TOPIC 2.

1
SOFTWARE SYSTEMS DEPENDABILITY
 Software Systems Dependability
• Motivation
• The use of software for control and protection purposes is
expected to increase. In order to facilitate the successful
development, assurance and deployment of high integrity
software, the industry will need to continuously improve the
methods, techniques and tools for the different life-cycle phases
of the software
• Objective
• Provide lessons learned and recommendations on processes,
methods, techniques and tools for the different life cycle phases
for software important to safety
• Activities
1. Software Development
2. Software Assurance
3. Software Certification

2
 Approach

• Cases involving the development, assurance, and certification

of complete electronic systems, on the basis of relevant
standards, interfaced with simulators in the MTO laboratories,
specially designed simulators, or physical models
• Basic research on selected research questions
• Evaluation and further improvement of relevant means
• Bilateral projects on software systems dependability
• Participation in international standardisation
• Lessons learned and recommendations

3
 Features

• Safety demonstration and acceptance

• System level processes
• Life cycle perspective
• Security aspects
• Case-based research

4
 Benefits

Utilities:
• System level processes for engineering relevant requirements to system
safety and dependability, allocating these to sub-systems and components,
following up the vendors in a competent and appropriate manner, and
contributing to an efficient acceptance process
Vendors:
• An improved basis for choosing and implementing means adequate for the
fulfilment of the requirements allocated to the electronic systems and
software
Regulators:
• An improved basis for assessing the evidences and argumentation produced
through the development, assurance, and certification activities

5
 Perspective
System approach to safety

Overall system

Allocation of
requirements to Acceptance and
Electronic system
sub-systems and deployment
components

Software

Development, assurance, and

certification adequate for the
required safety integrity

6
 Scope

System level aspects (2.1.1 - 2.1.3)

Requirements eng. (2.1.1) Software design (2.1.1)

Verification and validation (2.1.2)

Safety demonstration (2.1.3) Certification processes (2.1.3)

Organisational aspects (2.1.1 -2.1.3)

7
Activity 2.1.1 Software Development
 Software Development

Objectives:
• To provide lessons learned and recommendations on means for software
requirements specification, architecture and design, component design,
component implementation, and integration

Important issues in software development include how to

• describe a complete set of requirements for the software, meeting all system and safety
requirements;
• develop a software architecture that meets these requirements;
• identify and evaluate the significance of hardware/software interactions for safety;
• achieve software which is analysable, testable, verifiable, and maintainable; and
• demonstrate that the software and the hardware interact correctly to perform their
intended functions

9
 Software Development

Work plan:
• Cases involving the development of safety-critical electronic systems
• Requirements engineering: Identification of the relevant safety requirements;
management of traceability and changes; alignment of safety and security requirements
assessment; effective use of formal methods
• Software design: Choice of adequate architectures; proper use of pre-developed
software; protection against common cause failures; safety and dependability impacts of
fundamental software design principles
• System level aspects: Early consideration of control room aspects, graphical interfaces,
and human factors; integration of software and hardware into safe and dependable
electronic systems
• Organisational aspects: The relationship and interplay between development, assurance,
and certification; allocation of responsibilities; interaction and communication between
the different roles involved

10
 Software Development

Expected results:
• Empirical knowledge from cases carried out involving the development of safety-
critical electronic systems, in conformance to relevant standards and guidelines
• Lessons learned from each case, based on an evaluation of the results achieved
concerning the development means investigated
• Guidelines on the integration of security aspects in the development of software
important to safety
• Guidelines on selected aspects of software development
• Guidelines on the effective use of formal methods in software specification and
design
• Lessons learned and recommendations on software development
• Evaluation and further improvement of development processes, methods,
techniques, and tools

11
Activity 2.1.2 Software Assurance
 Software Assurance

Objectives:
• To provide lessons learned and recommendations on means for software
testing, verification, validation, assessment, and quality assurance

Important issues related to software assurance include how to

• ascertain the behaviour or performance of software;
• ensure that output items of a specific development phase fulfil the requirements and plans
with respect to completeness, correctness and consistency;
• demonstrate that the processes and their outputs are such that the software fulfils its
requirements and is fit for its intended application;
• ensure that the software performs as required, preserving the software safety integrity and
dependability when modifying the software; and
• ensure that potential failures of tools do not undetected adversely affect their output

13
 Software Assurance

Work plan:
• Cases involving the assurance of safety-critical electronic systems
• Verification and validation: Demonstration of the fulfilment of identified safety
requirements; effective use of formal verification; the relationship between V&V and
certification
• System level aspects: Optimal use of simulators in software assurance
• Organisational aspects: The relationship and interplay between software assurance and
software certification; allocation of responsibilities; interaction and communication
between the different roles involved; how the different assurance activities support each
other and certification

Provides evidences Provides demonstration

Assurance Certification Acceptance

Requires evidences Requires demonstration

14
 Software Assurance

Expected results:
• Empirical knowledge from cases carried out involving the assurance of
safety-critical electronic systems, in conformance to relevant standards and
guidelines
• Lessons learned from each case, based on an evaluation of the results
achieved concerning the assurance means investigated
• Guidelines on selected aspects of software assurance
• Guidelines on the effective use of formal methods in software verification
• Lessons learned and recommendations on software assurance
• Evaluation and further improvement of assurance processes, methods,
techniques, and tools

15
Activity 2.1.3 Software Certification
 Software Certification

Objectives:
• To provide lessons learned and recommendations on means supporting
safety demonstration and approval

Important issues related to software certification include how to

• facilitate an effective safety acceptance process;
• establish the right safety requirements and demonstrate conformance to these;
• demonstrate that the system is safe to put into use;
• provide a convincing safety argumentation;
• perform an appropriate safety assessment; and
• faciliate harmonized safety approval processes

17
 Software Certification

Work plan:
• Cases involving the certification of safety-critical electronic systems
• Certification processes: The understanding and interpretation of requirements;
harmonization of certification processes; harmonization of different classifications of
digital I&C
• Safety argumentation: Structure and representation of the safety argumentation;
optimization between safety and security issues; quality and validity of the safety
argumentation; types and value of supporting evidences; utilization of formal methods in
safety demonstration
• System level aspects: The relationship between software certification and system safety
demonstration
• Organisational aspects: The balance between independence and involvement in the
certification process; allocation of responsibilities for producing safety argumentation and
supporting evidences

18
 Software Certification

Expected results:
• Empirical knowledge from cases carried out involving the certification of
safety-critical electronic systems, in conformance to relevant standards and
guidelines
• Lessons learned from each case, based on an evaluation of the results
achieved concerning the certification means investigated
• Guidelines on selected aspects of software certification
• Guidelines on the effective use of formal methods in software certification
• Lessons learned and recommendations on software certification
• Evaluation and further improvement of certification processes, methods,
techniques, and tools

19