first opencoss eab · pdf filefirst opencoss eab meeting toulouse, september 23-24, ... best...

1

© OPENCOSS – First Project Review, Brussels, June 19, 2012

First OPENCOSS EAB Meeting

Toulouse, September 23-24, 2013

Agenda (1/2): Monday, Sept 23, 2013

2© OPENCOSS – First EAB Meeting, Toulouse, September 23-24, 2013

Welcome Session [10:30am – 11:00am]

Overview Session [11:00am – 12:30am]• The need / The scope / Our vision / Expectations (T im Kelly)• Role of EAB and quick Round table• OPENCOSS usage scenarios (Huascar Espinoza)• Q&A

Expectation of industry [12:30 – 1pm] • Automotive, Avionics, Railway – (Cedric Chevrel, Lau rent de la Beaujardiere) • Q&A

Technical Session [2pm – 4pm]• Common Certification Language (Jose-Luis de la Vara ) • Evidence management infrastructure (Jose-Luis de la Vara) • Process management infrastructure (Jérôme Lambourg) • Reuse and composability strategy (Tim Kelly) • Q&A

Coffee break [15:30]

Round table – Discussion on challenges (Tim Kelly wi th Andrea Palermo) [4pm – 5pm]

Agenda (2/2): Tuesday, Sept 24, 2013


Round table – Best Practises & Solutions (Tim Kelly, Huascar Espinoza) [9am –12am]

• Group work: Feedback from experience

Coffee break [10:30]

• Feedback from experience• Wrap up

Shared session with SASSUR [2pm – 4pm]

• Present the results of the morning discussion (for open discussion)

Meeting Attendees: EAB Members


Meeting Attendees: OPENCOSS Consortium


Open Platform for EvolutioNary

Certification Of Safety-critical Systems

Large-scale integrating project (IP)

Project Objectives and Overview

First EAB Meeting

Toulouse, September 23, 2013

Tim Kelly

OPENCOSS Technical Coordinator

The three motivating factors behind OPENCOSS

7

• Initial & Rework Costs

• Coping with Risks

– Deploying a safe system

– Certification risks

• Acceptance of Innovative

Technologies/Methods

– System development approaches

– Certification approaches

Goals

Risks

© OPENCOSS – First EAB Meeting, Toulouse, September 23-24, 2013

The OPENCOSS Objectives


9

The OPENCOSS Objectives

1. Create a cross-domain and standardized conceptual

framework to specify and manage certification assets

(e.g. goals, claims, evidence).

2. Develop a compositional safety assurance approach to

enable cost-effective reuse of pre-qualified building

blocks.

3. Develop an tool platform for evolutionary and

transparent safety assurance with the ability to automate

the most labor-intensive certification-related activities

(e.g. evidence & compliance management, metrics).


10

The OPENCOSS Mission

Integrating Engineering &

Certification from Early Stages

Guidance to Follow an Cost-

effective Certification

Reuse of Certification Assets

Automate labor-intensive

certification-related activities

1

2

3

4

Levels of

Capability

Maturity

Reuse across projects

(same standards)

Reuse across projects

(different standards)

Reuse across domains Reuse across

countries


OPENCOSS at a Glance

11

External Advisory Board: 21 membersfrom industry, regulation organizations,academia


Tangible Outcomes Targeted

12

Conceptual Certification

Framework

Safety Certification Management

Infrastructure

Target for

Standardization

Target for Open

Source Services

• Conceptual Certification Framework� The common certification language (CCL)

� A compositional certification approach.

• Safety Certification Management Infrastructure� Management of a Evolutionary evidential chain

� Management of visible and transparent certification process

�Management of a Compliance-Aware Process


The Common Certification Language

13

Goals:

� Getting mutual understanding of fundamental concepts

of safety assurance and certification

� Reconciling argument-based and standards-based

approaches to certification

� Devising, based on the common concepts, domain-

specific “solutions”

� Facilitating reuse of safety assurance and certification

assets


The Common Certification Language

14

Co

nce

ptu

al le

ve

l

Top Level GoalThe ‘aircraft’ is acceptably safe for

operations

Argument based on a comprehensive safety case to reduce risk via

a safe design, safe operation and safe

environment

ContextAcceptably Safe

ContextSOIU

Top Level GoalThe ‘aircraft’ is acceptably safe for

operations



environment


ContextSOIU

Goal 3Safety management arrangements are such that the

interface between the ‘aircraft’, its operating infrastructure and the environment in which the ‘ai rcraft’

is operated is maintained adequately safe.

