Requirements engineering for safety-critical systems: A systematic literature review

ContextSafety-Critical Systems (SCS) are becoming increasingly present in our society. A considerable amount of research effort has been invested into improving the SCS requirements engineering process as it is critical to the successful development of SCS and, in particular, the engineering of safety aspects. ObjectiveThis article aims to investigate which approaches have been proposed to elicit, model, specify and validate safety requirements in the context of SCS, as well as to what extent such approaches have been validated in industrial settings. The paper will also investigate how the usability and usefulness of the reported approaches have been explored, and to what extent they enable requirements communication among the development project/team actors in the development of SCS. MethodWe conducted a systematic literature review by selecting 151 papers published between 1983 and 2014. The research methodology to conduct the SLR was based on the guidelines proposed by Kitchenham and Biolchini. ResultsThe results of this systematic review should encourage further research into the design of studies to improve the requirements engineering for SCS, particularly to enable the communication of the safety requirements among the project team actors, and the adoption of other models for hazard and accident models. The presented results point to the need for more industry-oriented studies, particularly with more participation of practitioners in the validation of new approaches. ConclusionThe most relevant findings from this review and their implications for further research are as follows: integration between requirements engineering and safety engineering areas; dominance of the traditional approaches; early mortality of new approaches; need for industry validation; lack of evidence for the usefulness and usability of most approaches; and the lack of studies that investigate how to improve the communication process throughout the lifecycle. Based on the findings, we suggest a research agenda to the community of researchers and advices to SCS practitioners.

[1]  Patricia Rodríguez-Dapena Software Safety Certification: A Multidomain Problem , 1999, IEEE Softw..

[2]  Seetha Ramaiah Panchumarthy,et al.  A framework for software safety in safety-critical systems , 2009, SOEN.

[3]  E. Rogers Diffusion of Innovations , 1962 .

[4]  Nancy G. Leveson,et al.  Engineering a Safer World: Systems Thinking Applied to Safety , 2012 .

[5]  Tony Gorschek,et al.  Handshaking with Implementation Proposals: Negotiating Requirements Understanding , 2010, IEEE Software.

[6]  Mehrdad Sabetzadeh,et al.  An extended systematic literature review on provision of evidence for safety certification , 2014, Inf. Softw. Technol..

[7]  Andrew J. Kornecki,et al.  Certification of software for real-time safety-critical systems: state of the art , 2009, Innovations in Systems and Software Engineering.

[8]  Constance L. Heitmeyer Managing Complexity in Software Development with Formally Based Tools , 2004, Electron. Notes Theor. Comput. Sci..

[9]  Tony Gorschek,et al.  Technology transfer decision support in requirements engineering research: a systematic review of REj , 2009, Requirements Engineering.

[10]  Daniel Mellado,et al.  A systematic review of security requirements engineering , 2010, Comput. Stand. Interfaces.

[11]  Tefko Saracevic,et al.  Evaluation of evaluation in information retrieval , 1995, SIGIR '95.

[12]  Massila Kamalrudin,et al.  A review on tool supports for security requirements engineering , 2013, 2013 IEEE Conference on Open Systems (ICOS).

[13]  Kelly J. Hayhurst,et al.  Challenges in software aspects of aerospace systems , 2001, Proceedings 26th Annual NASA Goddard Software Engineering Workshop.

[14]  Tony Cant,et al.  Revision of Australian defence standard def (Aust) 5679 , 2006 .

[15]  Claes Wohlin,et al.  Experimentation in software engineering: an introduction , 2000 .

[16]  Mats Per Erik Heimdahl,et al.  Safety and Software Intensive Systems: Challenges Old and New , 2007, Future of Software Engineering (FOSE '07).

[17]  Shari Lawrence Pfleeger,et al.  Principles of survey research: part 1: turning lemons into lemonade , 2001, SOEN.

[18]  Axel van Lamsweerde,et al.  Requirements engineering in the year 00: a research perspective , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[19]  Tony Gorschek,et al.  Handshaking Between Software Projects and Stakeholders Using Implementation Proposals , 2007, REFSQ.

[20]  Marvin V. Zelkowitz,et al.  Experimental validation in software engineering , 1997, Inf. Softw. Technol..

[21]  John C. Knight,et al.  A Taxonomy of Fallacies in System Safety Arguments , 2006 .

[22]  Mehrdad Sabetzadeh,et al.  Evidence management for compliance of critical systems with safety standards: A survey on the state of practice , 2015, Inf. Softw. Technol..

[23]  Tim Kelly,et al.  Deriving safety requirements using scenarios , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[24]  Maya Daneva,et al.  Cloud computing security requirements: A systematic review , 2012, 2012 Sixth International Conference on Research Challenges in Information Science (RCIS).

[25]  Robyn R. Lutz,et al.  Engineering for Safety : A Roadmap , 2001 .

[26]  T. S. E. Maibaum,et al.  A Software Certification Consortium and its Top 9 Hurdles , 2009, Electron. Notes Theor. Comput. Sci..

[27]  Anthony Hall,et al.  Seven myths of formal methods , 1990, IEEE Software.

[28]  Charles Johnson Forensic software engineering: are software failures symptomatic of systemic problems? , 2002 .

[29]  Tony Gorschek,et al.  Evaluation and Measurement of Software Process Improvement—A Systematic Literature Review , 2012, IEEE Transactions on Software Engineering.

[30]  Tony Gorschek,et al.  A method for evaluating rigor and industrial relevance of technology evaluations , 2011, Empirical Software Engineering.

[31]  Björn Regnell,et al.  Requirements are slipping through the gaps — A case study on causes & effects of communication gaps in large-scale software development , 2011, 2011 IEEE 19th International Requirements Engineering Conference.

[32]  Fred D. Davis User Acceptance of Information Technology: System Characteristics, User Perceptions and Behavioral Impacts , 1993, Int. J. Man Mach. Stud..

[33]  Nancy G. Leveson,et al.  Safeware: System Safety and Computers , 1995 .

[34]  Barbara Ann Kitchenham,et al.  Evaluating software engineering methods and tool part 1: The evaluation context and evaluation methods , 1996, SOEN.

[35]  Barbara Kitchenham,et al.  DESMET: a methodology for evaluating software engineering methods and tools , 1997 .

[36]  Jean-Raymond Abrial,et al.  Formal methods in industry: achievements, problems, future , 2006, ICSE.

[37]  John Ingham,et al.  Why do people use information technology? A critical review of the technology acceptance model , 2003, Inf. Manag..

[38]  George Romanski,et al.  Verification of safety-critical software , 2011, CACM.

[39]  Danny Kopec,et al.  Failures in complex systems: case studies, causes, and possible remedies , 2007, SGCS.

[40]  Ron Bell,et al.  Introduction to IEC 61508 , 2006 .

[41]  Per Runeson,et al.  Guidelines for conducting and reporting case study research in software engineering , 2009, Empirical Software Engineering.

[42]  Richard Baskerville,et al.  Agile requirements engineering practices and challenges: an empirical study , 2007, Inf. Syst. J..

[43]  Nancy G. Leveson Safety as a system property , 1995, CACM.

[44]  Cyrille Comar,et al.  Certifiably safe software-dependent systems: challenges and directions , 2014, FOSE.

[45]  Donald Firesmith,et al.  Engineering Safety Requirements, Safety Constraints, and Safety-Critical Requirements , 2004, J. Object Technol..

[46]  Chris W. Johnson,et al.  Reducing Our Ignorance: Finding Answers to Certain Epistemic Questions for Software Systems , 2011 .