An Extended Systematic Literature Review on Classification , Structuring and Assessment of Evidence for Safety Compliance

Context: Critical systems as found in domains such as avionics, railways, and automotive are often subject to a formal process of safety assessment or certification. The goal of this process is to ensure that these systems will operate safely without posing undue risks to the user, the public, or the environment. Safety is usually assured by compliance with safety standards, which involves providing evidence to show that the safety criteria of the standards are met. Oftentimes, standards are ambiguous and extremely time consuming to understand, due to its sheer size and the fact that textual standards are prone to subjective interpretation. Objective: As a prerequisite to comply with standards, safety professionals need knowledge of how to classify different types of evidence, how to structure the evidence, and how to assess them. This paper is aimed towards developing such a body of knowledge. Method: This paper reports a Systematic Literature Review (SLR) of 216 papers published between 1990-2012, obtained after a multi-stage selection process. The SLR identifies and classifies the information and artefacts considered as evidence for safety, analyses the existing techniques for evidence structuring and assessment. Results: The results of the review were used to build an evidence taxonomy which will be particularly relevant to practitioners seeking a better understand about evidence requirements as well as to researchers conducting research in this area. The taxonomy has 49 different evidence types that were collected from the 216 papers. The paper also reports on most identified techniques for evidence structuring and assessment. In addition, the SLR summarizes the challenges noted in the literature in relation to provision of safety evidence and analyses commonalities between different application domains. The paper further discusses the implications of the results of the literature review for future research in the application domains identified in the review. Conclusion: The paper, to our knowledge, is the first systematic review concerning evidence for safety. The results provide useful insights for both research and practice. Particularly, the evidence classification developed provides a concrete basis for learning about and tailoring the various types of evidence that practitioners need to provide in support of safety. As a major finding in the review, the results suggest that there is a strong need for more practice-oriented and industry-driven empirical studies in this area.

[1]  Mike Hill,et al.  Safety analysis of Hawk In Flight monitor , 1999, ACM SIGSOFT Softw. Eng. Notes.

[2]  Rogério de Lemos,et al.  On the safety analysis of requirements specifications for safety-critical software , 1995 .

[3]  El-Miloudi El-Koursi,et al.  Assessment criteria for safety critical computer , 1998, SMC'98 Conference Proceedings. 1998 IEEE International Conference on Systems, Man, and Cybernetics (Cat. No.98CH36218).

[4]  T. P. Kelly Can Process-Based and Product-Based Approaches to Software Safety Certification be Reconciled? , 2008, SSS.

[5]  Henrik Eriksson,et al.  Validation and Certification of Safety-Critical Embedded Systems - The DECOS Test Bench , 2006, SAFECOMP.

[6]  Mehrdad Sabetzadeh,et al.  SafeSlice: a model slicing and design safety inspection tool for SysML , 2011, ESEC/FSE '11.

[7]  Lukasz Cyra,et al.  Supporting Compliance with Security Standards by Trust Case Templates , 2007, 2nd International Conference on Dependability of Computer Systems (DepCoS-RELCOMEX '07).

[8]  Gregory Zoughbi,et al.  Modeling safety and airworthiness (RTCA DO-178B) information: conceptual model and UML profile , 2011, Software & Systems Modeling.

[9]  David Wright,et al.  Assesing dependability of safety critical systems using diverse evidence , 1998, IEE Proc. Softw..

[10]  Ibrahim Habli,et al.  A Generic Goal-Based Certification Argument for the Justification of Formal Analysis , 2009, SafeCert@ETAPS.

[11]  John A. McDermid Safety arguments, software and system reliability , 1991, Proceedings. 1991 International Symposium on Software Reliability Engineering.

[12]  Tim Kelly,et al.  Safety arguments in aircraft certification , 2009, ICONS 2009.

[13]  Insup Lee,et al.  Assurance Cases in Model-Driven Development of the Pacemaker Software , 2010, ISoLA.

[14]  Patricia Rodríguez-Dapena Software Safety Certification: A Multidomain Problem , 1999, IEEE Softw..

[15]  Joaquín Nicolás,et al.  On the generation of requirements specifications from software engineering models: A systematic literature review , 2009, Inf. Softw. Technol..

[16]  I. Toyn,et al.  Proof vs testing in the context of safety standards , 2005, 24th Digital Avionics Systems Conference.

