Volvo Presents: Support for ISO 26262 in the EAST-ADL/AUTOSAR ContextTorben Haagh
Volvo Presents: Support for ISO 26262 in the EAST-ADL/AUTOSAR Context
Download the full presentation for FREE here: http://bit.ly/Slideshare_Volvo_Presentation
Dr. Oscar Ljungkrantz, Systems Engineer and Dr. Henrik Lönn, Research Engineer at Volvo Technology Corporation in Sweden, presented a case study at IQPC's ISO 26262 conference on the topic: "Support for ISO 26262 in the EAST-ADL / AUTOSAR Context".
The presentation goes into detail on the following:
• Application of model-based support for ISO 26262 on example system
• Methodology for systematic application of ISO 26262 in the model based context
• Traceability of safety information from safety goal down to software and hardware requirements
• EAST-ADL support for supplier and OEM collaboration
Download the full presentation for FREE here: http://bit.ly/Slideshare_Volvo_Presentation
TÜV SÜD on functional safety for multi-core architecturesTorben Haagh
With the importance of successful and efficient implimentation of functional safety continuing to grow on a global scale, ensuring the safey of multi-core architectures poses the next big challenge.
Dr. Andreas Bärwald, Vice President Global Strategy and Operations Automotive, TÜV SÜD Automotive GbmH joined us at last year’s event to give us exclusive case study insight as to how three leading automotive companies achieved this aim.
Read more here:
http://bit.ly/Presentation_TUV-SUD
Volvo Presents: Support for ISO 26262 in the EAST-ADL/AUTOSAR ContextTorben Haagh
Volvo Presents: Support for ISO 26262 in the EAST-ADL/AUTOSAR Context
Download the full presentation for FREE here: http://bit.ly/Slideshare_Volvo_Presentation
Dr. Oscar Ljungkrantz, Systems Engineer and Dr. Henrik Lönn, Research Engineer at Volvo Technology Corporation in Sweden, presented a case study at IQPC's ISO 26262 conference on the topic: "Support for ISO 26262 in the EAST-ADL / AUTOSAR Context".
The presentation goes into detail on the following:
• Application of model-based support for ISO 26262 on example system
• Methodology for systematic application of ISO 26262 in the model based context
• Traceability of safety information from safety goal down to software and hardware requirements
• EAST-ADL support for supplier and OEM collaboration
Download the full presentation for FREE here: http://bit.ly/Slideshare_Volvo_Presentation
TÜV SÜD on functional safety for multi-core architecturesTorben Haagh
With the importance of successful and efficient implimentation of functional safety continuing to grow on a global scale, ensuring the safey of multi-core architectures poses the next big challenge.
Dr. Andreas Bärwald, Vice President Global Strategy and Operations Automotive, TÜV SÜD Automotive GbmH joined us at last year’s event to give us exclusive case study insight as to how three leading automotive companies achieved this aim.
Read more here:
http://bit.ly/Presentation_TUV-SUD
Unified Systems Engineering feasibilityEric Verhulst
Is unified systems and safety engineering feasible?
This presentation introduces a new approach for developing composable systems with different SIL levels will be presented. It introduces the new notion of ARRL (Assured Reliability and Resilience Level).
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...Schneider Electric
Improper integration of Intelligent Electronic Devices (IED) into medium / high voltage electrical networks can impact both network performance and safety. Now, standards such as IEC 61508 provide a framework from which new safety risks can be managed. This paper simplifies the complexity of integrating new devices into existing grid networks by explaining how to implement IEC safety and maintenance standards. Examples are presented for how to minimize cost and maximize safety benefits.
Overview of DO-254: Design Assurance Guidance For Airborne Electronic HardwareOak Systems
To provide design assurance guidance for the development of airborne electronic hardware such that it safely performs its intended function, in its specified environments.
