An Ontology for Safety Assurance Information Management
Abstract
Context: Diverse information needs to be traced and managed throughout the development lifecycle of safety-critical systems, such as requirements, design definitions, tests and code. A safety-critical system (SCS) undergoes certification procedures that require the presentation of arguments supporting the design and implementation decisions involved in the SCS construction. Nowadays, many regulations require elaborating assurance cases (ACs) to present such arguments. The integrated management of the diverse data required to produce the ACs can leverage the continuous traceability assessment and support the automated generation of ACs at any time in the SCS lifecycle. Objective: Ontologies can integrate metamodels to connect data from different domains. We designed and implemented a Safety Assurance Ontology (SAO) to integrate outputs of safety and software engineering activities. SAO encompasses an information model, rules and competency questions to support the work of software, safety and assurance engineers in the context of an SCS development that requires the production of ACs. Method: SAO was built based on knowledge extracted from safety datasets and argumentation patterns. This work presents the SAO’s design, implementation, and evaluation through an illustrative scenario with public datasets and an expert survey with industrial practitioners and researchers. Results: SAO comprises concepts, relationships, and formation rules integrating safety assurance and software project information. We implemented the ontology information model and its formation rules using semantic web technologies. Conclusions: SAO can trace relevant project information, infer implicit information, and highlight traceability gaps in the public datasets evaluated. Practitioners find SAO’s competency questions on traceability gaps useful in revealing direct and indirect relationships among project items. They also find that the basic competency questions facilitate the contextualisation of items traced in the project repositories. Also, they pointed out that adding specialisations for key concepts can enhance practitioners’ grasp of the metamodel scope, thus promoting its applicability.
Keywords:
Assurance cases, Ontology, Safety-critical systems
References
Ankit Agrawal, Seyedehzahra Khoshmanesh, Michael Vierhauser, Mona Rahimi, Jane Cleland-Huang, and Robyn Lutz. 2019. Leveraging artifact trees to evolve and reuse safety cases. In Proc. of the 41st Intl. Conf. on Software Eng. IEEE Press, 1222–1233.
Camilo Almendra, Flavia Barros, and Carla Silva. 2019. Using Assurance Cases in Requirements Engineering for Safety-Critical Systems. In Anais Estendidos da X Conferência Brasileira de Software: Teoria e Prática (Salvador). SBC, Porto Alegre, RS, Brasil, 47–55.
Camilo Almendra and Carla Silva. 2020. Managing Assurance Information: A Solution Based on Issue Tracking Systems. In Proceedings of the XXXIV Brazilian Symposium on Software Engineering (Natal, Brazil) (SBES ’20). Association for Computing Machinery, New York, NY, USA, 580–585. DOI: 10.1145/3422392.3422454
Camilo Almendra and Carla Silva. 2023. ARCADE: A Framework for Integrated Management of Safety Assurance Information. In 2023 IEEE 31st International Requirements Engineering Conference (RE).
Eric Armengaud. 2014. Automated safety case compilation for product-based argumentation. In Embedded Real Time Software and Systems (ERTS2014).
Samantha Bail. 2013. Common reasons for ontology inconsistency. [link]
David Beckett, Tim Berners-Lee, Eric Prud’hommeaux, and Gavin Carothers. 2014. RDF 1.1 Turtle - Terse RDF Triple Language. Technical Report. World Wide Web Consortium (W3C). [link]
Dan Brickley and R.V. Guha. 2014. RDF Schema 1.1. Technical Report. World Wide Web Consortium. [link]
Janet E. Burge, John M. Carroll, Raymond McCall, and Ivan Mistrik. 2008. Rationale and Requirements Engineering. Springer Berlin Heidelberg, Berlin, Heidelberg, 139–153.
CENELEC EN 50129:2018 2018. CENELEC EN 50129 – Railway applications – Communication, signalling and processing systems – Safety related electronic systems for signalling. Standard. European Committee for Electrotechnical Standardization (CENELEC), Belgium.
