Software in safety critical systems

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Software in safety critical systems"

Transcription

1 Software in safety critical systems Software safety requirements Software safety integrity Budapest University of Technology and Economics Department of Measurement and Information Systems Definitions Programmable electronic (PE) o Based on computer technology which may be comprised of hardware, software, and of input and/or output units Software o Intellectual creation comprising the programs, procedures, data, rules and any associated documentation pertaining to the operation of a data processing system Safety related software o Software that is used to implement safety functions Software safety integrity o Likelihood of software in a PE system achieving its safety functions under all stated conditions within specified period of time Systematic safety integrity o Part of the safety integrity relating to systematic failures in a dangerous mode of failure o Error in the design, implementation of software causes systematic failures

2 Determining software SIL Basic concepts: o Software SIL shall be identical to the PE system SIL (implementing the safety function) o Exception: Mechanism exists to prevent the failure of a software module from causing the system to go to an unsafe state Reducing software SIL requires o Analysis of failure modes and effects (probabilistic analysis) o Analysis of independence between software and the applied prevention mechanisms Different software modules may have different SIL Architecture for reducing software SIL 2 Független channelsszoftver modulok and bejárása independent acknowledgement (1) (2) (3) Channel 1 (1) (1) (2) (3) (3) Channel 2 (2) Signature Signature (1) (1) (3) (3) locking locking (4) (4) I/O

3 Problems and solutions Systematic failures in complex software: o Development of fault free software cannot be guaranteed in case of complex functions Goal: Reducing the number of faults (remaining after verification and validation activities) that may cause hazard > Fault prevention, fault removal, fault tolerance, fault forecasting o Target failure measure cannot be demonstrated by a quantitative analysis General techniques do not exist, estimations are questionable Standards prescribe methods and techniques for the software development, operation and maintenance: 1. Safety lifecycle 2. Techniques and measures in all phases of the lifecycle 3. Documentation 4. Competence and independence of personnel 1. Safety lifecycle

4 Hardware and software development PE system architecture (partitioning of functions) determines software requirements PES integration follows software development Final step: E/E/PES integration E/E/PES safety requirements specification Software safety requirements Software design and development PES integration (software and hardware) Programmable hardware design and development E/E/PES architecture Hardware safety requirements E/E/PES integration Non programmable hardware design and development Software safety lifecycle Safety req. spec. has two parts: o Software safety functions o Software safety integrity levels Validation planning is required Integration with PE hardware is required Final step: Software safety validation Software safety validation planning Software safety requirements Safety functions Safety integrity Software design and development PES integration (hw and sw) Software safety validation

5 Example lifecycle (V model) Development model is not prescribed by the standards o V model is characterized by clear conditions to step forward o V&V planning is explicitly supported (input for V&V activities) Software quality assurance Software Quality Assurance Plan o Specifying activities and documents according to ISO ISO 9001 accreditation o Determining all technical and control activities in the lifecycle Activities, inputs and outputs (esp. verification and validation) Quantitative quality metrics Specification of its own updating (frequency, responsibility, methods) o External supplier control Software configuration management o Configuration control before release for all artifacts (code, documents, ) o Changes require authorization Problem reporting and corrective actions (issue tracking) o Lifecycle of problems: From reporting through analysis, design and implementation to validation o Preventive actions

6 2. Techniques and measures Basic approach Goal: Preventing the introduction of systematic faults and controlling the residual faults SIL determines the set of techniques to be applied as o M: Mandatory o HR: Highly recommended (rationale behind not using it should be detailed and agreed with the assessor) o R: Recommended o : No recommendation for or against being used o NR: Not recommended Combinations of techniques is allowed o E.g., alternate or equivalent techniques are marked Hierarchy of methods is formed (references to tables)

7 Example: Guide to selection of techniques Software safety requirements specification: o Techniques 2a and 2b are alternatives o Referred table: Semi formal methods (B.7) Hierarchy of design methods

8 Hierarchy of design methods Hierarchy of design methods

9 Specific techniques: Design Safety bag technique o Independent external monitor ensuring that the main computer performs safe Memorizing executed traces o Comparison of program execution with previously documented reference in order to force it to fail safely if it attempts to execute a path which is not allowed Defensive programming o Checking anomalous control/data flow and data values during execution E.g., checking variable ranges, plausibility, consistency of configuration, availability of hw, etc. o and react in a safe manner Hierarchy of V&V methods

10 Hierarchy of V&V methods Hierarchy of V&V methods

11 Hierarchy of V&V methods Specific techniques: Verification Probabilistic testing o Deriving probabilistic figures about the reliability of components from (automated) testing via environment simulation focusing on frequent trajectories Test case execution from error seeding o Inserting errors in order to estimate the number of remaining errors after testing from the number of inserted and detected errors Fagan inspections o Revealing mistakes by a systematic audit on documents and design artifacts Sneak circuit analysis o Detecting unexpected paths or logic flow (latent conditions inadvertently designed into the system) which initiate undesired functions

12 Application of tools in the lifecycle Fault prevention: o Program translation from high level programming languages o MBD, CASE tools: High level modeling and code/configuration generators Fault removal: o Analysis, testing and diagnosis o Correction (code modification) Management tools o Contributing both to fault prevention and removal o Includes project management, configuration management, issue tracking Types of tools Safety concerns of tools o Tools potentially introducing faults Modeling and programming tools Program translation tools o Tools potentially failing to detect faults Analysis and testing tools Project management tools Requirements o Use certified or widely adopted tools Increased confidence from use (no evidence of improper results yet) o Use the well tested partswithout altering the usage o Check the output of tools (analysis/diversity) o Control access and versions

