关于安全案例论证构建的综述

doi:10.13328/j.cnki.jos.007126

微信服务号

微信订阅号

2025年5月10日 17:16 星期六

首页 > 过刊浏览>2024年第35卷第9期 >4013-4037. DOI:10.13328/j.cnki.jos.007126

PDF HTML阅读 XML下载导出引用引用提醒

关于安全案例论证构建的综述
DOI:
                        10.13328/j.cnki.jos.007126
                    
CSTR:
                        
                    
作者:
                        陈泽众陈泽众
上海市高可信计算重点实验室 (华东师范大学), 上海 200062
在期刊界中查找
在百度中查找
在本站中查找
邓玉欣邓玉欣
上海市高可信计算重点实验室 (华东师范大学), 上海 200062
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:陈泽众(1995－), 男, 博士生, CCF学生会员, 主要研究领域为软件工程, 形式化方法. ;邓玉欣(1978－), 男, 博士, 教授, 博士生导师, CCF杰出会员, 主要研究领域为并发理论, 程序语义, 形式化验证, 量子计算.
通讯作者:邓玉欣, E-mail: yxdeng@sei.ecnu.edu.cn
中图分类号:
基金项目:国家自然科学基金(61832015, 62072176)

Survey on Construction of Safety Case Arguments

Author:

CHEN Ze-Zhong
CHEN Ze-Zhong
Shanghai Key Laboratory of Trustworthy Computing (East China Normal University), Shanghai 200062, China
在期刊界中查找
在百度中查找
在本站中查找
DENG Yu-Xin
DENG Yu-Xin
Shanghai Key Laboratory of Trustworthy Computing (East China Normal University), Shanghai 200062, China
在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [76]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

安全案例提供清晰、全面和可靠的论据, 说明系统在特定环境下的操作满足可接受的安全性. 在受监管的安全攸关领域, 如汽车、航空和核能等领域, 认证机构通常要求系统经过严格的安全评估程序, 以确保其符合一个或多个安全标准. 在系统开发中应用安全案例是一种新兴的技术手段, 以结构化和全面的方式表达安全攸关系统的安全属性. 对安全案例的4个基本构建步骤: 确定目标、收集证据、构建论证和评估安全案例, 进行简要介绍. 然后聚焦于构建论证这一关键步骤, 详细介绍现有的8种安全案例表达形式, 包括目标结构符号(GSN)、声明-论点-证据(CAE)、结构化安全案例元模型(SACM)等, 并分析了它们的优缺点. 由于安全案例所需材料的显著复杂性, 软件工具通常被用作构建和评估安全案例的实用方法. 比较7种用于安全案例开发和评估的工具, 包括astah system safety、gsn2x、NOR-STA、Socrates、ASCE、D-Case Editor和AdvoCATE. 此外, 还深入探讨了安全案例构建中所面临的多重挑战, 这些挑战包括数据的可靠性和完整性、复杂性和不确定性的管理、监管和标准的不一致、人因工程、技术的快速发展以及团队和跨学科合作6个方面. 最后, 展望安全案例的未来研究方向, 揭示其潜在应用和研究问题.

关键词:安全案例;系统安全;论证构建;目标结构符号;安全案例工具

Abstract:

Safety cases provide clear, comprehensive, and reliable arguments which mean that a system’s operation under a specific environment meets acceptable safety levels. In safety-critical sectors subject to regulations such as automotive, aviation, and nuclear industries, certification authorities often require the system to undergo a rigorous safety assessment process and thus demonstrate that the system complies with one or more safety standards. The safety case utilization in system development is an emerging technical means to express the safety attributes of safety-critical systems in a structured and comprehensive way. This study briefly introduces the four basic steps of building a safety case, including determining the goal, gathering evidence, constructing arguments, and evaluating the case, and then focuses on the key step of constructing arguments. Meanwhile, eight existing forms of safety case expressions are introduced in detail, containing goal structuring notation (GSN), claim-argument-evidence (CAE), and structured assurance case metamodel (SACM), with their strengths and weaknesses analyzed. Given the significant complexity of the materials required for safety cases, software tools are often adopted as practical methods for constructing and evaluating safety cases. Additionally, seven tools for developing and evaluating safety cases are compared, including astah system safety, gsn2x, NOR-STA, Socrates, ASCE, D-Case Editor, and AdvoCATE. Furthermore, this study delves into multiple challenges in building safety cases. These challenges include data reliability and integrity, complexity and uncertainty management, inconsistencies in regulations and standards, human factor engineering, rapid technological advancements, and challenges in team and interdisciplinary collaboration. Finally, a prospect is provided for the future development of safety cases to reveal their potential utilization and relevant research problems.

