SHF: Small: Evolving Safety Cases in Agile Development Environments

SHF：小型：敏捷开发环境中不断演变的安全案例

• 批准号: 1909007
• 负责人: Jane Huang
• 金额: $ 44.71万
• 依托单位: University of Notre Dame
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1909007&HistoricalAwards=false
• 关键词: SHF; Small; Evolving; Safety; Cases

Software operating in safety-critical domains must not only support its intended functionality but must also be assuredly safe for use. Delivering such systems requires a rigorous and systematic hazard analysis to identify and mitigate potential hazards. Prior to deployment, a safety case is often constructed that provides claims, evidence, and arguments for system safety. Safety-critical systems have traditionally been engineered using carefully controlled processes which emphasize detailed planning, upfront design, and quality assurance. This has led to the phenomenon referred to as the 'big freeze' in which the cost, effort, and difficulty of introducing new functionality becomes prohibitively expensive. As a result, many organizations operating in safety-critical domains are adopting more agile approaches in which software is delivered on shorter release cycles. At the same time, organizations that have not traditionally worked in the safety domain are increasingly building Cyber-Physical Systems, such as factory-floor robots, unmanned aerial systems and medical devices, often without the knowledge or tools to support appropriate hazard analysis and safety assurance. These two trends -- emerging from opposite ends of the process spectrum -- point to a new way of developing safety-critical software, one which embraces the rigor of safety-critical development while benefiting from the more incremental, faster delivery cycles made possible by agile solutions.The research team will deliver an intelligent solution for creating, evolving, and using trace links within agile safety-critical project environments. The novel Software Artifact Forest Analysis (SAFA) approach will aid validators, verifiers, safety analysts, and other project stakeholders working in an agile environment to understand and analyze the impact of change upon an existing safety case, to assess the safety of the current system, and to evolve the safety case accordingly. The research will deliver a process workflow for guiding developers through the task of creating trace links, traceability solutions for automating the creation and evolution of trace links in an agile project, interactive solutions for visualizing how the system mitigates identified hazards, and techniques for supporting change impact analysis and maintenance of safety-assurance cases. The research directly addresses the emerging industrial challenge of adopting agile processes in safety-critical projects in order to address the `big freeze' problem. The algorithms, tools, and processes delivered through the project are expected to have significant industrial impact. This will be aided by the proactive engagement of industrial partners in test-driving novel and practical solutions produced throughout this project. Opportunities will be provided for broadening participation in computing by engaging underrepresented students at all stages of their academic careers in challenging research projects.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在安全关键领域运行的软件不仅必须支持其预期功能，而且还必须确保使用安全。 交付此类系统需要进行严格且系统的危害分析，以识别和减轻潜在危害。 在部署之前，通常会构建一个安全案例，为系统安全提供声明、证据和论据。 传统上，安全关键系统是使用精心控制的流程进行设计的，强调详细规划、前期设计和质量保证。 这导致了被称为“大冻结”的现象，其中引入新功能的成本、精力和难度变得异常昂贵。 因此，许多在安全关键领域运营的组织正在采用更敏捷的方法，在更短的发布周期内交付软件。 与此同时，传统上不从事安全领域工作的组织越来越多地构建网络物理系统，例如工厂车间机器人、无人机系统和医疗设备，但往往缺乏支持适当危害分析和安全的知识或工具保证。 这两种趋势——从过程谱的两端出现——指出了一种开发安全关键型软件的新方法，这种方法既拥抱安全关键型开发的严格性，同时又受益于通过以下方式实现的更多增量、更快的交付周期：敏捷解决方案。研究团队将提供智能解决方案，用于在敏捷的安全关键项目环境中创建、发展和使用跟踪链接。新颖的软件工件森林分析（SAFA）方法将帮助验证者、验证者、安全分析师和在敏捷环境中工作的其他项目利益相关者了解和分析变更对现有安全案例的影响，以评估当前系统的安全性，并相应地发展安全案例。 该研究将提供一个流程工作流程，用于指导开发人员完成创建跟踪链接的任务，用于在敏捷项目中自动创建和演变跟踪链接的可追溯性解决方案，用于可视化系统如何减轻已识别危险的交互式解决方案，以及支持变更的技术影响分析和安全保证案例的维护。 该研究直接解决了在安全关键项目中采用敏捷流程以解决“大冻结”问题的新兴工业挑战。 通过该项目交付的算法、工具和流程预计将产生重大的工业影响。 工业合作伙伴积极参与测试整个项目中产生的新颖实用的解决方案，这将有助于这一点。 通过让处于学术生涯各个阶段的代表性不足的学生参与具有挑战性的研究项目，将提供扩大计算机参与的机会。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Visualizing Change in Agile Safety-Critical Systems

可视化敏捷安全关键系统的变化

• DOI: 10.1109/ms.2020.3000104
• 发表时间: 2021-05
• 期刊: IEEE Software
• 影响因子: 3.3
• 作者: Cleland;Agrawal, Ankit;Vierhauser, Michael;Mayr
• 通讯作者: Mayr

Supporting Quality Assurance with Automated Process-Centric Quality Constraints Checking

通过以流程为中心的自动化质量约束检查来支持质量保证

• DOI: 10.1109/icse43902.2021.00118
• 发表时间: 2021-05-01
• 期刊: 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE)
• 作者: Christoph Mayr;Michael Vierhauser;Stefan Bichler;Felix Keplinger;J. Clel;Ale;er Egyed;er;Thomas Mehofer
• 通讯作者: Thomas Mehofer

SAFA: A Tool for Supporting Safety Analysis in Evolving Software Systems

SAFA：支持不断发展的软件系统安全分析的工具

• DOI: 10.1145/3551349.3559535
• 发表时间: 2022-10
• 期刊: 2022
• 作者: Rodriguez, Alberto D.;Newman, Timothy;Dearstyne, Katherine R.;Cleland
• 通讯作者: Cleland

Generating and visualizing trace link explanations

生成并可视化跟踪链接解释

• DOI: 10.1145/3510003.3510129
• 发表时间: 2022-05
• 期刊: IEEE Requirements Engineering Conference
• 作者: Liu, Yalin;Lin, Jinfeng;Anuyah, Oghenemaro;Metoyer, Ronald;Cleland
• 通讯作者: Cleland

Prompts Matter: Insights and Strategies for Prompt Engineering in Automated Software Traceability

提示很重要：自动化软件可追溯性中提示工程的见解和策略

• DOI: 10.1109/rew57809.2023.00087
• 发表时间: 2023-08-01
• 期刊: 2023 IEEE 31st International Requirements Engineering Conference Workshops (REW)
• 作者: Alberto D. Rodriguez;Katherine R. Dearstyne;J. Clel
• 通讯作者: J. Clel