Industrial Avionics Working Group 18/04/07 The Relationship Between the Design and Safety Domains in IAWG Modular Certification Part 2: Completeness of.

Slides:

Advertisements

Similar presentations

Certifying Auto-generated Flight Code Ewen Denney Robust Software Engineering NASA Ames Research Center California, USA.

Advertisements

LIFE CYCLE MODELS FORMAL TRANSFORMATION

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 8 Slide 1 System modeling 2.

Testing Without Executing the Code Pavlina Koleva Junior QA Engineer WinCore Telerik QA Academy Telerik QA Academy.

Copyright © 2003 Software Quality Research Laboratory Software Production Essentials Seeing Past the Buzz Words.

Industrial Avionics Working Group 18/04/07 Modular Certification Basic Concepts.

Soft. Eng. II, Spr. 02Dr Driss Kettani, from I. Sommerville1 CSC-3325: Chapter 6 Title : The Software Quality Reading: I. Sommerville, Chap: 24.

Industrial Avionics Working Group 19/04/07 Modular Certification Developing Safety Case Modules.

© Martyn Thomas Associates Extreme Hubris Martyn Thomas me if you want evidence or references for any of the.

Copyright © 2006 Software Quality Research Laboratory DANSE Software Quality Assurance Tom Swain Software Quality Research Laboratory University of Tennessee.

Industrial Avionics Working Group 19/04/07 The Relationship Between the Design and Safety Domains in IAWG Modular Certification What are DGRs and How are.

Industrial Avionics Working Group 13/09/06 Incremental Certification Phil Williams – General Dynamics (UK) Ltd Representing the Industrial Avionics Working.

Major Exam II Reschedule 5:30 – 7:30 pm in Tue Dec 5 th.

Overview of Software Requirements

Industrial Avionics Working Group 19/04/07 Architecture Integration.

Industrial Avionics Working Group 18/04/07 Modular Certification Safety Case Contracts.

The Systems Assurance Group Dr Jaspal Sagoo Systems Assurance Group QinetiQ Trusted Information Management Malvern Technology Centre.

Industrial Avionics Working Group 18/04/07 The Relationship Between the Design and Safety Domains in IAWG Modular Certification DGR Generation.

Industrial Avionics Working Group 19/04/07 Block, OSL and MSL Safety Argument Modules.

MultiPARTES Towards Model-Driven Engineering for Mixed- Criticality Systems: MultiPARTES Approach A. Alonso, C. Jouvray, S. Trujillo, M.A. de Miguel, C.

Process: A Generic View

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Software Engineering Term Paper

Chapter 2 The process Process, Methods, and Tools

Assurance techniques for code generators Ewen Denney USRA/RIACS, NASA Ames Bernd Fischer ECS, U Southampton.

Software Systems Verification and Validation Laboratory Assignment 3 Integration, System, Regression, Acceptance Testing Assignment date: Lab 3 Delivery.

VTT-STUK assessment method for safety evaluation of safety-critical computer based systems - application in BE-SECBS project.

Assessing the SoP of MBE in the Embedded Systems Domain Xubo Miao MSc, School of Computing Supervisor: James R. Cordy.

T. Dawson, TASC 9/11/13 Use of a Technical Reference in NASA IV&V.

©Ian Sommerville 2000, Mejia-Alvarez 2009 Slide 1 Software Processes l Coherent sets of activities for specifying, designing, implementing and testing.

Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.

Is Proof More Cost-Effective Than Testing? Presented by Yin Shi.

This chapter is extracted from Sommerville’s slides. Text book chapter

Software Engineering Principles Principles form the basis of methods, techniques, methodologies and tools Principles form the basis of methods, techniques,

A language to describe software texture in abstract design models and implementation.

Software Testing and Quality Assurance Software Quality Assurance 1.

© Andrew IrelandDependable Systems Group On the Scalability of Proof Carrying Code for Software Certification Andrew Ireland School of Mathematical & Computer.

VDM++ Tutorial Model Quality. Overview Introduction Assessing internal consistency Assessing external consistency.

Refining middleware functions for verification purpose Jérôme Hugues Laurent Pautet Fabrice Kordon

Formal Methods in Software Engineering

Lach1MAPLD 2005/241 Accessible Formal Verification for Safety-Critical FPGA Design John Lach, Scott Bingham, Carl Elks, Travis Lenhart Charles L. Brown.

