SARSSi*: a Safety Requirements Specification Method based on STAMP/STPA and i* language
Resumo
Context: traditional hazard analysis techniques were not proposed to be used in the Requirements Engineering (RE) process. Objective: The aim of this work is to present and discuss a new method for early safety requirements specification called SARSSi* to be used at the beginning of the development of safety-critical systems. Method: this goal is achieved through the combination of two techniques: (1) STAMP/STPA; and (2) i* language. Results: this paper attempts to bridge the gap between two parallel trends in systematic safety approaches – the combination of requirements and safety engineering techniques. Our method consists of six steps and guidelines to perform a preliminary hazard analysis and facilitate the systematic identification of safety-critical functions and components. Conclusions: We demonstrate the utility of our method by applying it in a real industry case study. The initial results show preliminary suitability of our method and its contribution to improving the visualization of the information generated in the hazard analysis such as the hazards, their causes, environmental conditions, and safety requirements.
Referências
N. Leveson, “A new accident model for engineering safer systems”, Saf. Sci. 42 (4), 2004, pp. 237–270.
J. Vilela, J. Castro, L. E. G. Martins, T. Gorschek.. Safety Practices in Requirements Engineering: The Uni-REPM Safety Module. IEEE Transactions on Software Engineering, 2018.
K. Kazaras, K. Kirytopoulos, A. Rentizelas, “Introducing the STAMP method in road tunnel safety assessment”, Safety science, 50(9), 2012, pp. 1806-1817.
J. Vilela, J. Castro, L. E. G. Martins, T. Gorschek, Requirements communication in safety-critical systems. In: Workshop on Requirements Engineering (WER), 2019.
J. Vilela, J. Castro, L. E. G. Martins, T. Gorschek, Integration between Requirements Engineering and Safety Analysis: A systematic literature review. In: Journal of Systems and Software, vol. 125, 2017, pp. 68–92.
Tae-eun Kim, S. Nazir, K. I. Øvergård, "A STAMP-based causal analysis of the Korean Sewol ferry accident." Safety science 83, 2016, pp. 93-101.
L. E. G Martins, T. de Oliveira, “A case study using a protocol to derive safety functional requirements from Fault Tree Analysis”, International Requirements Engineering Conference (RE), 2014, pp. 412-419.
L. E. G. Martins, H. de Faria, L. Vecchete, T. Cunha, T. de Oliveira, D. E. Casarini, J. A. Colucci, “Development of a Low-Cost Insulin Infusion Pump: Lessons Learned from an Industry Case”, International Symposium on Computer-Based Medical Systems, 2015, pp. 338-343.
E. Yu, “Social modeling and i*”, Conceptual Modeling: Foundations and Applications, Lecture Notes in Computer Science, vol. 5600, 2009, pp. 99–121.
Y. Zhang,P. L. Jones, R. Jetley, “A hazard analysis for a generic insulin infusion pump”, Journal of diabetes science and technology, 4(2), 2010, pp. 263-283.
P. Masci, Y. Zhang, P. Jones, H. Thimbleby, P. Curzon, “A generic user interface architecture for analyzing use hazards in infusion pump software”, OASIcs-OpenAccess Series in Informatics, vol. 36. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 2014.
Y. Zhang, R. Jetley, P. L. Jones, P. L., A. Ray, “Generic safety requirements for developing safe insulin pump software”, Journal of diabetes science and technology, 5(6), 2011, pp. 1403-1419.
E. Sikora, B. Tenbergen, and K. Pohl, “Industry needs and research directions in requirements engineering for embedded systems,” Requirements Engineering, vol. 17, no. 1, 2012, pp. 57–78.
J. Whitehead, “Collaboration in software engineering: A roadmap.” FOSE, vol. 7, 2007, pp. 214–225.
I* Wiki. Available at: http://istar.rwth-aachen.de/tikiindex.php?page=i*+Guide.Acessed in: January, 31st , 2017.
Y. Wang, S. Wagner, “Towards applying a safety analysis and verification method based on STPA to agile software development”, inProceedings of the International Workshop on Continuous Software Evolution and Delivery, 2016, pp. 5-11.
J. Pimentel, J. Castro, “Designing adaptive systems”, in: Proceedings of the Eighth International i* Workshop (istar), 2015, pp. 91–96.
J. Vilela, J. Castro, J. Pimentel, “A systematic process for obtaining the behavior of context-sensitive systems”, in Journal of Software Engineering Research and Development, 4(1), 1, 2016.
J. Horkoff, E. Yu, “Interactive goal model analysis for early requirements engineering”, inRequirements Engineering, 21(1), 2016, pp. 29-61.
G. Biggs, T. Sakamoto, T. Kotoku, “A profile and tool for modelling safety information with design information in SysML”, in Software & Systems Modeling, 15(1), 2016, pp. 147-178.
A. V. Lamsweerde, “Elaborating security requirements by construction of intentional anti-models”, in: International Conference on Software Engineering (ICSE), 2004, pp. 148–157.
G. Zoughbi, L. Briand, Y. Labiche, “Modeling safety and airworthiness (RTCA DO-178B) information: conceptual model and UML profile”, Software & Systems Modeling, v. 10, n. 3, 2011, pp. 337-367.
J. F. Briones, M. A de Miguel, J. P. Silva, A. Alonso, “Application of safety analyses in model driven development”, IFIP International Workshop on Software Technolgies for Embedded and Ubiquitous Systems. Springer Berlin Heidelberg, 2007, pp. 93-104.
J. Vilela, J. Castro, L. E. G. Martins, T. Gorschek. Specifying Safety Requirements with GORE languages. In: Proceedings of the 31st Brazilian Symposium on Software Engineering. ACM, 2017. p. 154- 163.