13 Safety of programming languages Factors for selection of languages o Functional characteristics (probability of faults) Logical soundness (unambiguous definition) Complexity of definition (understandability) Expressive power Verifiability (consistency with specification) Vulnerability (security aspects) o Availability and quality of tools o Expertise available in the design team Coding standards (subsets of languages) are defined o Dangerous constructs are excluded (e.g., function pointers) o Static checking can be used to verify the subset Specific (certified) compilers are available o Compiler verification kit for third party compilers Safety of programming languages Factors for selection of languages Constructs that make verification difficult (61508): o Functional Unconditional characteristics jumps (probability excluding of subroutine faults) calls Logical Recursion soundness (unambiguous definition) Complexity Pointers, of definition heaps (understandability) or any type of dynamic variables Expressive Interrupt power handling at source code level Verifiability Multiple (consistency entries with and specification) exits of loops and subprograms Vulnerability (security aspects) Implicit variable initialization or declaration o Availability Variant and quality records of and tools equivalence o Expertise Procedural available in parameters the design team Coding standards (subsets of languages) are defined o Dangerous constructs are excluded (e.g., function pointers) o Static checking can be used to verify the subset Specific (certified) compilers are available o Compiler verification kit for third party compilers

14 Language comparison Wild jumps: Jump to arbitrary address in memory Overwrites: Overwriting arbitrary address in memory Model of math: Well defined data types Separate compilation: Type checking across modules Coding standards for C and C++ MISRA C (Motor Industry Software Reliability Association) o Safe subset of C (2004): 141 rules (121 required, 20 advisory) o Examples: Rule 33 (Required): The right hand side of a "&&" or " " operator shall not contain side effects. Rule 49 (Advisory): Tests of a value against zero should be made explicit, unless the operand is effectively Boolean. Rule 59 (R): The statement forming the body of an "if", "else if", "else", "while", "do... while", or "for" statement shall always be enclosed in braces. Rule 104 (R): Non constant pointers to functions shall not be used. o Tools to check MISRA conformance (LDRA, PolySpace, ) Test cases to demonstrate adherence to MISRA rules MISRA C++ (2008): 228 rules US DoD, JSF C++: 221 rules (incl. metric guidelines) o Joint Strike Fighter Air Vehicle C++ Coding Standard

15 Interesting facts Boeing 777: Approx. 35 languages are used o Mostly Ada with assembler (e.g., cabin management system) o Onboard extinguishers in PLM o Seatback entertainment system in C++ with MFC European Space Agency: o Mandates Ada for mission critical systems Honeywell: Aircraft navigation data loader in C Lockheed: F 22 Advanced Tactical Fighter program in Ada 83 with a small amount in assembly GM trucks vehicle controllers mostly in Modula GM (Modula GM is a variant of Modula 2) TGV France: Braking and switching system in Ada Westinghouse: Automatic Train Protection (ATP) systems in Pascal Safety critical OS: Required properties Partitioning in space o Memory protection o Guaranteed resource availability Partitioning in time o Deterministic scheduling o Guaranteed resource availability in time Mandatory access control for critical objects o Not (only) discretionary Bounded execution time o Also for system functions Support for fault tolerance and high availability o Fault detection and recovery / failover o Redundancy control

16 Example: Safety and RTOS Compromise needed o Complex RTOS: Difficult to test o Bare machine : Less scheduling risks High maintenance risks Example: Tornado for Safety Critical Systems o Integrated software solution uses Wind River's securely partitioned VxWorks AE653 RTOS o ARINC 653: Time and space partitioning (guaranteed isolation) o RTCA/DO 178B: Level A certification o POSIX, Ada, C support 3. Documentation

17 Principles for documentation Type of documentation o Comprehensive (overall lifecycle) E.g., Software Verification Plan o Specific (for a given lifecycle phase) E.g., Software Source Code Verification Report Document Cross Reference Table o Determines documentation for a lifecycle phase o Determines relations among documents Traceability of documents is required o Relationships between documents are specified (input, output) o Terminology, references, abbreviations are consistent Merging documents is allowed o If responsible persons (authors) shall not be independent Document cross reference table (EN50128) creation of a document used document in a given phase (read vertically)

18 Example Software Planning Phase Software Development Plan Software Quality Assurance Plan Software Configuration Management Plan Software Verification Plan Software Integration Test Plan Software/hardware Integration Test Plan Software Validation Plan Software Maintenance Plan System Development Phase System Requirements Specification System Safety Requirements Specification System Architecture Description System Safety Plan Software Requirements Spec. Phase Software Requirements Specification Software Requirements Test Specification Software Requirements Verification Report Software Maintenance Phase Software Maintenance Records Software Change Records Software Assessment Phase Software Assessment Report Software Validation Phase Software Validation Report Software/hardware Integration Phase Software/hardware Integration Test Report Document structure in EN documents in a systematic structure o Specification o Design o Verification Software Architecture & Design Phase Software Architecture Specification Software Design Specification Software Architecture and Design Verification Report Software Module Design Phase Software Module Design Specification Software Module Test Specification Software Module Verification Report Software Integration Phase Software Integration Test Report Software Module Testing Phase Software Module Test Report Coding Phase Software Source Code & Supporting Documentation Software Source Code Verification Report 4. Competence and independence of personnel

