Yutaka Matsuno, profile picture
Uploaded byYutaka Matsuno
PPTX, PDF660 views

Rtlws2013

The document discusses the D-Case Editor, an open-source tool for creating assurance cases, emphasizing its role in evidencing system safety in various industries, including automotive and healthcare. It outlines the historical context, compliance with international standards, and the structure of assurance cases, while highlighting the need for effective argumentation and evidence-based practices. Additionally, it covers D-Case's development, functions, and community feedback, stressing the importance of harmonizing tools and standardization in the field.

Embed presentation

Downloaded 12 times
D-Case Editor An Open Source Assurance Case Tool The University of Electro-Communications Yutaka Matsuno matsuno@is.uec.ac.jp ⓒ 2013 UEC Tokyo.
Contents • Assurance Cases (Safety Cases) • DEOS and D-Case Editor • D-Case Editor Implementation – Compliance to Assurance Cases Standards – Modules and Patterns • Concluding Remarks ⓒ 2013 UEC Tokyo.
Assurance Case • A structured argument, supported by a body of evidence that provides a compelling, comprehensible and valid case that a system is safe for a given application in a given environment (City Univ Evidence London) Ex fault tree analysis result ゴール Evidence Ex. System is safe Evidence Argument Structure
Assurance Case • Case: All the reasons that one side in a legal argument can give against the other side. • Assurance Case is called safety case when arguing safety, dependability case when dependability, … • The term “Assurance Cases” is defined in ISO/IEC 15026: Systems and software engineering -- Systems and software assurance Assurance Case Safety Case Dependability Case Security Case …
Background of Assurance Cases • Piper Alpha Disaster (1988,167 dead) and many serious disasters since 1970– Not only prescriptive procedures, but argument why the safety is achieved by such procedures, based on evidence • Prescriptive and Goal Based regulations – Prescriptive: check safety lists given by standards – Goal Based: develop argument that the given safety goal is achieved -> Safety Cases (Lord Cullen’s Piper Alpha Disaster Report) – ISO26262 (automotive functional safety standard), EUROCONTROL (Eurocontrol, 2006), the Rail Yellow Book (Rail Track, 2000), and MoD Defense Standard 00-56 (MoD, 2007) require safety cases
Safety Cases in UK and World • UK (EU): “Using safety cases in industry and health care”, UK Health Foundation, 2012.12 – Avionics, Automobile, Defense, Atomic Plant, Oil, Railway, Medical and Health Devices http://www.health.org.uk/publications/using -safety-cases-in-industry-and-healthcare/ • World – USA: medical device such as infusion pomp – Japan: New, but because of ISO26262, several companies are now studying safety cases
Assurance Case Notation • Mostly by natural languages • Graphical Notations – CAE(Claim, Argument, Evidence) by Adelard, UK – GSN(Goal Structuring Notation) by Univ of Yok, UK CAE GSN CAE and GSN are essentially the same, and the metamodel is standardized as OMG SACM (structured assurance case metamodel)
GSN Example Goal Context Strategy Evidence Written with D-Case Editor
Cons for Safety Cases • Most papers about safety cases express personal opinions or deal with how to prepare a safety case, but not whether it is effective. (Nancy Leveson, MIT)
Contents • Assurance Cases • DEOS and D-Case Editor • D-Case Editor Implementation – Compliance to Assurance Cases Standards – Patterns and Modules • Concluding Remarks ⓒ 2013 UEC Tokyo.
DEOS and D-Case DEOS (Dependable Embedded Operating System) project funded by Japan Science and Technology Agency (2006.10 – 2014.3) •http://www.dependable-os.net/osddeos/index-e.html, or google “DEOS” •D-Case project, a sub project for assurance cases (2010.4-) (Dependability) – Tool Implementation, Lectures, meetings, case studies, standardization, … ⓒ 2013 UEC Tokyo.
D-Case Meetings • 2012.9.14(Nagoya), 12.20(Nagoya), 2013.4.19(Tokyo), 2013.10.22(Tokyo) Discussions Introduction of assurance cases in industries Use in ISO26262 Visibility of GSN, etc Participants Toyota、Yokogawa Electronics、Japan IBM、 Ogis RI、NTT Data、Denso Create、 Fuji Xerox, etc More than 60 participants http://www.dcase.jp (English page soon to be open) ⓒ 2013 UEC Tokyo.
