mdh.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Castellanos Ardila, Julieth Patricia, Doctoral student
Publications (9 of 9) Show all publications
Castellanos Ardila, J. P. (2019). Facilitating Automated Compliance Checking of Processes against Safety Standards. (Licentiate dissertation). Västerås: Mälardalen Unviersity
Open this publication in new window or tab >>Facilitating Automated Compliance Checking of Processes against Safety Standards
2019 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

A system is safety-critical if its malfunctioning could have catastrophic consequences for people, property or the environment, e.g., the failure in a car's braking system could be potentially tragic. To produce such type of systems, special procedures, and strategies, that permit their safer deployment into society, should be used. Therefore, manufacturers of safety-critical systems comply with domain-specific safety standards, which embody the public consensus of acceptably safe. Safety standards also contain a repository of expert knowledge and best practices that can, to some extent, facilitate the safety-critical system’s engineering. In some domains, the applicable safety standards establish the accepted procedures that regulate the development processes. For claiming compliance with such standards, companies should adapt their practices and provide convincing justifications regarding the processes used to produce their systems, from the initial steps of the production. In particular, the planning of the development process, in accordance with the prescribed process-related requirements specified in the standard, is an essential piece of evidence for compliance assessment. However, providing such evidence can be time-consuming and prone-to-error since it requires that process engineers check the fulfillment of hundreds of requirements based on their processes specifications. With access to suitable tool-supported methodologies, process engineers would be able to perform their job efficiently and accurately.

Safety standards prescribe requirements in natural language by using notions that are subtly similar to the concepts used to describe laws. In particular, requirements in the standards introduce conditions that are obligatory for claiming compliance. Requirements also define tailoring rules, which are actions that permit to comply with the standard in an alternative way. Unfortunately, current approaches for software verification are not furnished with these notions, which could make their use in compliance checking difficult. However, existing tool-supported methodologies designed in the legal compliance context, which are also proved in the business domain, could be exploited for defining an adequate automated compliance checking approach that suits the conditions required in the safety-critical context.

The goal of this Licentiate thesis is to propose a novel approach that combines: 1) process modeling capabilities for representing systems and software process specifications, 2) normative representation capabilities for interpreting the requirements of the safety standards in an adequate machine-readable form, and 3) compliance checking capabilities to provide the analysis required to conclude whether the model of a process corresponds to the model with the compliant states proposed by the standard's requirements. Our approach contributes to facilitating compliance checking by providing automatic reasoning from the requirements prescribed by the standards, and the description of the process they regulate. It also contributes to cross-fertilize two communities that were previously isolated, namely safety-critical and legal compliance contexts. Besides, we propose an approach for mastering the interplay between highly-related standards. This approach includes the reuse capabilities provided by SoPLE (Safety-oriented Process Line Engineering), which is a methodological approach aiming at systematizing the reuse of process-related information in the context of safety-critical systems. With the addition of SoPLE, we aim at planting the seeds for the future provision of systematic reuse of compliance proofs. Hitherto, our proposed methodology has been evaluated with academic examples that show the potential benefits of its use.

Place, publisher, year, edition, pages
Västerås: Mälardalen Unviersity, 2019. p. 170
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 277
Keywords
Automated Compliance Checking, Safety-critical Systems, Safety Standards Formalization, Safety Processes
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-42752 (URN)978-91-7485-422-0 (ISBN)
Presentation
2019-03-28, Lambda, Mälarldalens högskola, Västerås, 13:15 (English)
Opponent
Supervisors
Projects
AMASS
Available from: 2019-02-22 Created: 2019-02-21 Last updated: 2019-03-01Bibliographically approved
Gallina, B., UL Muram, F. & Castellanos Ardila, J. P. (2018). Compliance of agilized (Software) development processes with safety standards: A vision. In: ACM International Conference Proceeding Series: . Paper presented at 19th International Conference on Agile Software Development, XP 2018, 21 May 2018 through 25 May 2018. Association for Computing Machinery, Article ID Article number a14.
Open this publication in new window or tab >>Compliance of agilized (Software) development processes with safety standards: A vision
2018 (English)In: ACM International Conference Proceeding Series, Association for Computing Machinery , 2018, article id Article number a14Conference paper, Published paper (Refereed)
Abstract [en]

Hybrid software development, meant as a combination of traditional and agile methods/practices, has become a reality in safety-critical systems engineering. The spreading of hybrid software development stems from the impossibility to face the manyfold challenges via the definition of a process by the book. In this context, compliance management becomes challenging and the role of existing means for compliance should be clarified/rethought. In this position paper, we discuss the challenges and we propose our compliance management vision, which is being implemented in the context of the EU ECSEL AMASS project.

