Assurance Case Patterns On-line Catalogue

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 582)

Abstract

Assurance case is an evidence-based argument demonstrating that a given property of a system (e.g. safety, security) is assured. Assurance cases are developed for high integrity systems, as in many industry domains such argument is explicitly required by regulations. Despite the fact that each assurance case is unique, several reusable argument patterns have been identified and published. This paper reports work on development of an on-line assurance case patterns catalogue available in NOR-STA web-based software tool. This work included an extensive literature search, critical evaluation of available patterns and selection of most relevant ones, finally translation of selected patterns to their target representation. The paper also describes a validation case study in which an assurance case for medical devices was reviewed and restructured by introducing patterns. The resulting catalogue was published and its 45 patterns can be directly used in assurance cases built using NOR-STA tool.

Keywords

Assurance case Safety case Pattern Catalogue 

References

  1. 1.
    Kissel, R.: Glossary of key information security terms. Revision 2, NIST IR 7298. National Institute of Standards and Technology (2013)Google Scholar
  2. 2.
    International Organization for Standardization (ISO): ISO/DIS 26262: Road Vehicles - Functional Safety (2011)Google Scholar
  3. 3.
    CENELEC: EN 50126. Railway Applications: The Specification and Demonstration of Reliability, Availability, Maintainability and Safety (RAMS) (1999)Google Scholar
  4. 4.
    FDA: Infusion Pumps Total Product Life Cycle, Guidance for Industry and FDA staff (2014)Google Scholar
  5. 5.
    Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading (1995)Google Scholar
  6. 6.
    Kelly, T.: Arguing safety – a systematic approach to safety case management. Ph.D. thesis, Department of Computer Science, University of York (1998)Google Scholar
  7. 7.
    Maguire, R.: Safety Cases and Safety Reports: Meaning, Motivation and Management. Ashgate Publishing Ltd, Aldershot (2006)Google Scholar
  8. 8.
    Despotou, G., Kelly, T.: Extending the safety case concept to address dependability. In: Proceedings of 22nd International System Safety Conference, pp. 645–654 (2004)Google Scholar
  9. 9.
    International Organization for Standardization (ISO): 15026-2:2011: Systems and Software Engineering – Systems and Software Assurance – Part 2: Assurance Case (2011)Google Scholar
  10. 10.
    Object Management Group: Structured Assurance Case Metamodel ver. 1.1 (2015)Google Scholar
  11. 11.
    Adelard: Claims, Arguments and Evidence (CAE). http://www.adelard.com/asce/choosing-asce/cae.html
  12. 12.
    GSN Community Standard Working Group: GSN community standard version 1 (2011). http://www.goalstructuringnotation.info/
  13. 13.
  14. 14.
    Górski, J., Jarzębowicz, A., Leszczyna, R., Miler, J., Olszewski, M.: An approach to trust case development. In: Proceedings of the 22nd International Conference on Computer Safety, Reliability and Security (SAFECOMP 2003). LNCS, vol. 2788, pp. 193–206 (2003)Google Scholar
  15. 15.
    Kelly, T., McDermid, J.: Safety case construction and reuse using patterns. In: Proceedings of SAFECOMP 1997, pp. 55–69 (1997)Google Scholar
  16. 16.
    Hawkins, R., Clegg, K., Alexander, R., Kelly, T.: Using a software safety argument pattern catalogue - two case studies. In: Proceedings of the 30th International Conference on Computer Safety, Reliability and Security (SAFECOMP 2011). LNCS, vol. 6894, pp. 185–198 (2011)Google Scholar
  17. 17.
    Khalil, M., Schätz, B., Voss, S.: A Pattern-based approach towards modular safety analysis and argumentation. In: Proceedings of ERTS 2014, Toulouse, France. LNCS, vol. 8822, pp. 137–151 (2014)Google Scholar
  18. 18.
    Hauge, A., Stølen, K.: A pattern-based method for safe control systems exemplified within nuclear power production. In: Proceedings of the 31st International Conference on Computer Safety, Reliability and Security (SAFECOMP 2012). LNCS, vol. 7612, pp. 13–24 (2012)Google Scholar
  19. 19.
    Ye, F.: Justifying the use of COTS components within safety critical applications. Ph.D. thesis, Department of Computer Science, University of York (2005)Google Scholar
  20. 20.
    Ayoub, A., Kim, B., Lee, I., Sokolsky, O.: A safety case pattern for model-based development approach. In: Proceedings of the 4th NASA Formal Methods Symposium (NFM 2012). LNCS, vol. 7226, pp. 141–146 (2012)Google Scholar
  21. 21.
    Denney, E., Pai, G.: Safety case patterns: theory and applications. NASA/TM–2015–218492 Technical report (2015)Google Scholar
  22. 22.
    Alexander, R., Kelly, T., Kurd, Z., McDermid, J.: Safety cases for advanced control software: safety case patterns. Technical report, University of York (2007)Google Scholar
  23. 23.
    Yamamoto, S., Matsuno, Y.: An evaluation of argument patterns to reduce pitfalls of applying assurance case. In: Proceedings of 1st International Workshop on Assurance Cases for Software-Intensive Systems (ASSURE 2013), pp. 12–17 (2013)Google Scholar
  24. 24.
    Weaver, R.: The safety of software – constructing and assuring arguments. Ph.D. thesis, Department of Computer Science, University of York (2003)Google Scholar
  25. 25.
    Hawkins, R., Kelly, T.: A software safety argument pattern catalogue. Technical report, University of York (2013)Google Scholar
  26. 26.
    Weinstock, C., Lipson, H., Goodenough, J.: Arguing security - creating security assurance cases. US CERT BSI (Build Security In) report, Carnegie Mellon University (2007)Google Scholar
  27. 27.
    Assurance Case Patterns On-line Catalogue, Gdańsk University of Technology. http://www.nor-sta.eu/en/en/news/assurance_case_pattern_catalogue
  28. 28.
    Larson, B.R., Hatcliff, J., Chalin, P.: Open source patient-controlled analgesic pump requirements documentation. In: 5th International Workshop on Software Engineering in Health Care (SEHC), pp. 28–34 (2013)Google Scholar
  29. 29.
    Larson, B.R.: Open PCA Pump Assurance Case, Santos Research Group, Kansas State University (2014). http://openpcapump.santoslab.org/
  30. 30.
    Wardziński, A., Jarzębowicz, A.: Towards safety case integration with hazard analysis for medical devices. In: Proceedings of 4th International Workshop on Assurance Cases for Software-intensive Systems (ASSURE 2016). LNCS, vol. 9923, pp. 87–98 (2016)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.Ośrodek Badawczo-Rozwojowy Centrum Techniki Morskiej S.A.GdyniaPoland
  2. 2.Department of Software Engineering, Faculty of Electronics, Telecommunications and InformaticsGdańsk University of TechnologyGdańskPoland

Personalised recommendations