D-Case Editor • An Open, Eclipse based GSN editor (2010.4-) – http://www.dependable-os.net/tech/DCaseEditor/index-e.html – GitHub https://github.com/d-case/d-case_editor • From Oct 2013, Eclipse Public Lisence • Purposes – Writing, presenting, sharing GSN • A few hundred downloads, tested by D-Case meeting participants and researchers in world – Prototyping for research ⓒ 2013 UEC Tokyo.
D-Case Editor Snapshot GSN nodes Eclipse Workspace Projects D-Case extensions Canvas ⓒ 2013 UEC Tokyo.
Feedbacks from Industries • Comments from Adelard, U York, Thales, OSADL, NASA, Denso Create (and many Japanese companies), … ⓒ 2013 UEC Tokyo.
D-Case Editor Functions Requirements from Industry Functions Editing and Viewing Graphical Editing Focusing Automatic Sub tee constructions Maintenance Module/Pattern, Word dictionary Change management Consistency Checking Simple type check on parameters D-Case/Agda (Proof Assistant Tool) Conversion to other formats Excel/PowerPoint OMG SACM Sharing among stakeholders D-Case Server (using Alfresco) Tool Chains Benchmark tools (DSN2012) SysML/UML Tools Experimental chain with Reqtify, Redmine, … ⓒ 2013 UEC Tokyo. Today’s topic Already implemented Partly implemented
Contents • Assurance Cases • DEOS and D-Case Editor • D-Case Editor Implementation – Compliance to Assurance Cases Standards – Modules and Patterns • Concluding Remarks ⓒ 2013 UEC Tokyo.
Compliance to Assurance Cases Standards • Compliance to standards is important – OMG SACM at OMG system assurance task force • SACM = Structured Assurance Case Metamodel • Harmonizing CAE and GSN – GSN Community Standard v1.0 (2011) • When implementing GSN Community Standard, we have several design choices • By showing our design choices, we hope to facilitate assurance case tool implementation ⓒ 2013 UEC Tokyo.
GSN Community Standard v1.0 • Part 0 Introduction and Concepts • Part 1 Definition of GSN • Annexes to Part 1 – Extension to GSN to support argument patterns – Modular extensions to GSN • Part 2 Guidance on the development and evaluation of goal structures • Annexes to Part 2 ⓒ 2013 UEC Tokyo.
GSN Modules B1.3.2.3 Contract modules can be used in the support relationship between modules to aid decoupling as shown in Figure 32. This de-coupling permits argument module construction in cases where the eventual source of support for an argument is unknown at the time of authoring or can be changed for example through re-use or planned product improvement or reconfiguration. (GSN Standard, p23) Current Implementation ⓒ 2013 UEC Tokyo.
GSN Patterns We focus on parameters ⓒ 2013 UEC Tokyo.
Design Choices for Modules (GSN Standard, p.17) • What is module? “module” is not so clearly defined – Interpret module as “a GSN tree with one top goal” Argument = GSN? • Away goals, solutions, contexts, … We do not want to introduce “away” nodes for each kind of GSN nodes (too many kinds of nodes) ⓒ 2013 UEC Tokyo.
Design Choices for Modules (GSN Standard p.17) • Away goals by color change Referring node as green Referred node as orange ⓒ 2013 UEC Tokyo.
Inter-Module notation • Automatically generate inter-module notation GSN Community Standard, P23 ⓒ 2013 UEC Tokyo.
Snapshot of GSN modules for LAN device management system Architecture ⓒ 2013 UEC Tokyo.
Some issues in Parameters We focus on parameters How to define parameters? What is the scope of parameters? In {System X}, what is “System”? ⓒ 2013 UEC Tokyo.
Design Choices for Patterns • Use context nodes to define parameters • Scope is subtree of goal of the context • Introduce types for parameters – Currently Int, double, string, enum ⓒ 2013 UEC Tokyo.
A Snap Shot of Parameter Definition of Availability Definition of SIL Scope of SIL Scope of Availability ⓒ 2013 UEC Tokyo.
Publically available tools we have tested Tool Name Platform Notations GSN Modules GSN Patterns ASCE (Adelard) None (Windows XP or later) GSN, CAE Partly? Not yet? Visio Plug-in (York) Visio GSN Not yet? Not yet? NASA CertWare (Open Source) Eclipse GSN, CAE, etc Not yet Not yet GSN Editor Web browser GSN Not yet Not yet Eclipse GSN Partly (Contract nodes are not done) Partly (Only Parameters) (Dependable Computing LLC) D-Case Editor (DEOS) Others: AdvoCATE(NASA, will be open source), AutoFOCUS3, acedit(York, not tested) E-Safety Case(Praxis), GSN CaseMaker(ERA), ISCADE, ISIS High ⓒ 2013 UEC Tokyo. Integrity Solution, TACE,…
Concluding Remarks • D-Case Editor, an open source assurance case editor • Tool Implementation, Use in Industries, Standardization should be co-developed Tool Implementation Open Source Development Standardization Use in industries ⓒ 2013 UEC Tokyo.

