A Comparative Analysis of Argumentation Languages in the Context of Safety Case Development

Govardhan Rao, Sirisha Bai

January 2019

The safety case creation has become an explicit requirement in most of the safety-critical domains to ensure the safety of a system or an application. In the process of developing a safety case, the foremost requirement is choosing an efficient argumentation language which fulfills all the functionalities needed to develop a safety case.   In general, there are text-based argumentation notations and graphics-based argumentation notations to represent a safety case. In this paper we are comparing and analyzing the graphics-based argumentation notations like Goal Structuring Notation (GSN), Claims Arguments and Evidence (CAE), Structured Assurance Case Metamodel (SACM, the standardized modelling language to describe the safety case), NOR-STA Services (software platform which support graphics-based notations), Resolute (which is both language and tool that supports graphics-based notations) and Dynamic Safety Cases (special type of safety case which supports graphics-based notations such as GSN).   In this thesis, we compared the argumentation notations with respect to different aspects in the context of safety case development. We present our findings like the types of stakeholders gaining benefits from different types of notations, the list of domains where these types of notations are applicable. We also presented the major advantages and disadvantages of using different argumentation notations considering certain features like understandability, standardization, consistency, maintenance, traceability, and assessment in the context of safety case development.

safety case argumentation languages

safety case argumentation notations

documentation of safety cases

Engineering and Technology

Teknik och teknologier

Building a Safety Case in Compliance with ISO 26262 for Fuel LevelEstimation and Display System

Dardar, Raghad

January 2014

Nowadays, road vehicles, including trucks, are characterized by an increasedcomplexity due to a greater variety of software, and a greater number of sensorsand actuators. As a consequence, there is an increased risk in termsof software or hardware failures that could lead to unacceptable hazards.Thus safety, more precisely functional safety, is a crucial property that mustbe ensured to avoid or mitigate these potential unacceptable hazards. Inthe automotive domain, recently (November 2011), the ISO-26262 safetystandard has been introduced to provide appropriate requirements and processes.More specically, the standard denes the system development processthat must be carried out to achieve a system that can be consideredacceptably safe. To be released on the market, systems must be certied,proofs that the systems are acceptably safe must be provided in terms of astructured argument, known as safety case, which inter-relates evidence andclaims. Certication authorities are in charge of evaluating the validity ofsuch safety cases. In the automotive domain, certication and compliancewith the standard ISO-26262 is becoming mandatory. By now, trucks donot have to be compliant with the standard. However, it is likely that by2016 they will have to. Scania is one of the leading companies in trucksdevelopment. To be ready by 2016, Scania is interested in investigatingISO-26262 as well as safety case provision. Thus this thesis focuses on theprovision of a safety case in the context of ISO-26262 for Fuel Level Estimationand Display System (FLEDS), which is one of the safety-criticalsystems in Scania.1

ISO 26262

Safety case

Fuel Level Estimation and Display System

Analyse et justification de la sécurité de systèmes robotiques en interaction physique avec l’humain / Safety analysis and justification of human-robot interactions

Do Hoang, Quynh Anh

17 March 2015

Les systèmes s’adaptant à leur environnement et en interaction physique avec l’homme se développent de plus en plus dans des domaines comme le médical, l’assistance aux personnes ou le travail en usine. Ils diffèrent des systèmes classiques par leur capacité à s’adapter à l’environnement et à prendre des décisions en tenant compte de leur perception de l’environnement et notamment de l’homme. La défaillance de tels systèmes pouvant avoir des conséquences catastrophiques sur l’homme, l’analyse et la démonstration du niveau de confiance que l’ont peut leur accorder vis-à-vis de la sécurité-innocuité, et a fortiori leur certification, constituent aujourd’hui un vrai défi. La construction d’argumentaire de sécurité (ou dossier de sécurité, ou safety case), est un des moyens permettant de préparer la certification de tels systèmes. Il s’agit principalement de justifier pour chaque danger comment il a été traité et ramené à un niveau acceptable. Malheureusement, dans le cas des systèmes robotiques, de nombreuses incertitudes subsistent, et il n’existe pas à l’heure actuelle de méthode systématique permettant la construction de tels dossiers de sécurité et la démonstration du niveau de confiance sous-jacent. L’objectif des travaux est de contribuer à la définition d’une telle méthode en partant d’une technique d’analyse du risque dédiée à l’analyse des interactions humain-robot, puis en s’appuyant sur des modèles formalisés de construire l’argumentaire de sécurité et d’évaluer automatiquement le niveau de confiance dans cet argumentaire. / Robotic systems that continuously adapt to their environment and physically interact with human are increasingly used in various fields like personal assistance or factory work. They are characterised by their ability to adapt to the environment, to take decision in the light of their perception of the environment and particularly of the human. As the failure of such systems may lead to catastrophic consequences, analysis and justification of the level of confidence in these systems with regards to safety, and furthermore their certification is a real challenge. The construction of a Safety Case is one of the means that can be used to support the certification of such systems. It is aimed at describing and justifying how every hazard has been mitigated and its severity maintained as low as reasonably possible. However, for robotic systems that have to deal with many uncertainties, there is a lack of a systematic approach to support the construction of their Safety Case and the assessment of its underlying confidence. Our research aims at contributing to the development of such a systematic approach starting with a risk analysis focusing on human-robot interactions, followed by Safety Case construction from formalized models and finally an automatic assessment of the confidence in safety argumentation. As a case study, the safety of a rehabilitation robot for strolling is analysed and justified based on the approaches developed in this thesis.