[17]  Fan Ye,et al.  Contract-Based Justification for COTS Component within Safety Critical Applications , 2004, SCS.

[18]  Swu Yih,et al.  Analyzing the decision making process of certifying digital control systems of nuclear power plants , 2012 .

[19]  Marc Bouissou,et al.  Assessment of a safety-critical system including software: a Bayesian belief network for evidence sources , 1999, Annual Reliability and Maintainability. Symposium. 1999 Proceedings (Cat. No.99CH36283).

[20]  J. Wang,et al.  Analysis of safety‐critical software elements in offshore safety studies , 2000 .

[21]  John A. McDermid,et al.  Software Safety: Where's the Evidence? , 2001, SCS.

[22]  Mehrdad Sabetzadeh,et al.  Using SysML for Modeling of Safety-Critical Software-Hardware Interfaces: Guidelines and Industry Experience , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[23]  E. Denney,et al.  A Software Safety Certification Tool for Automatically Generated Guidance, Navigation and Control Code , 2008, 2008 IEEE Aerospace Conference.

[24]  Brian Jepson,et al.  Putting Trust into Safety Arguments , 2005, SSS.

[25]  Mehrdad Sabetzadeh,et al.  A Model-Driven Engineering Approach to Support the Verification of Compliance to Safety Standards , 2011, 2011 IEEE 22nd International Symposium on Software Reliability Engineering.

[26]  Mehrdad Sabetzadeh,et al.  Characterizing the Chain of Evidence for Software Safety Cases: A Conceptual Model Based on the IEC 61508 Standard , 2010, 2010 Third International Conference on Software Testing, Verification and Validation.

[27]  Carlos G. Bilich,et al.  Experiences with the Certification of a Generic Functional Safety Management Structure According to IEC 61508 , 2009, SAFECOMP.

[28]  Apoorva Singhal,et al.  A Systematic Review of Software Reliability Studies , 2011 .

[29]  Joseph P. Near,et al.  A lightweight code analysis and its role in evaluation of a dependability case , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[30]  Ian Sommerville,et al.  Integrating safety analysis and requirements engineering , 1997, Proceedings of Joint 4th International Computer Science Conference and 4th Asia Pacific Software Engineering Conference.

[31]  Michael Fisher,et al.  Certification of a Civil UAS: A Virtual Engineering Approach , 2011 .

[32]  Nurlida Basir,et al.  Deriving Safety Cases for Hierarchical Structure in Model-Based Development , 2010, SAFECOMP.

[33]  Gordon Hughes,et al.  Decision-support for certification by calculating the evidential volume of a product , 2003, 2003 International Conference on Dependable Systems and Networks, 2003. Proceedings..

[34]  Byung Chai Lee,et al.  Verification of Safety Critical Software , 1996 .

[35]  Lawrence Z. Markosian,et al.  Building a Safety Case for a Safety-Critical NASA Space Vehicle Software System , 2011, 2011 IEEE Fourth International Conference on Space Mission Challenges for Information Technology.

[36]  Richard Hawkins,et al.  Arguing Conformance , 2012, IEEE Software.

[37]  Mehrdad Sabetzadeh,et al.  Combining Goal Models, Expert Elicitation, and Probabilistic Simulation for Qualification of New Technology , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[38]  Tim Kelly,et al.  Arguing Safety - A Systematic Approach to Managing Safety Cases , 1998 .

[39]  G. G. Preckshot,et al.  Evaluating software for safety systems in nuclear power plants , 1994, Proceedings of COMPASS'94 - 1994 IEEE 9th Annual Conference on Computer Assurance.

[40]  Andrew J. Kornecki,et al.  Certification of software for real-time safety-critical systems: state of the art , 2009, Innovations in Systems and Software Engineering.

[41]  Combining software evidence , 2005, ACM SIGSOFT Softw. Eng. Notes.

[42]  Peter H. Feiler Model-based validation of safety-critical embedded systems , 2010, 2010 IEEE Aerospace Conference.

[43]  John A. McDermid,et al.  The Safety Argument Manager: an integrated approach to the engineering and safety assessment of computer based systems , 1996, Proceedings IEEE Symposium and Workshop on Engineering of Computer-Based Systems.

[44]  E. Schoitsch,et al.  Modular certification support — the DECOS concept of generic safety cases , 2008, 2008 6th IEEE International Conference on Industrial Informatics.