More Related Content

PDF
The ideal module system and the harsh reality
byAdam Warski
 
PPTX
Jamil R. Mazzawi, Founder and CEO, Optima Design Automation
bychiportal
 
PDF
DMAP's presentation
bySILKAN
 
PDF
ISApaperIEC61508_AMN_Final
byAndy Nack
 
PPS
Narated mike bartley reqs signoff
byMikeBartley
 
PDF
Dorner works do-254_information
byAnnmarie Davidson
 
PDF
Volvo Presents: Support for ISO 26262 in the EAST-ADL/AUTOSAR Context
byTorben Haagh
 
PDF
TÜV SÜD on functional safety for multi-core architectures
byTorben Haagh
 
The ideal module system and the harsh reality
byAdam Warski
 
Jamil R. Mazzawi, Founder and CEO, Optima Design Automation
bychiportal
 
DMAP's presentation
bySILKAN
 
ISApaperIEC61508_AMN_Final
byAndy Nack
 
Narated mike bartley reqs signoff
byMikeBartley
 
Dorner works do-254_information
byAnnmarie Davidson
 
Volvo Presents: Support for ISO 26262 in the EAST-ADL/AUTOSAR Context
byTorben Haagh
 
TÜV SÜD on functional safety for multi-core architectures
byTorben Haagh
 

Viewers also liked

PDF
Unified Systems Engineering feasibility
byEric Verhulst
 
PDF
Iec61508 guide
byronnyalex2013
 
PDF
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...
bySchneider Electric
 
PPT
T062500000 p003050ppte
byPhani Kumar
 
PDF
DMAP\'s Brochure
byDMAP
 
PDF
Overview of DO-254: Design Assurance Guidance For Airborne Electronic Hardware
byOak Systems
 
PDF
Increasing Efficiency of ISO 26262 Verification and Validation by Combining F...
byRAKESH RANA
 
PDF
Qualification of Eclipse-based Tools according to ISO 26262
byOscar Slotosch
 
PDF
20131216 cisec-standards-jp blanquart-jmastruc
byCISEC
 
PDF
2017 03-10 - vu amsterdam - testing safety critical systems
byJaap van Ekris
 
Unified Systems Engineering feasibility
byEric Verhulst
 
Iec61508 guide
byronnyalex2013
 
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...
bySchneider Electric
 
T062500000 p003050ppte
byPhani Kumar
 
DMAP\'s Brochure
byDMAP
 
Overview of DO-254: Design Assurance Guidance For Airborne Electronic Hardware
byOak Systems
 
Increasing Efficiency of ISO 26262 Verification and Validation by Combining F...
byRAKESH RANA
 
Qualification of Eclipse-based Tools according to ISO 26262
byOscar Slotosch
 
20131216 cisec-standards-jp blanquart-jmastruc
byCISEC
 
2017 03-10 - vu amsterdam - testing safety critical systems
byJaap van Ekris
 

Similar to Rtlws2013

PPTX
On the Transition from Design Time to Runtime Model-Based Assurance Cases
byRan Wei
 
PDF
Standards for safety and security in avionics
byAlessandro Bruni
 
PPT
Safe & Sec Case Patterns (ASSURE 2015)
byKenji Taguchi
 
PPTX
Highly dependable automotive software
byAlan Tatourian
 
PDF
New Research Articles 2020 September Issue International Journal of Software ...
byijseajournal
 
