Abstract
Safety cases have become popular, even mandated, in a number of jurisdictions that develop products that have to be safe. Prior to their use in software certification, safety cases were already in use in domains like aviation, military applications, and the nuclear industry. Argument based methodologies/approaches have recently become the cornerstone for structuring justification and evidence to support safety claims. We believe that the safety case methodology is useful for the software certification domain, but needs to be tailored, more clearly defined, and more appropriately structured in analogy with regulatory regimes in classical engineering disciplines. This paper presents a number of reasons as to why current approaches to safety cases do not satisfy essential attributes for an effective software certification process and proposes improvements based on lessons learned from other engineering disciplines. In particular, the safety case approach lacks the highly prescriptive and domain specific nature that can be seen in other engineering specialities, in terms of engineering and analysis methods to be applied in generating the relevant evidence. Safety case approaches and corresponding methods should aim to achieve the levels of precision and effectiveness of engineering methods underpinning regulatory regimes in other engineering disciplines.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kornecki, A., Zalewski, J.: Certification of software for real-time safety-critical systems: state of the art. Innovations in Systems and Software Engineering 5, 149–161 (2009), http://dx.doi.org/10.1007/s11334-009-0088-1 , doi:10.1007/s11334-009-0088-1
CBC Staff: Infusion pumps recalled in U.S. but not Canada. CBC News Online (May 2010), http://www.cbc.ca/news/health/story/2010/05/04/con-baxter-pump.html
Poulson, K.: Known software bug disrupts brain-tumor zapping. Wired (October 2009), http://www.wired.com/threatlevel/2009/10/gamma
Bogdanich, W.: Radiation offers new cures, and ways to do harm. The New York Times Online (January 2010), http://www.nytimes.com/2010/01/24/health/24radiation.html
Bogdanich, W., Rebelo, K.: A pinpoint beam strays invisibly, harming instead of healing. The New York Times Online (December 2010), http://www.nytimes.com/2010/12/29/health/29radiation.html
Software Certification Consortium: Software Certification Consortium Charter (Draft) (2010)
Jackson, D., Bloch, J., Dewalt, M., Gardner, R., Lee, P., Lipner, S.B., Perrow, C., Pincus, J., Rushby, J., Sha, L., Thomas, M., Wallsten, S., Woods, D.: Software for Dependable Systems: Sufficient Evidence? National Academies Press, Washington (2007)
Bishop, P., Bloomfield, R.: A methodology for safety case development. In: Redmill, F., Anderson, T. (eds.) Industrial Perspectives of Safety-critical Systems: Proceedings of the Sixth Safety-critical Systems Symposium, Birmingham, UK, pp. 194–203. Springer, Heidelberg (1998)
Rushby, J.: A safety-case approach for certifying adaptive systems. In: Proceedings of AIAA Infotech@Aerospace, Seattle, WA, American Institute of Aeronautics and Astronautics (April 2009)
Panesar-Walawege, R., Sabetzadeh, M., Briand, L., Coq, T.: Characterizing the chain of evidence for software safety cases: A conceptual model based on the IEC 61508 standard. In: 2010 Third International Conference on Software Testing, Verification and Validation, pp. 335–344. IEEE, Los Alamitos (2010)
Fong, E., Kass, M., Rhodes, T., Boland, F.: Structured assurance case methodology for assessing software trustworthiness. In: 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement Companion (SSIRI-C), pp. 32–33. IEEE, Los Alamitos (2010)
Graydon, P.J., Knight, J.C., Strunk, E.A.: Assurance based development of critical systems. In: DSN 2007: Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 347–357. IEEE Computer Society, Washington, DC, USA (2007)
Bloomfield, R., Bishop, P.: Safety and assurance cases: Past, present and possible future - an adelard perspective. In: Dale, C., Anderson, T. (eds.) Making Systems Safer, Proceedings of the Eighteenth Safety-Critical Systems Symposium, Bristol, UK, pp. 51–67 (February 2010)
FDA Staff: Guidance for Industry and FDA Staff Total Product Life Cycle: Infusion Pump - Premarket Notification [510(k)] Submissions DRAFT GUIDANCE. U.S. Department Of Health and Human Services: Food and Drug Administration, Center for Devices and Radiological Health (April 2010)
Parnas, D.L.: Software engineering programs are not computer science programs. IEEE Software 16(6), 19–30 (1999)
Canadian Portland Cement Association Ottawa, Ontario, Canada: CSA CAN3 A23.3 M94 Concrete Design Handbook (1994)
IEC 61508: Functional safety of electrical/electronic/programmable electronic (E/E/EP) safety-related systems: Parts 3 and 7, International Electrotechnical Commission (IEC) (2010)
Vincenti, W.G.: What Engineers Know and How They Know It: Analytical Studies from Aeronautical History. The Johns Hopkins University Press, Baltimore (1993)
High, K.M., Kelly, T.P., Mcdermid, J.A.: Safety case construction and reuse using patterns. In: 16th International Conference on Computer Safety and Reliability (SAFECOMP 1997), pp. 55–69. Springer, Heidelberg (1997)
Parsons, T.: What is an argument? The Journal of Philosophy 93(4), 164–185 (1996)
Common Criteria for Information Technology Security Evaluation: Part 1: Introduction and general model. CSE, SCSSI, BSI, NLNCSA, CESG, NIST, NSA, Version 3.1 Revision 3 (July 2009)
Common Criteria for Information Technology Security Evaluation: Evaluation methodology, Version 3.1, Revision 3 (July 2009)
Parnas, D.L., Asmis, G.J.K., Madey, J.: Assessment of safety-critical software in nuclear power plants. Nuclear Safety 32(2), 189–198 (1991)
Archinoff, G.H., Hohendorf, R.J., Wassyng, A., Quigley, B., Borsch, M.R.: Verification of the shutdown system software at the Darlington nuclear generating station. In: International Conference on Control and Instrumentation in Nuclear Installations, Glasgow, UK, The Institution of Nuclear Engineers (May 1990)
Wassyng, A., Lawford, M.: Lessons learned from a successful implementation of formal methods in an industrial project. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 133–153. Springer, Heidelberg (2003)
Joannou, P., et al.: Standard for Software Engineering of Safety Critical Software. CANDU Computer Systems Engineering Centre of Excellence Standard CE-1001-STD Rev. 1 (January 1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wassyng, A., Maibaum, T., Lawford, M., Bherer, H. (2011). Software Certification: Is There a Case against Safety Cases?. In: Calinescu, R., Jackson, E. (eds) Foundations of Computer Software. Modeling, Development, and Verification of Adaptive Systems. Monterey Workshop 2010. Lecture Notes in Computer Science, vol 6662. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21292-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-21292-5_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21291-8
Online ISBN: 978-3-642-21292-5
eBook Packages: Computer ScienceComputer Science (R0)