19 Human factors In contrast to computers o Humans often fail in: reacting in time following a predefined set of instructions o Humans are good in: handling unanticipated problems Human errors o Not all kind of human errors are equally likely o Hazard analysis (FMECA) is possible in a given context o Results shall be integrated into system safety analysis Reducing the errors of developers o Safe languages, tools, environments o Training, experience and redundancy (independence) Reducing operatorerrors: o Designing ergonomic HMI (patterns are available) o Designing to aid the operator rather than take over Safety management o Quality assurance o Safety Organization Organization Competence shall be demonstrated o Training, experience and qualifications Independence of roles: o DES: Designer (analyst, architect, coder, unit tester) o VER: Verifier o VAL: Validator o ASS: Assessor o MAN: Project manager o QUA: Quality assurance personnel

20 EN 50128: Independence of personnel Organization Person SIL 0: DES, VER, VAL ASS SIL 1 or 2: DES VER, VAL ASS SIL 3 or 4: MGR DES VER, VAL ASS or: MGR ASS DES VER VAL Specific design aspects: Development of generic software

21 Overview of the lifecycle System development Generic software: It can be used and re used after parameterization with specific data Operation and maintenance Software assessment Design for parameterization Requirement specification Architecture design Validation test plan Integration test plan Software validation Software/hardware Software integration integration V&V of parameterization Module design Module test plan Module testing Parameterization Module coding Design aspects Lifecycle phase System development Software requirement specification Architecture design Module design Verification and validation Maintenance Design aspect Decision about parameterized functions Specification of parameterized functions Specification of data validation Design of interfaces for parameterization Separation of program code and parameters Checking for potential parameter values and their combinations Checking compatibility of changes in program code and parameters

22 Parameterization activities Similar lifecycle phase Software requirements specification Software architecture and design Software integration Software validation Software assessment Activity Specifying application requirements Data preparation Data testing (verification) Data test reporting Parameterization (configuration) Validation of the system parameterized with application data Summary

23 Design of safe software Summary o Lifecycle o Techniques and measures o Documentation o Competence and independence of personnel Specific aspects o Safe subsets of programming languages o The role of tools o Safe operating systems o Development of generic software

Railway control systems: Development of safety-critical software

Railway control systems: Development of safety-critical software Railway control systems: Development of safety-critical software Istvan Majzik Budapest University of Technology and Economics Dept. of Measurement and Information Systems Budapest University of Technology

More information

IEC 61508 Overview Report

IEC 61508 Overview Report IEC 61508 Overview Report A Summary of the IEC 61508 Standard for Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems exida Sellersville, PA 18960, USA +1-215-453-1720

More information

Reduce Medical Device Compliance Costs with Best Practices. mark.pitchford@ldra.com

Reduce Medical Device Compliance Costs with Best Practices. mark.pitchford@ldra.com Reduce Medical Device Compliance Costs with Best Practices mark.pitchford@ldra.com 1 Agenda Medical Software Certification How new is Critical Software Certification? What do we need to do? What Best Practises

More information

Introduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 6 : Product Development Software Level

Introduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 6 : Product Development Software Level ISO 26262 the Emerging Automotive Safety Standard Agenda Introduction of ISO/DIS 26262 (ISO 26262) Parts of ISO 26262 ASIL Levels Part 4 : Product Development System Level Part 6 : Product Development

More information

Design of automatic testing tool for railway signalling systems software safety assessment

Design of automatic testing tool for railway signalling systems software safety assessment Risk Analysis VI 513 Design of automatic testing tool for railway signalling systems software safety assessment J.-G. Hwang 1, H.-J. Jo 1 & H.-S. Kim 2 1 Train Control Research Team, Korea Railroad Research

More information

ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL

ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL 61508-3 ª IEC: 1997 1 Version 12.0 05/12/97 COMMISSION CEI ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL COMMISSION Functional safety of electrical/electronic/ programmable

More information

Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center

Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center Meeting DO-178B Software Verification Guidelines with Coverity Integrity Center May, 2009 Thomas Schultz Director of Product Strategy, Coverity, Inc. Executive Summary Development organizations that create

More information

IEC 61508 Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.

IEC 61508 Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter. 61508 SIL 3 CAPABLE IEC 61508 Functional Safety Assessment Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter Customer: K-TEK Corporation Prairieville, LA USA Contract No.:

More information

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities II.2 Life Cycle and Safety Safety Life Cycle: The necessary activities involving safety-related systems, occurring during a period of time that starts at the concept phase of a project and finishes when

More information

Hardware safety integrity Guideline

Hardware safety integrity Guideline Hardware safety integrity Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed

More information

Factory Acceptance Testing Guideline

Factory Acceptance Testing Guideline Factory Acceptance Testing Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se -1- Summary According to the

More information

Notes and terms of conditions. Vendor shall note the following terms and conditions/ information before they submit their quote.

Notes and terms of conditions. Vendor shall note the following terms and conditions/ information before they submit their quote. Specifications for ARINC 653 compliant RTOS & Development Environment Notes and terms of conditions Vendor shall note the following terms and conditions/ information before they submit their quote. 1.