Increasing Efficiency of ISO 26262 Verification and Validation by Combining F...RAKESH RANA
Increasing Efficiency of ISO 26262 Verification and Validation by Combining Fault Injection and Mutation Testing with Model Based Development
Presented at:
8th International Joint Conference on Software Technologies, ICSOFT-EA, Reykjavík, Iceland, 2013
Get full text of publication at:
http://rakeshrana.website/index.php/work/publications/
Most industrial safety-critical systems are developed and validated following safety standards. However even though all safety standards address similar concerns with similar objectives, they are also domain-specific standards. The presentation results from the activity of a working group (formerly CG2E, now part of the recently set-up Embedded France) gathering industrial safety experts from aeronautics, automotive, industrial automation, nuclear, railway and space. The lecture will combine a presentation focused on one industry specific standard (the recent ISO 26262 for automotive), and complementary perspective in comparison with the standards in the other five mentioned domains. After the presentation of the history and position and the various regulation regimes, we will highlight some more technical topics e.g., integrated or external safety systems, fault prevention vs. fault tolerance, objectives vs. means prescription, probabilistic vs. deterministic arguments and the notion of criticality, integrity or assurance levels.
2017 03-10 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
This is the presentation slides on the paper "Safe & Sec Case Patterns" at ASSURE 2015. This research investigate how to integrate safety and security from process patterns and show an integrated assurance case for both.
A Study on MDE Approaches for Engineering Wireless Sensor Networks Ivano Malavolta
27th August 2014. My presentation at SEAA 2014 (http://esd.scienze.univr.it/dsd-seaa-2014) about our a study on model-driven engineering approaches for engineering Wireless Sensor Networks (WSNs).
Accompanying paper: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6928805
Abstract:
Model-Driven Engineering (MDE) can be considered as the right tool to reduce the complexity of Wireless Sensor Network (WSN) development through its principles of abstraction, separation of concerns, reuse and automation. In this paper we present the results of a systematic mapping study we performed for providing an organized view of existing MDE approaches for designing WSNs.
A total number of 780 studies were analysed; among them, we selected 16 papers as primary studies relevant for review. We setup a comparison framework for these studies, and classified them based on a set of common parameters. The main objective of our research is to give an overview about the state-of-the-art of MDE approaches dedicated to WSN design, and finally, discuss emerging challenges that have to be considered in future MDE approaches for engineering WSNs.
Managing Complexity and Change with Scalable Software Designlbergmans
This is a presentation I gave to a group of IT managers. It explains what 'scalable design' is about, discusses its motivations by a number of facts and figures about software development, and illustrates the approach through a real-world case.
The Irish Software Show, ( http://epicenter.ie ) Werner Keil: UCUM
Developers who work with physical quantities (such as developers in the scientific, engineering, medical, and manufacturing domains) need to be able to handle measurements of these quantities in their programs.
Inadequate models of physical measurements can lead to significant programmatic errors.
In particular, the practice of modeling a measure as a simple number with no regard to the units it represents creates fragile code. Another developer or another part of the code may misinterpret the number as representing a different unit of measurement. For example, it may be unclear whether a person's weight is expressed in pounds, kilograms, or stones.
Problems multiply once a client has to communicate with one or more servers or services in a Cloud.
This session provides an overview of the UCUM standard and related interoperability efforts like UnitML by OASIs. It also outlines various implementations based on Eclipse, Java Mobile (JSR-256) or OSGi, just to name the most common examples. And looks at ways, different platforms, e.g. .NET/F# and JVM based languages can exchange measurements preserving their value and units.
http://epicenter.ie/2010.html?zone_id=20&mode=agenda&session=143#session
Security Patterns: Research Direction, Metamodel, Application and VerificationHironori Washizaki
Hironori Washizaki, “Security Patterns: Research Direction, Metamodel, Application and Verification”, Keynote, The 2017 International Workshop on Big Data & Information Security (IWBIS), Jakarta, Indonesia , Sep 23-24, 2017.
Unified Systems Engineering feasibilityEric Verhulst
Is unified systems and safety engineering feasible?
This presentation introduces a new approach for developing composable systems with different SIL levels will be presented. It introduces the new notion of ARRL (Assured Reliability and Resilience Level).
