In any safety argument, belief in the top-level goal depends upon a variety of assumptions that derive from the system development process, the operating context, and the system itself. If an assumption is false or becomes false at any point during the lifecycle, the rationale for belief in the safety goal might be invalidated and the safety of the associated system compromised. Assurance that assumptions actually hold when they are supposed to is not guaranteed, and so monitoring of assumptions might be required. In this paper, we describe the Safety Condition Monitoring System, a system that permits comprehensive yet flexible monitoring of assumptions throughout the entire lifecycle together with an alert infrastructure that allows tailored responses to violations of assumptions. An emphasis of the paper is the approach used to run-time monitoring of assumptions derived from software where the software cannot be easily changed.
[1]
Jack W. Davidson,et al.
A Framework for Creating Binary Rewriting Tools (Short Paper)
,
2014,
2014 Tenth European Dependable Computing Conference.
[2]
John C. Knight,et al.
Assurance Based Development of Critical Systems
,
2007,
37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).
[3]
John C. Knight,et al.
Software Process Synthesis in Assurance Based Development of Dependable Systems
,
2010,
2010 European Dependable Computing Conference.
[4]
Nancy G. Leveson,et al.
A systems approach to risk management through leading safety indicators
,
2015,
Reliab. Eng. Syst. Saf..
[5]
Ewen Denney,et al.
Dynamic Safety Cases for Through-Life Safety Assurance
,
2015,
2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.