Advanced Integrity and Safety Assurance for Software

ABSTRACT: Safety assessments of software-intensive based systems in the nuclear community cannot be limited to verification and testing of the end product, i.e. computer code, since other factors can have an important effect on safety and integrity. Current standards offer limited guidance and process oriented methods improve the likelihood of a better product but do not provide specific guarantees on the final system. In order to obtain the highest possible assurance of safety and integrity necessary for U.S. nuclear weapons, safety certification requires an intensive review, verification, and validation of developed software. This occurs throughout the development cycle and maintenance phases of the system. The WW Technology Group (WWTG) proposes approach is a certification method using composable/decomposable modular safety cases to specify system safety properties and support the V & V of those properties with argument and evidence chains. The modular safety assurance cases can be further enhanced by supplying case evidence directly from analysis results and information extracted from system architecture models that describe the system under design. The system architecture models can be used to represent the system at varying levels of abstraction and can be used to support incremental refinement of V & V products through a system life-cycle. BENEFIT: The overall vision for this research area is to reduce reliance on testing and enable certification through trusted, formalized, and safety assurance cases. Standardized tools used for nuclear weapons software surety certification are important however many DOE/DoD organizations can benefit from independent verification and validation being developed for this project. The tool set and methods developed can be used for safety critical software in commercial domains for automotive, civil aviation, medical, and industrial control in accordance with standards such as RTCA DO 178C, IEC 61508, & SAE 27272. A key benefit that our technology provides is reduced system build/certification costs while maintaining high levels of system safety and integrity. By integrating system certification process sensitivities with system models the cost drivers in the certification process are exposed and can be actively considered with other traditional design trade-offs and risk assessment strategies. This leads to more cost effective initial designs and incremental certification. The integration of attributes for dependability and safety provide addition benefits; enabling early detection of reliability issues or potential safety violations, which in turn leads to deployed systems that are more robust and have lower cost due to elimination of expensive rework late in the development cycle.