Extending the Safety Case Concept to Address Dependability

摘要

A safety case is a well-reasoned argument, supported by evidence that a system is acceptably safe to operate in aparticular context. For many, evolving a safety case in step with the design has proved to be an effective means ofidentifying and addressing safety concerns during a system’s lifecycle. However, ultimately safety cases addressonly one system attribute - safety. Increasingly, the idea of extending the well-established concept of the safety caseto address wider dependability concerns is being discussed. Attempting to address all dependability attributes canresult in competing objectives. As a consequence, there are trade-offs among the dependability attributes that needto be resolved in order to achieve the optimum dependability characteristics for the system. Furthermore, the balanceof these trade-offs can depend heavily upon the context in which the system operates.In this paper we examine the suitability of extending existing methodologies and concepts from safety casedevelopment practice to address the wider concerns of dependability arguments. We will discuss existingapproaches to managing trade-offs between competing design objectives and explain how trade-offs may besupported within the Goal Structuring Notation (GSN) framework. In particular we examine how trade-offresolution during the evolution of the dependability objectives, contributes to establishing a final dependabilityargument.