Jane Cleland-Huang, Orlena C. Z. Gotel, Jane Huffman Hayes, Patrick Mäder, and Andrea Zisman. 2014. Software Traceability: Trends and Future Directions. In Proceedings of the on Future of Software Engineering (Hyderabad, India) (FOSE 2014). ACM, New York, NY, USA, 55–69.
J. Cleland-Huang and M. Vierhauser. 2018. Discovering, Analyzing, and Managing Safety Stories in Agile Projects. IEEE 26th Intl. Requirements Engineering Conf. (2018), 262–273.
Jane Cleland-Huang, Michael Vierhauser, and Sean Bayley. 2018. Dronology: An Incubator for Cyber-Physical Systems Research. In Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results (Gothenburg, Sweden) (ICSE-NIER ’18). Association for Computing Machinery, New York, NY, USA, 109–112. DOI: 10.1145/3183399.3183408
J.L. De La Vara, A. Ruiz, and H. Espinoza. 2018. Recent Advances towards the Industrial Application of Model-Driven Engineering for Assurance of Safety-Critical Systems. In Proc. of the 6th Intl. Conf. on Model-Driven Engineering and Software Development (MODELSWARD). 632–641.
Jose Luis De La Vara, Arturo S García, Jorge Valero, and Clara Ayora. 2022. Modelbased assurance evidence management for safety–critical systems. Software and Systems Modeling 21, 6 (2022), 2329–2365.
Ewen Denney and Ganesh Pai. 2012. A lightweight methodology for safety case assembly. In Computer Safety, Reliability, and Security: 31st International Conference, SAFECOMP 2012, Magdeburg, Germany, September 25-28, 2012. Proceedings 31. Springer, 1–12.
D. Dermeval, J. Vilela, I. Bittencourt, J. Castro, S. Isotani, P. Brito, and A. Silva. 2016. Applications of ontologies in requirements engineering: a systematic review of the literature. Requirements Engineering 21, 4 (01 Nov 2016), 405–437.
S. Easterbrook, J. Singer, M. Storey, and D. Damian. 2008. Selecting Empirical Methods for Software Engineering Research. Springer, London, 285–311.
Eclipse Foundation. 2023. Eclipse OpenCert. [link]
FDA 2018 2014. FDA — Infusion Pumps Total Product Life Cycle – Guidance for Industry and FDA Staff. Guidance. Food and Drug Administration, USA.
Mariano Fernández-López, Asunción Gómez-Pérez, and Natalia Juristo. 1997. METHONTOLOGY: from ontological art towards ontological engineering. In Proc. AAAI Spring Symposium. American Association for Artificial Intelligence, 33–40.
Generic Infusion Pump Research Project. 2023. The Generic Infusion Pump (GIP) - A workbench for improving safety, security and usability of medical systems. [link]
Christine Golbreich and Evan K. Wallace. 2012. OWL 2 Web Ontology Language New Features and Rationale. Technical Report. World Wide Web Consortium. [link]
Asunción Gómez-Pérez and Richard Benjamins. 1999. Overview of knowledge sharing and reuse components: Ontologies and problem-solving methods. IJCAI and the Scandinavian AI Societies. CEUR Workshop Proceedings.
GSN v3 2021. Goal Structuring Notation Community Standard (Version 3). Standard. The Assurance Case Working Group. [link]
John Hatcliff, Brian Larson, Todd Carpenter, Paul Jones, Yi Zhang, and Joseph Jorgens. 2018. The Open PCA pump project: an exemplar open source medical device as a community resource. In Proceedings of the 2018 Medical Cyber-Physical Systems (MedCPS) Workshop.
J. Hatcliff, A. Wassyng, T. Kelly, C. Comar, and P. Jones. 2014. Certifiably Safe Software-dependent Systems: Challenges and Directions. In Proc. of the on Future of Software Engineering (FOSE 2014). ACM, India, 182–200.
ISO 26262:2018 2018. ISO 26262 – Road vehicles – Functional safety – Part 10. Standard. ISO, Switzerland.
