Characterizing the Chain of Evidence for Software Safety Cases: A Conceptual Model Based on the IEC 61508 Standard

Increasingly, licensing and safety regulatory bodies require the suppliers of software-intensive, safety-critical systems to provide an explicit software safety case – a structured set of arguments based on objective evidence to demonstrate that the software elements of a system are acceptably safe. Existing research on safety cases has mainly focused on how to build the arguments in a safety case based on available evidence; but little has been done to precisely characterize what this evidence should be. As a result, system suppliers are left with practically no guidance on what evidence to collect during software development. This has led to the suppliers having to recover the relevant evidence after the fact – an extremely costly and sometimes impractical task. Although standards such as the IEC 61508 – which is widely viewed as the best available generic standard for managing functional safety in software – provide some guidance for the collection of relevant safety and certification information, this guidance is mostly textual, not expressed in a precise and structured form, and is not easy to specialize to context-specific needs. To address these issues, we present a conceptual model to characterize the evidence for arguing about software safety. Our model captures both the information requirements for demonstrating compliance with IEC 61508 and the traceability links necessary to create a seamless chain of evidence. We further describe how our generic model can be specialized according to the needs of a particular context, and discuss some important ways in which our model can facilitate software certification.

[1]  John A. McDermid,et al.  Support for safety cases and safety arguments using SAM , 1994 .

[2]  John A. McDermid,et al.  Safety Case Development: Current Practice, Future Prospects , 1997 .

[3]  Peter G. Bishop,et al.  A Methodology for Safety Case Development , 2000, SSS.

[4]  Tim Kelly,et al.  Arguing Safety - A Systematic Approach to Managing Safety Cases , 1998 .

[5]  John A. McDermid,et al.  Safety case patterns-reusing successful arguments , 1998 .

[6]  R. Bell,et al.  IEC 61508: functional safety of electrical/electronic/ programme electronic safety-related systems: overview , 1999 .

[7]  Trevor Cockram,et al.  Electronic Safety Cases: Challenges and Opportunities , 2003 .

[8]  Tim Kelly,et al.  The Goal Structuring Notation – A Safety Argument Notation , 2004 .

[9]  Clifton A. Ericson,et al.  Hazard Analysis Techniques for System Safety: Ericson/Hazard Analysis Techniques for System Safety , 2005 .

[10]  Clifton A. Ericson,et al.  Hazard Analysis Techniques for System Safety , 2005 .

[11]  Richard F. Paige,et al.  Defining a Framework for the Development and Management of Dependability Cases , 2008 .

[12]  Paul W. H. Chung,et al.  Compliance Flow - Managing the compliance of dynamic and complex processes , 2008, Knowl. Based Syst..

[13]  John A. McDermid,et al.  A harmonised model for safety assessment and certification of safety-critical systems in the transportation industries , 2008, Requirements Engineering.

[14]  Robert Lewis Safety Case Development as an Information Modelling Problem , 2009, SSS.

[15]  Michaela Huhn,et al.  Analysing Dependability Case Arguments Using Quality Models , 2009, SAFECOMP.