Maintaining Safety Arguments via Automatic Allocation of Safety Requirements

The 'safety case' documents the safety argument developers of safety-critical systems employ to convince of their systems' safety, in compliance with safety standard regulation and advice. Despite the considerable body of knowledge that has evolved, constructing and maintaining a safety case remains a significant challenge. Especially for contemporary systems, due to their scale and complexity, safety cases can grow to require hundreds of pages of documentation. In this paper, we propose a method which aims to address these concerns. In numerous safety standards, such as the aerospace ARP4754-A, the concept of Development Assurance Levels (DALs) is used to control the safety assessment process and influence the safety case. Our method is based on automatically constructing a safety argument from an annotated system architecture model. To perform this construction, we employ previous work towards automatically allocating DALs to such a model and combining it with an appropriate safety argument pattern. The method is enabled through the state-of-the-art model-based dependability tool, HiP-HOPS. The advantage of this approach is that when the design changes, the impact of changes can be automatically reflected in the structure of a re-synthesised safety argument for the system.