ISO/AWI TS 81001-2-1 2021. ISO/AWI TS 81001-2-1 – Health software and health IT systems safety, effectiveness and security – Part 2-1: Coordination – Guidance for the use of assurance cases for safety and security. Technical Specification.
ISO/IEC/IEEE 15026-2 2022. ISO/IEC/IEEE 15026-2 – Systems and software engineering – Systems and software assurance – Part 2: Assurance case. Standard.
Tim Kelly. 2018. Safety Cases. John Wiley & Sons, Inc., Hoboken, NJ, USA, 361–385. DOI: 10.1002/9781119443070.ch16
Barbara A. Kitchenham and Shari L. Pfleeger. 2008. Personal Opinion Surveys. In Guide to Advanced Empirical Software Engineering. Springer London, London, 63–92. DOI: 10.1007/978-1-84800-044-5_3
Brian Larson. 2014. Open PCA Pump Assurance Case. Technical Report. The University of York, York. [link] Not available. Last accessed: 2019-08-07.
Brian R. Larson and John Hatlicff. 2018. Open Patient-Controlled Analgesia Infusion Pump System Requirements 1.0.0. Technical Report. Kansas State University, Kansas State University. [link] Accessed: 2019-08-07.
P. Mäder, P. Jones, Y. Zhang, and J. Cleland-Huang. 2013. Strategic Traceability for Safety-Critical Projects. IEEE Software 30, 3 (May 2013), 58–66.
MoD DefStan 00-056:2017 2017. Defence Standard 00-056 – Safety Management Requirements for Defence Systems – Part 2 – Guidance on establishing a means of complying with part 1. Standard. Ministry of Defence, UK.
Mark A. Musen. 2015. The protégé project: a look back and a look forward. AI Matters 1, 4 (2015), 4–12. DOI: 10.1145/2757001.2757003
Sunil Nair, Jose Luis de la Vara, Mehrdad Sabetzadeh, and Lionel Briand. 2014. An extended systematic literature review on provision of evidence for safety certification. Information and Software Technology 56, 7 (jul 2014), 689–717. DOI: 10.1016/j.infsof.2014.03.001
Ignazio Palmisano. 2023. OWL API main repository. [link]
B. Ramesh and M. Jarke. 2001. Toward reference models for requirements traceability. IEEE Transactions on Software Engineering 27, 1 (Jan 2001), 58–93.
Patricia Rodríguez-dapena. 1999. Software safety certification: a multidomain problem. IEEE Software 16, 4 (1999), 31–38.
J. Rushby. 2015. The interpretation and evaluation of assurance cases. Comp. Science Laboratory, SRI Intl., Tech. Rep. SRI-CSL-15-01 (2015).
Konstantin Schekotihin, Patrick Rodler, Wolfgang Schmid, Matthew Horridge, and Tania Tudorache. 2018. Test-Driven Ontology Development in Protégé.. In ICBO.
Guus Schreiber. 2008. Knowledge engineering. In Handbook of Knowledge Representation. Elsevier, Chapter 25, 929–946.
Mari Carmen Suárez-Figueroa, Asunción Gómez-Pérez, and Boris Villazón-Terrazas. 2009. How to Write and Use the Ontology Requirements Specification Document. Springer Berlin Heidelberg, Berlin, Heidelberg, 966–982.
J. Valaski, S. Reinehr, and A. Malucelli. 2016. Which Roles Ontologies play on Software Requirements Engineering? A Systematic Review. In Proceedings of the International Conference on Software Engineering Research and Practice (SERP). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), Athens, 24–30.
Jéssyka Vilela, Jaelson Castro, Luiz Eduardo G. Martins, and Tony Gorschek. 2017. Integration between requirements engineering and safety analysis: A systematic literature review. Journal of Systems and Software 125 (2017), 68 – 92.
