mdh.sePublikasjoner
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Contracts-Based Maintenance of Safety Cases
Mälardalens högskola, Akademin för innovation, design och teknik. Mälardalens högskola, Akademin för ekonomi, samhälle och teknik, Framtidens energi.ORCID-id: 0000-0002-9347-1949
2018 (engelsk)Doktoravhandling, med artikler (Annet vitenskapelig)
Abstract [en]

Safety critical systems are those systems whose failure could result in loss of life, significant property damage, or damage to the environment. System safety is a major property that shall be adequately assured to avoid any severe outcomes in safety critical systems. Safety assurance should provide justified confidence that all potential risks due to system failures are either eliminated or acceptably mitigated. System developers in many domains (e.g., automotive, avionics, railways) should provide convincing arguments regarding the safe performance of their systems to a national or international regulatory authority and obtain approvals before putting the system into service.  Building 'Safety cases' is a proven technique to argue about and communicate systems' safety and it has become a common practice in many safety critical system domains. System developers use safety cases to articulate claims about how systems meet their safety requirements and objectives, collect and document items of evidence, and construct a safety argument to show how the available items of evidence support the claims.

Safety critical systems are evolutionary and constantly subject to preventive, perfective, corrective or adaptive changes during both the development and operational phases. Changes to any part of those systems can undermine the confidence in safety since changes can refute articulated claims about safety or challenge the supporting evidence on which this confidence relies. Hence, safety cases need to be built as living documents that should always be maintained to justify the safety status of the associated system and evolve as these systems evolve. However, building safety cases are costly since they require a significant amount of time and efforts to define the safety objectives, generate the required evidence and conclude the underlying logic behind the safety case arguments. Safety cases document highly dependent elements such as safety goals, assumptions and evidence. Seemingly minor changes may have a major impact. Changes to a system or its environment can necessitate a costly and painstaking impact analysis for systems and their safety cases. In addition, changes may require system developers to generate completely new items of evidence by repeating the verification activities. Therefore, changes can exacerbate the cost of producing and maintaining safety cases.  

Safety contracts have been proposed as a means for helping to manage changes. There have been works that discuss the usefulness of contracts for reusability and maintainability. However, there has been little attention on how to derive them and how exactly they can be utilised for system or safety case maintenance.

The main goal of this thesis is to support the change impact analysis as a key factor to enhance the maintainability of safety cases. We focus on utilising safety contracts to achieve this goal. To address this, we study how safety contracts can support essential factors for any useful change management process, such as (1) identifying the impacted  elements  and  those  that  are  not  impacted, (2) minimising the number of impacted  safety  case  elements, and (3) reducing the  work  needed  to  make  the  impacted  safety  case  elements valid again. The preliminary finding of our study reveals that using safety contracts can be promising to develop techniques and processes to facilitate safety case maintenance. The absence of safety case maintenance guidelines from safety standards and the lack of systematic and methodical maintenance techniques have motivated the work of this thesis. Our work is presented through a set of developed and assessed techniques, where these techniques utilise safety contracts to achieve the overall goal by various contributions. We begin by a framework for evaluation of the impact of change on safety critical systems and safety cases. Through this, we identify and highlight the most sensitive system components to a particular change. We propose new ways to associate system design elements with safety case arguments to enable traceability. How to identify and reduce the propagation of change impact is addressed subsequently.  Our research also uses safety contracts to enable through-life safety assurance by monitoring and detecting any potential mismatch between the design safety assumptions and the actual behaviour of the system during its operational phase. More specifically, we use safety contracts to capture thresholds of selected safety requirements and compare them with the runtime related data (i.e., operational data) to continuously assess and evolve the safety arguments.

In summary, our proposed techniques pave the way for cost-effective maintenance of safety cases upon preventive, perfective, corrective or adaptive changes in safety critical systems thus helping better decision support for change impact analysis.