More information

ISO 26262 Introduction

ISO 26262 Introduction ISO 26262 Introduction Prof. Christian Madritsch 2012 Table of Contents Structure of ISO 26262 Management of Functional Safety Product Development System Level Product Development Hardware Level Product

More information

Version: 1.0 Latest Edition: 2006-08-24. Guideline

Version: 1.0 Latest Edition: 2006-08-24. Guideline Management of Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed but please

More information

Safety controls, alarms, and interlocks as IPLs

Safety controls, alarms, and interlocks as IPLs Safety controls, alarms, and interlocks as IPLs Angela E. Summers, Ph.D., P.E. SIS-TECH Solutions 12621 Featherwood Dr. Suite 120, Houston, TX 77034 Keywords: safety controls, alarms, interlocks, SIS,

More information

Estimating Software Reliability In the Absence of Data

Estimating Software Reliability In the Absence of Data Estimating Software Reliability In the Absence of Data Joanne Bechta Dugan (jbd@virginia.edu) Ganesh J. Pai (gpai@virginia.edu) Department of ECE University of Virginia, Charlottesville, VA NASA OSMA SAS

More information

ISO 26262 Functional Safety Draft International Standard for Road Vehicles: Background, Status, and Overview

ISO 26262 Functional Safety Draft International Standard for Road Vehicles: Background, Status, and Overview ISO 26262 Functional Safety Draft International Standard for Road Vehicles: Background, Status, and Overview Barbara J. Czerny, Joseph D Ambrosio, Rami Debouk, General Motors Research and Development Kelly

More information

Certification of a Scade 6 compiler

Certification of a Scade 6 compiler Certification of a Scade 6 compiler F-X Fornari Esterel Technologies 1 Introduction Topic : What does mean developping a certified software? In particular, using embedded sofware development rules! What

More information

Failure Mode and Effect Analysis. Software Development is Different

Failure Mode and Effect Analysis. Software Development is Different Failure Mode and Effect Analysis Lecture 4-3 Software Failure Mode and Effects Analysis in Software Software Development, Pries, SAE Technical Paper 982816 Software Development is Different Process variation

More information

ARINC 653. An Avionics Standard for Safe, Partitioned Systems

ARINC 653. An Avionics Standard for Safe, Partitioned Systems ARINC 653 An Avionics Standard for Safe, Partitioned Systems 1 Courtesy of Wind River Inc. 2008 IEEE-CS Seminar June 4 th, 2008 Agenda Aerospace Trends IMA vs. Federated ARINC 653 Main concepts Safety

More information

Requirements-driven Verification Methodology for Standards Compliance

Requirements-driven Verification Methodology for Standards Compliance Requirements-driven Verification Methodology for Standards Compliance Serrie-justine Chapman (TVS) serrie@testandverification.com Mike Bartley (TVS) mike@testandverification.com Darren Galpin (Infineon)

More information

Certification Authorities Software Team (CAST) Position Paper CAST-13

Certification Authorities Software Team (CAST) Position Paper CAST-13 Certification Authorities Software Team (CAST) Position Paper CAST-13 Automatic Code Generation Tools Development Assurance Completed June 2002 NOTE: This position paper has been coordinated among the

More information

ASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY

ASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY ASSESSMENT OF THE ISO 26262 STANDARD, ROAD VEHICLES FUNCTIONAL SAFETY Dr. Qi Van Eikema Hommes SAE 2012 Government/Industry Meeting January 25, 2012 1 Outline ISO 26262 Overview Scope of the Assessment

More information

Software Engineering Compiled By: Roshani Ghimire Page 1

Software Engineering Compiled By: Roshani Ghimire Page 1 Unit 7: Metric for Process and Product 7.1 Software Measurement Measurement is the process by which numbers or symbols are assigned to the attributes of entities in the real world in such a way as to define

More information

Standard for Software Component Testing

Standard for Software Component Testing Standard for Software Component Testing Working Draft 3.4 Date: 27 April 2001 produced by the British Computer Society Specialist Interest Group in Software Testing (BCS SIGIST) Copyright Notice This document

More information

SOFTWARE DEVELOPMENT STANDARD FOR SPACECRAFT

SOFTWARE DEVELOPMENT STANDARD FOR SPACECRAFT SOFTWARE DEVELOPMENT STANDARD FOR SPACECRAFT Mar 31, 2014 Japan Aerospace Exploration Agency This is an English translation of JERG-2-610. Whenever there is anything ambiguous in this document, the original

More information

Procedure for Assessment of System and Software

Procedure for Assessment of System and Software Doc. No: STQC IT/ Assessment/ 01, Version 1.0 Procedure for Assessment of System and Software May, 2014 STQC - IT Services STQC Directorate, Department of Electronics and Information Technology, Ministry

More information

FMC Technologies Measurement Solutions Inc.

FMC Technologies Measurement Solutions Inc. Table of Contents 1 Revision History... 4 2 Company... 5 2.1 Introduction... 5 2.2 Quality Policy... 6 2.3 Quality Organization... 6 2.4 Company Processes... 7 3 Scope and Exclusions... 8 3.1 Scope...

More information

Project Risk Management: IV&V as Insurance for Project Success

Project Risk Management: IV&V as Insurance for Project Success Project Risk Management: IV&V as Insurance for Project Success Introduction Software development projects can be expensive and risky: Ever more complex mission-critical requirements lead to increasingly

More information

Testing of safety-critical software some principles

Testing of safety-critical software some principles 1(60) Testing of safety-critical software some principles Emerging Trends in Software Testing: autumn 2012 Matti Vuori, Tampere University of Technology 27.11.2012 Contents 1/4 Topics of this lecture 6

More information

The Software Development Life Cycle: An Overview. Last Time. Session 8: Security and Evaluation. Information Systems Security Engineering

The Software Development Life Cycle: An Overview. Last Time. Session 8: Security and Evaluation. Information Systems Security Engineering The Software Development Life Cycle: An Overview Presented by Maxwell Drew and Dan Kaiser Southwest State University Computer Science Program Last Time Brief review of the testing process Dynamic Testing

More information

AP1000 European 18. Human Factors Engineering Design Control Document

AP1000 European 18. Human Factors Engineering Design Control Document 18.2 Human Factors Engineering Program Management The purpose of this section is to describe the goals of the AP1000 human factors engineering program, the technical program to accomplish these goals,