Sécurité des robots

Analyse du risque

Uml

Argumentaire de sécurité

Confiance

Robotique de service

Robot safety

Risk analysis

Safety case

Confidence

Rehabilitation robot

A Systematic Approach to Hazard and Operability Study (HAZOP)

Aoanan, Paul

January 2021

A system safety assurance case aims to demonstrate that a system is reasonably safe within the parameters defined according to its intended use. A system safety assurance case involves the definition of a Safety Engineering Process and its execution for the particular system. An essential element in the Safety Engineering Process is hazard analysis. An often used version of hazard analysis is HAZOP. HAZOP identifies hazards and hazardous events in the system's design. Traditionally, HAZOP is performed based on the expertise of a multi-disciplinary team. This team uses a heuristic based approach that results in documented output that often does not include adequate traceability as to how the output results were obtained. This thesis proposes a systematic approach to HAZOP that was developed after performing detailed analysis on how traditional HAZOP is performed in industry. It aims to produce documented output in which the output results are traceable to interim steps in the process. We call this systematic approach HAZOP+, because it was designed to provide sufficient detail so that it can form the basis of a HAZOP metamodel created in Workflow+ - a relatively new model driven methodology for developing assurance cases. Workflow+ has well-defined semantics, and so we refer to HAZOP+ as formalizable. HAZOP+ has a number of benefits over traditional HAZOP, and these benefits are demonstrated by comparing a traditional application of HAZOP with the application of HAZOP+, both applied to a typical Lane Keeping Assist feature. A long term objective of system safety assurance is to be able to perform incremental safety assurance, for example, by updating the system safety assurance case after a modification to the system or its environment. Since the safety assurance case for a system depends on elements of the Safety Engineering Process, as well as the outputs of that process, the ability to perform an incremental hazard analysis after a modification to the system or environment can be a real benefit. This thesis further describes how HAZOP+ can be enhanced/extended to HAZOPdelta - an incremental version of HAZOP+. / Thesis / Master of Applied Science (MASc)

HAZOP

Assurance Case

Safety Case

Incremental Safety Assurance

Safety Assurance Case

Hazard and Operability Study

Safety Engineering Process

SEP

Workflow

Workflow+

Creating An Editor For The Implementation of WorkFlow+: A Framework for Developing Assurance Cases

Chiang, Thomas

January 2021

As vehicles become more complex, the work required to ensure that they are safe increases enormously. This in turn results in a much more complicated task of testing systems, subsystems, and components to ensure that they are safe individually as well as when they are integrated. As a result, managing the safety engineering process for vehicle development is of major interest to all automotive manufacturers. The goal of this research is to introduce a tool that provides support for a new framework for modeling safety processes, which can partially address some of these challenges. WorkFlow+ is a framework that was developed to combine both data flow and process flow to increase traceability, enable users to model with the desired granularity safety engineering workflow for their products, and produce assurance cases for regulators and evaluators to be able to validate that the product is safe for the users and the public. With the development of an editor, it will bring WorkFlow+ to life. / Thesis / Master of Applied Science (MASc)

Assurance Case

Safety Engineering

Model-Driven Engineering

Domain Specific Language

ISO 26262

Workflow+

Sirius

Eclipse Modeling Framework

Ecore

Safety Case

Confidence in safety argument - An assessment framework based on belief function theory / Confiance dans un argumentaire de sécurité - un cadre d'évaluation basé sur la théorie des fonctions de croyance

