;Required Reading @inproceedings{pilkington98_masstransit, author = "Pilkington, S.D.J.; Lee, A.R.", title = "The development of safety cases for mass transit signalling and control projects-Jubilee Line case study", booktitle = "Developments in Mass Transit Systems", year = "1998", pages = "254--259", url = "http://ieeexplore.ieee.org/iel4/5620/15042/00683605.pdf", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @inproceedings{jesty00_vehicle_safety, author = "Peter H Jesty and Keith M Hobley (University of Leeds), Richard Evans (Rover Group Ltd), Ian Kendall (Jaguar Cars Ltd)", title = "Safety Analysis of Vehicle-Based Systems", inbook = "Proceedings of the 8th Safety-critical Systems Symposium", year = "2000", abstract = "The Motor Industry Software Reliability Association Steering Group is producing guidance on the safety analysis of vehicle-based systems to support its original Development Guidelines for Vehicle Based Software. Using existing generic techniques, these new guidelines will explain how they may be used in the automotive context. Topics will include System Analysis, Hazard Identification, Hazard Analysis, the identification of Safety Integrity Levels, and the uses of Failure Mode and Effects Analysis and Fault Tree Analysis.", url = "http://www.misra.org.uk/papers/SCSC00-SA.PDF", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @inproceedings{czerny00_xbywire, author = "Czerny, B.J.; D'Ambrosio, J.G.; Murray, B.T.", title = "Providing convincing evidence of safety in X-by-wire automotive systems", inbook = "High Assurance Systems Engineering, 2000, Fifth IEEE International Symposim on. HASE", year = "2000", pages = "189 -192", abstract = "A new generation of automotive systems, such as brake-,steer-, trhottle-by-wire, and combinations of these by-wire systems, offer the promise of imporved vehicle performance and safety. However, these by-wire systems represent a major technology change, and as a result, merit higher levels of analysis, design, and verification. Like other safety-critical systems, the case for safety should be carefully documented. However, the safety case contains diverse material, and compiling and maintaining a clear and understandable safety case document can be challenging...", url = "http://ieeexplore.ieee.org/iel5/7194/19380/00895458.pdf", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } ; Supplemental Reading @Conference{Lane00, author = "Lane, M. ", title = "Predicting the reliability and safety of commercial software in advanced avionic systems", inbook = "19th DASC. 19th Digital Avionics Systems Conference. Proceedings ", year = "2000", pages = "4E4/1-8", volume = "1", abstract = "Exploiting developments in the commercial domain for military application has been identified as a key to reducing avionic system through-life costs while improving system upgradeability. While the use of commercially available hardware components has, to some extent, been accepted as the only way forward, the use of COTS software components has been highly contentious. Although the potential benefits can still apply to software, new challenges are introduced that must be overcome. These problems are exacerbated by the inherently integrated nature of advanced avionics. The very idea of trusting COTS software in a complex real-time system that may affect, or even be responsible for, safety critical or mission critical functions has been the subject of much debate. The concerns have mainly been centred on reliability and certification. It is these areas that have provided the focus for the study described in this paper. Software failure prediction techniques have been used across many application domains, and software reliability modelling is now a highly developed area in software measurement. The results of research to determine the applicability of these techniques for avionics software are summarised with emphasis on the real-time operating system (RTOS) software. This was selected as it provides a complex component of an avionic system for which there is real scope for using COTS technology. The suitability of these techniques, and others in supporting", url = "http://ieeexplore.ieee.org/iel5/7093/19162/00886963.pdf", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @article{Bell93, author = "Bell, R. ; Reinert, D.", title = "Risk and system integrity concepts for safety-related control systems", journal = "Microprocessors and Microsystems 17,", year = "1993", pages = "3-15", number = "1", abstract = "This paper provides an overview of the concepts of `risk' and `safety integrity' in relation to safety-related electrical/electronic/programmable electronic systems. The paper is an abridged version of Annex A of the emerging International Electrotechnical Commission (IEC) Standard: `Functional safety of electrical/electronic/programmable electronic systems'. Although based on Annex A, the authors have deviated in a few instances from its strict wording in order to more properly represent their own views. Where this occurs, a note in the text has been added to alert the reader to the deviation. The concepts of risk, including tolerable risk, safety integrity, safety-related systems, system and software integrity levels, are discussed", url = "http://ieeexplore.ieee.org/iel2/1065/7178/00288861.pdf", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @Conference{Betts92, author = "Betts, A.E. ; Welbourne, D. ", title = "Software safety assessment and the Sizewell B applications", inbook = "International Conference on Electrical and Control Aspects of the Sizewell B PWR (Conf. Publ. No.361)", year = "1992", pages = "204-7", abstract = "The Sizewell B PWR has two diverse protection systems which initiate automatic reactor trip and engineered safety features (ESF) needed for any fault, by detecting if measured plant signals are outside defined limits. Both systems have four redundant channels with two-out-of-four voting for each action. The primary protection system (PPS) is a computer based system and protects the reactor for all design basis faults. The station also has a computer based integrated system for centralised operations (ISCO), which includes self-contained high integrity computer system (HICS) sections. The authors describe the processes of assessment carried out for Nuclear Electric (NE), of the software provided by Westinghouse, as suppliers of the PPS and HICS. NE conducted extensive reviews and analysis of the software, in the course of establishing the safety case", url = "http://ieeexplore.ieee.org/iel3/1192/4431/00172006.pdf", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", } @Conference{Wilson97, author = "Wilson, S.P. ; Kelly, T.P. ; McDermid, J.A. ", title = "Safety case development: current practice, future prospects", inbook = "Shaw, R. ", year = "1997", pages = "135-56", abstract = "Safety-critical and safety-related systems are becoming more highly integrated and continue to increase in complexity. In parallel with this, certification standards for such systems are becoming more stringent, requiring more extensive and more detailed analyses. Safety cases, therefore, are themselves growing in size and complexity and are becoming increasingly costly to produce. It has become necessary to re-examine how and why safety cases are built in order that one might provide a means for managing their inherent complexity and reduce production costs. The authors examine some of the key issues in current industrial safety case development, in particular: the purpose of the safety case-examining how stakeholders place demands upon the content and style of the safety case; safety analysis techniques-examining the problem of ensuring consistency and completeness of results; safety case production-examining how and when safety cases are produced through the development life-cycle; safety case structure-examining how the reasoning and evidence aspects of the safety case are combined; safety case maintenance-examining the need and support for safety cases that can be more readily maintained and reused. They propose to address these issues through the use of a goal based notation for more effective structuring, a data model to tightly integrate the safety analysis techniques, and a process model to integrate the safety case activities into the overall", url = "http://citeseer.nj.nec.com/wilson97safety.html", studentname = "", summary = "", contribution1 = "", contribution2 = "", contribution3 = "", contribution4 = "", contribution5 = "", weakness1 = "", weakness2 = "", weakness3 = "", weakness4 = "", weakness5 = "", interesting = "high/med/low", opinions = "", }