[45]  Mehrdad Sabetzadeh,et al.  Using UML Profiles for Sector-Specific Tailoring of Safety Evidence Information , 2011, ER.

[46]  Mehrdad Sabetzadeh,et al.  Planning for Safety Evidence Collection: A Tool-Supported Approach Based on Modeling of Standards Compliance Information , 2011 .

[47]  Laurie A. Williams,et al.  DevCOP: A Software Certificate Management System for Eclipse , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[48]  Torsten Dittel,et al.  How to "Survive" a Safety Case According to ISO 26262 , 2010, SAFECOMP.

[49]  Silvia Mara Abrahão,et al.  Usability evaluation methods for the web: A systematic mapping study , 2011, Inf. Softw. Technol..

[50]  Tim Kelly,et al.  Combining Bayesian Belief Networks and the Goal Structuring Notation to Support Architectural Reasoning About Safety , 2007, SAFECOMP.

[51]  Michaela Huhn,et al.  Analysing Dependability Case Arguments Using Quality Models , 2009, SAFECOMP.

[52]  A.J.J Dick,et al.  Evidence-based development - applying safety engineering techniques to the progressive assurance and certification of complex systems , 2008 .

[53]  Bernhard Schätz,et al.  A Case Study on Safety Cases in the Automotive Domain: Modules, Patterns, and Models , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

[54]  Stephen P. Wilson,et al.  Justifying reliability claims for a fault-detecting parallel architecture , 1997, J. Syst. Archit..

[55]  Rupert Brown Improving the Production and Presentation of Safety Cases through the use of Intranet Technology , 1998, SSS.

[56]  Trevor Cockram,et al.  Electronic Safety Cases: Challenges and Opportunities , 2003 .

[57]  Mario Trapp,et al.  A Safety Engineering Framework for Open Adaptive Systems , 2011, 2011 IEEE Fifth International Conference on Self-Adaptive and Self-Organizing Systems.

[58]  Matthew John Squair,et al.  Issues in the application of software safety standards , 2006 .

[59]  Janice Hill,et al.  The Product Engineering Class in the Software Safety Risk Taxonomy for Building Safety-Critical Systems , 2008, 19th Australian Conference on Software Engineering (aswec 2008).

[60]  Peter G. Bishop,et al.  A Methodology for Safety Case Development , 2000, SSS.

[61]  Nurlida Basir,et al.  Deriving safety cases from automatically constructed proofs , 2009, ICONS 2009.

[62]  John A. McDermid,et al.  Supporting explicit interpretation of standards and guidance , 2010 .

[63]  Lars-Henrik Eriksson Using Formal Methods in a Retrospective Safety Case , 2004, SAFECOMP.

[64]  Dominique Méry,et al.  Trustable Formal Specification for Software Certification , 2010, ISoLA.

[65]  Robert Lewis Safety Case Development as an Information Modelling Problem , 2009, SSS.

[66]  Tim Kelly,et al.  Process and product certification arguments: getting the balance right , 2006, SIGBED.

[67]  C. M. Holloway Safety Case Notations: Alternatives for the Non-Graphically Inclined? , 2008 .

[68]  Marco Bozzano,et al.  Design and Safety Assessment of Critical Systems , 2010 .

[69]  Scott R. Tilley,et al.  Creating Safety Requirements Traceability for Assuring and Recertifying Legacy Safety-Critical Systems , 2010, 2010 18th IEEE International Requirements Engineering Conference.

[70]  Wasif Afzal,et al.  A systematic review of search-based testing for non-functional system properties , 2009, Inf. Softw. Technol..

[71]  Tim Kelly,et al.  A Model-Driven Approach to Assuring Process Reliability , 2008, 2008 19th International Symposium on Software Reliability Engineering (ISSRE).

[72]  T. Scott Ankrum,et al.  Structured assurance cases: three common standards , 2005, Ninth IEEE International Symposium on High-Assurance Systems Engineering (HASE'05).

[73]  Heiko Dörr,et al.  Establishing Evidence for Safety Cases in Automotive Systems - A Case Study , 2007, SAFECOMP.

[74]  Tim Kelly,et al.  Defence Standard 00-56 Issue 4 and Civil Standards - Appropriateness and Sufficiency of Evidence , 2008 .