Alejandra Ruiz

Towards a case-based reasoning approach for safety assurance reuse

The increasing complexity and size of electronic systems in the aerospace industry, combined with the growing market demand, requires the industry to implement an efficient safety assurance strategy. Reuse of safety argumentation and evidence for certification is one of the potential means for achieving such a strategy. Typically, major problems arise when the evolution of complex avionics entails the reconstruction of the entire body of safety justification, often resulting in expensive and time-consuming assurance and certification processes. This paper investigates the use of Case-Based Reasoning (CBR) as a strategy for representing, retrieving and reusing previously assured safety cases. This is supported by the existence of patterns of safety cases, which determine a unified knowledge representation scheme for retrieving further safety cases. We illustrate the approach with the development of modular argumentation for an Integrated Modular Avionics (IMA) platform.

Challenges for an Open and Evolutionary Approach to Safety Assurance and Certification of Safety-Critical Systems

Safety assurance and certification are amongst the most expensive and time-consuming tasks in the development of safety-critical embedded systems. The increasing complexity and size of this kind of systems combined with the growing market demand requires the industry to implement a coherent reuse strategy. A major problem arises as typically a safety-critical product and accompanying safety evidence is monolithic, based on the whole product, and evolutions to the product become costly and time consuming because they entail regenerating the entire evidence-set. Another key difficulty appears when trying to reuse products from one application domain in another, because they are constrained by different standards and the full safety assurance certification process is applied as for a new product, thus reducing the return on investment of such reuse decision. This paper describes the current state on safety assurance and certification of embedded systems in the avionics, railway and automotive domains and then proposes some future directions for work in the area. In particular, we describe the need for a common certification framework that spans these different markets to improve mutual recognition agreement of safety approvals. We then discuss the need for new strategies focused on a compositional and evolutionary certification approach with the capability to reuse safety arguments, safety evidence, and context information about system components, in a way that makes certification more cost-effective, precise, and scalable.

Multidirectional Modular Conditional Safety Certificates

Over the last 20 years, embedded systems have evolved from closed, rather static single-application systems towards open, flexible, multi-application systems of systems. While this is a blessing from an application perspective, it certainly is a curse from a safety engineering perspective as it invalidates the base assumptions of established engineering methodologies. Due to the combinatorial complexity and the amount of uncertainty encountered in the analysis of such systems, we believe that more potent modular safety approaches coupled with adequate runtime checks are required. In this paper, we investigate the possibility of an integrated contract-based approach covering vertical dependencies (between platform and application) and horizontal dependencies (between applications) in order to efficiently assure the safety of the whole system of systems through modularization. We integrate both concepts using state-of-the-art research and showcase the application of the integrated approach based on a small industrial case study.

Reuse of safety certification artefacts across standards and domains: A systematic approach

Reuse of systems and subsystem is a common practice in safety-critical systems engineering. Reuse can improve system development and assurance, and there are recommendations on reuse for some domains. Cross-domain reuse, in which a previously certified product typically needs to be assessed against different safety standards, has however received little attention. No guidance exists for this reuse scenario despite its relevance in industry, thus practitioners need new means to tackle it. This paper aims to fill this gap by presenting a systematic approach for reuse of safety certification artefacts across standards and domains. The approach is based on the analysis of the similarities and on the specification of maps between standards. These maps are used to determine the safety certification artefacts that can be reused from one domain to another and reuse consequences. The approach has been validated with practitioners in a case study on the reuse of an execution platform from railway to avionics. The results show that the approach can be effectively applied and that it can reduce the cost of safety certification across standards and domains. Therefore, the approach is a promising way of making cross-domain reuse more cost-effective in industry.

Systematic application of ISO 26262 on a SEooC: Support by applying a systematic reuse approach

The automotive domain is undergoing significant transformation. The fully electric vehicle is playing a role in updating the electronic systems on the car. Systems such as electric parking are emerging. The entrance of ISO 26262 [1] functional safety standard has impacted automotive design and assurance practice. ISO 26262 includes the concept of a Safety Element out of Context (SEooC). However, it lacks a systematic process regarding the implementation of the SEooC concept. In this paper we present our experience of the application of the SEooC concept from ISO 26262 to an electric parking system. We describe a systematic approach that takes into account the needs for a safe reuse of system elements into the whole vehicle context.

Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems

Unlike practices in electrical and mechanical equipment engineering, Cyber-Physical Systems (CPS) do not have a set of standardized and harmonized practices for assurance and certification that ensures safe, secure and reliable operation with typical software and hardware architectures. This paper presents a recent initiative called AMASS (Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems) to promote harmonization, reuse and automation of labour-intensive certification-oriented activities via using model-based approaches and incremental techniques. AMASS will develop an integrated and holistic approach, a supporting tool ecosystem and a self-sustainable community for assurance and certification of CPS. The approach will be driven by architectural decisions (fully compatible with standards, e.g. AUTOSAR and IMA), including multiple assurance concerns such as safety, security and reliability. AMASS will support seamless interoperability between assurance/certification and engineering activities along with third-party activities (external assessments, supplier assurance). The ultimate aim is to lower certification costs in face of rapidly changing product features and market needs.

A Tool Suite for Assurance Cases and Evidences: Avionics Experiences

This paper describes a specification and an implementation of a flexible tool platform for assurance and certification of safety-critical systems. This tool platform is built upon a comprehensive conceptual assurance and certification framework. This conceptual framework is composed of a common information model called CCL (Common Certification Language) and a compositional assurance approach. Our tool platform allows an easy integration with existing solutions supporting interoperability with existing development and assurance tools. The ultimate goal of our platform is to provide an integrated approach for managing assurance cases and evidences resulting from a safety project.

An Industrial Experience in Cross Domain Assurance Projects

Companies related to safety critical systems developments invest efforts and resources to assure that their systems are safe enough. Traditionally reuse strategies have been proposed to reduce these efforts in several domains which criticality is not a key aspect. However reusing software artefacts across different domains establishes new challenges especially between safety critical systems. In fact we need to take into account different domain specific standards requirements at the same time. In this paper we present our experience on cross domain assurance involving a reuse of a software component developed for the railway domain, and to be used for the avionics domain.

Recent Advances towards the Industrial Application of Model-Driven Engineering for Assurance of Safety-Critical Systems

The research leading to this paper has received funding from the AMASS project (H2020-ECSEL no 692474; Spain’s MINECO ref. PCIN-2015-262).

Towards Risk Estimation in Automated Vehicles Using Fuzzy Logic

As vehicles get increasingly automated, they need to properly evaluate different situations and assess threats at run-time. In this scenario automated vehicles should be able to evaluate risks regarding a dynamic environment in order to take proper decisions and modulate their driving behavior accordingly. In order to avoid collisions, in this work we propose a risk estimator based on fuzzy logic which accounts for risk indicators regarding (1) the state of the driver, (2) the behavior of other vehicles and (3) the weather conditions. A scenario with two vehicles in a car-following situation was analyzed, where the main concern is to avoid rear-end collisions. The goal of the presented approach is to effectively estimate critical states and properly assess risk, based on the indicators chosen.