SHF: Small: Evolving Safety Cases in Agile Development Environments

SHF：小型：敏捷开发环境中不断演变的安全案例

• 批准号: 1909007
• 负责人: Jane Huang
• 金额: $ 44.71万
• 依托单位: University of Notre Dame
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1909007&HistoricalAwards=false
• 关键词: SHF; Small; Evolving; Safety; Cases

Software operating in safety-critical domains must not only support its intended functionality but must also be assuredly safe for use. Delivering such systems requires a rigorous and systematic hazard analysis to identify and mitigate potential hazards. Prior to deployment, a safety case is often constructed that provides claims, evidence, and arguments for system safety. Safety-critical systems have traditionally been engineered using carefully controlled processes which emphasize detailed planning, upfront design, and quality assurance. This has led to the phenomenon referred to as the 'big freeze' in which the cost, effort, and difficulty of introducing new functionality becomes prohibitively expensive. As a result, many organizations operating in safety-critical domains are adopting more agile approaches in which software is delivered on shorter release cycles. At the same time, organizations that have not traditionally worked in the safety domain are increasingly building Cyber-Physical Systems, such as factory-floor robots, unmanned aerial systems and medical devices, often without the knowledge or tools to support appropriate hazard analysis and safety assurance. These two trends -- emerging from opposite ends of the process spectrum -- point to a new way of developing safety-critical software, one which embraces the rigor of safety-critical development while benefiting from the more incremental, faster delivery cycles made possible by agile solutions.The research team will deliver an intelligent solution for creating, evolving, and using trace links within agile safety-critical project environments. The novel Software Artifact Forest Analysis (SAFA) approach will aid validators, verifiers, safety analysts, and other project stakeholders working in an agile environment to understand and analyze the impact of change upon an existing safety case, to assess the safety of the current system, and to evolve the safety case accordingly. The research will deliver a process workflow for guiding developers through the task of creating trace links, traceability solutions for automating the creation and evolution of trace links in an agile project, interactive solutions for visualizing how the system mitigates identified hazards, and techniques for supporting change impact analysis and maintenance of safety-assurance cases. The research directly addresses the emerging industrial challenge of adopting agile processes in safety-critical projects in order to address the `big freeze' problem. The algorithms, tools, and processes delivered through the project are expected to have significant industrial impact. This will be aided by the proactive engagement of industrial partners in test-driving novel and practical solutions produced throughout this project. Opportunities will be provided for broadening participation in computing by engaging underrepresented students at all stages of their academic careers in challenging research projects.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在安全 - 关键领域运行的软件不仅必须支持其预期功能，而且还必须确保使用安全。 提供此类系统需要严格而系统的危害分析，以识别和减轻潜在危害。 在部署之前，经常构建安全案例，以提供系统安全的索赔，证据和论点。 传统上，使用精心控制的过程对安全至关重要的系统进行了设计，该过程强调详细的计划，前期设计和质量保证。 这导致了这种现象被称为“大冻结”，在这种现象中，引入新功能的成本，精力和困难变得非常昂贵。 结果，许多在安全至关重要领域运行的组织都采用更敏捷的方法，在这些方法中，在较短的释放周期中交付了软件。 同时，传统上不在安全领域工作的组织越来越多地构建网络物理系统，例如工厂地板机器人，无人驾驶航空系统和医疗设备，通常没有知识或工具来支持适当的危害分析和安全保证。 这两种趋势 - 从过程频谱的相对端出现 - 指出了一种开发安全至关重要软件的新方式，该软件涵盖了严格的关键开发方式，同时受益于敏捷解决方案使得更快，更快的交付周期受益于敏捷解决方案的可能。新颖的软件伪影森林分析（SAFA）方法将帮助验证者，验证者，安全分析师和其他项目利益相关者在敏捷环境中工作，以了解和分析变更对现有安全案例的影响，以评估当前系统的安全性，并相应地进化安全案例。 这项研究将提供一个过程工作流程，以指导开发人员创建跟踪链接，可追溯性解决方案，以自动化敏捷项目中的痕量链接的创建和演变，交互式解决方案可视化系统如何减轻确定的危害，以减轻确定的危害，以支持安全案例的变化分析和维持安全案例。 该研究直接解决了在安全关键项目中采用敏捷过程的新兴工业挑战，以解决“大冻结”问题。 通过该项目提供的算法，工具和流程有望产生重大的工业影响。 这将有助于工业伙伴在整个项目中生产的测试驾驶小说和实用解决方案的积极参与。 将提供机会来扩大计算的参与，通过在其学术职业的各个阶段吸引代表性不足的学生在挑战研究项目中。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子的评估来支持的，并具有更广泛的影响。

项目成果

Prompts Matter: Insights and Strategies for Prompt Engineering in Automated Software Traceability

• DOI: 10.1109/rew57809.2023.00087
• 发表时间: 2023-08
• 期刊: 2023 IEEE 31st International Requirements Engineering Conference Workshops (REW)
• 作者: Alberto D. Rodriguez;Katherine R. Dearstyne;J. Cleland-Huang

Visualizing Change in Agile Safety-Critical Systems

可视化敏捷安全关键系统的变化

• DOI: 10.1109/ms.2020.3000104
• 发表时间: 2021
• 期刊: IEEE Software
• 影响因子: 3.3
• 作者: Cleland-Huang, Jane;Agrawal, Ankit;Vierhauser, Michael;Mayr-Dorn, Christoph
• 通讯作者: Mayr-Dorn, Christoph

SAFA: A Tool for Supporting Safety Analysis in Evolving Software Systems

SAFA：支持不断发展的软件系统安全分析的工具

• DOI: 10.1145/3551349.3559535
• 发表时间: 2022
• 作者: Rodriguez, Alberto D.;Newman, Timothy;Dearstyne, Katherine R.;Cleland-Huang, Jane
• 通讯作者: Cleland-Huang, Jane

Supporting Quality Assurance with Automated Process-Centric Quality Constraints Checking

• DOI: 10.1109/icse43902.2021.00118
• 发表时间: 2021-05
• 期刊: 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE)
• 作者: Christoph Mayr-Dorn;Michael Vierhauser;Stefan Bichler;Felix Keplinger;J. Cleland-Huang;Alexander Egyed;Thomas Mehofer

Hazard analysis for human-on-the-loop interactions in sUAS systems

• DOI: 10.1145/3468264.3468534
• 发表时间: 2021-08
• 期刊: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
• 作者: Michael Vierhauser;M. N. A. Islam;Ankit Agrawal;J. Cleland-Huang;J. Mason