Place, publisher, year, edition, pages
Association for Computing Machinery, 2018
Keywords
Agile development, Compliance management, Process compliance checking, Safety standards, Regulatory compliance, Safety engineering, Software design, Agile methods, Compliance checking, Development process, Position papers, Safety critical systems, Safety standard, Compliance control
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-43511 (URN)10.1145/3234152.3234175 (DOI)000474466600014 ()2-s2.0-85065768873 (Scopus ID)
Conference
19th International Conference on Agile Software Development, XP 2018, 21 May 2018 through 25 May 2018
Available from: 2019-05-27 Created: 2019-05-27 Last updated: 2019-10-11Bibliographically approved
Castellanos Ardila, J. P., Gallina, B. & UL Muram, F. (2018). Enabling Compliance Checking against Safety Standards from SPEM 2.0 Process Models. In: The Euromicro Conference on Software Engineering and Advanced Applications SEAA 2018: . Paper presented at The Euromicro Conference on Software Engineering and Advanced Applications SEAA 2018, 29 Aug 2018, Prague, Czech Republic.
Open this publication in new window or tab >>Enabling Compliance Checking against Safety Standards from SPEM 2.0 Process Models
2018 (English)In: The Euromicro Conference on Software Engineering and Advanced Applications SEAA 2018, 2018Conference paper, Published paper (Refereed)
Abstract [en]

Compliance with process-based safety standards may imply the provision of a safety plan and its corresponding compliance justification. The provision of this justification is time-consuming since it requires that the process engineer checks the fulfillment of hundred of requirements by taking into account the evidence provided by the process entities. Available methodologies and their implemented tools can be used to automate this checking and provide a compliance report that can be part of the justification to be scrutinized by the safety auditor. In this paper, we explain our compliance checking vision for supporting the process engineer, in which the interaction between SPEM 2.0 (Software & Systems Process Engineering Metamodel) and Regorous (a tool-supported methodology for compliance checking) is established. Then, we focus on SPEM 2.0 to identify mechanisms to provide the minimal set of elements required to be processed by Regorous and describe how to implement them in EPF Composer. We also illustrate these mechanisms by modeling a simple example from ISO 26262 and show how a compliance report can be used to trace unfulfilled requirements.

Keywords
Compliance checking, SPEM 2.0, Regorous.
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-40853 (URN)10.1109/SEAA.2018.00017 (DOI)000450238900008 ()2-s2.0-85056477430 (Scopus ID)
Conference
The Euromicro Conference on Software Engineering and Advanced Applications SEAA 2018, 29 Aug 2018, Prague, Czech Republic
Projects
AMASS - Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems
Available from: 2018-09-18 Created: 2018-09-18 Last updated: 2019-01-04Bibliographically approved
Castellanos Ardila, J. P. (2018). Facilitating Automated Compliance Checking of Processes against Safety Standards. In: : . Paper presented at Isola 2018, Oct.30-Nov. 13, Limasssol, Cyprus.
Open this publication in new window or tab >>Facilitating Automated Compliance Checking of Processes against Safety Standards
2018 (English)Conference paper, Published paper (Refereed)
National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-41715 (URN)
Conference
Isola 2018, Oct.30-Nov. 13, Limasssol, Cyprus
Projects
AMASS - Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems
Available from: 2018-12-18 Created: 2018-12-18 Last updated: 2018-12-18Bibliographically approved
Castellanos Ardila, J. P. & Gallina, B. (2018). Formal Contract Logic Based Patterns for Facilitating Compliance Checking against ISO 26262. In: CEUR Workshop Proceedings, Volume 2049: . Paper presented at 1st Workshop on Technologies for Regulatory Compliance TeReCom-2017, 13 Dec 2017, Luxembourg, Luxemburg (pp. 65-72).
Open this publication in new window or tab >>Formal Contract Logic Based Patterns for Facilitating Compliance Checking against ISO 26262
2018 (English)In: CEUR Workshop Proceedings, Volume 2049, 2018, p. 65-72Conference paper, Published paper (Refereed)
Abstract [en]

ISO 26262 demands a confirmation review of the safety plan, which includes the compliance checking of planned processes against safety requirements. Formal Contract Logic (FCL), a logic-based language stemming from business compliance, provides means to formalize normative requirements enabling automatic compliance checking. However, formalizing safety requirements in FCL requires skills, which cannot be taken for granted. In this paper, we provide a set of ISO 26262-specific FCL compliance patterns to facilitate rules formalization. First, we identify and define the patterns, based on Dwyer' et al.'s specification patterns style. Then, we instantiate the patterns to illustrate their applicability. Finally, we sketch conclusions and future work.

