.2011.10","url":null,"abstract":"Independent verification and validation (IVV) has been a key process for decades, and is highlighted in several international certification standards. Some require independent safety auditors, others require particular process objectives to be satisfied with independence, others force an independent testing team or quality assurance team, or even independent resources for several different SDP processes. In the area of IVV, recently ESA contracted the creation of an \"ESA ISVV Guide\" with the description of all the possible tasks that can be carried out with independence in order to guarantee maximum quality, but especially to gather all the good practices and define uniform guidelines on how to carry out IVV activities. One of those activities is independent tests verification (stated as Integration/Unit Test Procedures and Test Data Verification). This activity is commonly overlooked since customers do not really see the added value of checking thoroughly the validation team work. This article presents the results of a large set of independent tests verification, including the main difficulties, results obtained and advantages/disadvantages for the industry of these activities. This study will support customers in opting-in or opting-out for this task in future IVV contracts since we provide factual results from a few real case studies. Case studies details and companies involved are not disclosed for obvious reasons.","PeriodicalId":318139,"journal":{"name":"2011 First International Workshop on Software Certification","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124412863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We propose a hybrid approach for functional safety assessments of software. By hybrid, we mean that it is both goal-based and prescriptive. Recent studies advocate goal-based assessments based on structured, rigorous safety cases. The problem is that products also need to be certified against existing, prescriptive standards. This study suggests a way to integrate the prescriptive standard with a goal-based safety case approach. The main idea is to integrate the prescriptive elements in the standard into a goal-based safety case in order to improve the transparency and consistency of the safety certification. We also propose to categorize the safety cases into safety case patterns to improve reuse of safety certifications. We exemplify our approach using the IEC61508 standard where we have transformed all the prescriptive elements in part 3 of the standard into a collection of safety case patterns.
{"title":"Towards Goal-Based Software Safety Certification Based on Prescriptive Standards","authors":"E. Stensrud, T. Skramstad, Jingyue Li, Jing Xie","doi":"10.1109/WoSoCER.2011.7","DOIUrl":"https://doi.org/10.1109/WoSoCER.2011.7","url":null,"abstract":"We propose a hybrid approach for functional safety assessments of software. By hybrid, we mean that it is both goal-based and prescriptive. Recent studies advocate goal-based assessments based on structured, rigorous safety cases. The problem is that products also need to be certified against existing, prescriptive standards. This study suggests a way to integrate the prescriptive standard with a goal-based safety case approach. The main idea is to integrate the prescriptive elements in the standard into a goal-based safety case in order to improve the transparency and consistency of the safety certification. We also propose to categorize the safety cases into safety case patterns to improve reuse of safety certifications. We exemplify our approach using the IEC61508 standard where we have transformed all the prescriptive elements in part 3 of the standard into a collection of safety case patterns.","PeriodicalId":318139,"journal":{"name":"2011 First International Workshop on Software Certification","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125994732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Safety assurance and certification are amongst the most expensive and time-consuming tasks in the development of safety-critical embedded systems. The increasing complexity and size of this kind of systems combined with the growing market demand requires the industry to implement a coherent reuse strategy. A major problem arises as typically a safety-critical product and accompanying safety evidence is monolithic, based on the whole product, and evolutions to the product become costly and time consuming because they entail regenerating the entire evidence-set. Another key difficulty appears when trying to reuse products from one application domain in another, because they are constrained by different standards and the full safety assurance certification process is applied as for a new product, thus reducing the return on investment of such reuse decision. This paper describes the current state on safety assurance and certification of embedded systems in the avionics, railway and automotive domains and then proposes some future directions for work in the area. In particular, we describe the need for a common certification framework that spans these different markets to improve mutual recognition agreement of safety approvals. We then discuss the need for new strategies focused on a compositional and evolutionary certification approach with the capability to reuse safety arguments, safety evidence, and context information about system components, in a way that makes certification more cost-effective, precise, and scalable.