Impact of IEC 61508 Standards on Intelligent Electrial Networks and Safety Im...Schneider Electric
Improper integration of Intelligent Electronic Devices (IED) into medium / high voltage electrical networks can impact both network performance and safety. Now, standards such as IEC 61508 provide a framework from which new safety risks can be managed. This paper simplifies the complexity of integrating new devices into existing grid networks by explaining how to implement IEC safety and maintenance standards. Examples are presented for how to minimize cost and maximize safety benefits.
Overview of DO-254: Design Assurance Guidance For Airborne Electronic HardwareOak Systems
To provide design assurance guidance for the development of airborne electronic hardware such that it safely performs its intended function, in its specified environments.
Increasing Efficiency of ISO 26262 Verification and Validation by Combining F...RAKESH RANA
Increasing Efficiency of ISO 26262 Verification and Validation by Combining Fault Injection and Mutation Testing with Model Based Development
Presented at:
8th International Joint Conference on Software Technologies, ICSOFT-EA, Reykjavík, Iceland, 2013
Get full text of publication at:
http://rakeshrana.website/index.php/work/publications/
Most industrial safety-critical systems are developed and validated following safety standards. However even though all safety standards address similar concerns with similar objectives, they are also domain-specific standards. The presentation results from the activity of a working group (formerly CG2E, now part of the recently set-up Embedded France) gathering industrial safety experts from aeronautics, automotive, industrial automation, nuclear, railway and space. The lecture will combine a presentation focused on one industry specific standard (the recent ISO 26262 for automotive), and complementary perspective in comparison with the standards in the other five mentioned domains. After the presentation of the history and position and the various regulation regimes, we will highlight some more technical topics e.g., integrated or external safety systems, fault prevention vs. fault tolerance, objectives vs. means prescription, probabilistic vs. deterministic arguments and the notion of criticality, integrity or assurance levels.
2017 03-10 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
This is the presentation slides on the paper "Safe & Sec Case Patterns" at ASSURE 2015. This research investigate how to integrate safety and security from process patterns and show an integrated assurance case for both.
A Study on MDE Approaches for Engineering Wireless Sensor Networks Ivano Malavolta
27th August 2014. My presentation at SEAA 2014 (http://esd.scienze.univr.it/dsd-seaa-2014) about our a study on model-driven engineering approaches for engineering Wireless Sensor Networks (WSNs).
Accompanying paper: http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6928805
Abstract:
Model-Driven Engineering (MDE) can be considered as the right tool to reduce the complexity of Wireless Sensor Network (WSN) development through its principles of abstraction, separation of concerns, reuse and automation. In this paper we present the results of a systematic mapping study we performed for providing an organized view of existing MDE approaches for designing WSNs.
A total number of 780 studies were analysed; among them, we selected 16 papers as primary studies relevant for review. We setup a comparison framework for these studies, and classified them based on a set of common parameters. The main objective of our research is to give an overview about the state-of-the-art of MDE approaches dedicated to WSN design, and finally, discuss emerging challenges that have to be considered in future MDE approaches for engineering WSNs.
Managing Complexity and Change with Scalable Software Designlbergmans
This is a presentation I gave to a group of IT managers. It explains what 'scalable design' is about, discusses its motivations by a number of facts and figures about software development, and illustrates the approach through a real-world case.
The Irish Software Show, ( http://epicenter.ie ) Werner Keil: UCUM
Developers who work with physical quantities (such as developers in the scientific, engineering, medical, and manufacturing domains) need to be able to handle measurements of these quantities in their programs.
Inadequate models of physical measurements can lead to significant programmatic errors.
In particular, the practice of modeling a measure as a simple number with no regard to the units it represents creates fragile code. Another developer or another part of the code may misinterpret the number as representing a different unit of measurement. For example, it may be unclear whether a person's weight is expressed in pounds, kilograms, or stones.
Problems multiply once a client has to communicate with one or more servers or services in a Cloud.