sted, utgiver, år, opplag, sider
Västerås: Mälardalen University , 2018.
Serie
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 280
HSV kategori
Forskningsprogram
datavetenskap
Identifikatorer
URN: urn:nbn:se:mdh:diva-41281ISBN: 978-91-7485-417-6 (tryckt)OAI: oai:DiVA.org:mdh-41281DiVA, id: diva2:1260329
Disputas
2018-12-03, Kappa, Mälardalens högskola, Västerås, 09:30 (engelsk)
Opponent
Veileder
Prosjekter
SafeCOP - Safe Cooperating Cyber-Physical Systems using Wireless Communication
Forskningsfinansiär
EU, Horizon 2020, 692529 VinnovaTilgjengelig fra: 2018-11-02 Laget: 2018-11-02 Sist oppdatert: 2019-04-16bibliografisk kontrollert
Delarbeid
1. A Safety-Centric Change Management Framework by Tailoring Agile and V-Model Processes
Åpne denne publikasjonen i ny fane eller vindu >>A Safety-Centric Change Management Framework by Tailoring Agile and V-Model Processes
2018 (engelsk)Inngår i: 36th International System Safety Conference ISSC 2018, 2018Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Safety critical systems are evolutionary and subject to preventive, perfective, corrective or adaptive changes during their lifecycle. Changes to any part of those systems can undermine the confidence in safety since changes can refute articulated claims about safety or challenge the supporting evidence on which this confidence relies. Changes to the software components are no exception. In order to maintain the confidence in the safety performance, developers must update their system and its safety case. Agile methodologies are known to embrace changes to software where agilists strive to manage changes, not to prevent them. In this paper, we introduce a novel framework in which we tailor a hybrid process of agile software development and the traditional V-model. The tailored process aims to facilitate the accommodation of non-structural changes to the software parts of safety critical systems. We illustrate our framework in the context of ISO 26262 safety standard.

Emneord
safety case, contracts, impact analysis, change management, agile software development, agile tailoring, V-model, XP, Kanban
HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-40880 (URN)
Konferanse
36th International System Safety Conference ISSC 2018, 13 Aug 2018, Phoenix, AZ, United States
Prosjekter
Future factories in the CloudSafeCOP - Safe Cooperating Cyber-Physical Systems using Wireless Communication
Forskningsfinansiär
EU, Horizon 2020, 692529 Vinnova
Tilgjengelig fra: 2018-09-18 Laget: 2018-09-18 Sist oppdatert: 2019-04-17bibliografisk kontrollert
2. Using Safety Contracts to Verify Design Assumptions During Runtime
Åpne denne publikasjonen i ny fane eller vindu >>Using Safety Contracts to Verify Design Assumptions During Runtime
2018 (engelsk)Inngår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Volume 10873, 2018, s. 3-18Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

A safety case comprises evidence and argument justifying how each item of evidence supports claims about safety assurance. Supporting claims by untrustworthy or inappropriate evidence can lead to a false assurance regarding the safe performance of a system. Having sufficient confidence in safety evidence is essential to avoid any unanticipated surprise during operational phase. Sometimes, however, it is impractical to wait for high quality evidence from a system’s operational life, where developers have no choice but to rely on evidence with some uncertainty (e.g., using a generic failure rate measure from a handbook to support a claim about the reliability of a component). Runtime monitoring can reveal insightful information, which can help to verify whether the preliminary confidence was over- or underestimated. In this paper, we propose a technique which uses runtime monitoring in a novel way to detect the divergence between the failure rates (which were used in the safety analyses) and the observed failure rates in the operational life. The technique utilises safety contracts to provide prescriptive data for what should be monitored, and what parts of the safety argument should be revisited to maintain system safety when a divergence is detected. We demonstrate the technique in the context of Automated Guided Vehicles (AGVs).

Serie
Lecture Notes in Computer Science, ISSN 0302-9743 ; 10873
HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-38957 (URN)10.1007/978-3-319-92432-8_1 (DOI)000465823000001 ()2-s2.0-85049008966 (Scopus ID)9783319924311 (ISBN)
Konferanse
23rd International Conference on Reliable Software Technologies, Ada-Europe 2018, 18-22 June 2018, Lisbon, Portugal
Prosjekter
SafeCOP - Safe Cooperating Cyber-Physical Systems using Wireless Communication
Forskningsfinansiär
EU, Horizon 2020, 692529 Vinnova
Tilgjengelig fra: 2018-05-15 Laget: 2018-05-15 Sist oppdatert: 2019-05-16bibliografisk kontrollert
3. Using Sensitivity Analysis to Facilitate The Maintenance of Safety Cases
Åpne denne publikasjonen i ny fane eller vindu >>Using Sensitivity Analysis to Facilitate The Maintenance of Safety Cases
2015 (engelsk)Inngår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) / [ed] Juan Antonio de la Puente, Tullio Vardanega, 2015, Vol. 9111, s. 162-176Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

A safety case contains safety arguments together with supporting evidence that together should demonstrate that a system is acceptably safe. System changes pose a challenge to the soundness and cogency of the safety case argument. Maintaining safety arguments is a painstaking process because it requires performing a change impact analysis through interdependent elements. Changes are often performed years after the deployment of a system making it harder for safety case developers to know which parts of the argument are affected. Contracts have been proposed as a means for helping to manage changes. There has been significant work that discusses how to represent and to use them but there has been little on how to derive them. In this paper, we propose a sensitivity analysis approach to derive contracts from Fault Tree Analyses and use them to trace changes in the safety argument, thus facilitating easier maintenance of the safety argument. 

