AuthorsR. K. Panesar-Walawege, L. Briand, M. Sabetzadeh and T. Coq
EditorsM. Gaudel, A. R. Cavalli and S. Ghosh
TitleCharacterizing the Chain of Evidence for Software Safety Cases: a Conceptual Model Based on the IEC 61508 Standard
AfilliationSoftware Engineering, Software Engineering
Publication TypeProceedings, refereed
Year of Publication2010
Conference NameThird IEEE International Conference on Software Testing, Verification and Validation (ICST)
PublisherIEEE Computer Society
ISBN Number978-0-7695-3990-4

Increasingly, licensing and safety regulatory bodies require the suppliers of software-intensive, safety-critical systems to provide an explicit software safety case - a structured set of arguments based on objective evidence to demonstrate that the software elements of a system are acceptably safe. Existing research on safety cases has mainly focused on how to build the arguments in a safety case based on available evidence; but little has been done to precisely characterize what this evidence should be. As a result, system suppliers are left with practically no guidance on what evidence to collect during software development. This has led to the suppliers having to recover the relevant evidence after the fact - an extremely costly and sometimes impractical task. Although standards such as the IEC 61508 - which is widely viewed as the best available generic standard for managing functional safety in software - provide some guidance for the collection of relevant safety and certification information, this guidance is mostly textual, not expressed in a precise and structured form, and is not easy to specialize to context-specific needs. To address these issues, we present a conceptual model to characterize the evidence for arguing about software safety. Our model captures both the information requirements for demonstrating compliance with IEC 61508 and the traceability links necessary to create a seamless chain of evidence. We further describe how our generic model can be specialized according to the needs of a particular context, and discuss some important ways in which our model can facilitate software certification.