Model-based Safety and Security Analysis in High-Consequence System Development

Conference: FV2016 (click here to see full programme)
Speaker: Dr John Colley
Organisation: University of Southampton
Presentation Title: Model-based Safety and Security Analysis in High-Consequence System Development
Abstract: Safety and Security considerations for complex, high-consequence systems are increasingly becoming an expensive and time-consuming factor in system development. The cost of failure is high.

Safety and security are emergent properties of the system, their needs often conflict and it is not satisfactory to consider their requirements separately and in isolation from the overall requirements of the system. Trustworthiness is a measure of a system’s ability to perform a wide range of roles in a variety of situations and considers not just safety and security, but also reliability, performance and resilience. Trustworthiness analysis must be conducted at the system level so that the impact of a software or digital hardware component malfunction on the system can be properly understood.

Civil aviation development and verification flows for software and digital hardware are mature and proven; the concepts underlying the requirements-based, coverage-driven DO-254 and DO-178C standards are widely adopted outside the aviation industry. These standards, however, are intended to be used with the safety analysis standard, ARP-4754A, which mandates that the safety considerations for software and digital hardware be analysed systematically from the system (aircraft and crew) perspective.

We present a method for Trustworthiness Analysis which is founded upon the civil aviation standards and leverages the model-based development and formal methods supplements to DO-178C. System trustworthiness constraints, derived from the system objectives, are modelled as formal properties at the abstract level and then refined, at the architectural level, to represent the trustworthiness constraints on the software or digital hardware component itself. Hazards and vulnerabilities are analysed systematically and the component constraints enforced to ensure that the hazards and vulnerabilities are eliminated or mitigated.

Speaker Bio: John Colley has twenty years of experience in the development of EDA tools for simulation, test generation, code coverage and model checking. He is now Involved in the ongoing development of verification and validation methods for high-consequence systems, both formal and simulation based, in the defence , rail and semiconductor sectors.

View the Presentation Material: