Safety Assurance for Cyber-Physical Systems

Cyber-Physical Systems (CPS) integrate computational and hardware components within systems that interact with the physical world. Many CPS are safety-critical, deployed in areas such as autonomous driving, smart cities, medical devices, and unmanned aerial systems. Developing a safety-critical CPS involves multi-disciplinary challenges that impact diverse areas of Software Engineering research such as goal modeling, formal methods, requirements analysis, runtime adaptation, uncertainty, design-time system evolution, environmental assumptions, safety assurance cases, product line development, and human-computer interaction, to name a few.

We build upon the practice of developing a Safety Case, or Safety Assurance Case (SAC), as a means to describe and reason about system and software safety in safety-critical domains. Our interest is in safety-case maintenance as the system evolves. We have two projects in this area:

Safety Case Evolution: Our Software Artifact Forest Analysis (SAFA) approach, is designed to aid validators, verifiers, safety analysts, and other project stakeholders, to understand and analyze the impact of change upon an existing safety case, to assess the safety of the current system, and to evolve the safety case accordingly. We particularily emphasize the intersection of agile development with safety assurance. One of the greatest challenges in an Agile Safety-Critical project is ensuring safety despite the short iterations and frequent releases of software. The process is very different from the much slower, more methodical, carefully planned changes that occur in a more linear development environment. In this proposal, we address this challenge by proposing new techniques for managing and understanding change, and for assessing its impact upon system safety. Among other contributions, we introduce the notion of a Delta tree, which provides an intuitive visual interface for interactively exploring changes that have occurred between two versions of the system. The tree is generated automatically by retrieving artifacts from Jira and Github, and comparing two versions of the system. Differences were visualized to portray new (green), deleted (red), and modified (blue) artifacts. Our approach also leverages AI to help guide the analyst through the task of assessing the impact of change upon the system safety.

Interlocking Safety Cases: Supporting software developers as they construct UAV applications even though they may lack formal training in safety practices, to assure that their deployed applications meet satisfactory safety standards. Our approach is meant to complement existing safety practices and could, for example, be used as part of a formal review process in a regulated domain. We propose a novel solution that splits a SAC into two different parts that can be effectively interlocked: an Infrastructure-level Safety Assurance Case (ISAC) and a uav-level pluggable Safety Assurance Cases (pSAC) for associated with it. We connect the individual UAVs' safety assurance cases with the infrastructure safety case through safety interlocks. Furthermore we adopt the policy of trust but monitor, in which assumptions on behavior of UAVs specified in the ISAC provide design constraints on the UAV applications. To verify that a UAV behaves as required, the infrastructure enforces runtime monitoring, allowing the behavior, performance, and reputation of each UAV to be tracked with respect to constraints specified in the ISAC. Read more about this project in our IEEE TSE paper here .

Selected Publications

  • Michael Vierhauser, Sean Bayley, Jane Wyngaard, Jinghui Cheng, Wandi Xiong, Robyn R. Lutz, Joshua Huseman, Jane Cleland-Huang: Interlocking safety cases for unmanned autonomous systems in urban environments. Transactions on Software Engineering, 2019, (Currently in preprint).
  • Leveraging Artifact Trees to Evolve and Reuse Safety Cases, Ankit Agrawal, Seyedehzahra Khoshmanesh, Michael Vierhauser, Mona Rahimi, Jane Cleland-Huang, Robyn R. Lutz. International Conference on Software Engineering, 2019, Montreal, Canada.
  • Mona Rahimi, Wandi Xiong, Jane Cleland-Huang, Robyn Lutz: Diagnosing assumption problems in safety-critical products. ASE 2017: 473-484
  • Patrick Rempel, Patrick Maeder, Tobias Kuschke, Jane Cleland-Huang: Mind the gap: assessing the conformance of software traceability to relevant guidelines. ICSE 2014: 943-954
  • Patrick Maeder, Paul L. Jones, Yi Zhang, Jane Cleland-Huang: Strategic Traceability for Safety-Critical Projects. IEEE Software 30(3): 58-66 (2013)
  • Jane Cleland-Huang, Mats Per Erik Heimdahl, Jane Huffman Hayes, Robyn R. Lutz, Patrick Maeder: Trace Queries for Safety Requirements in High Assurance Systems. REFSQ 2012: 179-193

Current Researchers

  • Ankit Agrawal, PhD Student, Topic: Safety Assurance for CPS in Evolving Systems
  • Dr. Jane Cleland-Huang, SAREC Director, Professor DePaul University

Collaborators

Funded Projects

  • $499,894 2019-2021, SHF: Small: SHF: Small: Evolving Safety Cases in Agile Development Environments (PI: Jane Cleland-Huang)

  • $444,326 2016-2020, SHF: Medium: RUI: Collaborative Research: Advanced Traceability for Composing Product Line Safety Cases, 07/01/2015 (4 years) (PIs: Jane Cleland-Huang, Notre Dame; Robyn Lutz, Iowa State University). Total award $850,000.
Current Projects
Safety Models


    A delta tree is generated automatically by comparing a pair of artifacts trees from two versions (V1 and V2). The Green subtree represents new functionality (requirement, design definition, and code), the Red subtree represents removed functionality (including removal of an adjacent system), and blue represents modified code

    Infrastructure Safety Assurance Case. This ISAC shows a partial decomposition of a high-level goal,and includes examples of interlock points for runtime monitoring (@monitor), one-time on entry monitoring (@entry), and a pluggable pSAC (@psac).

© SAREC 2011   |   Design: Aleksandra Waliczek, Marcin Kunysz & spyka webmaster | Free Web Templates