Open Platform for EvolutioNary Certification Of Safety-critical Systems Large-scale integrating project (IP) Nuanced Term-Matching to Assist in Compositional.

High Integrity Ada in a UML and C world Peter Amey, Neil White Presented by Liping Cai.

© Andrew IrelandDependable Systems Group Static Analysis and Program Proof Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt University.

ModelPedia Model Driven Engineering Graphical User Interfaces for Web 2.0 Sites Centro de Informática – CIn/UFPe ORCAS Group Eclipse GMF Fábio M. Pereira.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Formal Methods.

Requirements Validation

QinetiQ in confidence © Copyright QinetiQ November 2008 Challenges Colin O’Halloran Aerospace Consulting Practice.

Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 4 Slide 1 Software Processes.

Chapter 13 Finalizing Design Specifications

From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.

Industrial Avionics Working Group 18/04/07 Design for Safety IAWG Modular Certification.

From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.

Software Engineering Process - II 7.1 Unit 7: Quality Management Software Engineering Process - II.

The PLA Model: On the Combination of Product-Line Analyses 강태준.

Types for Programs and Proofs

Software Life Cycle “What happens in the ‘life’ of software”

Towards a Model-Driven Engineering Software Development Framework

CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet

QGen and TQL-1 Qualification

CodePeer Update Arnaud Charlet CodePeer Update Arnaud Charlet

QGen and TQL Qualification

Chapter 13 Quality Management

Department of Computer Science Abdul Wali Khan University Mardan

From Use Cases to Implementation

Activities of Formal Methods

Presentation transcript:

Industrial Avionics Working Group 18/04/07 The Relationship Between the Design and Safety Domains in IAWG Modular Certification Part 2: Completeness of DGRs

Industrial Avionics Working Group 18/04/07 DGR Completeness DGRs are initially established based on ‘engineering judgement’ of similar systems ‘Typical’ functionality and/or services provided by the design element Completeness in the initial set of guarantees is not a safety issue –If a guarantee is missing, the safety case cannot be composed and new additional guarantees will have to be identified Completeness of the set of dependencies for each guarantee IS key to the safety argument –If a dependency is missing, the system/software cannot fully assure delivery of the guarantee

Industrial Avionics Working Group 18/04/07 DGR Completeness Experience Parallel study – SIL 2 – used a combination of approaches –Manual analysis technique described earlier –Validation techniques used as evidence in the safety argument about completeness Argue that SPARK analysis would have identified any additional dependencies at code level Argue that system testing would have identified any un- documented requirement level dependencies

Industrial Avionics Working Group 18/04/07 DGR Completeness Additional Options Other techniques were considered, but may be modified to support such an argument: –SHARD analysis at the interfaces –Static Analysis tools, e.g. ‘Understand for Ada’ –Various testing methods, but typically too late in the programme –Non-functional properties analysis

Industrial Avionics Working Group 18/04/07 Standards View on Argument and Evidence From DEF STAN issue 3, types of argument: –Deductive, where the conclusion is implicit in the evidence used to support the argument. –Inductive, where the argument is firmly based on the evidence presented, but extrapolates beyond the available evidence. –Judgmental, where expert testimony, or appeal to custom and practice is necessary to support the conclusion. Level of confidence in the completeness of the set of dependencies will vary with assurance requirements

Industrial Avionics Working Group 18/04/07 Scale of Potential Techniques for Assuring Dependency Completeness Lower Integrity/ Assurance Higher Integrity/ Assurance Code Level Hazard Analysis Understand for Ada (Partially annotated) SPARK analysis + Understand for Ada Manual Requirements Analysis Increasing time/effortRisk of undeclared dependencies reduces (Fully annotated) SPARK analysis + Understand for Ada Formal Methods Non-functional dependencies via checklists/analysis SPARK: coverage is project-dependent, tool is high integrity Understand for Ada: full coverage, tool is low integrity

Industrial Avionics Working Group 18/04/07 Ongoing Work on DGRs Currently expressed in ‘natural language’ –Difficult to express them unambiguously –Work ongoing to develop a rigorous notation for expressing DGRs Currently a manual process to determine DGRs, using design information –Could be difficult for COTS components –Could be difficult to establish significant assurance for High Integrity systems –Work ongoing to look at automated ways of Validating DGRs for use in high integrity implementations Generating DGRs when only limited design information is available