2/20/2015 Safety Assurance in Digital Safety Systems

2/20/2015
Safety Assurance in Digital Safety Systems
From Airplanes to Atoms
Nuclear Regulatory Commission
Regulatory Information Conference
Session TH35
12 March 2015
Dr. Darren Cofer
[email protected]
Similar concerns…
Safety-critical
Regulated
Replication for
fault-tolerance
Software
intensive
Fail-safe
Fail-op
2
Certification Process for Civil Aviation
Safety Assessment Process
Guidelines and Methods
(ARP 4761)
Intended
Aircraft
Function
Function, Failure, &
Safety Information
Operational
Environment
System Design
Functional
System
System Development Processes
(ARP 4754A)
Functions &
Requirements
Paper
intensive
process
Implementation
Guidelines for Integrated
Modular Avionics (DO-297)
Hardware Development
Life-Cycle (DO-254)
Supplements
supporting ModelBased Development
and Analysis
Software Development
Life-Cycle (DO-178C)
3
1
2/20/2015
Software is growing!
“Software providing essential JSF capability has
grown in size and complexity, and is taking longer
to complete than expected,” the GAO warned.
Pentagon: Trillion-Dollar Jet on Brink of
Budgetary Disaster, Wired 3/21/12
F-35
Similar curve
for commercial
aircraft
Source: D. Gary Van Oss (USAF), “Avionics Acquisition, Production, and Sustainment: Lessons
Learned – The Hard Way,” NDIA Systems Engineering Conference, Oct 2002.
4
•
Increased use of
software in safetycritical functions
•
Complexity of software
•
Incorporation of COTS
hardware/software
•
New technologies that
challenge the existing
certification process
•
Limitations of testing
for safety assurance
“Houston, we have
a problem.”
What can NRC learn from civil aviation experience?
5
Analytic Tools for Software Analysis
•
Mathematical techniques for the specification, development, and
verification of software aspects of digital systems
– Formal logic, discrete mathematics, and computer-readable languages
Motivated by the expectation that, as in other engineering
disciplines, performing appropriate mathematical analyses
on software-based systems can contribute to establishing
the correctness and robustness of a design
Analogy:
FEA for structures
6
2
2/20/2015
Research Results:
Mathematical Analysis Tools for Software-Based Systems
Resolute
Assurance Case
OSATE
AGREE
Behavioral Analysis
Trusted
Build
Lute
Structural
Analysis
Architecture Models
Architecture Translation
Architecture Analysis
A
C
Assumption: Input < 20
Guarantee: Output < 2*Input
Assumption: none
Guarantee: Output = Input1 + Input2
B
seL4
eChronos
Assumption: Input < 20
Guarantee: Output < Input + 15
Assumption: Input < 10
Guarantee: Output < 50
Kind/JKind
7
8
Tools
• Model-Based Development tools have been
successfully adopted by aviation industry for safetycritical software
• Analysis tools for software-based systems are
sufficiently mature and capable to be applied to real
projects
• Success at the software component (unit) level is
being replicated at the system level to manage
complexity
– Verification of safety properties of system architecture
– Assurance case integrated with system architecture
model
9
3
2/20/2015
Certification
• Certification processes change slowly
– Concerns of industry
– Concerns of regulators
• Certification guidance for airborne software has been
able to evolve to address new technologies
– Joint effort of industry and regulators
• Case studies are helpful to bridge the gap between
theory and practice
– Pilot projects can help in the transition
10
Cost matters
• Most defects occur in requirements/design phases
• Defects are more expensive to correct later in process
• Analysis tools can be used to reduce costs
– Early detection/elimination of design defects
– Automation of routine verification activities
• Multiple studies show good ROI
More info available at
Loonwerks.com
11
4