More information

EN REQUIREMENTS FUNCTION BLOCK DIAGRAM (FBD) PROGRAMMING. Safety Manager Janne Peltonen, MIPRO Oy

EN REQUIREMENTS FUNCTION BLOCK DIAGRAM (FBD) PROGRAMMING. Safety Manager Janne Peltonen, MIPRO Oy EN 50128 REQUIREMENTS FUNCTION BLOCK DIAGRAM (FBD) PROGRAMMING Safety Manager Janne Peltonen, MIPRO Oy TOPICS MIPRO Oy Finnish system integrator Advantages of previously certified and proven COTS Safety

More information

AC 20-148 REUSABLE SOFTWARE COMPONENTS

AC 20-148 REUSABLE SOFTWARE COMPONENTS AC 20-148 REUSABLE SOFTWARE COMPONENTS December 7, 2004 12/7/04 AC 20-148 CONTENTS Paragraph Title Page 1. Purpose....1 2. Motivation for this Guidance....1 3. Document Overview...1 4. General Guidelines

More information

How Safe does my Code Need to be? Shawn A. Prestridge, Senior Field Applications Engineer

How Safe does my Code Need to be? Shawn A. Prestridge, Senior Field Applications Engineer How Safe does my Code Need to be? Shawn A. Prestridge, Senior Field Applications Engineer Agendum What the benefits of Functional Safety are What the most popular safety certifications are Why you should

More information

Safety and security related features in AUTOSAR

Safety and security related features in AUTOSAR Safety and security related features in Dr. Stefan Bunzel Spokesperson (Continental) Co-Authors: S. Fürst, Dr. J. Wagenhuber (BMW), Dr. F. Stappert (Continental) Automotive - Safety & Security 2010 22

More information

TITLE: Control of Software

TITLE: Control of Software Page 1 of 8 TITLE: Control of Software WARNING This document is the property of United Technologies Corporation (UTC). You may not possess, use, copy or disclose this document or any information in it,

More information

Software testing. Objectives

Software testing. Objectives Software testing cmsc435-1 Objectives To discuss the distinctions between validation testing and defect testing To describe the principles of system and component testing To describe strategies for generating

More information

Software Test Plan (STP) Template

Software Test Plan (STP) Template (STP) Template Items that are intended to stay in as part of your document are in bold; explanatory comments are in italic text. Plain text is used where you might insert wording about your project. This

More information

Testing Automated Manufacturing Processes

Testing Automated Manufacturing Processes Testing Automated Manufacturing Processes (PLC based architecture) 1 ❶ Introduction. ❷ Regulations. ❸ CSV Automated Manufacturing Systems. ❹ PLCs Validation Methodology / Approach. ❺ Testing. ❻ Controls

More information

SAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE. Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.

SAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE. Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions. SAFE SOFTWARE FOR SPACE APPLICATIONS: BUILDING ON THE DO-178 EXPERIENCE Cheryl A. Dorsey Digital Flight / Solutions cadorsey@df-solutions.com DIGITAL FLIGHT / SOLUTIONS Presentation Outline DO-178 Overview

More information

Software development for safetyrelated automotive systems the MISRA guidelines and ISO 26262

Software development for safetyrelated automotive systems the MISRA guidelines and ISO 26262 Software development for safetyrelated automotive systems the MISRA guidelines and ISO 26262 Dr David Ward General Manager Functional Safety MIRA Ltd 2010 Agenda Motivations and challenges for system safety

More information

Rigorous Methods for Software Engineering (F21RS1) High Integrity Software Development

Rigorous Methods for Software Engineering (F21RS1) High Integrity Software Development Rigorous Methods for Software Engineering (F21RS1) High Integrity Software Development Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University

More information

F15. Towards a More Mature Test Process. Anne Mette-Hass. P r e s e n t a t i o n

F15. Towards a More Mature Test Process. Anne Mette-Hass. P r e s e n t a t i o n Towards a More Mature Test Process Anne Mette-Hass International Conference On Software Testing, Analysis & Review November 19-23 Stockholm, Sweden P r e s e n t a t i o n F15 Friday 23rd November, 2001

More information

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions The exida 61508 Certification Program V1 R8 October 19, 2007 exida Geneva, Switzerland Sellersville, PA 18960, USA, +1-215-453-1720 Munich, Germany, +49 89 4900 0547 1 Exida

More information

Efficient and Faster PLC Software Development Process for Automotive industry. Demetrio Cortese IVECO Embedded Software Design

Efficient and Faster PLC Software Development Process for Automotive industry. Demetrio Cortese IVECO Embedded Software Design Efficient and Faster PLC Software Development Process for Automotive industry Demetrio Cortese IVECO Embedded Software Design 13-06-2013 Automotive OEM Mandatory Requirement Delivery the new vehicle in

More information

SOFTWARE VERIFICATION RESEARCH CENTRE SCHOOL OF INFORMATION TECHNOLOGY THE UNIVERSITY OF QUEENSLAND. Queensland 4072 Australia TECHNICAL REPORT

SOFTWARE VERIFICATION RESEARCH CENTRE SCHOOL OF INFORMATION TECHNOLOGY THE UNIVERSITY OF QUEENSLAND. Queensland 4072 Australia TECHNICAL REPORT SOFTWARE VERIFICATION RESEARCH CENTRE SCHOOL OF INFORMATION TECHNOLOGY THE UNIVERSITY OF QUEENSLAND Queensland 4072 Australia TECHNICAL REPORT No. 99-30 A Survey of International Safety Standards Axel

