Development of a Normative Package for Safety-Critical Software Using Formal Regulatory Requirements

Important tasks in requirement engineering are resolving requirements inconsistencies between regulators and developers of safety-critical computer systems, and the validation of regulatory requirements. This paper proposes a new approach to the regulatory process, including formulating requirements and elaborating methods for their assessment. We address the differences between prescriptive and nonprescriptive regulation, and suggest a middle approach. Also introduced is the notion of a normative package as the collection of documents to be used by a regulator and provided to a developer. It is argued that the normative package should include not only regulatory requirements but also methods of their assessment. We propose the use of formal regulatory requirements as a basis for development of software assessment methods. This approach is illustrated with examples of requirements for protecting computer control systems against unauthorized access, using the Z notation as the method of formalization.

[1]  Cornelia Boldyreff,et al.  The case for formal methods in standards , 1990, IEEE Software.

[2]  J. McDermid,et al.  Software Safety: Why is there no Consensus? , 2002 .

[3]  L. Emmet,et al.  Viewpoints on improving the standards making process: document factory or consensus management? , 1997, Proceedings of IEEE International Symposium on Software Engineering Standards.

[4]  V. S. Kharchenko Methodology of the review of software for safety important systems , 1999 .

[5]  F. Ficheux-Vapne,et al.  IEC 880: feedback of experience and guidelines for future work , 1995, Proceedings of Software Engineering Standards Symposium.

[6]  Peter G. Bishop,et al.  The Practicalities of Goal-Based Safety Regulation , 2001 .

[7]  Kelly J. Hayhurst,et al.  Challenges in software aspects of aerospace systems , 2001, Proceedings 26th Annual NASA Goddard Software Engineering Workshop.

[8]  Norman E. Fenton,et al.  A Strategy for Improving Safety Related Software Engineering Standards , 1998, IEEE Trans. Software Eng..

[9]  Jonathan P. Bowen,et al.  Establishing Formal Regulatory Requirements for Safety-Critical Software Certification , 2001 .

[10]  Wolfgang Emmerich,et al.  Managing Standards Compliance , 1999, IEEE Trans. Software Eng..

[11]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[12]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[13]  Robyn R. Lutz,et al.  Engineering for Safety : A Roadmap , 2001 .

[14]  R. Bell,et al.  IEC 61508: functional safety of electrical/electronic/ programme electronic safety-related systems: overview , 1999 .

[15]  Simon Brown,et al.  Overview of IEC 61508. Design of electrical/electronic/programmable electronic safety-related systems , 2000 .

[16]  N. P. Kadambi,et al.  Guidance for Performance-based Regulation Guidance for Performance-based Regulation , 2022 .

[17]  Sergiy Vilkomir,et al.  An "asymmetric" approach to the assessment of safety-critical software during certification and licensing , 2000 .

[18]  Director General,et al.  Software for Computer Based Systems Important to Safety in Nuclear Power Plants SAFETY GUIDE , 2001 .

[19]  Jonathan P. Bowen Formal Specification and Documentation Using Z: A Case Study Approach , 1996 .

[20]  Lars-Henrik Eriksson,et al.  Specifying Railway Interlocking Requirements for Practical Use , 1996, SAFECOMP.

[21]  Ali Mili,et al.  Certifying Adaptive Flight Control Software , 2000 .