Series
CEUR Workshop Proceedings, ISSN 1613-0073
Keywords
ISO 26262, Confirmation review, Compliance checking, Formal Contract Logic, Safety compliance patterns
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-38647 (URN)2-s2.0-85045562240 (Scopus ID)
Conference
1st Workshop on Technologies for Regulatory Compliance TeReCom-2017, 13 Dec 2017, Luxembourg, Luxemburg
Projects
AMASS - Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems
Available from: 2018-03-02 Created: 2018-03-02 Last updated: 2018-05-11Bibliographically approved
Castellanos Ardila, J. P., Gallina, B. & Governatori, G. (2018). Lessons Learned while formalizing ISO 26262 for Compliance Checking. In: Proceedings of the 2nd Workshop on Technologies for Regulatory Compliance (TeReCom): . Paper presented at 2nd Workshop on Technologies for Regulatory Compliance co-located with the 31st International Conference on Legal Knowledge and Information Systems (JURIX 2018) Groningen, The Netherlands, December 12, 2018. (pp. 5-16).
Open this publication in new window or tab >>Lessons Learned while formalizing ISO 26262 for Compliance Checking
2018 (English)In: Proceedings of the 2nd Workshop on Technologies for Regulatory Compliance (TeReCom), 2018, p. 5-16Conference paper, Published paper (Refereed)
Abstract [en]

A confirmation review of the safety plan is required during compliance assessment with ISO 26262. Its production could be facilitated by creating a specification of the standard’s requirements in FCL (Formal Contract Logic), which is a language that can be used to automatically checking compliance. However, we have learned, via previous experiences, that interpreting ISO 26262 requirements and specifying them in FCL is complex. Thus, we perform a formalization-oriented pre-processing of ISO 26262 to find effective ways to proceed with this task. In this paper, we present the lessons learned from this pre-processing which includes the identification of the essential normative parts to be formalized, the identification of SCP (Safety Compliance Patterns) and its subsequent documentation as templates, and the definition of a methodological guideline to facilitate the formalization of normative clauses. Finally, we illustrate the defined methodology by formalizing ISO 26262 part 3 and discuss our findings.

Series
CEUR Workshop Proceedings, ISSN 1613-0073 ; 2309
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-42568 (URN)
Conference
2nd Workshop on Technologies for Regulatory Compliance co-located with the 31st International Conference on Legal Knowledge and Information Systems (JURIX 2018) Groningen, The Netherlands, December 12, 2018.
Available from: 2019-02-05 Created: 2019-02-05 Last updated: 2019-06-03Bibliographically approved
Castellanos Ardila, J. P., Gallina, B. & UL Muram, F. (2018). Transforming SPEM 2.0-compatible process models into models checkable for compliance. In: Communications in Computer and Information Science: . Paper presented at 18th International Conference on Software Process Improvement and Capability Determination, SPICE 2018; Tessaloniki; Greece; 9 October 2018 through 10 October 2018 (pp. 233-247). Springer Verlag, 918
Open this publication in new window or tab >>Transforming SPEM 2.0-compatible process models into models checkable for compliance
2018 (English)In: Communications in Computer and Information Science, Springer Verlag , 2018, Vol. 918, p. 233-247Conference paper, Published paper (Refereed)
Abstract [en]

Manual compliance with process-based standards is time-consuming and prone-to-error. No ready-to-use solution is currently available for increasing efficiency and confidence. In our previous work, we have presented our automated compliance checking vision to support the process engineer’s work. This vision includes the creation of a process model, given by using a SPEM 2.0 (Systems & Software Process Engineering Metamodel)-reference implementation, to be checked by Regorous, a compliance checker used in the business context. In this paper, we move a step further for the concretization of our vision by defining the transformation, necessary to automatically generate the models required by Regorous. Then, we apply our transformation to a small portion of the design phase recommended in the rail sector. Finally, we discuss our findings, and present conclusions and future work. 