Goal 2‘Aircraft’operations are managed and carried out with appropriate

safety

Goal 4Co-ordinated safety management activities

ensure that all risks remain broadly acceptable or tolerable and ALARP, or

management action is initiated

Goal 1The design and build of the

‘aircraft’ is such that the aircraft may be operated safely.








safety


safety











Top Level GoalThe ‘aircraft’is acceptably safe for

operations



environment


ContextSOIU

Top Level GoalThe ‘aircraft’is acceptably safe for

operations



environment


ContextSOIU





safety





‘aircraft’is such that the aircraft may be operated safely.








safety


safety











Sta

nd

ard

-sp

eci

fic

Pro

ject

-sp

eci

fic

Safety assurance &

certification processes

Safety cases

& evidence

repository

Process execution

assessment

CCL provides the core

concepts organized in

semantically related groups

Compliance managementSafety Argumentation

Evidence Characterization

IEC 61508EN 50126

ISO 26262

Gu

ida

nce

National

Rules

Re

qu

ire

me

nts

FAR 25

EN 50128

EN 50129

EN 50159

ARP4761

ARP4754

DO297

DO178

DO254

UE rules

ERMTS

UE

216/2008

CS 25

IR 21 PART 21

Cert. Project

Railways X

Cert. items

Railways X.1

Cert. Project

Avionics Y

Cert. items

Avionics X-Y.1

Re

-use

Definition of certification scope

Cert. items

Railways X.2Cert. items

Avionics Y.2

Mappings

e.g. SBVR

CCF

propositional

language

CCL Vocabulary


A Compositional Certification Approach

15

Goals

� Defining a compositional, contract-based certification

approach compatible with the CCL.

� Using the contracts for integration of assured

components.

� Assessing emergent properties or unexpected

interactions which may arise during integration

� Preserving the chain of evidence across these processes



17

Principles:

1. A change to a design element (Component, RTOS, etc.) should only

affect the corresponding module, and not impact the entire argument.

2. Assurance Case Modules can be composed if: (a) Goals match and (b)

Context is compatible.

3. Results can be recorded in a assurance case contract.

4. Establish a defined record of the inter assurance case agreement:

Supports management of change!...

5. Change scenarios include: hardware vendor change, addition of a

single application, addition of extra processing nodes, change of data

bus.



18

Component A -new domain requires

new standards,similar safety system

Component A -new domain requires

new standards, and new type of system

challenges safetyassumptions

Component A - no new standards,

but new system challenges

assumptions

Component A - original certification

Different Systems

Diff

eren

t Dom

ains


Safety Certification Management Infrastructure

19

Goals:

�Management of Standards-related information and interpretations

(storage, classification, traceability, searching).

�Assurance-case – centered approach for structured management of

certification assets (e.g. arguments, evidence).

�Management of evidence evolution and change gap analysis.

�Tool assistance for enabling transparent process management through

metrics and estimations.

�Integration with state-of-the-practice engineering tools (e.g. DOORS,

Simulink, Word, Excel, Medini Analyze,…).


20

State of the Practice

Reports and artefacts

Reports

Unawareness of the

certification processEngineers

A t

yp

ica

l o

rga

niz

ati

on

pro

du

cin

g

safe

ty-c

riti

cal

syst

em

s

Safety Manager

Repository

Executive

Authorities Independent Assessor

Difficulties in

interpretations and

communication of

argumentation

Data exists on

many places,

with different

formats,

multiple copies

and versions

a

b

d

Time-consuming

to compile

reports,

artefacts &

difficult to

retrieve

c

No transparency on

costs estimationse


21

OPENCOSS Vision

OPENCOSSEngineers

Safety Manager

Executive

Independent Assessor

a

b

cd

e

Authorities

Harmonized and

synchronized agreements

in interpretations

Transparent Safety

Assurance Costs and

Estimations

Awareness of

compliance and the

certification process

Centralized

management of safety

assurance assets

The Safety Case concept

provides an understandable

compilation of safety

argumentation and evidence

External Tools


Conclusions

22

• Activities and deliverables on track

• Finding a “common OPENCOSS vision” and

borderline implied a significant effort

• Technical risks handled by

• Scoping work and “prototyping” approach

• Reuse of existing approaches (projects, standards)

• Adoption risks handled by:

• Deploying EAB and industrial outreach plan

(workshops, events)

• External Training program


first opencoss eab · pdf filefirst opencoss eab meeting toulouse, september 23-24, ... best...

Documents