Tutorial 1	Tutorial 2	Tutorial 3
``Safety Case Management''	``Methods for Dependability Analyses  of Software Intensive Systems''	``Critical Systems Development with UML''
Tim Kelly (University of York, UK)	Gerald Sonneck (ARCS, A)	Jan Jürjens (Munich University of Technology, D)

Tutorial 1 (full day)

Tutorial Abstract. Across a number of industries there has in recent years been a marked shift in the regulatory approach to ensuring system safety. Whereas previously compliance with prescriptive safety codes and standards may have been relied upon, the responsibility has now shifted back onto the developers and operators to construct and present well reasoned arguments that their systems achieve acceptable levels of safety. These arguments (together with supporting evidence) are typically presented as a ``safety case''. This tutorial will be of interest to anyone with responsibility for managing, constructing, reviewing or accepting safety cases.

The following topics will be covered:

• The role and purpose of the safety case
• Requirements for safety cases arising from safety standards (e.g., U.K. Defence Standard 00-55 and 00-56)
• Approaches to constructing and presenting clear safety arguments (including the Goal Structuring Notation, GSN)
• Common safety arguments used within safety cases (e.g., ALARP Arguments)
• Phased safety case development (including safety case maintenance)
• Managing the safety case development process
• Reviewing safety case documents
• The current  state of the practice  in preparing software safety cases. In particular we will discuss the current emphasis on process-based standards and the use of general integrity claims (e.g., Software Integrity Levels   SILS).
• The typical architecture of a software safety case (currently)
• Current work on developing product-based approaches to software safety justification and shifts towards goal-based software safety regulation (as exemplified by the recently introduced U.K. Civil Aviation Standard SW01).

Tutorial 2 (half day)

Tutorial Abstract. The dependability analysis and evaluation of technical systems used in process control, manufacturing, transportation, space, medical devices and many other fields requires an integrated approach which considers the hardware (including computer hardware, but not restricted to that!), software and human components, as well as their interaction. Traditionally the dependability methods for each of these components have been developed all too often in almost complete isolation from the others. In practice, many serious accidents involve a combination of human, hardware and software errors which may not be covered by the conventional approach. These problems are compounded by a lack of awareness and communication between the disciplines studying human reliability, hardware and software dependability.

This tutorial is an introduction to the holistic dependability assessment of technical systems consisting of hardware, software and human components. It aims at providing the participants with an overview of state-of-the-art dependability methods. Therefore it concentrates mainly on methods which are already more or less acknowledged by the technical community and are consequently currently used for the dependability assessment of modern safety-relevant technical systems, such as Hazard Analysis, HAZOP (Hazard and Operability Analysis), FMECA (Failure Modes, Effects and Criticality Analysis), FTA (Fault Tree Analysis), ETA (Event Tree analysis), RCM (Reliability Centred Maintenance) or LCC (Life Cycle Costs).

The methods are explained is such detail as to allow the participants to understand their strengths and weaknesses and to avoid the most dangerous pitfalls. Their practical application is developed interactively with the participants in examples and a case study.

Tutorial 3 (half day)

Tutorial Abstract. The high quality development of Critical Systems (be it Dependable, Security-Critical, Real-Time, ...)  is difficult. Many critical systems are developed, fielded, and used that do not satisfy their criticality requirements, sometimes with spectacular failures. UML offers an unprecedented opportunity for high-quality Critical Systems Development that is feasible in an industrial context.

• As the de-facto standard in industrial modeling, a large number of developers is trained in UML.
• Compared to previous notations with a user community of comparable size, UML is relatively precisely defined.
• A number of analysis, testing, simulation, transformation and other tools are developed to assist the every-day work using UML.

• adaptation of UML to critical system application domains
• correct use of UML in the application domains
• conflict between flexibility and unambiguity in the meaning of a notation
• improving tool-support for critical systems development with  UML.

• UML basics, including extension mechanisms
• applications of UML to Critical Systems Development (Dependable, Security-Critical, ...)
• extensions of UML (UML-Rt, UMLsec, ...)
• using UML as a formal design technique for the development of critical systems
• Critical Systems Development Methods
• Modeling, Synthesis, Code Generation, Testing, Validation, and Verification of Critical Systems using UML
• existing Tools
• case studies