Place, publisher, year, edition, pages
Springer Verlag, 2018
Keywords
Compliance checking, Regorous, Software process, SPEM 2.0, Circuit simulation, Process engineering, Regulatory compliance, Automated compliance checking, Compatible process, Reference implementation, Software process engineering metamodel, Compliance control
National Category
Software Engineering Embedded Systems
Identifiers
urn:nbn:se:mdh:diva-41233 (URN)10.1007/978-3-030-00623-5_16 (DOI)2-s2.0-85054783999 (Scopus ID)9783030006228 (ISBN)
Conference
18th International Conference on Software Process Improvement and Capability Determination, SPICE 2018; Tessaloniki; Greece; 9 October 2018 through 10 October 2018
Available from: 2018-10-26 Created: 2018-10-26 Last updated: 2018-10-26Bibliographically approved
Castellanos Ardila, J. P. & Gallina, B. (2017). Towards Efficiently Checking Compliance Against Automotive Security and Safety Standards. In: The 7th IEEE International Workshop on Software Certification WoSoCer 2017: . Paper presented at The 7th IEEE International Workshop on Software Certification WoSoCer 2017, 23 Oct 2017, Toulouse, France (pp. 317-324).
Open this publication in new window or tab >>Towards Efficiently Checking Compliance Against Automotive Security and Safety Standards
2017 (English)In: The 7th IEEE International Workshop on Software Certification WoSoCer 2017, 2017, p. 317-324Conference paper, Published paper (Refereed)
Abstract [en]

The growing connectivity of the systems that we rely on e.g. transportation vehicles is pushing towards the introduction of new standards aimed at providing a baseline to address cybersecurity besides safety. If the interplay of the two normative spaces is not mastered, compliance management might become more time consuming and costly, preventing engineers from dedicating their energies to system engineering. In this paper, we build on top of previous work aimed at increasing efficiency and confidence in compliance management. More specifically, we contribute to building a terminological framework needed to enable the systematization of commonalities and variabilities within ISO 26262 and SAE J3061. Then, we focus our attention on the requirements for software design and implementation and we use defeasible logic to prove compliance. Based on the compliance checking results, we reveal reuse opportunities. Finally, we draw our conclusions and sketch future research directions.

Keywords
ISO 26262, SAE J3061, compliance management, compliance proofs, reuse, defeasible logic
National Category
Communication Systems
Identifiers
urn:nbn:se:mdh:diva-37331 (URN)10.1109/ISSREW.2017.33 (DOI)000418465000067 ()2-s2.0-85040597393 (Scopus ID)978-1-5386-2387-9 (ISBN)
Conference
The 7th IEEE International Workshop on Software Certification WoSoCer 2017, 23 Oct 2017, Toulouse, France
Projects
AMASS - Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems
Available from: 2017-11-28 Created: 2017-11-28 Last updated: 2018-02-08Bibliographically approved
Castellanos Ardila, J. P. & Gallina, B. (2017). Towards Increased Efficiency and Confidence in Process Compliance. In: 24th European & Asian Systems, Software & Service Process Improvement & Innovation EuroAsiaSPI2 '17: . Paper presented at 24th European & Asian Systems, Software & Service Process Improvement & Innovation EuroAsiaSPI2 '17, 06 Sep 2017, Ostrava, Czech Republic (pp. 162-174).
Open this publication in new window or tab >>Towards Increased Efficiency and Confidence in Process Compliance
2017 (English)In: 24th European & Asian Systems, Software & Service Process Improvement & Innovation EuroAsiaSPI2 '17, 2017, p. 162-174Conference paper, Published paper (Refereed)
Abstract [en]

Nowadays, the engineering of (software) systems has to comply with di erent standards, which often exhibit common requirements or at least a signi cant potential for synergy. Compliance management is a delicate, time-consuming, and costly activity, which would bene- t from increased con dence, automation, and systematic reuse. In this paper, we introduce a new approach, called SoPLE&Logic-basedCM. SoPLE&Logic-basedCM combines (safety-oriented) process line engineering with defeasible logic-based approaches for formal compliance checking. As a result of this combination, SoPLE&Logic-basedCM enables automation of compliance checking and systematic reuse of process elements as well as compliance proofs. To illustrate SoPLE&Logic-basedCM, we apply it to the automotive domain and we draw our lessons learnt.

Keywords
ISO 26262, Automotive SPICE, compliance by design, reuse, defeasible logic, process assessment, software process improvement
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-37006 (URN)10.1007/978-3-319-64218-5_13 (DOI)000434331400013 ()2-s2.0-85030648806 (Scopus ID)9783319642178 (ISBN)
Conference
24th European & Asian Systems, Software & Service Process Improvement & Innovation EuroAsiaSPI2 '17, 06 Sep 2017, Ostrava, Czech Republic
Projects
AMASS - Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems
Available from: 2017-11-27 Created: 2017-11-27 Last updated: 2018-06-21Bibliographically approved
Organisations

Search in DiVA

Show all publications

Profile pages