This session provides an overview of the UCUM standard and related interoperability efforts like UnitML by OASIs. It also outlines various implementations based on Eclipse, Java Mobile (JSR-256) or OSGi, just to name the most common examples. And looks at ways, different platforms, e.g. .NET/F# and JVM based languages can exchange measurements preserving their value and units.
http://epicenter.ie/2010.html?zone_id=20&mode=agenda&session=143#session
Security Patterns: Research Direction, Metamodel, Application and VerificationHironori Washizaki
Hironori Washizaki, “Security Patterns: Research Direction, Metamodel, Application and Verification”, Keynote, The 2017 International Workshop on Big Data & Information Security (IWBIS), Jakarta, Indonesia , Sep 23-24, 2017.
Software development effort reduction with Co-oplbergmans
This talks explains the motivations for the Co-op technology: what are the challenges it addresses, in particular focusing on reducing accidental complexity, where it comes from, and a general vision on how to resolve it. Then we continue to show practical application of Co-op, including experience figures from large-scale application of a previous generation of this technology. Show a little bit about its realization, and conclude with an evaluation of the technology.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
3. Assurance Case
• A structured argument, supported by a body of
evidence that provides a compelling, comprehensible
and valid case that a system is safe for a given
application in a given environment (City Univ
Evidence
London)
Ex fault tree analysis result
ゴール
Evidence
Ex. System is safe
Evidence
Argument
Structure
4. Assurance Case
• Case: All the reasons that one side in a legal
argument can give against the other side.
• Assurance Case is called safety case when
arguing safety, dependability case when
dependability, …
• The term “Assurance Cases” is defined in
ISO/IEC 15026: Systems and software engineering -- Systems
and software assurance
Assurance Case
Safety Case
Dependability Case
Security Case
…
5. Background of Assurance Cases
• Piper Alpha Disaster (1988,167 dead) and many serious
disasters since 1970– Not only prescriptive procedures, but argument why the safety is
achieved by such procedures, based on evidence
• Prescriptive and Goal Based regulations
– Prescriptive: check safety lists given by standards
– Goal Based: develop argument that the given safety goal is
achieved -> Safety Cases (Lord Cullen’s Piper Alpha Disaster
Report)
– ISO26262 (automotive functional safety standard), EUROCONTROL
(Eurocontrol, 2006), the Rail Yellow Book (Rail Track, 2000), and MoD
Defense Standard 00-56 (MoD, 2007) require safety cases
6. Safety Cases in UK and World
• UK (EU): “Using safety cases in industry and
health care”, UK Health Foundation, 2012.12
– Avionics, Automobile, Defense, Atomic Plant, Oil,
Railway, Medical and Health Devices
http://www.health.org.uk/publications/using
-safety-cases-in-industry-and-healthcare/
• World
– USA: medical device such as infusion pomp
– Japan: New, but because of ISO26262, several
companies are now studying safety cases
7. Assurance Case Notation
• Mostly by natural languages
• Graphical Notations
– CAE(Claim, Argument, Evidence) by Adelard, UK
– GSN(Goal Structuring Notation) by Univ of Yok, UK
CAE
GSN
CAE and GSN
are essentially
the same, and
the metamodel
is standardized as
OMG SACM
(structured assurance
case metamodel)
9. Cons for Safety Cases
• Most papers about safety cases express
personal opinions or deal with how to prepare
a safety case, but not whether it is effective.
(Nancy Leveson, MIT)
11. DEOS and D-Case
DEOS (Dependable Embedded Operating
System) project funded by Japan Science and
Technology Agency (2006.10 – 2014.3)
•http://www.dependable-os.net/osddeos/index-e.html, or google “DEOS”
•D-Case project, a sub project for assurance
cases (2010.4-) (Dependability)
– Tool Implementation, Lectures, meetings, case
studies, standardization, …
ⓒ 2013 UEC Tokyo.
12. D-Case Meetings
• 2012.9.14(Nagoya), 12.20(Nagoya),
2013.4.19(Tokyo), 2013.10.22(Tokyo)
Discussions
Introduction of assurance cases in industries
Use in ISO26262
Visibility of GSN, etc
Participants
Toyota、Yokogawa Electronics、Japan IBM、
Ogis RI、NTT Data、Denso Create、
Fuji Xerox, etc
More than 60 participants
http://www.dcase.jp (English page soon to be open)
ⓒ 2013 UEC Tokyo.