PPT
HCI 3e - Ch 16: Dialogue notations and design
byAlan Dix
 
PPTX
functional safety topic for engineers .pptx
bymohamed abd elrazek
 
PPTX
Navigating the jungle of Secure Coding Standards
byChantalWauters
 
PDF
Safety Model and Systems Model - GSN/MARTE/SysML/SafeML integration in Robo...
byKenji Hiranabe
 
PDF
[SiriusCon 2018] AdvoCATE: An Assurance Case Automation Toolset Based on Ecli...
byObeo
 
PDF
Health Informatics – Application of Clinical Risk Management to the Manufactu...
byPlan de Calidad para el SNS
 
PDF
DConf 2013 Opening Keynote by Walter Bright
byAndrei Alexandrescu
 
PDF
Safety Assurance and Certification: Current Practices, Challenges, and Brains...
byRoberto Natella
 
PDF
Fault tolerance on cloud computing
bywww.pixelsolutionbd.com
 
PDF
5 Techniques to Achieve Functional Safety for Embedded Systems
byAngela Hauber
 
PDF
5 Techniques to Achieve Functional Safety for Embedded Systems
byMEN Mikro Elektronik GmbH
 
PDF
5 Techniques to Achieve Functional Safety for Embedded Systems
byMEN Micro
 
PPTX
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
byAndrey Karpov
 
PDF
522631 001(Guardian Reference)
bycha kanghoon
 
PDF
522631 001(Guardian Reference)
byguest2dfc87
 
On the Transition from Design Time to Runtime Model-Based Assurance Cases
byRan Wei
 
Standards for safety and security in avionics
byAlessandro Bruni
 
Safe & Sec Case Patterns (ASSURE 2015)
byKenji Taguchi
 
Highly dependable automotive software
byAlan Tatourian
 
New Research Articles 2020 September Issue International Journal of Software ...
byijseajournal
 
HCI 3e - Ch 16: Dialogue notations and design
byAlan Dix
 
functional safety topic for engineers .pptx
bymohamed abd elrazek
 
Navigating the jungle of Secure Coding Standards
byChantalWauters
 
Safety Model and Systems Model - GSN/MARTE/SysML/SafeML integration in Robo...
byKenji Hiranabe
 
[SiriusCon 2018] AdvoCATE: An Assurance Case Automation Toolset Based on Ecli...
byObeo
 
Health Informatics – Application of Clinical Risk Management to the Manufactu...
byPlan de Calidad para el SNS
 
DConf 2013 Opening Keynote by Walter Bright
byAndrei Alexandrescu
 
Safety Assurance and Certification: Current Practices, Challenges, and Brains...
byRoberto Natella
 
Fault tolerance on cloud computing
bywww.pixelsolutionbd.com
 
5 Techniques to Achieve Functional Safety for Embedded Systems
byAngela Hauber
 
5 Techniques to Achieve Functional Safety for Embedded Systems
byMEN Mikro Elektronik GmbH
 
5 Techniques to Achieve Functional Safety for Embedded Systems
byMEN Micro
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
byAndrey Karpov
 
522631 001(Guardian Reference)
bycha kanghoon
 
522631 001(Guardian Reference)
byguest2dfc87
 

Recently uploaded

PDF
final.pdf
byomarbishtawi04
 
PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
final.pdf
byomarbishtawi04
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
apidays New York 2025 | AI in Application Security
byapidays
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Workflow and decision Automation with Flowable
bychakib ch
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 

