Automating the Generation of Heterogeneous Aviation Safety Cases

A safety case is a structured argument, supported by a body of evidence, which provides a convincing and valid justification that a system is acceptably safe for a given application in a given operating environment. This report describes the development of a fragment of a preliminary safety case for the Swift Unmanned Aircraft System. The construction of the safety case fragment consists of two parts: a manually constructed system-level case, and an automatically constructed lower-level case, generated from formal proof of safety-relevant correctness properties. The authors provide a detailed discussion of the safety considerations for the target system, emphasizing the heterogeneity of sources of safety-relevant information, and use a hazard analysis to derive safety requirements, including formal requirements. The safety case is evaluated using three classes of metrics for measuring degrees of coverage, automation, and understandability. Preliminary conclusions are presented along with suggestions for future work.

[1]  Tim Kelly,et al.  Arguing Safety - A Systematic Approach to Managing Safety Cases , 1998 .

[2]  David Wright,et al.  Confidence: Its Role in Dependability Cases for Risk Assessment , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[3]  H. D. Rombach,et al.  The Goal Question Metric Approach , 1994 .

[4]  Shari Lawrence Pfleeger,et al.  Software Metrics : A Rigorous and Practical Approach , 1998 .

[5]  Nurlida Basir,et al.  Constructing a Safety Case for Automatically Generated Code from Formal Program Verification Information , 2008, SAFECOMP.

[6]  Richard Hawkins,et al.  A New Approach to creating Clear Safety Arguments , 2011, SSS.

[7]  Peter G. Bishop,et al.  Safety and Assurance Cases: Past, Present and Possible Future - an Adelard Perspective , 2010, SSS.

[8]  P.S. Miner,et al.  Unmanned Aircraft Hazards and their Implications for Regulation , 2006, 2006 ieee/aiaa 25TH Digital Avionics Systems Conference.

[9]  David Wright,et al.  Toward a Formalism for Conservative Claims about the Dependability of Software-Based Systems , 2011, IEEE Transactions on Software Engineering.

[10]  Norman E. Fenton,et al.  Using Ranked Nodes to Model Qualitative Judgments in Bayesian Networks , 2007, IEEE Transactions on Knowledge and Data Engineering.

[11]  Ewen Denney,et al.  Querying Proofs (Work in Progress) , 2011 .

[12]  Makoto Takeyama A note on "D-Cases as proofs as programs" , 2010 .

[13]  Ewen Denney,et al.  A Verification-Driven Approach to Traceability and Documentation for Auto-Generated Mathematical Software , 2009, 2009 IEEE/ACM International Conference on Automated Software Engineering.

[14]  Salvatore J. Bavuso,et al.  Dynamic fault-tree models for fault-tolerant computer systems , 1992 .

[15]  Ewen Denney,et al.  AdvoCATE: An Assurance Case Automation Toolset , 2012, SAFECOMP Workshops.

[16]  Nurlida Basir,et al.  Deriving Safety Cases for the Formal Safety Certification of Automatically Generated Code , 2009, Electron. Notes Theor. Comput. Sci..

[17]  Finn V. Jensen,et al.  Bayesian Networks and Decision Graphs , 2001, Statistics for Engineering and Information Science.

[18]  John A. McDermid,et al.  Safety case patterns-reusing successful arguments , 1998 .

[19]  C. M. Holloway Safety Case Notations: Alternatives for the Non-Graphically Inclined? , 2008 .

[20]  James Reason,et al.  Human Error , 1990 .

[21]  E. Denney,et al.  A Software Safety Certification Tool for Automatically Generated Guidance, Navigation and Control Code , 2008, 2008 IEEE Aerospace Conference.

[22]  Reece A. Clothier,et al.  Definition of an airworthiness certification framework for civil unmanned aircraft systems , 2011 .

[23]  Ewen Denney,et al.  Hiproofs: A Hierarchical Notion of Proof Tree , 2006, MFPS.

[24]  Johann Schumann,et al.  The Case for Software Health Management , 2011, 2011 IEEE Fourth International Conference on Space Mission Challenges for Information Technology.

[25]  Tim Kelly,et al.  The Goal Structuring Notation – A Safety Argument Notation , 2004 .

[26]  David Wright,et al.  The Use of Multilegged Arguments to Increase Confidence in Safety Claims for Software-Based Systems: A Study Based on a BBN Analysis of an Idealized Example , 2007, IEEE Transactions on Software Engineering.

[27]  Reece A. Clothier,et al.  Definition of airworthiness categories for civil unmanned aircraft systems (UAS) , 2010 .

[28]  Peter Neumann,et al.  Safeware: System Safety and Computers , 1995, SOEN.