13. D-Case Editor
• An Open, Eclipse based GSN editor (2010.4-)
– http://www.dependable-os.net/tech/DCaseEditor/index-e.html
– GitHub https://github.com/d-case/d-case_editor
• From Oct 2013, Eclipse Public Lisence
• Purposes
– Writing, presenting, sharing GSN
• A few hundred downloads, tested by D-Case meeting
participants and researchers in world
– Prototyping for research
ⓒ 2013 UEC Tokyo.
18. Compliance to
Assurance Cases Standards
• Compliance to standards is important
– OMG SACM at OMG system assurance task force
• SACM = Structured Assurance Case Metamodel
• Harmonizing CAE and GSN
– GSN Community Standard v1.0 (2011)
• When implementing GSN Community
Standard, we have several design choices
• By showing our design choices, we hope to
facilitate assurance case tool implementation
ⓒ 2013 UEC Tokyo.
19. GSN Community Standard v1.0
• Part 0 Introduction and Concepts
• Part 1 Definition of GSN
• Annexes to Part 1
– Extension to GSN to support argument patterns
– Modular extensions to GSN
• Part 2 Guidance on the development and
evaluation of goal structures
• Annexes to Part 2
ⓒ 2013 UEC Tokyo.
20. GSN Modules
B1.3.2.3 Contract modules can be
used in the support relationship
between modules to aid decoupling
as shown in Figure 32.
This de-coupling permits argument
module construction in cases
where the eventual source of
support for an argument is unknown at
the time of authoring or can be
changed for example through re-use
or planned product improvement or
reconfiguration.
(GSN Standard, p23)
Current
Implementation
ⓒ 2013 UEC Tokyo.
22. Design Choices for Modules
(GSN Standard, p.17)
• What is module?
“module” is not
so clearly defined
– Interpret module as
“a GSN tree with one top goal”
Argument =
GSN?
• Away goals, solutions, contexts, …
We do not want to
introduce “away”
nodes for each
kind of GSN nodes
(too many kinds of
nodes)
ⓒ 2013 UEC Tokyo.
23. Design Choices for Modules
(GSN Standard p.17)
• Away goals by color change
Referring node as
green
Referred node as
orange
ⓒ 2013 UEC Tokyo.
25. Snapshot of GSN modules for
LAN device management system
Architecture
ⓒ 2013 UEC Tokyo.
26. Some issues in Parameters
We focus on
parameters
How to define parameters?
What is the scope of parameters?
In {System X}, what is “System”?
ⓒ 2013 UEC Tokyo.
27. Design Choices for Patterns
• Use context nodes to define parameters
• Scope is subtree of goal of the context
• Introduce types for parameters
– Currently Int, double, string, enum
ⓒ 2013 UEC Tokyo.
28. A Snap Shot of Parameter
Definition of
Availability
Definition of
SIL
Scope of
SIL
Scope of
Availability
ⓒ 2013 UEC Tokyo.
29. Publically available tools
we have tested
Tool Name
Platform
Notations
GSN Modules
GSN Patterns
ASCE
(Adelard)
None
(Windows XP
or later)
GSN, CAE
Partly?
Not yet?
Visio Plug-in
(York)
Visio
GSN
Not yet?
Not yet?
NASA CertWare
(Open Source)
Eclipse
GSN, CAE, etc
Not yet
Not yet
GSN Editor
Web browser
GSN
Not yet
Not yet
Eclipse
GSN
Partly
(Contract nodes
are not done)
Partly
(Only
Parameters)
(Dependable Computing
LLC)
D-Case Editor
(DEOS)
Others: AdvoCATE(NASA, will be open source),
AutoFOCUS3, acedit(York, not tested)
E-Safety Case(Praxis), GSN CaseMaker(ERA), ISCADE, ISIS High
ⓒ 2013 UEC Tokyo.
Integrity Solution, TACE,…
30. Concluding Remarks
• D-Case Editor, an open source assurance case
editor
• Tool Implementation, Use in Industries,
Standardization should be co-developed
Tool
Implementation
Open Source
Development
Standardization
Use in industries
ⓒ 2013 UEC Tokyo.