Rtlws2013

  • 1.
    D-Case Editor An OpenSource Assurance Case Tool The University of Electro-Communications Yutaka Matsuno matsuno@is.uec.ac.jp ⓒ 2013 UEC Tokyo.
  • 2.
    Contents • Assurance Cases(Safety Cases) • DEOS and D-Case Editor • D-Case Editor Implementation – Compliance to Assurance Cases Standards – Modules and Patterns • Concluding Remarks ⓒ 2013 UEC Tokyo.
  • 3.
    Assurance Case • Astructured argument, supported by a body of evidence that provides a compelling, comprehensible and valid case that a system is safe for a given application in a given environment (City Univ Evidence London) Ex fault tree analysis result ゴール Evidence Ex. System is safe Evidence Argument Structure
  • 4.
    Assurance Case • Case:All the reasons that one side in a legal argument can give against the other side. • Assurance Case is called safety case when arguing safety, dependability case when dependability, … • The term “Assurance Cases” is defined in ISO/IEC 15026: Systems and software engineering -- Systems and software assurance Assurance Case Safety Case Dependability Case Security Case …
  • 5.
    Background of AssuranceCases • Piper Alpha Disaster (1988,167 dead) and many serious disasters since 1970– Not only prescriptive procedures, but argument why the safety is achieved by such procedures, based on evidence • Prescriptive and Goal Based regulations – Prescriptive: check safety lists given by standards – Goal Based: develop argument that the given safety goal is achieved -> Safety Cases (Lord Cullen’s Piper Alpha Disaster Report) – ISO26262 (automotive functional safety standard), EUROCONTROL (Eurocontrol, 2006), the Rail Yellow Book (Rail Track, 2000), and MoD Defense Standard 00-56 (MoD, 2007) require safety cases
  • 6.
    Safety Cases inUK and World • UK (EU): “Using safety cases in industry and health care”, UK Health Foundation, 2012.12 – Avionics, Automobile, Defense, Atomic Plant, Oil, Railway, Medical and Health Devices http://www.health.org.uk/publications/using -safety-cases-in-industry-and-healthcare/ • World – USA: medical device such as infusion pomp – Japan: New, but because of ISO26262, several companies are now studying safety cases
  • 7.
    Assurance Case Notation •Mostly by natural languages • Graphical Notations – CAE(Claim, Argument, Evidence) by Adelard, UK – GSN(Goal Structuring Notation) by Univ of Yok, UK CAE GSN CAE and GSN are essentially the same, and the metamodel is standardized as OMG SACM (structured assurance case metamodel)
  • 8.
  • 9.
    Cons for SafetyCases • Most papers about safety cases express personal opinions or deal with how to prepare a safety case, but not whether it is effective. (Nancy Leveson, MIT)
  • 10.
    Contents • Assurance Cases •DEOS and D-Case Editor • D-Case Editor Implementation – Compliance to Assurance Cases Standards – Patterns and Modules • Concluding Remarks ⓒ 2013 UEC Tokyo.
  • 11.
    DEOS and D-Case DEOS(Dependable Embedded Operating System) project funded by Japan Science and Technology Agency (2006.10 – 2014.3) •http://www.dependable-os.net/osddeos/index-e.html, or google “DEOS” •D-Case project, a sub project for assurance cases (2010.4-) (Dependability) – Tool Implementation, Lectures, meetings, case studies, standardization, … ⓒ 2013 UEC Tokyo.
  • 12.
    D-Case Meetings • 2012.9.14(Nagoya),12.20(Nagoya), 2013.4.19(Tokyo), 2013.10.22(Tokyo) Discussions Introduction of assurance cases in industries Use in ISO26262 Visibility of GSN, etc Participants Toyota、Yokogawa Electronics、Japan IBM、 Ogis RI、NTT Data、Denso Create、 Fuji Xerox, etc More than 60 participants http://www.dcase.jp (English page soon to be open) ⓒ 2013 UEC Tokyo.
  • 13.
    D-Case Editor • AnOpen, Eclipse based GSN editor (2010.4-) – http://www.dependable-os.net/tech/DCaseEditor/index-e.html – GitHub https://github.com/d-case/d-case_editor • From Oct 2013, Eclipse Public Lisence • Purposes – Writing, presenting, sharing GSN • A few hundred downloads, tested by D-Case meeting participants and researchers in world – Prototyping for research ⓒ 2013 UEC Tokyo.
  • 14.
  • 15.
    Feedbacks from Industries •Comments from Adelard, U York, Thales, OSADL, NASA, Denso Create (and many Japanese companies), … ⓒ 2013 UEC Tokyo.
