Change search
ReferencesLink to record
Permanent link

Direct link
Extending Contract Theory with Safety Integrity Levels
KTH, School of Industrial Engineering and Management (ITM), Machine Design (Dept.), Mechatronics. (Inbyggda kontrollsystem)ORCID iD: 0000-0002-9655-7326
KTH, School of Industrial Engineering and Management (ITM), Machine Design (Dept.), Mechatronics. Scania, Sweden.
2015 (English)In: 2015 IEEE 16th International Symposium on High Assurance Systems Engineering (HASE), IEEE Computer Society, 2015, 85-92 p.Conference paper (Refereed)
Abstract [en]

In functional safety standards such as ISO 26262 and IEC 61508, Safety Integrity Levels (SILs) are assigned to top-level safety requirements on a system. The SILs are then either inherited or decomposed down to safety requirements on sub-systems, such that if the sub-systems are sufficiently reliable in fulfilling their respective safety requirements, as specified by the SILs, then it follows that the system is sufficiently reliable in fulfilling the top-level safety requirement. Present contract theory has previously been shown to provide a suitable foundation to structure safety requirements, but does not include support for the use of SILs. An extension of contract theory with the notion of SILs is therefore presented. As a basis for structuring the breakdown of safety requirements, a graph, called a contract structure, is introduced that provides a necessary foundation to capture the notions of SIL inheritance and decomposition in the context of contract theory.

Place, publisher, year, edition, pages
IEEE Computer Society, 2015. 85-92 p.
, IEEE International Symposium on High-Assurance Systems Engineering, ISSN 1530-2059
Keyword [en]
Contracts, Decompositon, IEC61508, ISO26262, Requirements, Safety Integrity Levels, SIL
National Category
Mechanical Engineering
URN: urn:nbn:se:kth:diva-170391DOI: 10.1109/HASE.2015.21ISI: 000380911000011ScopusID: 2-s2.0-84936853007ISBN: 978-1-4799-8110-6OAI: diva2:828154
IEEE International Conference on High Assurance Systems Engineering (HASE), 8-10 Jan. 2015, Daytona Beach Shores, FL, United States

QC 20150630

Available from: 2015-06-29 Created: 2015-06-29 Last updated: 2016-09-16Bibliographically approved
In thesis
1. Specifying Safety-Critical Heterogeneous Systems Using Contracts Theory
Open this publication in new window or tab >>Specifying Safety-Critical Heterogeneous Systems Using Contracts Theory
2016 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Requirements engineering (RE) is a well-established practice that is also emphasized in safety standards such as IEC 61508 and ISO 26262. Safety standards advocate a particularly stringent RE where requirements must be structured in an hierarchical manner in accordance with the system architecture; at each level, requirements must be allocated to heterogeneous (SW, HW, mechanical, electrical, etc.) architecture elements and trace links must be established between requirements. In contrast to the stringent RE in safety standards, according to previous studies, RE in industry is in general of poor quality. Considering a typical RE tool, other than basic impact analysis, the tool neither gives feedback nor guides a user  when specifying, allocating, and structuring requirements. In practice, for industry to comply with the stringent RE in safety standards, better support for RE is needed, not only from tools, but also from principles and methods.

Therefore, a foundation is presented consisting of an underlying theory for specifying heterogeneous systems and complementary principles and methods to specifically support the stringent RE in safety standards. This foundation is indeed suitable as a base for implementing guidance- and feedback-driven tool support for such stringent RE; however, the fact is that the proposed theory, principles, and methods provide essential support  regardless if tools are used or not.

The underlying theory is a formal compositional contracts theory for heterogeneous systems. This contracts theory embodies the essential RE property of separating requirements on a system from assumptions on its environment. Moreover, the contracts theory formalizes the stringent RE effort of structuring requirements hierarchically with respect to the system architecture. Thus, the proposed principles and methods for supporting the stringent RE in safety standards are well-rooted in formal concepts and conditions, and are thus, theoretically sound. Not only that, but the foundation is indeed also tailored to be enforced by both existing and new tools considering that the support is based on precise mathematical expressions that can be interpreted unambiguously by machines. Enforcing the foundation in a tool entails support that guides and gives feedback when specifying heterogeneous systems in general, and safety-critical ones in particular.