More information

functional Safety UL Functional Safety Mark

functional Safety UL Functional Safety Mark functional Safety UL Functional Safety Mark Program UL Functional Safety Mark Program With the advent and evolution of functional safety standards in North America and Europe, UL is now offering a UL Functional

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of Netezza Performance Server v4.6.5 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification

More information

A Methodology for Safety Case Development

A Methodology for Safety Case Development A Methodology for Safety Case Development Peter Bishop Adelard, London, UK Robin Bloomfield Adelard, London, UK 1 Introduction A safety case is a requirement in many safety standards. Explicit safety cases

More information

Controlling Risks Safety Lifecycle

Controlling Risks Safety Lifecycle Controlling Risks Safety Lifecycle Objective Introduce the concept of a safety lifecycle and the applicability and context in safety systems. Lifecycle Management A risk based management plan for a system

More information

Satisfying ASIL Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry

Satisfying ASIL Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry Satisfying Requirements with Parasoft C++test Achieving Functional Safety in the Automotive Industry Introduction Safety functions are increasingly being carried out by electrical, electronic, or programmable

More information

September 25, 2014 EFFECTIVE METHODS FOR SOFTWARE AND SYSTEMS INTEGRATION P R E S E N T E D B Y: D R. B O Y D L. S U M M E R S

September 25, 2014 EFFECTIVE METHODS FOR SOFTWARE AND SYSTEMS INTEGRATION P R E S E N T E D B Y: D R. B O Y D L. S U M M E R S September 25, 2014 EFFECTIVE METHODS FOR SOFTWARE AND SYSTEMS INTEGRATION P R E S E N T E D B Y: D R. B O Y D L. S U M M E R S 1 Software Engineer (Quality) Defense and Space The Boeing Company - Seattle,

More information

CONFIGURATION MANAGEMENT PLAN GUIDELINES

CONFIGURATION MANAGEMENT PLAN GUIDELINES I-680 SMART CARPOOL LANE PROJECT SYSTEM ENGINEERING MANAGEMENT PLAN CONFIGURATION MANAGEMENT PLAN GUIDELINE SECTIONS: PLAN GUIDELINES 1. GENERAL 2. ROLES AND RESPONSIBILITIES 3. CONFIGURATION MANAGEMENT

More information

CS52600: Information Security

CS52600: Information Security CS18000: Programming I CS52600: Information Security Vulnerability Analysis 15 November 2010 Prof. Chris Clifton Vulnerability Analysis Vulnerability: Lapse in enforcement enabling violation of security

More information

Achieving Functional Safety with Global Resources and Market Reach

Achieving Functional Safety with Global Resources and Market Reach Achieving Functional Safety with Global Resources and Market Reach 0A 0B Burner management systems Combustion controls Electric vehicle components (on-board, off board) Electrosensitive equipment Elevator

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

SAFETY MANUAL SIL Switch Amplifier

SAFETY MANUAL SIL Switch Amplifier PROCESS AUTOMATION SAFETY MANUAL SIL Switch Amplifier KCD2-SR-(Ex)*(.LB)(.SP), HiC282* ISO9001 2 With regard to the supply of products, the current issue of the following document is applicable: The General

More information

IBM Rational Rhapsody

IBM Rational Rhapsody IBM Rational Rhapsody IBM Rational Rhapsody Reference Workflow Guide Version 1.9 License Agreement No part of this publication may be reproduced, transmitted, stored in a retrieval system, nor translated

More information

Medical Device Software - Software Life Cycle Processes

Medical Device Software - Software Life Cycle Processes 1 Medical Device Software - Software Life Cycle Processes IEC 62304 2 Credits John F. Murray Software Compliance Expert U.S. Food and Drug Administration Marcie R. Williams Medical Device Fellow Ph.D.

More information

Reference Guide for Security in Networks

Reference Guide for Security in Networks Reference Guide for Security in Networks This reference guide is provided to aid in understanding security concepts and their application in various network architectures. It should not be used as a template

More information

Embedding Trust into Cars Secure Software Delivery and Installation

Embedding Trust into Cars Secure Software Delivery and Installation Embedding Trust into Cars Secure Software Delivery and Installation André Adelsbach, Ulrich Huber, Ahmad-Reza Sadeghi, Christian Stüble Horst Görtz Institute for IT Security, Bochum, Germany Third Workshop

More information

Process Safety Architecture System Neutral Solution Comparison

Process Safety Architecture System Neutral Solution Comparison 499 A publication of CHEMICAL ENGINEERING TRANSACTIONS VOL. 48, 2016 Guest Editors: Eddy de Rademaeker, Peter Schmelzer Copyright 2016, AIDIC Servizi S.r.l., ISBN 978-88-95608-39-6; ISSN 2283-9216 The

More information

Safety Issues in Automotive Software

Safety Issues in Automotive Software Safety Issues in Automotive Software Paolo Panaroni, Giovanni Sartori INTECS S.p.A. SAFEWARE 1 INTECS & Safety A very large number of safety software development, V&V activities and research project on

More information

Computer Security. Evaluation Methodology CIS 5370. Value of Independent Analysis. Evaluating Systems Chapter 21

Computer Security. Evaluation Methodology CIS 5370. Value of Independent Analysis. Evaluating Systems Chapter 21 Computer Security CIS 5370 Evaluating Systems Chapter 21 1 Evaluation Methodology 1. Set of security functionality requirements 2. Set of assurance a requirements e e 3. Methodology to determine if the

More information

Safety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September 2010. Answers for industry.

