Model-Based Assurance and Certification

Method to justify system dependability in compliance with standards

Method Purpose Short description of the method's purpose and main benefits

Method description A detailed description of the method

Many critical systems, e.g., safety-critical ones, are subject to rigorous assurance and certification processes to guarantee that the systems are dependable. Assurance can be defined as the set of planned and systematic actions necessary to provide adequate confidence and evidence that a system satisfies given requirements, e.g., for system safety, and certification can be defined as the legal recognition that a system complies with standards and regulations designed to ensure that the system can be depended upon to deliver its intended service.

Assurance and certification are challenging, time-consuming, and costly processes. A means that can facilitate them is the use of models, i.e., of representations that conform to a reference information structure (aka metamodel). Models can facilitate the understanding of safety standards, the identification of inconsistencies in their text, the determination of the evidence to collect, the specification of traceability requirements, and compliance assessment, among other tasks [MAC2]. We review model-based assurance and certification as characterised in the AMASS project [MAC1].

From a process perspective [MAC3], six main stages can be distinguished for model-based assurance and certification (Figure 3.17). Not every stage and step should be performed for each assurance project. In particular, the first two stages (“Standards Compliance Definition” and “Process Reusability Definition”) are project-independent and only need to be performed once, so the outcome and data provided from these steps could be re-used for multiple projects.

Standards Compliance Definition is a project-independent phase focused on capturing, digitalizing, storing and retrieving the different standard compliance knowledge. It should be performed by an expert in the regulatory frameworks that will be part of the reference knowledge included in the platform.
Process Reusability Definition is conducted only once by a process expert. This expert will take care of tasks such as specifying reusable compliant processes and validating the process reusability.
For Assurance Project Definition, the assurance manager defines the scope of compliance for a project in the context of a certain regulation. The manager will follow the project compliance lifecycle and, when it is feasible, check the different reuse possibilities and compliance means.
The systems engineer performs System Design Analysis and V&V in collaboration with the safety and security engineers to define the system architecture, elicit system requirements, define component contracts, and conduct safety and security analyses. The validation of the components’ contracts and V&V of safety and security analyses is performed by the V&V engineer.
Assurance Case Management deals with the definition of argumentation using compliance arguments and product arguments. The assurance manager will take care of resolving safety and security trade-offs and of linking the assurance case information to the system architecture.
During Evidence Management, the assurance manager will define the project artefacts that will be used as evidence and collect those artefacts. The manager will ensure artefact traceability, follow the progress of the process execution, and specify the compliance with standards and regulations.

Method Strengths A listof the strengths of the method

Developed from large collaborative efforts in prior projects such as OPENCOSS (https://cordis.europa.eu/project/id/289011), SafeCer (https://cordis.europa.eu/project/id/295373), AMASS and (https://www.amass-ecsel.eu/).
Extensive validation
Already part of an Eclipse project
Integrated with other methodologies and tools, and with integration extension features
Considerable amount of methodological guidance available

Method Limitations The limitations of the method

Most often requires tailoring (selection of activities needed) to specific companies and projects
Limited support for workflow configuration
Tool support usability can be improved

Method References Bibliography references to papers about the method.

[MAC1] AMASS project: D2.5 - AMASS user guidance and methodological framework. 2018

[MAC2] de la Vara, J.L., Ruiz, A., Attwood, K., Espinoza, H., Panesar-Walawege, R.K., Lopez, A., del Rio, I., Kelly, T.: Model-Based Specification of Safety Compliance Needs: A Holistic Generic Metamodel. Information and Software Technology 72: 16-30, 2016

[MAC3] de la Vara, J.L., Ruiz, A., Gallina, B., Blondelle, G., Alaña, E., Herrero, J., Warg, F., Skoglund, M., Bramberger, R.: The AMASS Approach for Assurance and Certification of Critical Systems. embedded world Conference 2019

Method Dimensions

Evaluation Environment Type Type of environment where the method is applied. It can be more than one type of environment. (Dimension 1)

Evaluation Type Type of evaluation performed with that method. If a method is hybrid, more than one type can be selected. (Dimension 2)

Type of Component Under Evaluation Type of components that can be evaluated with that method. It can be more than one type. (Dimension 3)

Evaluation Stage The evaluation stage where the method is used. (Dimension 5)

Purpose of the Component Under Evaluation The type of purpose that can be evaluated by a method. It can be more than one type. (Dimension 6)

Type of Requirement Under Evaluation The type of requirements that a method is able to evaluate. It can be more than one type. (Dimension 7)

Evaluation Performance Indicator The type of evaluation criteria or KPI that a method is able to improve. It can be more than one type. (Dimension 8)

Relations

Related Methods A method could be related to other methods.

Tools A method can use zero or more tools.

Part Method A method (when it is a combination: Combination of method artefact that is a specialization of a V&V Method) could be composed of a set of V&V Methods.

Test Case or Verification and Validation activity Test Case or V&V activity performed in a Use Case. We will link to the method to the test cases where the method is used.

Standards A method can be linked with standards.

Context

Workflow

Contents

There are currently no items in this folder.