Wang, Rui

02 May 2018

Les arguments de sécurité sont couramment utilisés pour montrer que des efforts suffisants ont été faits pour atteindre les objectifs de sécurité. Ainsi, la sécurité du système est souvent justifiée par l'évaluation des arguments de sécurité. L'évaluation de tels arguments repose généralement sur l’avis d’experts sans s’appuyer sur des outils ou des méthodes dédiés. Ceci pose des questions sur la validité des résultats. Dans cette thèse, une approche quantitative est proposée, basé sur la théorie de Dempster-Shafer (théorie D-S) pour évaluer notre confiance dans les arguments de sécurité. Cette approche gère le problème à travers les aspects suivants: 1) Définition formelle de la confiance dans les arguments basée sur la théorie D-S; 2) Développement de règles d'agrégation des paramètres de confiance; 3) Proposition d'un cadre d'évaluation quantitatif des arguments de sécurité. Une application dans le domaine ferroviaire conduit à l'estimation des paramètres du cadre par une enquête auprès d'experts en sécurité. / Safety arguments, also called Safety Cases, are commonly used to present that adequate efforts have been made to achieve the safety goals. Thus, the system safety is often justified through assessing the safety arguments. The assessment of such arguments is usually implemented by experts without any dedicated tool or method. This leads to a questionable validity of the results. In this thesis, a quantitative framework is proposed based on Dempster-Shafer theory (D-S theory) to assess our confidence in Safety Cases. This framework manages the issue in following aspects: 1) Formal definition of confidence in arguments based on D-S theory; 2) Development of confidence aggregation rules; 3) Proposition of a quantitative assessment framework of safety arguments. An application in railway domain realises the parameter estimation of the framework by a survey with safety experts.

Argumentaire de sécurité

Théorie des fonctions de croyance

Évaluation de la confidence

Système critique

Sûreté de fonctionnement

Safety case

Belief function theory

Confidence assessment

Safety critical systems

Safety assurance

004

A study of corporate crime control on the supply of unsafe toys and children's products in Hong Kong

Wong, Kwai-shim., 黃桂嬋.

January 1996

published_or_final_version / Criminology / Master / Master of Social Sciences

Commercial crimes - China - Hong Kong.

Commercial crimes.

Toy industry - Quality control.

Product safety - Case studies.

Investigation of an OSLC-domain targeting ISO 26262 : Focus on the left side of the Software V-model

Castellanos Ardila, Julieth Patricia

January 2016

Industries have adopted a standardized set of practices for developing their products. In the automotive domain, the provision of safety-compliant systems is guided by ISO 26262, a standard that specifies a set of requirements and recommendations for developing automotive safety-critical systems. For being in compliance with ISO 26262, the safety lifecycle proposed by the standard must be included in the development process of a vehicle. Besides, a safety case that shows that the system is acceptably safe has to be provided. The provision of a safety case implies the execution of a precise documentation process. This process makes sure that the work products are available and traceable. Further, the documentation management is defined in the standard as a mandatory activity and guidelines are proposed/imposed for its elaboration. It would be appropriate to point out that a well-documented safety lifecycle will provide the necessary inputs for the generation of an ISO 26262-compliant safety case. The OSLC (Open Services for Lifecycle Collaboration) standard and the maturing stack of semantic web technologies represent a promising integration platform for enabling semantic interoperability between the tools involved in the safety lifecycle. Tools for requirements, architecture, development management, among others, are expected to interact and shared data with the help of domains specifications created in OSLC.This thesis proposes the creation of an OSLC tool-chain infrastructure for sharing safety-related information, where fragments of safety information can be generated. The steps carried out during the elaboration of this master thesis consist in the identification, representation, and shaping of the RDF resources needed for the creation of a safety case. The focus of the thesis is limited to a tiny portion of the ISO 26262 left-hand side of the V-model, more exactly part 6 clause 8 of the standard:  Software unit design and implementation. Regardless of the use of a restricted portion of the standard during the execution of this thesis, the findings can be extended to other parts, and the conclusions can be generalize.This master thesis is considered one of the first steps towards the provision of an OSLC-based and ISO 26262-compliant methodological approach for representing and shaping the work products resulting from the execution of the safety lifecycle, documentation required in the conformation of an ISO-compliant safety case. / Espresso 2 / Gen&ReuseSafetyCases

ISO 26262

Documentation Management

Safety case

RDF constraint languages

Resource Shape (ReSh)

Shape Expressions (ShEx)

Shape Constraint Language (SHACL)

Software Engineering

Programvaruteknik