Key words:safety case;system safety;argument construction;goal structuring notation;safety case tool

参考文献

[1] Toulmin SE. The Uses of Argument. Cambridge: Cambridge University Press, 2003. 1–247.

[2] Cleland G, Sujan MA, Habli I, Medhurst J. Using safety cases in industry and healthcare. London: The Health Foundation, 2012. https://www.health.org.uk/publications/using-safety-cases-in-industry-and-healthcare

[3] Sklyar V, Kharchenko V. Assurance case for safety and security implementation: A survey of applications. Int’l Journal of Computing, 2020, 19(4): 610–619.

[4] Bate IJ, Burns A, Kelly TP, McDermid JA. Building a preliminary safety case: An example from aerospace. In: Proc. of the 1997 Australian Workshop on Industrial Experience with Safety Critical Systems and Software. Sydney, 1997. 1–10. https://pure.york.ac.uk/portal/en/publications/building-a-preliminary-safety-case-an-example-from-aerospace

[5] Rushby J, Xu XD, Rangarajan M, Weaver TL. Understanding and evaluating assurance cases. Technical Report 20160000772, Hampton: NASA Langley Research Center, 2015.

[6] Graydon PJ, Knight JC, Strunk EA. Assurance based development of critical systems. In: Proc. of the 37th Annual IEEE/IFIP Int’l Conf. on Dependable Systems and Networks. Edinburgh: IEEE, 2007. 347–357. [doi: 10.1109/DSN.2007.17]

[7] Austin R, Mahadevan N, Sierawski BD, Karsai G, Witulski AF, Evans J. A CubeSat-payload radiation-reliability assurance case using goal structuring notation. In: Proc. of the 2017 Annual Reliability and Maintainability Symp. Orlando: IEEE, 2017. 1–8.

[8] Vierhauser M, Bayley S, Wyngaard J, Xiong WD, Cheng JH, Huseman J, Lutz R, Cleland-Huang J. Interlocking safety cases for unmanned autonomous systems in shared airspaces. IEEE Trans. on Software Engineering, 2021, 47(5): 899–918.

[9] 牛儒, 唐涛. 安全论证方法及其在铁路信号开发安全保障中的应用. 铁道学报, 2014, 36(4): 54–59.

Niu R, Tang T. Application of safety argument in safety assurance system for railway signalling development. Journal of the China Railway Society, 2014, 36(4): 54–59 (in Chinese with English abstract).

[10] 徐征捷, 王奇. GSN安全论证方法在产品安全案例变更管理中的应用. 控制与信息技术, 2020(2): 95–99.

Xu ZJ, Wang Q. Application of GSN safety demonstration method in change management of product safety case. Control and Information Technology, 2020(2): 95–99 (in Chinese with English abstract).

[11] Medhurst J, Embrey D. Safety case use in the railway industry. In: Supplements to: Using Safety Cases in Industry and Healthcare. London: The Health Foundation, 2012.

[12] Beugin J, Legrand C, Marais J, Berbineau M, El-Koursi EM. Safety appraisal of GNSS-based localization systems used in train spacing control. IEEE Access, 2018, 6: 9898–9916.

[13] Griessnig G, Schnellbach A. Development of the 2nd Edition of the ISO 26262. In: Proc. of the 24th European Conf. on Software Process Improvement. Ostrava: Springer, 2017. 535–546. [doi: 10.1007/978-3-319-64218-5_44]

[14] Palin R, Habli I. Assurance of automotive safety—A safety case approach. In: Proc. of the 29th Int’l Conf. on Computer Safety, Reliability, and Security. Vienna: Springer, 2010. 82–96. [doi: 10.1007/978-3-642-15651-9_7]

[15] Bourbouh H, Farrell M, Mavridou A, Sljivo I, Brat G, Dennis LA, Fisher M. Integrating formal verification and assurance: An inspection rover case study. In: Proc. of the 13th NASA Formal Methods. Springer, 2021. 53–71.

[16] Bloomfield R, Chozos N, Cleland G, Adelard LLP. Safety case use within the medical devices industry. In: Supplement to: Using Safety Cases in Industry and Healthcare. London: The Health Foundation, 2012.

[17] Larson BR, Hatcliff J, Chalin P. Open source patient-controlled analgesic pump requirements documentation. In: Proc. of the 5th Int’l Workshop on Software Engineering in Health Care. San Francisco: IEEE, 2013. 28–34. [doi: 10.1109/SEHC.2013.6602474]

[18] Jee E, Lee I, Sokolsky O. Assurance cases in model-driven development of the pacemaker software. In: Proc. of the 4th Int’l Symp. on Leveraging Applications of Formal Methods, Verification and Validation. Heraklion: Springer, 2010. 343–356. [doi: 10.1007/978-3-642-16561-0_33]

[19] Bloomfield R, Bishop P. Safety and assurance cases: Past, present and possible future—An Adelard perspective. In: Dale C, Anderson T, eds. Making Systems Safer. London: Springer, 2009. 51–67. [doi: 10.1007/978-1-84996-086-1_4]

[20] Leveson NG. The use of safety cases in certification and regulation. Technical Report, ESD-WP-2011-13, Engineering Systems Division, Massachusetts Institute of Technology, 2011. https://dspace.mit.edu/handle/1721.1/102833

[21] Wassyng A, Maibaum T, Lawford M, Bherer H. Software certification: Is there a case against safety cases? In: Proc. of the 16th Monterey Workshop: Foundations of Computer Software. Modeling, Development, and Verification of Adaptive Systems. Redmond: Springer, 2011. 206–227. [doi: 10.1007/978-3-642-21292-5_12]

[22] Henderson J. Safety case use in the petrochemical industry. In: Supplements to: Using Safety Cases in Industry and Healthcare. London: The Health Foundation, 2012.

[23] Baram MS. Preventing accidents in offshore oil and gas operations: The U.S. approach and some contrasting features of the Norwegian approach. Technical Report, 09-43, School of Law, Boston University, 2010.

[24] Mendes PAS, Hall J, Matos S, Silvestre B. Reforming Brazil’s offshore oil and gas safety regulatory framework: Lessons from Norway, the United Kingdom and the United States. Energy Policy, 2014, 74: 443–453.

[25] Kelly T. Safety case use in the defence industry. In: Supplements to: Using Safety Cases in Industry and Healthcare. London: The Health Foundation, 2012. 19–23.

[26] Duncan B, Whittington M. Compliance with standards, assurance and audit: Does this equal security? In: Proc. of the 7th Int’l Conf. on Security of Information and Networks. Glasgow: ACM, 2014. 77–84. [doi: 10.1145/2659651.2659711]

[27] Bloomfield R, Bishop P, Butler E, Netkachova K. Using an assurance case framework to develop security strategy and policies. In: Proc. of the 2017 Int’l Conf. on Computer Safety, Reliability, and Security. Trento: Springer, 2017. 27–38. [doi: 10.1007/978-3-319-66284-8_3]

[28] Widowati E, Sutomo AH, Istiono W. Are elementary schools ready for disaster preparedness and safety? E3S Web of Conf., 2021, 317: 01087. [doi: 10.1051/e3sconf/202131701087]

[29] Habli I, Alexander R, Hawkins R, Sujan M, McDermid J, Picardi C, Lawton T. Enhancing COVID-19 decision-making by creating an assurance case for simulation models. arXiv:2005.08381, 2020.

[30] National Research Council. Software for Dependable Systems: Sufficient Evidence? Washington: National Academies Press, 2007.

[31] ISO/IEC 1502-2:2011 Systems and software engineering-systems and software assurance-part 2: Assurance case. 2011. https://www.iso.org/standard/52926.html

[32] IEC 61508:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems. 2010. https://webstore.iec.ch/publication/22273

[33] ISO 26262-1:2018 Road vehicles-functional safety part 1: Vocabulary. 2018. https://www.iso.org/standard/68383.html

[34] EN 50657 Railway applications—Rolling stock applications—Software on board rolling stock. 2017. https://verifysoft.com/en_EN_50657_Railway_Applications.html

[35] DO-178C Software considerations in airborne systems and equipment certification. 2011. https://www.do178.org/

[36] Menon CI, Hawkins R, McDermid J. Defence standard 00–56 issue 4: Towards evidence-based safety standards. In: Dale C, Anderson T, eds. Safety-critical Systems: Problems, Process and Practice. London: Springer, 2009. 223–243. [doi: 10.1007/978-1-84882-349-5_15]

[37] Gallina B, Gómez-Mart??nez E, Earle CB. Deriving safety case fragments for assessing MBASafe’s compliance with EN 50128. In: Proc. of the 16th Int’l Conf. on Software Process Improvement and Capability Determination. Dublin: Springer, 2016. 3–16. [doi: 10.1007/978-3-319-38980-6_1]

[38] Holloway CM. Making the implicit explicit: Towards an assurance case for DO-178C. Technical Report, NF1676L-16361, NASA, 2013. https://ntrs.nasa.gov/citations/20140002745

[39] Kelly T. Arguing safety: A systematic approach to managing safety cases [Ph.D. Thesis]. Heslington: University of York, 1998.

[40] Kelly TP. A systematic approach to safety case management. Technical Paper, 2004-01-1779, SAE Int’l. 2004.

[41] Kelly T, Weaver R. The goal structuring notation—A safety argument notation. In: Proc. of the 2004 Dependable Systems and Networks Workshop on Assurance Cases. 2004. https://www.researchgate.net/profile/Tim-Kelly-10/publication/228990118_The_goal_structuring_notation-a_safety_argument_notation/links/00b7d51b58537a2fef000000/The-goal-structuring-notation-a-safety-argument-notation.pdf

[42] Fithri P, Riva NA, Susanti L, Yuliandra B. Safety analysis at weaving department of PT. X Bogor using failure mode and effect analysis (FMEA) and fault tree analysis (FTA). In: Proc. of the 5th Int’l Conf. on Industrial Engineering and Applications. Singapore: IEEE, 2018. 382–385. [doi: 10.1109/IEA.2018.8387129]

[43] Bloomfield R, Rushby J. Assurance 2.0: A manifesto. arXiv:2004.10474, 2020.

[44] The Assurance Case Working Group (ACWG). Goal structuring notation community standard version 3. 2021. https://scsc.uk/r141C:1?t=1

[45] Netkachova K, Netkachov O, Bloomfield R. Tool support for assurance case building blocks. In: Proc. of the 2015 Int’l Conf. on Computer Safety, Reliability, and Security. Springer, 2015. 62–71.

[46] Bloomfield RE, Netkachova K. Building Blocks for Assurance Cases. In: Proc. of the 25th Int’l Symp. on Software Reliability Engineering Workshops. IEEE Computer Society, 2014. 186–191.

[47] Wei R, Kelly TP, Dai XT, Zhao S, Hawkins R. Model based system assurance using the structured assurance case metamodel. Journal of Systems and Software, 2019, 154: 211–233.

[48] Bishop PG, Bloomfield RE. The ship safety case approach: A combination of system and software methods. In: Proc. of the 12th Annual CSR Workshop, Safety and Reliability of Software Based Systems. London: Springer, 1997. 107–121. [doi:10.1007/978-1-4471-0921-1_4]

[49] Standard D. Requirements for safety related software in defence equipment part 2: Guidance. Ministry of Defence, 1997. https://www.software-supportability.org/Docs/00-55_Part_2.pdf

[50] Shu YD, Zhao JS. A simplified Markov-based approach for safety integrity level verification. Journal of Loss Prevention in the Process Industries, 2014, 29: 262–266.

[51] Madan M, Dave M, Tandon A. Need and usage of traceability matrix for managing requirements. Int’l Journal of Engineering Research, 2016, 5(8): 666–668.

[52] ASCAS Manual. The adelard safety case development (ASCAD) manual. 1998. https://www.adelard.com/resources/ascad-manual/

[53] Fenton N. The role of measurement in software safety assessment. In: Proc. of the 12th Annual CSR Workshop, Safety and Reliability of Software Based Systems. London: Springer, 1997. 217–248. [doi: 10.1007/978-1-4471-0921-1_11]

[54] Wilson SP, Kelly TP, McDermid JA. Safety case development: Current practice, future prospects. In: Proc. of the 12th Annual CSR Workshop, Safety and Reliability of Software Based Systems. London: Springer, 1997. 135–156. [doi: 10.1007/978-1-4471-0921-1_6]

[55] Wilson SP, McDermid JA. Integrated analysis of complex safety critical systems. The Computer Journal, 1995, 38(10): 765–776.

[56] Support for GSN and ISO 15026 assurance cases. 2022. https://www.argevide.com/2022-06_release_7_8/

[57] Maksimov M, Fung NLS, Kokaly S, Chechik M. Two decades of assurance case tools: A survey. In: Proc. of the 2018 Int’l Conf. on Computer Safety, Reliability, and Security. V?ster?s: Springer, 2018. 49–59. [doi: 10.1007/978-3-319-99229-7_6]

[58] Selviandro N. Assurance case pattern using SACM notation. In: Proc. of the 9th Int’l Conf. on Information and Communication Technology. Yogyakarta: IEEE, 2021. 494–499. [doi: 10.1109/ICoICT52021.2021.9527483]

[59] Structured assurance case metamodel (SACM). 2020. https://www.omg.org/spec/SACM/2.1/PDF

[60] Sutopo RA, Selviandro N, Wulandari GS. Analysis and implementation of Web-based graphic editor for structured assurance case metamodel notation. In: Proc. of the 1st Int’l Conf. on Software Engineering and Information Technology. Bandung: IEEE, 2022. 222–227. [doi: 10.1109/ICoSEIT55604.2022.10029970]

[61] Nemouchi Y, Foster S, Gleirscher M, Kelly T. Isabelle/SACM: Computer-assisted assurance cases with integrated formal methods. In: Proc. of the 15th Int’l Conf. on Integrated Formal Methods. Bergen: Springer, 2019. 379–398.

[62] Maksimov M, Kokaly S, Chechik M. A survey of tool-supported assurance case assessment techniques. ACM Computing Surveys, 2020, 52(5): 101.

[63] Goal structuring notation tools. 2022. https://scsc.uk/gsn?page=gsn%206tools

[64] astah. Download astah software. 2023. https://astah.net/downloads/

[65] gsn2x. Tool to create graphical representations of goal structuring notations from YAML. 2023. https://github.com/jonasthewolf/gsn2x

[66] Argevide. Develop assurance case online with NOR-STA. 2023. https://www.argevide.com/assurance-case/

[67] Socrates. 2023. https://criticalsystemslabs.com/socrates/

[68] Adelard. ASCE software overview. 2023. https://www.adelard.com/asce/

[69] DEOS. D-Case Editor—A typed assurance case editor. 2023. https://www.jst.go.jp/crest/crest-os/tech/D-CaseEditor/index-e.html

[70] NTRS. AdvoCATE user guide. 2023. https://ntrs.nasa.gov/citations/20220009664

[71] Ishimatsu T, Leveson NG, Thomas J, Katahira M, Miyamoto Y, Nakao H. Modeling and hazard analysis using STPA. Int’l Association for the Advancement of Space Safety, 2010.

[72] DEOS. Welcome to dependability engineering for open systems. 2023. https://www.jst.go.jp/crest/crest-os/osddeos/index-e.html

[73] Harrison RL. Introduction to Monte Carlo simulation. AIP Conf. Proc., 2010, 1204(1): 17–21.

[74] Heckerman D. A tutorial on learning with Bayesian networks. In: Holmes DE, Jain LC, eds. Innovations in Bayesian Networks: Theory and Applications. Berlin, Heidelberg: Springer, 2008. 33–82. [doi: 10.1007/978-3-540-85066-3_3]

引用本文

陈泽众,邓玉欣.关于安全案例论证构建的综述.软件学报,2024,35(9):4013-4037

复制

文章指标

点击次数:
下载次数:
HTML阅读次数:
引用次数:

历史

收稿日期:2023-09-10
最后修改日期:2023-10-30
录用日期:
在线发布日期: 2024-01-05
出版日期: 2024-09-06

微信服务号

微信订阅号

引用本文

相关视频

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

相关视频

分享

微信扫一扫：分享

文章指标

历史

文章二维码