Safety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September 2010. Answers for industry. SIMATIC Safety Matrix The Management Tool for all Phases of the Safety Lifecycle Brochure September 2010 Safety Integrated Answers for industry. Functional safety and Safety Lifecycle Management Hazard

More information

8. Master Test Plan (MTP)

8. Master Test Plan (MTP) 8. Master Test Plan (MTP) The purpose of the Master Test Plan (MTP) is to provide an overall test planning and test management document for multiple levels of test (either within one project or across

More information

The evolving ARINC 653 standard and it s application to IMA

The evolving ARINC 653 standard and it s application to IMA The evolving ARINC 653 standard and it s application to IMA Alex Wilson Senior Program Manager Wind River November 13 th 2007 IMA and ARINC 653 Agenda DO-297 Certification of IMA under DO-297 Conclusions

More information

Software Production. Industrialized integration and validation of TargetLink models for series production

Software Production. Industrialized integration and validation of TargetLink models for series production PAGE 24 EB AUTOMOTIVE Industrialized integration and validation of TargetLink models for series production Continuous Software Production The complexity of software systems in vehicles is increasing at

More information

Software Engineering Prof. N.L. Sarda Computer Science & Engineering Indian Institute of Technology, Bombay Lecture-4 Overview of Phases (Part - II)

Software Engineering Prof. N.L. Sarda Computer Science & Engineering Indian Institute of Technology, Bombay Lecture-4 Overview of Phases (Part - II) Software Engineering Prof. N.L. Sarda Computer Science & Engineering Indian Institute of Technology, Bombay Lecture-4 Overview of Phases (Part - II) We studied the problem definition phase, with which

More information

DRAFT REGULATORY GUIDE

DRAFT REGULATORY GUIDE DRAFT REGULATORY GUIDE SOFTWARE IN PROTECTION AND CONTROL SYSTEMS Issued for public comments by the Atomic Energy Control Board October 1999 Atomic Energy Control Board Commission de contrôle de l énergie

More information

Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process

Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process Developing software for Autonomous Vehicle Applications; a Look Into the Software Development Process By Andreas Lindenthal and Franz Walkembach, Wind River The concept of autonomous vehicles or unmanned

More information

Simulink Modeling Guidelines for High-Integrity Systems

Simulink Modeling Guidelines for High-Integrity Systems Simulink Modeling Guidelines for High-Integrity Systems R2015a How to Contact MathWorks Latest news: www.mathworks.com Sales and services: www.mathworks.com/sales_and_services User community: www.mathworks.com/matlabcentral

More information

Enterprise resource planning Product life-cycle management Information systems in industry ELEC-E8113

Enterprise resource planning Product life-cycle management Information systems in industry ELEC-E8113 Enterprise resource planning Product life-cycle management Information systems in industry ELEC-E8113 Contents Enterprise resource planning (ERP) Product data management (PDM) Product lifecycle management

More information

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions The exida Certification Program Functional Safety (SIL) Cyber-Security V2 R3 June 14, 2012 exida Sellersville, PA 18960, USA, +1-215-453-1720 Munich, Germany, +49 89 4900 0547

More information

ISA Security Compliance Institute

ISA Security Compliance Institute ISA Security Compliance Institute Andre Ristaino, Managing Director, ISCI 28 May 2013 CSSC 1 ISA Security Compliance Institute agenda topics About ISA Security Compliance Institute (ISCI) About ISA 99

More information

Viewpoint on ISA TR84.0.02 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President

Viewpoint on ISA TR84.0.02 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President Viewpoint on ISA TR84.0.0 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President Presented at Interkama, Dusseldorf, Germany, October 1999, Published in ISA Transactions,

More information

ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY

ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY ISOLATING UNTRUSTED SOFTWARE ON SECURE SYSTEMS HYPERVISOR CASE STUDY Dr. Gregg Wildes DornerWorks www.dornerworks.com Embedded Systems Engineering for Security and Safety-Critical Systems Where Hardware

More information

Part I. Introduction

Part I. Introduction Part I. Introduction In the development of modern vehicles, the infotainment system [54] belongs to the innovative area. In comparison to the conventional areas such as the motor, body construction and

More information

R214 SPECIFIC REQUIREMENTS: INFORMATION TECHNOLOGY TESTING LABORATORY ACCREDITATION PROGRAM

R214 SPECIFIC REQUIREMENTS: INFORMATION TECHNOLOGY TESTING LABORATORY ACCREDITATION PROGRAM The American Association for Laboratory Accreditation Document Revised: R214: Specific Requirements: Information Technology Testing Laboratory Accreditation July 13, 2010 Program Page 1 of 26 R214 SPECIFIC

More information

SSA-312. ISA Security Compliance Institute System Security Assurance Security development artifacts for systems

SSA-312. ISA Security Compliance Institute System Security Assurance Security development artifacts for systems SSA-312 ISA Security Compliance Institute System Security Assurance Security development artifacts for systems Version 1.01 February 2014 Copyright 2013-2014 ASCI - Automation Standards Compliance Institute,

More information

PHASE 6: DEVELOPMENT PHASE

PHASE 6: DEVELOPMENT PHASE PHASE 6: DEVELOPMENT PHASE The Phase features a key step in the project: system construction. The previous phases lay the foundation for system development; the following phases ensure that the product

More information

Announcement of a new IAEA Co-ordinated Research Programme (CRP)

Announcement of a new IAEA Co-ordinated Research Programme (CRP) Announcement of a new IAEA Co-ordinated Research Programme (CRP) 1. Title of Co-ordinated Research Programme Design and engineering aspects of the robustness of digital instrumentation and control (I&C)

