Skip to main content
SpringerLink
Log in

A profile and tool for modelling safety information with design information in SysML

  • Regular Paper
  • Published:
Software & Systems Modeling Aims and scope Submit manuscript

Abstract

Communication both between development teams and between individual developers is a common source of safety-related faults in safety–critical system design. Communication between experts in different fields can be particularly challenging due to gaps in assumed knowledge, vocabulary and understanding. Faults caused by communication failures must be removed once found, which can be expensive if they are found late in the development process. Aiding communication earlier in development can reduce faults and costs. Modelling languages for design have been shown through practical experience to improve communication through better information presentation and increased information consistency. In this paper, we describe a SysML profile designed for modelling the safety-related concerns of a system. The profile models common safety concepts from safety standards and safety analysis techniques integrated with system design information. We demonstrate that the profile is capable of modelling the concepts through examples. We also show the use of supporting tools to aid the application of the profile through analysis of the model and generation of reports presenting safety information in formats appropriate to the target reader. Through increased traceability and integration, the profile allows for greater consistency between safety information and system design information and can aid in communicating that information to stakeholders.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22

Similar content being viewed by others

Notes

  1. http://ttool.telecom-paristech.fr/avatar.html.

  2. The OMG is also responsible for the UML and SysML standards.

  3. MARTE, like UML, is designed to be easy to extend.

  4. A powerful open-source modelling tool is the Papyrus project, which adds modelling capabilities for UML, SysML and several other languages to the Eclipse Framework. See http://www.eclipse.org/papyrus/.

  5. Note that the types presented here for the tagged values are an example; see Sect. 3.4 for details.

    Fig. 2
    figure 2

    The SafeML profile elements relating to hazardous events

    Full size image
    Fig. 3
    figure 3

    The SafeML profile elements relating to defences

    Full size image
    Table 1 SafeML::Hazard specification
    Full size table
    Table 2 SafeML::Harm specification
    Full size table
    Table 3 SafeML::HarmContext specification
    Full size table
    Table 4 SafeML::ContextDetector specification
    Full size table
    Table 5 SafeML::PassiveDefence specification
    Full size table
    Table 6 SafeML::ActiveDefence specification
    Full size table
    Table 7 SafeML::DefenceResult specification
    Full size table

  6. Defence elements should not be decomposed into further Defence elements; this has no semantic meaning in SafeML.

  7. SafeML treats defences as independent.

  8. It is common practice in SysML to only represent top-level requirements in Requirements diagrams, with the remainder entered in a tabular view of the model.

  9. The ability to alter how information is presented without altering the underlying structure of the model is a benefit of describing safety information in a model.

  10. If the kettle did not have a lid covering the water tank, we might find a context for water burns due to the ease of spilling water out of an uncovered tank while pouring.

  11. Although it could be possible to deal with it by placing a prominent warning on the kettle about watching the boiling process constantly, we are assuming for this example that such a defence will not provide sufficient safety.

  12. A system may have multiple defences in place in case one fails.

  13. http://www.sparxsystems.com/products/ea/index.html.

  14. We note that this calculation may or may not be suitable for use in real systems, whether or not it is possible to quantify the safety of a system is still debated. Our purpose in this section is merely to show that a model allows such calculations to be made automatically.

  15. See Sect. 3.4 for a description of what a probability may be.

  16. These are reliability concerns, not safety concerns.

References

  1. Addouche, N., Antoine, C., Montmain, J.: UML models for dependability analysis of real-time systems. In: IEEE international conference on systems, man and cybernetics, 2004, vol. 6, pp. 5209–5214 (2004). doi:10.1109/ICSMC.2004.1401021

  2. Anda, B., Hansen, K., Gullesen, I., Thorsen, H.K.: Experiences from introducing UML-based development in a large safety-critical project. Empir. Softw. Eng. 11(4), 555–581 (2006). doi:10.1007/s10664-006-9020-6

    Article  Google Scholar 

  3. Basin, D., Clavel, M., Egea, M.: A decade of model-driven security. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT ’11, pp. 1–10. ACM, New York, NY (2011). doi:10.1145/1998441.1998443

  4. Basin, D., Doser, J., Lodderstedt, T.: Model driven security. In: Broy, M., Grnbauer, J., Harel, D., Hoare, T. (eds.) Engineering Theories of Software Intensive Systems, NATO Science Series, vol. 195, pp. 353–398. Springer, Netherlands (2005). doi:10.1007/1-4020-3532-2_12

    Chapter  Google Scholar 

  5. Bernardi, S., Merseguer, J., Petriu, D.: A dependability profile within MARTE. Softw. Syst. Model. 10, 313–336 (2011). doi:10.1007/s10270-009-0128-1

    Article  Google Scholar 

  6. Biffl, S., Mordinyi, R., Schatten, A.: A model-driven architecture approach using explicit stakeholder quality requirement models for building dependable information systems. In: Fifth International Workshop on Software Quality, 2007. WoSq’07: ICSE Workshops 2007, p. 6 (2007). doi:10.1109/WOSq.2007.1

  7. Bondavalli, A., Dal, Cin M.: Dependability analysis in the early phases of UML based system design. J. Comput. Syst. Sci. Eng. 16(5), 265–275 (2001)

    Google Scholar 

  8. Douglass, B.P.: Doing Hard Time: Developing Real-Time Systems with UML, Objects, Frameworks and Patterns, Chap. 4. Addison-Wesley, Reading, MA (1999)

    Google Scholar 

  9. Douglass, B.P.: Analyze System Safety Using UML within the IBM Rational Rhapsody Environment. Technical report, Rational Software, IBM Software Group (2009)

  10. Feiler, P.H., Gluch, D.P., Hudak, J.J.: The Architecture Analysis & Design Language (AADL): An Introduction. Technical report, Software Engineering Institute, Carnegie-Mellon University, Pittsburgh (2006)

  11. Fernndez Briones, J., Miguel, M., Silva, J., Alonso, A.: Application of safety analyses in model driven development. In: Obermaisser, R., Nah, Y., Puschner, P., Rammig, F. (eds.) Software Technologies for Embedded and Ubiquitous Systems. Lecture Notes in Computer Science, vol. 4761, pp. 93–104. Springer, Berlin (2007). doi:10.1007/978-3-540-75664-4_10

  12. Friedenthal, S., Moore, A., Steiner, R.: A Practical Guide to SysML: The Systems Modeling Language. Morgan Kaufmann, Los Altos, CA (2009)

    Google Scholar 

  13. Frlund, S., Koistinen, J.: Quality-of-service specification in distributed object systems. Distrib. Syst. Eng. 5(4), 179 (1998). http://stacks.iop.org/0967-1846/5/i=4/a=005

  14. Hatebur, D., Heisel, M., Jrjens, J., Schmidt, H.: Systematic development of UMLsec design models based on security requirements. In: Giannakopoulou, D., Orejas, F. (eds.) Fundamental Approaches to Software Engineering. Lecture Notes in Computer Science, vol. 6603, pp. 232–246. Springer, Berlin (2011). doi:10.1007/978-3-642-19811-3_17

    Chapter  Google Scholar 

  15. Hause, M., Thom, F.: An integrated safety strategy to model driven development with SysML. In: Second Institution of Engineering and Technology International Conference on System Safety, 2007, pp. 124–129 (2007)

  16. Hayhurst, K., Holloway, C.: Challenges in software aspects of aerospace systems. In: Proceedings of the 26th Annual NASA Goddard on Software Engineering Workshop, 2001, pp. 7–13 (2001). doi:10.1109/SEW.2001.992649

  17. Hill, J., Dabholkar, A., Kavimandan, A., Balasubramanian, J., Abdelwahed, S.: A platform independent component QoS modeling language for distributed real-time and embedded systems. Technical report, Vanderbilt University (2007)

  18. Huhn, M., Hungar, H.: UML for software safety and certification: Model-based development of safety-critical software-intensive systems. In: Proceedings of the 2007 International Dagstuhl Conference on Model-Based Engineering Of Embedded Real-Time Systems, MBEERTS’07, pp. 201–237. Springer, Berlin (2010). http://dl.acm.org/citation.cfm?id=1927558.1927569

  19. IEC 60812 Analysis techniques for system reliability—Procedure for failure mode and effects analysis (FMEA) (2006)

  20. IEC 61205 Fault tree analysis (FTA) (2006)

  21. IEC 61508 Functional safety of electrical/electronic/program mable electronic safety-related systems (2010)

  22. IEC 61508 Functional safety of electrical/electronic/program mable electronic safety-related systems—part 4: definitions and abbreviations (2010)

  23. ISO 12100 Safety of machinery—General principles for design—Risk assessment and risk reduction (2010)

  24. ISO 13849 Safety of machinery—Safety-related parts of control systems—Part 1: general principles for design (2006)

  25. ISO 26262 Road vehicles—Functional safety (2011)

  26. Iwu, F., Galloway, A., McDermid, J., Toyn, I.: Integrating safety and formal analyses using UML and PFS. Reliab. Eng. Syst. Saf. 92(2):156–170 (2007). doi:10.1016/j.ress.2005.11.060. http://www.sciencedirect.com/science/article/pii/S095183200500270X

  27. Johnson, C.W.: The hidden human factors in unmanned aerial vehicles. In: Proceedings of the 2007 International Systems Safety Society Conference. Baltimore (2007)

  28. Jürjens, J.: Towards development of secure systems using UMLsec. In: Hussmann, H. (ed.) Fundamental Approaches to Software Engineering. Lecture Notes in Computer Science, vol. 2029, pp. 187–200. Springer, Berlin (2001). doi:10.1007/3-540-45314-8_14

  29. Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: Proceedings of the 27th International Conference on Software Engineering, 2005. ICSE 2005, pp. 322–331 (2005). doi:10.1109/ICSE.2005.1553575

  30. Jürjens, J., Schreck, J., Bartmann, P.: Model-based security analysis for mobile communications. In: ACM/IEEE 30th International Conference on Software Engineering, 2008. ICSE ’08, pp. 683–692 (2008). doi:10.1145/1368088.1368186

  31. Kelly, T., Weaver, R.: The goal structuring notation—A safety argument notation. In: Proceedings of the Dependable Systems and Networks 2004 Workshop on Assurance Cases (2004)

  32. Leveson, N.G.: Safeware: System Safety and Computers. ACM, New York, NY (1995)

    Google Scholar 

  33. Leveson, N.G.: Safeware: System Safety and Computers, Chap. 13. ACM, New York, NY (1995)

    Google Scholar 

  34. Leveson, N.G.: Safeware: System Safety and Computers, Chap. 14. ACM, New York, NY (1995)

    Google Scholar 

  35. Leveson, N.G.: Engineering a Safer World, Chap. 2. The MIT Press, Cambridge, MA (2011)

  36. Leveson, N.G.: Engineering a Safer World, Chap. 3. The MIT Press, Cambridge, MA (2011)

    Google Scholar 

  37. Lipaczewski, M., Struck, S., Ortmeier, F.: Using tool-supported model based safety analysis—Progress and experiences in SAML development. In: IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), 2012, pp. 159–166 (2012). doi:10.1109/HASE.2012.34

  38. Lutz, R.: Analyzing software requirements errors in safety-critical, embedded systems. In: Proceedings of IEEE International Symposium on Requirements Engineering, 1993, pp. 126–133 (1993). doi:10.1109/ISRE.1993.324825

  39. de Miguel, M., Briones, J., Silva, J., Alonso, A.: Integration of safety analysis in model-driven software development. IET Softw. 2(3), 260–280 (2008). doi:10.1049/iet-sen:20070050

  40. Montecchi, L., Lollini, P., Bondavalli, A.: Dependability concerns in model-driven engineering. In: Fourteenth IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW), 2011, pp. 254–263 (2011). doi:10.1109/ISORCW.2011.32

  41. Montecchi, L., Lollini, P., Bondavalli, A.: An intermediate dependability model for state-based dependability analysis. Technical report rcl101115 v2.1, University of Florence, Dipartimento di Sistemi e Informatica, RCL group (2011). http://dcl.isti.cnr.it/Documentation/Papers/Techreports.html

  42. Montella, A.: Safety reviews of existing roads: quantitative safety assessment methodology. Transp. Res. Rec. J. Transp. Res. Board 1922, 62–72 (2005). doi:10.3141/1922-09. http://trb.metapress.com/content/RT7RU54215302751

  43. Mustafiz, S., Sun, X., Kienzle, J., Vangheluwe, H.: Model-driven assessment of system dependability. Softw. Syst. Model. 7, 487–502 (2008). doi:10.1007/s10270-008-0084-1

    Article  Google Scholar 

  44. Omg, UML Profile for MARTE: Modeling and Analysis of Real-Time Embedded Systems (2011). http://www.omg.org/spec/MARTE/1.1/

  45. Omg, UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms (QFTP) (2011). http://www.omg.org/spec/QFTP/1.1/

  46. OMG Systems Modeling Language (OMG SysML) (2012). http://www.omg.org/spec/SysML/1.3/

  47. Pai, G., Dugan, J.: Automatic synthesis of dynamic fault trees from UML system models. In: Proceedings of the 13th International Symposium on Software Reliability Engineering, 2002. ISSRE 2003, pp. 243–254 (2002). doi:10.1109/ISSRE.2002.1173261

  48. Panesar-Walawege, R., Sabetzadeh, M., Briand, L.: A model-driven engineering approach to support the verification of compliance to safety standards. In: IEEE 22nd International Symposium on Software Reliability Engineering (ISSRE), 2011, pp. 30–39 (2011). doi:10.1109/ISSRE.2011.11

  49. Panesar-Walawege, R., Sabetzadeh, M., Briand, L.: Using UML profiles for sector-specific tailoring of safety evidence information. In: Jeusfeld, M., Delcambre, L., Ling, T.W. (eds.) Conceptual Modeling ER 2011. Lecture Notes in Computer Science, vol. 6998, pp. 362–378. Springer, Berlin (2011). doi:10.1007/978-3-642-24606-7_27

    Chapter  Google Scholar 

  50. Ritter, T., Born, M., Unterschiitz, T., Weis, T.: A QoS metamodel and its realization in a CORBA component. In: Proceedings of the 36th Annual Hawaii International Conference on System Sciences, 2003, p. 10. (2003). doi:10.1109/HICSS.2003.1174879

  51. Tambe, S., Balasubramanian, J., Gokhale, A., Damiano, T.: MDDPro: model-driven dependability provisioning in enterprise distributed real-time and embedded systems. In: Malek M., Reitenspie M., Moorsel A. (eds.) Service Availability. Lecture Notes in Computer Science, vol. 4526, pp. 127–144. Springer, Berlin (2007). doi:10.1007/978-3-540-72736-1_11

  52. Wilson, S.P., McDermid, J.A.: Integrated analysis of complex safety critical systems. Comput. J. 38(10), 765–776 (1995). doi:10.1093/comjnl/38.10.765

    Article  Google Scholar 

  53. Zoughbi, G., Briand, L., Labiche, Y.: Modeling safety and airworthiness (RTCA DO-178B) information: conceptual model and UML profile. Softw. Syst. Model. 10, 337–367 (2011). doi:10.1007/s10270-010-0164-x

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Intelligent Systems Research Institute, National Institute of Advanced Industrial Science and Technology, Tsukuba, Japan

    Geoffrey Biggs & Tetsuo Kotoku

  2. Global Assist, Inc., Tokyo, Japan

    Takeshi Sakamoto

Authors
  1. Geoffrey Biggs
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Takeshi Sakamoto
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tetsuo Kotoku
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Geoffrey Biggs.

Additional information

Communicated by Prof. Jean-Michel Bruel.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Biggs, G., Sakamoto, T. & Kotoku, T. A profile and tool for modelling safety information with design information in SysML. Softw Syst Model 15, 147–178 (2016). https://doi.org/10.1007/s10270-014-0400-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10270-014-0400-x

Keywords

Search

Navigation