The trustworthiness of cyber-physical systems is a critical factor for establishing wide-spread adoption of these systems. Hence, especially the be-havior of safety-critical software components needs to be monitored and man-aged during system operation. Runtime trustworthiness maintenance should be planned and prepared in early requirements and design phases. This involves the identification of threats that may occur and affect user’s trust at runtime, as well as related controls that can be executed to mitigate the threats. Further-more, observable and measureable system quality properties have to be identi-fied as indicators of threats, and interfaces for reporting these properties as well as for executing controls have to be designed and implemented. This paper pre-sents a process model for preparing and designing systems for runtime trustwor-thiness maintenance, which is supported by several tools that facilitate the tasks to be performed by requirements engineers and system designers
展开▼