Venue: Hotel Ventura***, 1119 Budapest, Fehérvári út 179.
Tuesday, 25 September 2001, 9:00 – 12:30
Safety cases and COTS/SOUP
Robin E Bloomfield and Peter Bishop,
Adelard and CSR, City University London (UK)
This tutorial will present an approach for justifying the use of COTS (components off the shelft) and SOUP (software of uncertain pedigree) in safety-related applications and integrating this with the use of IEC 61508. The approach is based on our practical experience of justifying, assessing and analysing real SOUP used in safety applications. In the proposed approach, the safety assurance of SOUP is based on a documented, five-phase safety justification (or safety case) that sets out the safety claims for the system, and the evidence and arguments that support them. This is linked to the key development stages identified in IEC 61508.
The choices made at the architectural design phase have a major impact on the safety assurance of systems containing SOUP. A “design for assurance” approach will be presented where the dangerous failures of the architectural components are determined and methods for limiting the effect of such failures identified (e.g. the use of barriers and “wrappers”) together with outline safety arguments and evidence.
The tutorial will discuss how supporting evidence including an evidence profile for SOUP that may be re-used for different safety justifications. The talk will discuss the criteria for deciding when black box evidence is sufficient, when additional white box evidence is required, and how the evidence requirements change with safety integrity level. An approach to the use of field experience will be outlined as well as the retrospective static analysis of SOUP.
The synthesis of the approach was funded by the UK Health and Safety Executive and the supporting reports are available via the Adelard web site (www.adelard.co.uk). Attendees will be provided with evaluation copies of the Adelard Safety Case Editor (ASCE), electronic versions of the Adelard Safety Case development manual and the supporting reports.
Tuesday, 25 September 2001, 14:00 – 17:30
Explaining the International Standard IEC 61508
Redmill Consultancy (UK)
The international standard, IEC 61508, addresses the functional safety of programmable safety-related systems. It is a ‚meta standard‘, to be used as a basis of sector-specific standards, but where these do not yet exist, it is also intended for direct use. It defines the way in which we need to think and act towards safety throughout a system‘s life cycle.
It is therefore of considerable international importance. Not only developers and operators, but everyone involved with safety-critical systems should understand it. Its principles are recognised to reflect current best practice, and customers are demanding that technical programmes should conform it. Further, legal frameworks will expect adherence to it.
This tutorial will explain what tha standard is, what its objectives are, and how it sets out to achive its objectives. It will explain the technical principles on which the standard is based – such as the safety lifecycle, risk analysis, and safety integrity levels. Importantly, the tutorial will explain the effect that the standard will have on our perception of safety, and also its implications on management.
The tutorial will be presented by Felix Redmill, who has run numerous courses on IEC 61508, both in-house and in public, and has been invented by many professional organisations to provide education on the standard.
Tuesday, 25 September 2001, 9:00 – 17:30
UML-based Dependability Evaluation
Budapest University of Technology and Economics (HU)
Empirical statistics related to failures in IT systems indicate
that specification and software implementation faults are the dominating origins for
malfunctions. This trend necessitates the integration of (formal) validation and
verification methods and dependability evaluation into the state-of-the-art design
The tutorial focuses on the integration of UML (Unified Modeling Language) based design with formal dependability evaluation. The main idea is to transform the UML model to some already existing mathematical analysis tools. The mathematical analysis results can be back annotated to the original UML model, so the entire mathematics can be hidden from the designer.
The tutorial presents the current academic research and industrial best practice by addressing the following main subtopics:
- UML basics, including extensions for modeling real-time and
- Standard model interchange formats (XMI) for tool integration
- UML to mathematical analysis tool transformation
- Typical analysis tools for qualitative and quantitative analysis, (check of specification completeness, proof of correctness, timeliness, performance, reliability, availability analysis)
- Typical commercial and academic tools
- Domain specific problem formulations
- Economic aspects
- Illustrative case studies
The knowledge of UML is not a prerequisite.