SHF: Small: Evolving Safety Cases in Agile Development Environments

SHF：小型：敏捷开发环境中不断演变的安全案例

• 批准号: 1909007
• 负责人: Jane Huang
• 金额: $ 44.71万
• 依托单位: University of Notre Dame
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1909007&HistoricalAwards=false
• 关键词: SHF; Small; Evolving; Safety; Cases

Software operating in safety-critical domains must not only support its intended functionality but must also be assuredly safe for use. Delivering such systems requires a rigorous and systematic hazard analysis to identify and mitigate potential hazards. Prior to deployment, a safety case is often constructed that provides claims, evidence, and arguments for system safety. Safety-critical systems have traditionally been engineered using carefully controlled processes which emphasize detailed planning, upfront design, and quality assurance. This has led to the phenomenon referred to as the 'big freeze' in which the cost, effort, and difficulty of introducing new functionality becomes prohibitively expensive. As a result, many organizations operating in safety-critical domains are adopting more agile approaches in which software is delivered on shorter release cycles. At the same time, organizations that have not traditionally worked in the safety domain are increasingly building Cyber-Physical Systems, such as factory-floor robots, unmanned aerial systems and medical devices, often without the knowledge or tools to support appropriate hazard analysis and safety assurance. These two trends -- emerging from opposite ends of the process spectrum -- point to a new way of developing safety-critical software, one which embraces the rigor of safety-critical development while benefiting from the more incremental, faster delivery cycles made possible by agile solutions.The research team will deliver an intelligent solution for creating, evolving, and using trace links within agile safety-critical project environments. The novel Software Artifact Forest Analysis (SAFA) approach will aid validators, verifiers, safety analysts, and other project stakeholders working in an agile environment to understand and analyze the impact of change upon an existing safety case, to assess the safety of the current system, and to evolve the safety case accordingly. The research will deliver a process workflow for guiding developers through the task of creating trace links, traceability solutions for automating the creation and evolution of trace links in an agile project, interactive solutions for visualizing how the system mitigates identified hazards, and techniques for supporting change impact analysis and maintenance of safety-assurance cases. The research directly addresses the emerging industrial challenge of adopting agile processes in safety-critical projects in order to address the `big freeze' problem. The algorithms, tools, and processes delivered through the project are expected to have significant industrial impact. This will be aided by the proactive engagement of industrial partners in test-driving novel and practical solutions produced throughout this project. Opportunities will be provided for broadening participation in computing by engaging underrepresented students at all stages of their academic careers in challenging research projects.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在安全关键域中运行的软件不仅必须支持其预期功能，而且必须确保使用安全。 提供这种系统需要进行严格和系统的危险分析，以查明和减轻潜在的危险。 在部署之前，通常会构建一个安全案例，为系统安全性提供声明、证据和论据。 传统上，安全关键型系统的设计都是使用精心控制的流程，这些流程强调详细规划、前期设计和质量保证。 这导致了被称为“大冻结”的现象，其中引入新功能的成本、努力和困难变得极其昂贵。 因此，许多在安全关键领域运营的组织正在采用更敏捷的方法，其中软件在更短的发布周期内交付。 与此同时，传统上不从事安全领域工作的组织越来越多地构建网络物理系统，例如工厂车间机器人，无人驾驶航空系统和医疗设备，通常没有知识或工具来支持适当的危险分析和安全保证。 这两种趋势--从过程谱的两端出现--指向了一种开发安全关键型软件的新方法，这种方法既包含安全关键型开发的严格性，又受益于敏捷解决方案所带来的更快的增量交付周期。研究团队将提供一种智能解决方案，用于在敏捷安全关键型项目环境中创建、发展和使用跟踪链接。新的软件安全森林分析（SAFA）方法将帮助在敏捷环境中工作的验证者，验证者，安全分析师和其他项目利益相关者理解和分析变更对现有安全案例的影响，评估当前系统的安全性，并相应地发展安全案例。 该研究将提供一个过程工作流，用于指导开发人员完成创建跟踪链接的任务，可追溯性解决方案，用于自动化敏捷项目中跟踪链接的创建和演变，交互式解决方案，用于可视化系统如何减轻已识别的危险，以及支持安全保证案例的变更影响分析和维护的技术。 该研究直接解决了在安全关键项目中采用敏捷流程以解决“大冻结”问题的新兴工业挑战。 通过该项目交付的算法、工具和流程预计将产生重大的行业影响。 这将通过工业合作伙伴的积极参与来帮助测试整个项目中产生的新颖和实用的解决方案。 该奖项反映了NSF的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Prompts Matter: Insights and Strategies for Prompt Engineering in Automated Software Traceability

• DOI: 10.1109/rew57809.2023.00087
• 发表时间: 2023-08
• 期刊: 2023 IEEE 31st International Requirements Engineering Conference Workshops (REW)
• 作者: Alberto D. Rodriguez;Katherine R. Dearstyne;J. Cleland-Huang

Visualizing Change in Agile Safety-Critical Systems

可视化敏捷安全关键系统的变化

• DOI: 10.1109/ms.2020.3000104
• 发表时间: 2021
• 期刊: IEEE Software
• 影响因子: 3.3
• 作者: Cleland-Huang, Jane;Agrawal, Ankit;Vierhauser, Michael;Mayr-Dorn, Christoph
• 通讯作者: Mayr-Dorn, Christoph

SAFA: A Tool for Supporting Safety Analysis in Evolving Software Systems

SAFA：支持不断发展的软件系统安全分析的工具

• DOI: 10.1145/3551349.3559535
• 发表时间: 2022
• 作者: Rodriguez, Alberto D.;Newman, Timothy;Dearstyne, Katherine R.;Cleland-Huang, Jane
• 通讯作者: Cleland-Huang, Jane

Supporting Quality Assurance with Automated Process-Centric Quality Constraints Checking

• DOI: 10.1109/icse43902.2021.00118
• 发表时间: 2021-05
• 期刊: 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE)
• 作者: Christoph Mayr-Dorn;Michael Vierhauser;Stefan Bichler;Felix Keplinger;J. Cleland-Huang;Alexander Egyed;Thomas Mehofer

Generating and visualizing trace link explanations

生成并可视化跟踪链接解释

• DOI: 10.1145/3510003.3510129
• 发表时间: 2022
• 期刊: IEEE Requirements Engineering Conference
• 作者: Liu, Yalin;Lin, Jinfeng;Anuyah, Oghenemaro;Metoyer, Ronald;Cleland-Huang, Jane
• 通讯作者: Cleland-Huang, Jane