Model-Based Assurance and Certification

Method to justify system dependability in compliance with standards
To justify system dependability in compliance with standards by exploiting model-based techniques, e.g. structured specifications that conform to a metamodel.

Many critical systems, e.g., safety-critical ones, are subject to rigorous assurance and certification processes to guarantee that the systems are dependable. Assurance can be defined as the set of planned and systematic actions necessary to provide adequate confidence and evidence that a system satisfies given requirements, e.g., for system safety, and certification can be defined as the legal recognition that a system complies with standards and regulations designed to ensure that the system can be depended upon to deliver its intended service.

Assurance and certification are challenging, time-consuming, and costly processes. A means that can facilitate them is the use of models, i.e., of representations that conform to a reference information structure (aka metamodel). Models can facilitate the understanding of safety standards, the identification of inconsistencies in their text, the determination of the evidence to collect, the specification of traceability requirements, and compliance assessment, among other tasks [MAC2]. We review model-based assurance and certification as characterised in the AMASS project [MAC1].

From a process perspective [MAC3], six main stages can be distinguished for model-based assurance and certification (Figure 3.17). Not every stage and step should be performed for each assurance project. In particular, the first two stages (“Standards Compliance Definition” and “Process Reusability Definition”) are project-independent and only need to be performed once, so the outcome and data provided from these steps could be re-used for multiple projects.

  • Standards Compliance Definition is a project-independent phase focused on capturing, digitalizing, storing and retrieving the different standard compliance knowledge. It should be performed by an expert in the regulatory frameworks that will be part of the reference knowledge included in the platform.
  • Process Reusability Definition is conducted only once by a process expert. This expert will take care of tasks such as specifying reusable compliant processes and validating the process reusability.
  • For Assurance Project Definition, the assurance manager defines the scope of compliance for a project in the context of a certain regulation. The manager will follow the project compliance lifecycle and, when it is feasible, check the different reuse possibilities and compliance means.
  • The systems engineer performs System Design Analysis and V&V in collaboration with the safety and security engineers to define the system architecture, elicit system requirements, define component contracts, and conduct safety and security analyses. The validation of the components’ contracts and V&V of safety and security analyses is performed by the V&V engineer.
  • Assurance Case Management deals with the definition of argumentation using compliance arguments and product arguments. The assurance manager will take care of resolving safety and security trade-offs and of linking the assurance case information to the system architecture.
  • During Evidence Management, the assurance manager will define the project artefacts that will be used as evidence and collect those artefacts. The manager will ensure artefact traceability, follow the progress of the process execution, and specify the compliance with standards and regulations.

MAC.png

  • Developed from large collaborative efforts in prior projects such as OPENCOSS (https://cordis.europa.eu/project/id/289011), SafeCer (https://cordis.europa.eu/project/id/295373), AMASS and (https://www.amass-ecsel.eu/).
  • Extensive validation
  • Already part of an Eclipse project
  • Integrated with other methodologies and tools, and with integration extension features
  • Considerable amount of methodological guidance available
  • Most often requires tailoring (selection of activities needed) to specific companies and projects
  • Limited support for workflow configuration
  • Tool support usability can be improved

[MAC1] AMASS project: D2.5 - AMASS user guidance and methodological framework. 2018

[MAC2] de la Vara, J.L., Ruiz, A., Attwood, K., Espinoza, H., Panesar-Walawege, R.K., Lopez, A., del Rio, I., Kelly, T.: Model-Based Specification of Safety Compliance Needs: A Holistic Generic Metamodel. Information and Software Technology 72: 16-30, 2016

[MAC3] de la Vara, J.L., Ruiz, A., Gallina, B., Blondelle, G., Alaña, E., Herrero, J., Warg, F., Skoglund, M., Bramberger, R.: The AMASS Approach for Assurance and Certification of Critical Systems. embedded world Conference 2019

Method Dimensions
In-the-lab environment
Analytical - Semi-Formal
Hardware, Model, Software
Requirement Analysis, Concept, Integration testing, Acceptance testing, Implementation, Unit testing, Detail Design, Risk analysis, Other, System Design, Architecture Design, Operation, System testing
Thinking, Acting, Sensing
Non-Functional - Other, Non-Functional - Safety, Non-Functional - Privacy, Functional, Non-Functional - Security
V&V process criteria, SCP criteria
Relations
Contents

There are currently no items in this folder.