Serie
Lecture Notes in Computer Science, ISSN 0302-9743
HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-29130 (URN)10.1007/978-3-319-19584-1_11 (DOI)2-s2.0-84947983647 (Scopus ID)978-3-319-19583-4 (ISBN)
Konferanse
20th Ada-Europe International Conference on Reliable Software Technologies, Madrid Spain, June 22-26, 2015.
Tilgjengelig fra: 2015-09-25 Laget: 2015-09-25 Sist oppdatert: 2018-11-02bibliografisk kontrollert
4. Deriving Hierarchical Safety Contracts
Åpne denne publikasjonen i ny fane eller vindu >>Deriving Hierarchical Safety Contracts
2015 (engelsk)Inngår i: Proceedings: 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015, 2015, Vol. jan, s. 119-128Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Safety cases need significant amount of time and effort to produce. The required amount of time and effort can be dramatically increased due to system changes as safety cases should be maintained before they can be submitted for certification or re-certification. Anticipating potential changes is useful since it reveals traceable consequences that will eventually reduce the maintenance efforts. However, considering a complete list of anticipated changes is difficult. What can be easier though is to determine the flexibility of system components to changes. Using sensitivity analysis is useful to measure the flexibility of the different system properties to changes. Furthermore, contracts have been proposed as a means for facilitating the change management process due to their ability to record the dependencies among system’s components. In this paper, we extend a technique that uses a sensitivity analysis to derive safety contracts from Fault Tree Analyses (FTA) and uses these contracts to trace changes in the safety argument. The extension aims to enabling the derivation of hierarchical and correlated safety contracts.We motivate the extension through an illustrative example within which we identify limitations of the technique and discuss potential solutions to these limitations. 

HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-29131 (URN)10.1109/PRDC.2015.21 (DOI)000380403300013 ()2-s2.0-84964371811 (Scopus ID)9781467393768 (ISBN)
Konferanse
21st IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2015; Zhangjiajie; China; 18 November 2015 through 20 November 2015; Category numberE5673; Code 118981
Tilgjengelig fra: 2015-09-25 Laget: 2015-09-25 Sist oppdatert: 2019-06-26bibliografisk kontrollert
5. Using Safety Contracts to Guide the Maintenance of Systems and Safety Cases
Åpne denne publikasjonen i ny fane eller vindu >>Using Safety Contracts to Guide the Maintenance of Systems and Safety Cases
2017 (engelsk)Inngår i: European Dependable Computing Conference EDCC'17, 2017, s. 95-102Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Changes to safety-critical systems are inevitable and can impact the safety confidence about a system as their effects can refute articulated claims about safety or challenge the supporting evidence on which this confidence relies. In order to maintain the safety confidence under changes, system developers need to re-analyse and re-verify the system to generate new valid items of evidence. Identifying the effects of a particular change is a crucial step in any change management process as it enables system developers to estimate the required maintenance effort and reduce the cost by avoiding wider analyses and verification than strictly necessary. This paper presents a sensitivity analysis-based technique which aims at measuring the ability of a system to contain a change (i.e., robustness) without the need to make a major re-design. The proposed technique exploits the safety margins in the budgeted failure probabilities of events in a probabilistic fault-tree analysis to compensate for unaccounted deficits or changes due to maintenance. The technique utilises safety contracts to provide prescriptive data for what is needed to be revisited and verified to maintain system safety when changes happen. We demonstrate the technique on an aircraft wheel braking system.

HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-37017 (URN)10.1109/EDCC.2017.20 (DOI)000419858700017 ()2-s2.0-85041210865 (Scopus ID)978-1-5386-0602-5 (ISBN)
Konferanse
European Dependable Computing Conference EDCC'17, 04 Sep 2017, Geneva, Switzerland
Prosjekter
SYNOPSIS - Safety Analysis for Predictable Software Intensive SystemsFuture factories in the CloudSafeCOP - Safe Cooperating Cyber-Physical Systems using Wireless Communication
Forskningsfinansiär
EU, Horizon 2020, 692529 Vinnova
Tilgjengelig fra: 2017-11-27 Laget: 2017-11-27 Sist oppdatert: 2019-04-18bibliografisk kontrollert

Open Access i DiVA

fulltext(1635 kB)67 nedlastinger
Filinformasjon
Fil FULLTEXT03.pdfFilstørrelse 1635 kBChecksum SHA-512
65574975c37a2d9429dbda9e6750d098f53e6d11ebce0ea4e10d755eeb252202623648b26e73364c2d5266be46903d3d324d1234f6f437b8282a8bd3d890a740
Type fulltextMimetype application/pdf

Personposter BETA

Jaradat, Omar

Søk i DiVA

Av forfatter/redaktør
Jaradat, Omar
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 67 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

isbn
urn-nbn

Altmetric

isbn
urn-nbn
Totalt: 205 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf