Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

of

Rtlws2013 Slide 1 Rtlws2013 Slide 2 Rtlws2013 Slide 3 Rtlws2013 Slide 4 Rtlws2013 Slide 5 Rtlws2013 Slide 6 Rtlws2013 Slide 7 Rtlws2013 Slide 8 Rtlws2013 Slide 9 Rtlws2013 Slide 10 Rtlws2013 Slide 11 Rtlws2013 Slide 12 Rtlws2013 Slide 13 Rtlws2013 Slide 14 Rtlws2013 Slide 15 Rtlws2013 Slide 16 Rtlws2013 Slide 17 Rtlws2013 Slide 18 Rtlws2013 Slide 19 Rtlws2013 Slide 20 Rtlws2013 Slide 21 Rtlws2013 Slide 22 Rtlws2013 Slide 23 Rtlws2013 Slide 24 Rtlws2013 Slide 25 Rtlws2013 Slide 26 Rtlws2013 Slide 27 Rtlws2013 Slide 28 Rtlws2013 Slide 29 Rtlws2013 Slide 30
Upcoming SlideShare
The ideal module system and the harsh reality
Next
Download to read offline and view in fullscreen.

0 Likes

Share

Download to read offline

Rtlws2013

Download to read offline

A Presentation about D-Case Editor, an open source assurance case editor.
Presented at RTLWS2013. Lugano, Switzerland, Oct 30, 2013

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Rtlws2013

  1. 1. D-Case Editor An Open Source Assurance Case Tool The University of Electro-Communications Yutaka Matsuno matsuno@is.uec.ac.jp ⓒ 2013 UEC Tokyo.
  2. 2. Contents • Assurance Cases (Safety Cases) • DEOS and D-Case Editor • D-Case Editor Implementation – Compliance to Assurance Cases Standards – Modules and Patterns • Concluding Remarks ⓒ 2013 UEC Tokyo.
  3. 3. Assurance Case • A structured argument, supported by a body of evidence that provides a compelling, comprehensible and valid case that a system is safe for a given application in a given environment (City Univ Evidence London) Ex fault tree analysis result ゴール Evidence Ex. System is safe Evidence Argument Structure
  4. 4. Assurance Case • Case: All the reasons that one side in a legal argument can give against the other side. • Assurance Case is called safety case when arguing safety, dependability case when dependability, … • The term “Assurance Cases” is defined in ISO/IEC 15026: Systems and software engineering -- Systems and software assurance Assurance Case Safety Case Dependability Case Security Case …
  5. 5. Background of Assurance Cases • Piper Alpha Disaster (1988,167 dead) and many serious disasters since 1970– Not only prescriptive procedures, but argument why the safety is achieved by such procedures, based on evidence • Prescriptive and Goal Based regulations – Prescriptive: check safety lists given by standards – Goal Based: develop argument that the given safety goal is achieved -> Safety Cases (Lord Cullen’s Piper Alpha Disaster Report) – ISO26262 (automotive functional safety standard), EUROCONTROL (Eurocontrol, 2006), the Rail Yellow Book (Rail Track, 2000), and MoD Defense Standard 00-56 (MoD, 2007) require safety cases
  6. 6. Safety Cases in UK and World • UK (EU): “Using safety cases in industry and health care”, UK Health Foundation, 2012.12 – Avionics, Automobile, Defense, Atomic Plant, Oil, Railway, Medical and Health Devices http://www.health.org.uk/publications/using -safety-cases-in-industry-and-healthcare/ • World – USA: medical device such as infusion pomp – Japan: New, but because of ISO26262, several companies are now studying safety cases
  7. 7. Assurance Case Notation • Mostly by natural languages • Graphical Notations – CAE(Claim, Argument, Evidence) by Adelard, UK – GSN(Goal Structuring Notation) by Univ of Yok, UK CAE GSN CAE and GSN are essentially the same, and the metamodel is standardized as OMG SACM (structured assurance case metamodel)
  8. 8. GSN Example Goal Context Strategy Evidence Written with D-Case Editor
  9. 9. Cons for Safety Cases • Most papers about safety cases express personal opinions or deal with how to prepare a safety case, but not whether it is effective. (Nancy Leveson, MIT)
  10. 10. Contents • Assurance Cases • DEOS and D-Case Editor • D-Case Editor Implementation – Compliance to Assurance Cases Standards – Patterns and Modules • Concluding Remarks ⓒ 2013 UEC Tokyo.
  11. 11. DEOS and D-Case DEOS (Dependable Embedded Operating System) project funded by Japan Science and Technology Agency (2006.10 – 2014.3) •http://www.dependable-os.net/osddeos/index-e.html, or google “DEOS” •D-Case project, a sub project for assurance cases (2010.4-) (Dependability) – Tool Implementation, Lectures, meetings, case studies, standardization, … ⓒ 2013 UEC Tokyo.
  12. 12. D-Case Meetings • 2012.9.14(Nagoya), 12.20(Nagoya), 2013.4.19(Tokyo), 2013.10.22(Tokyo) Discussions Introduction of assurance cases in industries Use in ISO26262 Visibility of GSN, etc Participants Toyota、Yokogawa Electronics、Japan IBM、 Ogis RI、NTT Data、Denso Create、 Fuji Xerox, etc More than 60 participants http://www.dcase.jp (English page soon to be open) ⓒ 2013 UEC Tokyo.
  13. 13. D-Case Editor • An Open, Eclipse based GSN editor (2010.4-) – http://www.dependable-os.net/tech/DCaseEditor/index-e.html – GitHub https://github.com/d-case/d-case_editor • From Oct 2013, Eclipse Public Lisence • Purposes – Writing, presenting, sharing GSN • A few hundred downloads, tested by D-Case meeting participants and researchers in world – Prototyping for research ⓒ 2013 UEC Tokyo.
  14. 14. D-Case Editor Snapshot GSN nodes Eclipse Workspace Projects D-Case extensions Canvas ⓒ 2013 UEC Tokyo.
  15. 15. Feedbacks from Industries • Comments from Adelard, U York, Thales, OSADL, NASA, Denso Create (and many Japanese companies), … ⓒ 2013 UEC Tokyo.
  16. 16. D-Case Editor Functions Requirements from Industry Functions Editing and Viewing Graphical Editing Focusing Automatic Sub tee constructions Maintenance Module/Pattern, Word dictionary Change management Consistency Checking Simple type check on parameters D-Case/Agda (Proof Assistant Tool) Conversion to other formats Excel/PowerPoint OMG SACM Sharing among stakeholders D-Case Server (using Alfresco) Tool Chains Benchmark tools (DSN2012) SysML/UML Tools Experimental chain with Reqtify, Redmine, … ⓒ 2013 UEC Tokyo. Today’s topic Already implemented Partly implemented
  17. 17. Contents • Assurance Cases • DEOS and D-Case Editor • D-Case Editor Implementation – Compliance to Assurance Cases Standards – Modules and Patterns • Concluding Remarks ⓒ 2013 UEC Tokyo.
  18. 18. Compliance to Assurance Cases Standards • Compliance to standards is important – OMG SACM at OMG system assurance task force • SACM = Structured Assurance Case Metamodel • Harmonizing CAE and GSN – GSN Community Standard v1.0 (2011) • When implementing GSN Community Standard, we have several design choices • By showing our design choices, we hope to facilitate assurance case tool implementation ⓒ 2013 UEC Tokyo.
  19. 19. GSN Community Standard v1.0 • Part 0 Introduction and Concepts • Part 1 Definition of GSN • Annexes to Part 1 – Extension to GSN to support argument patterns – Modular extensions to GSN • Part 2 Guidance on the development and evaluation of goal structures • Annexes to Part 2 ⓒ 2013 UEC Tokyo.
  20. 20. GSN Modules B1.3.2.3 Contract modules can be used in the support relationship between modules to aid decoupling as shown in Figure 32. This de-coupling permits argument module construction in cases where the eventual source of support for an argument is unknown at the time of authoring or can be changed for example through re-use or planned product improvement or reconfiguration. (GSN Standard, p23) Current Implementation ⓒ 2013 UEC Tokyo.
  21. 21. GSN Patterns We focus on parameters ⓒ 2013 UEC Tokyo.
  22. 22. Design Choices for Modules (GSN Standard, p.17) • What is module? “module” is not so clearly defined – Interpret module as “a GSN tree with one top goal” Argument = GSN? • Away goals, solutions, contexts, … We do not want to introduce “away” nodes for each kind of GSN nodes (too many kinds of nodes) ⓒ 2013 UEC Tokyo.
  23. 23. Design Choices for Modules (GSN Standard p.17) • Away goals by color change Referring node as green Referred node as orange ⓒ 2013 UEC Tokyo.
  24. 24. Inter-Module notation • Automatically generate inter-module notation GSN Community Standard, P23 ⓒ 2013 UEC Tokyo.
  25. 25. Snapshot of GSN modules for LAN device management system Architecture ⓒ 2013 UEC Tokyo.
  26. 26. Some issues in Parameters We focus on parameters How to define parameters? What is the scope of parameters? In {System X}, what is “System”? ⓒ 2013 UEC Tokyo.
  27. 27. Design Choices for Patterns • Use context nodes to define parameters • Scope is subtree of goal of the context • Introduce types for parameters – Currently Int, double, string, enum ⓒ 2013 UEC Tokyo.
  28. 28. A Snap Shot of Parameter Definition of Availability Definition of SIL Scope of SIL Scope of Availability ⓒ 2013 UEC Tokyo.
  29. 29. Publically available tools we have tested Tool Name Platform Notations GSN Modules GSN Patterns ASCE (Adelard) None (Windows XP or later) GSN, CAE Partly? Not yet? Visio Plug-in (York) Visio GSN Not yet? Not yet? NASA CertWare (Open Source) Eclipse GSN, CAE, etc Not yet Not yet GSN Editor Web browser GSN Not yet Not yet Eclipse GSN Partly (Contract nodes are not done) Partly (Only Parameters) (Dependable Computing LLC) D-Case Editor (DEOS) Others: AdvoCATE(NASA, will be open source), AutoFOCUS3, acedit(York, not tested) E-Safety Case(Praxis), GSN CaseMaker(ERA), ISCADE, ISIS High ⓒ 2013 UEC Tokyo. Integrity Solution, TACE,…
  30. 30. Concluding Remarks • D-Case Editor, an open source assurance case editor • Tool Implementation, Use in Industries, Standardization should be co-developed Tool Implementation Open Source Development Standardization Use in industries ⓒ 2013 UEC Tokyo.

A Presentation about D-Case Editor, an open source assurance case editor. Presented at RTLWS2013. Lugano, Switzerland, Oct 30, 2013

Views

Total views

628

On Slideshare

0

From embeds

0

Number of embeds

1

Actions

Downloads

12

Shares

0

Comments

0

Likes

0

×