scholarly journals SARSSi*: a Safety Requirements Specification Method based on STAMP/STPA and i* language

2019 ◽  
Author(s):  
Jéssyka Vilela ◽  
Carla Silva ◽  
Jaelson Castro ◽  
Luiz Eduardo G. Martins ◽  
Tony Gorschek
Keyword(s):  
Hazard Analysis ◽  
Requirements Specification ◽  
Critical Systems ◽  
Safety Requirements ◽  
Safety Critical ◽  
Analysis Techniques ◽  
Specification Method ◽  
Systematic Identification ◽  
Initial Results

Context: traditional hazard analysis techniques were not proposed to be used in the Requirements Engineering (RE) process. Objective: The aim of this work is to present and discuss a new method for early safety requirements specification called SARSSi* to be used at the beginning of the development of safety-critical systems. Method: this goal is achieved through the combination of two techniques: (1) STAMP/STPA; and (2) i* language. Results: this paper attempts to bridge the gap between two parallel trends in systematic safety approaches – the combination of requirements and safety engineering techniques. Our method consists of six steps and guidelines to perform a preliminary hazard analysis and facilitate the systematic identification of safety-critical functions and components. Conclusions: We demonstrate the utility of our method by applying it in a real industry case study. The initial results show preliminary suitability of our method and its contribution to improving the visualization of the information generated in the hazard analysis such as the hazards, their causes, environmental conditions, and safety requirements.

How Do I Assess Our Cyber Risk?

2021 ◽  
pp. 41-57
Author(s):  
Gregory Falco ◽  
Eric Rosenbach
Keyword(s):  
Communication Networks ◽  
Impact Analysis ◽  
Critical Systems ◽  
Safety Critical ◽  
Safety Critical Systems ◽  
Mission Critical ◽  
Delivery Networks ◽  
Cyber Risk ◽  
Digital Assets

The question “How do I assess our cyber risk?” addresses how to identify and characterize cyber risk unique to an organization’s critical systems, networks, and data. The chapter begins with a case study about a cyberattack on Ukraine’s electric grid. It details risk assessment for three types of critical systems: mission-critical systems, business-critical systems, and safety-critical systems. It explains the three types of networks critical to many organizations: business and administrative networks, operational and service delivery networks, and communication networks. In outlining the “CIA triad,” it shows how cyber risk can be characterized as a confidentiality, integrity, or availability issue relating to digital assets. Further, it describes how to assess the importance of different digital assets and how to prioritize them using a business impact analysis (BIA). The chapter concludes with real-world Embedded Endurance strategy lessons Rosenbach gained in Saudi Arabia in the wake of one of the world’s most destructive cyberattacks.

scholarly journals A methodology for model-based verification of safety contracts and performance requirements

2016 ◽  
Vol 232 (3) ◽  
pp. 227-247 ◽  
Author(s):  
Elena Gómez-Martínez ◽  
Ricardo J Rodríguez ◽  
Clara Benac-Earle ◽  
Leire Etxeberria ◽  
Miren Illarramendi
Keyword(s):  
Formal Methods ◽  
Language Model ◽  
Critical Systems ◽  
Object Constraint Language ◽  
Modelling Language ◽  
Industrial Case Study ◽  
Safety Requirements ◽  
Safety Critical ◽  
Unified Modelling Language ◽  
Constraint Language

The verification of safety requirements becomes crucial in critical systems where human lives depend on their correct functioning. Formal methods have often been advocated as necessary to ensure the reliability of software systems, albeit with a considerable effort. In any case, such an effort is cost-effective when verifying safety-critical systems. Often, safety requirements are expressed using safety contracts, in terms of assumptions and guarantees. To facilitate the adoption of formal methods in the safety-critical software industry, we propose a methodology based on well-known modelling languages such as the unified modelling language and object constraint language. The unified modelling language is used to model the software system while object constraint language is used to express the system safety contracts within the unified modelling language. In the proposed methodology a unified modelling language model enriched with object constraint language constraints is transformed to a Petri net model that enables us to formally verify such safety contracts. The methodology is evaluated on an industrial case study. The proposed approach allows an early safety verification to be performed, which increases the confidence of software engineers while designing the system.

Test based safety-critical software reliability estimation using Bayesian method and flow network structure

2019 ◽  
Vol 233 (5) ◽  
pp. 847-856
Author(s):  
Yaguang Yang
Keyword(s):  
Software Reliability ◽  
Probabilistic Method ◽  
Reliability Estimation ◽  
Software Test ◽  
Consensus Method ◽  
Software Systems ◽  
Engineering Systems ◽  
Critical Systems ◽  
Safety Requirements ◽  
Safety Critical

System safety is closely related to system reliability. Safety requirements many times are translated to reliability requirements. Nowadays, software systems exist in many engineering systems. However, there is no consensus method for software reliability estimation. On the contrary, there is an increasing interest in estimating the software reliability due to concerns for safety-critical systems. In this article, we try to close the gap by proposing a systematic and probabilistic method to estimate the software reliability based on software test data.

Safecharts Model Checking for the Verfication of Safety-Critical Systems

2007 ◽  
pp. 427-466 ◽  
Author(s):  
Pao-Ann. Hsiung ◽  
Yen-Hung Lin ◽  
Yean-Ru Chen
Keyword(s):  
Timed Automata ◽  
Hazard Analysis ◽  
Mutual Exclusion ◽  
Critical Systems ◽  
Safety Verification ◽  
Verification Method ◽  
Safety Critical ◽  
Model Driven ◽  
Safety Constraints ◽  
Safety Critical Systems

Unintentional design faults in safety-critical systems might result in injury or even death to human beings. However, the safety verification of such systems is getting very difficult because designs are becoming very complex. To cope with high design complexity, model-driven architecture (MDA) design is becoming a well-accepted trend. However, conventional methods of code testing and hazard analysis do not fit very well with MDA. To bridge this gap, we propose a safecharts model-based formal verification technique for safety-critical systems. The safety constraints in safecharts are mapped to semantic equivalents in timed automata. The theory for safety verification is proved and implemented in the SGM model checker. Prioritized and urgent transitions are implemented in SGM to model the safe chart risk semantics. Finally, it is shown that priority-based approach to mutual exclusion of resource usage in safecharts is unsafe and solutions are proposed. Application examples show the benefits of the proposed model-driven verification method.

Sign in / Sign up

Export Citation Format

Share Document