Abstract [sv]

Kravhantering är en väletablerad praxis som ocksåbetonas i säkerhetsstandarder såsom IEC 61508 och ISO 26262. Säkerhetsstandarder förespråkar en särskilt noggrann kravhantering där krav skall struktureras på ett hierarkiskt sätt i enlighet med systemarkitekturen; på varje nivå så skall krav allokeras till heterogena (SW, HW, mekaniska, elektriska, etc.) arkitekturelement och spårlänkar skall upprättas mellan kraven. I motsats till den noggranna kravhanteringen i säkerhetsstandarder så är kravhantering i industrin av allmänt dålig kvalitet enligt tidigare studier. Ett typisk kravverktyg ger inte mycket mer stöd än grundläggande konsekvensanalyser, d.v.s.\ verktyget ger varken återkoppling eller vägledning för att formulera, allokera, och strukturera krav. Bättre stöd behövs för att industrin i praktiken skall kunna förverkliga den noggranna kravhanteringen i säkerhetsstandarder -- inte bara stöd från verktyg, men också från kravhanteringsprinciper och metoder.

Därför presenteras ett fundament bestående av en underliggande teori för specifiering av heterogena system, samt kompletterande principer och metoder för att stödja den noggranna kravhanteringen i säkerhetsstandarder. Detta fundament är lämplig som en bas för att kunna implementera verktyg som ger återkoppling och vägledning för kravhantering; likväl så ger den föreslagna teorin, principerna och metoderna essentiellt stöd oavsett om verktyg används eller inte.

Den underliggande teorin är en kompositionell och formell kontraktsteori för heterogena system. Denna kontraktsteori ger konkret form åt den centrala kravhanteringsegenskapen att separera kraven på ett system från antaganden på dess omgivning. Dessutom så formaliserar kontraksteorin den noggranna uppgiften att hierarkiskt strukturera krav i enlighet med systemarkitekturen. Således så är de föreslagna principerna och metoderna för att stödja den noggranna kravhanteringen i säkerhetsstandarder välförankrade i formella begrepp och villkor och är därmed också teoretiskt sunda. Det erbjudna stödet är dessutom välanpassat för att kunna verkställas av såväl befintliga som nyaverktyg med tanke på att stödet är grundat på exakta matematiska uttryck som kan tolkas entydigt av maskiner. Verkställandet av fundamentet av ett verktyg medför stöd i form av vägledning och återkoppling vid specifiering av heterogena system i allmänhet, och säkerhetskritiska sådana i synnerhet.

Place, publisher, year, edition, pages
KTH Royal Institute of Technology, 2016. 237 p.
TRITA-MMK, ISSN 1400-1179 ; 2016:05
Contracts, Heterogeneous Systems, Safety, Architecture, Requirements, Specification, Elements, Compositional, IEC 61508, ISO 26262, Kontrakt, Heterogena System, Säkerhet, Arkitektur, Kravhantering, Specifiering, Element, Kompositionell, IEC 61508, ISO 26262
National Category
Mechanical Engineering Mathematics
Research subject
Machine Design
urn:nbn:se:kth:diva-192150 (URN)978-91-7729-106-0 (ISBN)
External cooperation:
Public defence
2016-09-29, Kollegiesalen, Brinellvägen 8, Stockholm, 09:00 (English)

QC 20160909

Available from: 2016-09-11 Created: 2016-09-06 Last updated: 2016-09-11Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Westman, JonasNyberg, Mattias
By organisation
Mechanical Engineering

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 124 hits
ReferencesLink to record
Permanent link

Direct link