The Safety-Critical Systems Lectures Series

Contributions by

and many others whose names will be listed here during the next lectures.

Context of this Lectures Series

This is a series of lectures and seminars of our initiative Graduate Studies in Safety-Critical Systems. It is intended for an international audience of engineers working in the field, graduate students working on their Diploma, Masters, PhD of Habilitation degrees in computer science or electrical engineering. Due to the international character of the initiative, lectures will be held in English. At present, the lecture series is divided into three parts, each part planned as a two hours/week lecture for one semester:

Safety-Critical Systems I: Basic concepts - problems - methods - techniques
Safety-Critical Systems II: Management aspects - standards - V-Models - TQM - assessment - process improvement
Safety-Critical Systems III: Formal methods and tools - model checking - testing - partial verification - inspection techniques - case studies

Objectives and summary of the Safety-Critical Systems II Lecture

For the development of safety-critical systems, it does not suffice to know the safety-related technical aspects; it is of equal importance to justify that the complete development process - from requirements definition to acceptance testing - has been performed adequately. The term "adequately" refers to a whole range of aspects which are of both organisational and technical nature:

On company level, the company policy and the company's organisational structure shall ensure that employees have a thorough understanding of safety issues ("safety awareness") and that they receive the necessary support (time, money, training, tools etc.) and encouragement to perform their duties according to this understanding. These objectives lead to the topic of Total Quality Management and the introduction of company-wide standards derived from national or international standards which regulate the life cycles of projects or product developments.
On project or product development level, it has to be understood which laws and standards are applicable for the specific development, and how these standards are to be "implemented" (or better "instantiated") for the development. This leads us to the field of project management and V-models.
Developments according to standards enforces organised and documented activities during the life cycle: this may improve the process quality, that is, the quality of each production step in a development. However, the quality of a concrete product cannot be ensured just by controlling process quality since this does not guarantee that the specific product properties are met. This leads us to the field of Verification, Validation and Test methods and their application to product assurance, where the quality aspects of a specific safety-related product are investigated.
The development costs for safety-critical systems can be considerably reduced if components developed before may be re-used in the new development. While the topic or component re-use or re-use by design patterns and frameworks is quite well understood for commercial and office applications, re-use within a safety-critical context is still a research area: Which additional verification effort is needed before an existing component developed for a non-critical project may be re-used for a product whose malfunction might cause the loss of human lives?
It is an accepted fact that organised and documented developments may produce tons of paper and too few lines of executable code if managers and project teams are inexperienced or not properly trained or if an inappropriate standard is applied. As a consequence, other approaches - such as extreme programming - which focus less on documentation and regulation of the development process but emphasise development skills, detailed design and coding are becoming increasingly popular. Could these approaches be applied in the safety-critical context as well?

The themes and questions sketched above will be presented and discussed in more detail in the Safety-Critical Systems II lectures. We will introduce the basic concepts of total quality management, introduce the most important standards for safety-critical developments in avionics, space systems, railways and medical systems and explain the common concepts underlying these standards. Reuse and extreme programming are discussed for potential application in safety-critical developments.

We would like to emphasise two aspects of these lectures: First, our research group has considerable experience in the practical application of these concepts in projects with our partners from avionics, railways and space industry. As a consequence, we may justifiably claim that we not only know how these concepts are meant to be applied in practice, but also know why and when they fail to produce the desired results. Second, IT experts wishing to work as project managers or as managers responsible for product quality should be familiar with the topics introduced in this lecture: The increasing amount of software in safety-critical systems requires that these developments should rather be managed by computer scientists than by electrical engineers.

Related Activities of Other Groups and Organisations

Safety-Critical Systems Club
IEEE SESC Safety Study Group
Lectures of University of York GB (MSc courses in Safety Critical Systems Engineering and Software Engineering)

References

N. Storey: Safety-Critical Computer Systems. Addison Wesley Longman 1996.
M. R. Lyu: Software Reliability Engineering. McGraw-Hill 1995.

More references will be introduced during the lectures!

Exercises

Serie 1 (ps, pdf)

Serie 2 (ps, pdf)

Jan Peleska / Bremen Institute of Safe Systems BISS / < jp@informatik.uni-bremen.de> / 08-APR-2001