Abstract
Important tasks in requirement engineering are resolving requirements inconsistencies between regulators and developers of safety-critical computer systems, and the validation of regulatory requirements. This paper proposes a new approach to the regulatory process, including formulating requirements and elaborating methods for their assessment. We address the differences between prescriptive and nonprescriptive regulation, and suggest a middle approach. Also introduced is the notion of a normative package as the collection of documents to be used by a regulator and provided to a developer. It is argued that the normative package should include not only regulatory requirements but also methods of their assessment. We propose the use of formal regulatory requirements as a basis for development of software assessment methods. This approach is illustrated with examples of requirements for protecting computer control systems against unauthorized access, using the Z notation as the method of formalization.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blyth, D., Boldyreff, C., Ruggles, C., Tetteh-Lartey, N.: The case for formal methods in standards. IEEE Software 7(5), 65–67 (1990)
Bowen, J.P.: Formal Specification and Documentation Using Z: A Case Study Approach. International Thomson Computer Press (1996)
Brown, S.: Overview of IEC 61508. Design of electrical/electronic/programmable electronic safety-related systems. Computing & Control Engineering Journal 11(1), 6–12 (2000)
Cortellessa, V., Cukic, B., Mili, A., Shereshevsky, M., Sandhu, H., Del Gobbo, D., Napolitano, M.: Certifying Adaptive Flight Control Software. In: Proceedings of the ISACC 2000 - The Software Risk Management Conference, Reston, VA, USA (2000)
McDermid, J.A., Pumfrey, D.J.: Software Safety: Why is there no Consensus? In: Proceedings of the 19th International System Safety Conference, Huntsville, AL, USA (2001)
Emmerich, W., Finkelstein, A., Montangero, C., Antonelli, S., Armitage, S., Stevens, R.: Managing standards compliance. IEEE Transactions on Software Engineering 25(6), 836–851 (1999)
Emmet, L., Bloomfield, R.: Viewpoints on Improving the Standards Making Process: Document Factory or Consensus Management? In: Proceedings of the Third International Software Engineering Standards Symposium (ISSES 1997),Walnut Creek, California, USA (1997)
Eriksson, L.-H.: Specifying Railway Interlocking Requirements for Practical Use. In: Proceedings of the 15th International Conference on Computer Safety, Reliability and Security (SAFECOMP 1996), Vienna, Austria (1996)
European Commission. Nuclear Safety and Environment. Common position of European nuclear regulators for the licensing of safety critical software for nuclear reactors. Report EUR 19265 (2000)
Fenton, N.E., Neil, M.: Astrategy for improving safety related software engineering standards. IEEE Transactions on Software Engineering 24(11), 1002–1013 (1998)
Hayhurst, K.J., Holloway, C.M.: Challenges in software aspects of aerospace systems. In: Proceedings of 26th Annual NASA Goddard Software Engineering Workshop (IEEE/NASA SEW-26 2001), Greenbelt, MD, USA, pp. 7–130 (2001)
IAEA Safety Standards Series No. GS-R-1. Legal and Governmental Infrastructure for Nuclear, Radiation, RadioactiveWaste and Transport Safety: Safety Requirements. International Atomic Energy Agency, Vienna (2000)
IAEA Safety Standards Series No. NS-G-1.1: Software for Computer Based Systems Important to Safety in Nuclear Power Plants. Safety Guide. In: International Atomic Energy Agency, Vienna (2000)
IEC 61508. Functional safety of electrical/electronic/ programmable electronic safety-related systems. Part 3: Software requirements. International Electrotechnical Commission (1998)
IEC 60880. Software for computers in the safety systems of nuclear power stations. Edn.: 1.0, International Electrotechnical Commission (1986)
IEEE Std 7-4.3.2-1993. IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations (1994)
ISO/IEC TR 10000-1:1998. Information technology – Framework and taxonomy of International Standardized Profiles – Part 1: General principles and documentation framework, 4th edn. (1998)
Kharchenko, V.S., Shostak, I.V., Manzhos, Y.S.: The Intelligent System for Licensing Critical Software. Aerospace Engineering and Technologies (4), 46–51 (2002) (in Russian)
Lutz, R.: Software Engineering for Safety: A Roadmap. In: Proceedings of the 22nd International Conference on Software Engineering (ICSE 2000), Limerick, Ireland, ACM, New York (2000)
NUREG BR-0303. Guidance for Performance-Based Regulation. Prepared by N.P. Kadambi, U.S. Nuclear Regulatory Commission,Washington, DC, USA (2002)
Penny, J., Eaton, A., Bishop, P.G., Bloomfield, A.E.: The Practicalities of Goal-Based Safety Regulation. In: Proceedings of the Ninth Safety-Critical Syste0ms Symposium, Bristol, UK, pp. 35–48 (2001)
Regulatory Guide 1.152. Criteria for Digital Computers in Safety Systems of Nuclear Power Plants. Revision 1, U.S. Nuclear Regulatory Commission,Washington, DC, USA (1996)
RTCA/DO-178B. Software Considerations inAirborne Systems and Equipment Certification. RTCA, Washington DC, USA (1992)
Spivey, J.M.: The Z Notation: A Reference Manual, 2nd edn. Prentice Hall International Series in Computer Science (1992)
Thuy, N.N.Q., Ficheux-Vapne, F.: IEC 880: feedback of experience and guidelines for future work. In: Proceedings of Second IEEE International Software Engineering Standards Symposium (ISESS 1995), pp. 117–126 (1995)
UK Def Stan 00-55 (Part 1)/Issue 2. Requirements for Safety Related Software in Defence Equipment. Part 1: Requirements (1997)
UK Def Stan 00-55 (Part 2)/Issue 2. Requirements for Safety Related Software in Defence Equipment. Part 2: Guidance (1997)
UK Def Stan 00-56 (Part 1)/Issue 2. Safety Management Requirements for Defence Systems. Part 1: Requirements (1996)
Vilkomir, S.A., Bowen, J.P.: Establishing Formal Regulatory Requirements or Safety-Critical Software Certification. In: Proceedings ofAQuIS 2002: 5th International Conference on Achieving Quality In Software and SPICE 2002: 2nd International Conference on Software Process Improvement and Capability Determination, Venice, Italy, pp. 7–18 (2002), Available http://www.uow.edu.au/~sergiy/aquis2002.pdf
Vilkomir, S.A., Kharchenko, V.S.: An “Asymmetric” Approach to the Assessment of Safety- Critical Software During Certification and Licensing. In: Proceedings of ESCOM-SCOPE 2000 Conference, Munich, Germany, pp. 467–475 (2000)
Vilkomir, S.A., Kharchenko, V.S.: Methodology of the review of software for safety important systems. In: Proceedings of ESREL 1999 - The Tenth European Conference on Safety and Reliability, Munich-Garching, Germany, vol. 1, pp. 593–596 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vilkomir, S.A., Ghose, A.K. (2004). Development of a Normative Package for Safety-Critical Software Using Formal Regulatory Requirements. In: Bomarius, F., Iida, H. (eds) Product Focused Software Process Improvement. PROFES 2004. Lecture Notes in Computer Science, vol 3009. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24659-6_38
Download citation
DOI: https://doi.org/10.1007/978-3-540-24659-6_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21421-2
Online ISBN: 978-3-540-24659-6
eBook Packages: Springer Book Archive