{"title":"Challenges for an Open and Evolutionary Approach to Safety Assurance and Certification of Safety-Critical Systems","authors":"H. Espinoza, A. Ruiz, M. Sabetzadeh, P. Panaroni","doi":"10.1109/WoSoCER.2011.15","DOIUrl":"https://doi.org/10.1109/WoSoCER.2011.15","url":null,"abstract":"Safety assurance and certification are amongst the most expensive and time-consuming tasks in the development of safety-critical embedded systems. The increasing complexity and size of this kind of systems combined with the growing market demand requires the industry to implement a coherent reuse strategy. A major problem arises as typically a safety-critical product and accompanying safety evidence is monolithic, based on the whole product, and evolutions to the product become costly and time consuming because they entail regenerating the entire evidence-set. Another key difficulty appears when trying to reuse products from one application domain in another, because they are constrained by different standards and the full safety assurance certification process is applied as for a new product, thus reducing the return on investment of such reuse decision. This paper describes the current state on safety assurance and certification of embedded systems in the avionics, railway and automotive domains and then proposes some future directions for work in the area. In particular, we describe the need for a common certification framework that spans these different markets to improve mutual recognition agreement of safety approvals. We then discuss the need for new strategies focused on a compositional and evolutionary certification approach with the capability to reuse safety arguments, safety evidence, and context information about system components, in a way that makes certification more cost-effective, precise, and scalable.","PeriodicalId":318139,"journal":{"name":"2011 First International Workshop on Software Certification","volume":"342 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133182111","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Domenico Cotroneo, Domenico Di Leo, N. Silva, R. Barbosa
In present-day, software is taking over functionalities traditionally implemented in hardware, therefore the software architecture has been more complex and large. In such software architecture is common to be present an Operating System (OS). However, in safety domains (e.g., avionic, railway) it is mandatory to be compliant with a safety standard (e.g., DO178B), this means that evidence on the software life cycle of the software components, and therefore also of the OS, should be available. Those evidences that represent the certification package of the OS might not be available for commercial or Open Source OSs, hence their certification requires a complementary creation of evidence to serve as certification inputs. The certification process is costly, thus the system integrator must carefully select the candidate OS. Hence, it would be of great value to support the system integrator in selecting the more suitable OS to certify. In this position paper, we introduce our future research on the development of a Precertification kit (PK), that is, a framework that supports the evaluation of OS in what concerns certification requirements. Also, the PK is a valuable tool that can be integrated in the development toolchain for the implementation of safer and higher quality OS and, provides additional evidences to use for the certification package.
{"title":"The PreCertification Kit for Operating Systems in Safety Domains","authors":"Domenico Cotroneo, Domenico Di Leo, N. Silva, R. Barbosa","doi":"10.1109/WoSoCER.2011.13","DOIUrl":"https://doi.org/10.1109/WoSoCER.2011.13","url":null,"abstract":"In present-day, software is taking over functionalities traditionally implemented in hardware, therefore the software architecture has been more complex and large. In such software architecture is common to be present an Operating System (OS). However, in safety domains (e.g., avionic, railway) it is mandatory to be compliant with a safety standard (e.g., DO178B), this means that evidence on the software life cycle of the software components, and therefore also of the OS, should be available. Those evidences that represent the certification package of the OS might not be available for commercial or Open Source OSs, hence their certification requires a complementary creation of evidence to serve as certification inputs. The certification process is costly, thus the system integrator must carefully select the candidate OS. Hence, it would be of great value to support the system integrator in selecting the more suitable OS to certify. In this position paper, we introduce our future research on the development of a Precertification kit (PK), that is, a framework that supports the evaluation of OS in what concerns certification requirements. Also, the PK is a valuable tool that can be integrated in the development toolchain for the implementation of safer and higher quality OS and, provides additional evidences to use for the certification package.","PeriodicalId":318139,"journal":{"name":"2011 First International Workshop on Software Certification","volume":"109 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134468273","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: