Presentation on theme: "João Batista Camargo Jr Safety Analysis Group (GAS) www.gas.pcs.poli.usp.br Computer and Digital Systems Engineering Department (PCS) Escola Politécnica."— Presentation transcript:
João Batista Camargo Jr Safety Analysis Group (GAS) www.gas.pcs.poli.usp.br Computer and Digital Systems Engineering Department (PCS) Escola Politécnica da Universidade de São Paulo (Poli-USP) São Paulo, Brazil “Challenges in Safety Certification of ATC in view of New Technologies” Fórum de TI para ATM/CDM 18/11/2014 XIII SITRAER
Safety Certification Safety: high-level emergent property of the whole system, not of it’s isolated parts (sw, hw, operational procedures, etc…) Safety analysis process: should identify the contributions of their several elements in ATC Complex interdependencies among a large and growing number of elements in ATC.
System Complexity: composed of interconnected parts that as a whole present one or more properties (behavior among the possible properties) not obvious from the properties of the individual parts. What we understand as “System Complexity”? …differs from complicated… Complexity raises from the interaction between two or more components of a system. Such interactions lead to a system behavior that is difficult to determine analyzing its components in isolation. The cause-effect relationship of problems are not evident.
Traditional methods for safety analysis (FTA, FMEA, FMECA,…) are based on functional hierarchical decomposition. The interaction among components can lead to emergent misbehaviors which are a concern in complex systems. Coupled systems are prone to failure propagation. Interactivity and coupling are growing in modern systems. Complexity x Safety – Challenges
Simulation may imply simplification in modeling removing the complexity that should be observed. Timing…must be considered… To model a complex system, we have to impose constrains. But these constrains may lower the capability of Dependability Verification. Complexity x Modeling and Simulation
…..more challenges…. Specification of evidence content: what information is necessary to be provided as evidence in a given domain and for a particular set of applicable standards. Construction of safety cases: providing methodological guidance for safety case construction and ways to decompose the arguments and the evidence in a way that permits more precise and effective demonstration of compliance.
Capturing the degree of credibility or relevance of the evidence: different evidence items could have different levels of credibility depending on their source, or different degrees of contribution towards the satisfaction of different compliance requirements. One needs to be able to assign weights to the evidence items or to the links between the evidence items and the safety arguments. Examples: Problems that directly affect the system safety… Problems that affect the safety integrity level… Better development processes and better evidence about process compliance: better development processes for safety-critical systems which make it not so difficult to rigorously verify that the development process followed is in compliance with safety standards.
Certification of systems made up of components and subsystems: challenges related to construction, structuring and assessment of evidence for systems that reuse existing components and subsystems (e.g. COTS software, sw compilers, sw languages, etc…). Safety certification of isolated parts does not guarantee the system (set of parts) safety. Demonstration of compliance for novel technologies: provision of evidence for and certification of systems that make use of technologies that are novel for safety-critical systems.(adaptive systems, FPGA, Matlab/Simulink)
Ambiguities in safety standards: multiple interpretations of the evidence requirements in the standards as a source of certification issues. Need for providing objective argumentation: how evidence fulfills the safety requirements by argumentation?
……some of our researches…. A practical analytical approach with the goal of increasing the confidence in software safety arguments through the elaboration and assessment of counter- evidence that emerge from software failure modes due to robustness issues and not due to functional hierarchical decomposition.
...it is not possible to mathematically prove safety,...we must verify robstuness for safety...in all levels...(since conception, requirements..... until implementation)...The Safety Critical Systems must be developed and certified to be more Robust with focus on Safety..
Thank You for your attention!! João Batista Camargo Junior email@example.com Phone: +55 11 3091-5401 Fax: +55 11 3813-7415 Safety Analysis Group (GAS) www.gas.pcs.poli.usp.br Computer and Digital Systems Engineering Department (PCS) Escola Politécnica da Universidade de São Paulo (Poli-USP) São Paulo, Brazil