More information

Defect Prevention: A Tester s Role in Process Improvement and reducing the Cost of Poor Quality. Mike Ennis, Senior Test Manager Accenture

Defect Prevention: A Tester s Role in Process Improvement and reducing the Cost of Poor Quality. Mike Ennis, Senior Test Manager Accenture Defect Prevention: A Tester s Role in Process Improvement and reducing the Cost of Poor Quality Mike Ennis, Senior Test Manager Accenture IISP, 1996-2008 www.spinstitute.org 1 Defect Prevention versus

More information

ida.com excellence in dependable automation

ida.com excellence in dependable automation IEC 61508 Maintenance Status IEC 61508 Maintenance Projekt ist aus dem zulässigen Zeitrahmen gelaufen Viele Baustellen auch durch neue Mitglieder (Frankreich, USA, IEC 61511 Team) Bestehende Anforderungen,

More information

Spillemyndigheden s Certification Programme Change Management Programme

Spillemyndigheden s Certification Programme Change Management Programme SCP.06.00.EN.2.0 Table of contents Table of contents... 2 1 Introduction... 4 1.1 Spillemyndigheden s certification programme... 4 1.2 Objectives of the change management programme... 4 1.3 Scope of this

More information

Volume I, Section 4 Table of Contents

Volume I, Section 4 Table of Contents Volume I, Section 4 Table of Contents 4 Software Standards...4-1 4.1 Scope...4-1 4.1.1 Software Sources...4-2 4.1.2 Location and Control of Software and Hardware on Which it Operates...4-2 4.1.3 Exclusions...4-3

More information

Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004)

Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004) Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004) Dale Perry Worldwide Pressure Marketing Manager Emerson Process Management Rosemount Division Chanhassen, MN 55317 USA

More information

CS 451 Software Engineering Winter 2009

CS 451 Software Engineering Winter 2009 CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings 215.895.0298 yfcai@cs.drexel.edu 1 Testing Process Testing Testing only reveals the presence of defects Does not identify

More information

Value Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity

Value Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity Value Paper Author: Edgar C. Ramirez Diverse redundancy used in SIS technology to achieve higher safety integrity Diverse redundancy used in SIS technology to achieve higher safety integrity Abstract SIS

More information

IAEA-TECDOC-1328 Solutions for cost effective assessment of software based instrumentation and control systems in nuclear power plants

IAEA-TECDOC-1328 Solutions for cost effective assessment of software based instrumentation and control systems in nuclear power plants IAEA-TECDOC-1328 Solutions for cost effective assessment of software based instrumentation and control systems in nuclear power plants Report prepared within the framework of the Technical Working Group

More information

Safety-Critical Software Development: DO-178B

Safety-Critical Software Development: DO-178B Safety-Critical Software Development: DO-178B Prof. Chris Johnson, School of Computing Science, University of Glasgow. johnson@dcs.gla.ac.uk http://www.dcs.gla.ac.uk/~johnson Introduction Software design

More information

U.S. Department of Energy

U.S. Department of Energy U.S. Department of Energy Washington, D.C. NOTICE DOE N 203.1 Approved: Expires: 06-02-01 SUBJECT: SOFTWARE QUALITY ASSURANCE 1. OBJECTIVES. To define requirements and responsibilities for software quality

More information

Mission Operation Ground. Assurance @ ESA. Mario Merri GSAW, Los Angeles, USA 2 Mar 2011 ESA UNCLASSIFIED

Mission Operation Ground. Assurance @ ESA. Mario Merri GSAW, Los Angeles, USA 2 Mar 2011 ESA UNCLASSIFIED Mission Operation Ground Software Systems Product Assurance @ ESA Mario Merri GSAW, Los Angeles, USA 2 Mar 2011 The European Cooperation for Space Standardisation (ECSS) Established: in 1993 Goal: coherent,

More information

Safety Lifecycle illustrated with exemplified EPS

Safety Lifecycle illustrated with exemplified EPS September 2012 Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C-Ware, the Energy Efficient Solutions logo, Kinetis, mobilegt, PowerQUICC, Processor Expert, QorIQ,

More information

ITIL Essentials Study Guide

ITIL Essentials Study Guide ITIL Essentials Study Guide Introduction Service Support Functions: Service Desk Incident Management Problem Management Change Management Configuration Management Release Management Service Delivery Functions:

More information

A New Standards Project on Avoiding Programming Language Vulnerabilities

A New Standards Project on Avoiding Programming Language Vulnerabilities A New Standards Project on Avoiding Programming Language Vulnerabilities Jim Moore Liaison Representative from IEEE Computer Society to ISO/IEC JTC 1/SC 7 Liaison Representative between ISO/IEC JTC 1/SC

More information

WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE

WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE WHITEPAPER: SOFTWARE APPS AS MEDICAL DEVICES THE REGULATORY LANDSCAPE White paper produced by Maetrics For more information, please contact global sales +1 610 458 9312 +1 877 623 8742 globalsales@maetrics.com

More information

Introduction to Automated Testing

Introduction to Automated Testing Introduction to Automated Testing What is Software testing? Examination of a software unit, several integrated software units or an entire software package by running it. execution based on test cases

More information

074-8432-552 Page 1 of 7 Effective Date: 12/18/03 Software Supplier Process Requirements

074-8432-552 Page 1 of 7 Effective Date: 12/18/03 Software Supplier Process Requirements Page 1 of 7 Software Supplier Process Requirements 1.0 QUALITY SYSTEM FRAMEWORK 1.1 QUALITY POLICY The Seller shall document and implement a quality program in the form of Quality manual or detailed Quality

More information