  • 16.
    D-Case Editor Functions Requirementsfrom Industry Functions Editing and Viewing Graphical Editing Focusing Automatic Sub tee constructions Maintenance Module/Pattern, Word dictionary Change management Consistency Checking Simple type check on parameters D-Case/Agda (Proof Assistant Tool) Conversion to other formats Excel/PowerPoint OMG SACM Sharing among stakeholders D-Case Server (using Alfresco) Tool Chains Benchmark tools (DSN2012) SysML/UML Tools Experimental chain with Reqtify, Redmine, … ⓒ 2013 UEC Tokyo. Today’s topic Already implemented Partly implemented
  • 17.
    Contents • Assurance Cases •DEOS and D-Case Editor • D-Case Editor Implementation – Compliance to Assurance Cases Standards – Modules and Patterns • Concluding Remarks ⓒ 2013 UEC Tokyo.
  • 18.
    Compliance to Assurance CasesStandards • Compliance to standards is important – OMG SACM at OMG system assurance task force • SACM = Structured Assurance Case Metamodel • Harmonizing CAE and GSN – GSN Community Standard v1.0 (2011) • When implementing GSN Community Standard, we have several design choices • By showing our design choices, we hope to facilitate assurance case tool implementation ⓒ 2013 UEC Tokyo.
  • 19.
    GSN Community Standardv1.0 • Part 0 Introduction and Concepts • Part 1 Definition of GSN • Annexes to Part 1 – Extension to GSN to support argument patterns – Modular extensions to GSN • Part 2 Guidance on the development and evaluation of goal structures • Annexes to Part 2 ⓒ 2013 UEC Tokyo.
  • 20.
    GSN Modules B1.3.2.3 Contractmodules can be used in the support relationship between modules to aid decoupling as shown in Figure 32. This de-coupling permits argument module construction in cases where the eventual source of support for an argument is unknown at the time of authoring or can be changed for example through re-use or planned product improvement or reconfiguration. (GSN Standard, p23) Current Implementation ⓒ 2013 UEC Tokyo.
  • 21.
    GSN Patterns We focuson parameters ⓒ 2013 UEC Tokyo.
  • 22.
    Design Choices forModules (GSN Standard, p.17) • What is module? “module” is not so clearly defined – Interpret module as “a GSN tree with one top goal” Argument = GSN? • Away goals, solutions, contexts, … We do not want to introduce “away” nodes for each kind of GSN nodes (too many kinds of nodes) ⓒ 2013 UEC Tokyo.
  • 23.
    Design Choices forModules (GSN Standard p.17) • Away goals by color change Referring node as green Referred node as orange ⓒ 2013 UEC Tokyo.
  • 24.
    Inter-Module notation • Automaticallygenerate inter-module notation GSN Community Standard, P23 ⓒ 2013 UEC Tokyo.
  • 25.
    Snapshot of GSNmodules for LAN device management system Architecture ⓒ 2013 UEC Tokyo.
  • 26.
    Some issues inParameters We focus on parameters How to define parameters? What is the scope of parameters? In {System X}, what is “System”? ⓒ 2013 UEC Tokyo.
  • 27.
    Design Choices forPatterns • Use context nodes to define parameters • Scope is subtree of goal of the context • Introduce types for parameters – Currently Int, double, string, enum ⓒ 2013 UEC Tokyo.
  • 28.
    A Snap Shotof Parameter Definition of Availability Definition of SIL Scope of SIL Scope of Availability ⓒ 2013 UEC Tokyo.
  • 29.
    Publically available tools wehave tested Tool Name Platform Notations GSN Modules GSN Patterns ASCE (Adelard) None (Windows XP or later) GSN, CAE Partly? Not yet? Visio Plug-in (York) Visio GSN Not yet? Not yet? NASA CertWare (Open Source) Eclipse GSN, CAE, etc Not yet Not yet GSN Editor Web browser GSN Not yet Not yet Eclipse GSN Partly (Contract nodes are not done) Partly (Only Parameters) (Dependable Computing LLC) D-Case Editor (DEOS) Others: AdvoCATE(NASA, will be open source), AutoFOCUS3, acedit(York, not tested) E-Safety Case(Praxis), GSN CaseMaker(ERA), ISCADE, ISIS High ⓒ 2013 UEC Tokyo. Integrity Solution, TACE,…
  • 30.
    Concluding Remarks • D-CaseEditor, an open source assurance case editor • Tool Implementation, Use in Industries, Standardization should be co-developed Tool Implementation Open Source Development Standardization Use in industries ⓒ 2013 UEC Tokyo.