Jéssyka Vilela, Jaelson Castro, Luiz Eduardo G Martins, and Tony Gorschek. 2018. Safe-RE: a safety requirements metamodel based on industry safety standards. In Proceedings of the XXXII Brazilian Symposium on Software Engineering. ACM, 196–201.
W3C. 2023. Resource Description Framework (RDF). [link]
W3C. 2023. Semantic Web Standards. [link]
Claes Wohlin, Per Runeson, Martin Höst, Magnus C. Ohlsson, Björn Regnell, and Anders Wesslén. 2012. Experimentation in software engineering. DOI: 10.1007/978-3-642-29044-2
Camilo Almendra, Flavia Barros, and Carla Silva. 2019. Using Assurance Cases in Requirements Engineering for Safety-Critical Systems. In Anais Estendidos da X Conferência Brasileira de Software: Teoria e Prática (Salvador). SBC, Porto Alegre, RS, Brasil, 47–55.
Camilo Almendra and Carla Silva. 2020. Managing Assurance Information: A Solution Based on Issue Tracking Systems. In Proceedings of the XXXIV Brazilian Symposium on Software Engineering (Natal, Brazil) (SBES ’20). Association for Computing Machinery, New York, NY, USA, 580–585. DOI: 10.1145/3422392.3422454
Camilo Almendra and Carla Silva. 2023. ARCADE: A Framework for Integrated Management of Safety Assurance Information. In 2023 IEEE 31st International Requirements Engineering Conference (RE).
Eric Armengaud. 2014. Automated safety case compilation for product-based argumentation. In Embedded Real Time Software and Systems (ERTS2014).
Samantha Bail. 2013. Common reasons for ontology inconsistency. [link]
David Beckett, Tim Berners-Lee, Eric Prud’hommeaux, and Gavin Carothers. 2014. RDF 1.1 Turtle - Terse RDF Triple Language. Technical Report. World Wide Web Consortium (W3C). [link]
Dan Brickley and R.V. Guha. 2014. RDF Schema 1.1. Technical Report. World Wide Web Consortium. [link]
Janet E. Burge, John M. Carroll, Raymond McCall, and Ivan Mistrik. 2008. Rationale and Requirements Engineering. Springer Berlin Heidelberg, Berlin, Heidelberg, 139–153.
CENELEC EN 50129:2018 2018. CENELEC EN 50129 – Railway applications – Communication, signalling and processing systems – Safety related electronic systems for signalling. Standard. European Committee for Electrotechnical Standardization (CENELEC), Belgium.
Jane Cleland-Huang, Orlena C. Z. Gotel, Jane Huffman Hayes, Patrick Mäder, and Andrea Zisman. 2014. Software Traceability: Trends and Future Directions. In Proceedings of the on Future of Software Engineering (Hyderabad, India) (FOSE 2014). ACM, New York, NY, USA, 55–69.
J. Cleland-Huang and M. Vierhauser. 2018. Discovering, Analyzing, and Managing Safety Stories in Agile Projects. IEEE 26th Intl. Requirements Engineering Conf. (2018), 262–273.
Jane Cleland-Huang, Michael Vierhauser, and Sean Bayley. 2018. Dronology: An Incubator for Cyber-Physical Systems Research. In Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results (Gothenburg, Sweden) (ICSE-NIER ’18). Association for Computing Machinery, New York, NY, USA, 109–112. DOI: 10.1145/3183399.3183408
J.L. De La Vara, A. Ruiz, and H. Espinoza. 2018. Recent Advances towards the Industrial Application of Model-Driven Engineering for Assurance of Safety-Critical Systems. In Proc. of the 6th Intl. Conf. on Model-Driven Engineering and Software Development (MODELSWARD). 632–641.
Jose Luis De La Vara, Arturo S García, Jorge Valero, and Clara Ayora. 2022. Modelbased assurance evidence management for safety–critical systems. Software and Systems Modeling 21, 6 (2022), 2329–2365.
Ewen Denney and Ganesh Pai. 2012. A lightweight methodology for safety case assembly. In Computer Safety, Reliability, and Security: 31st International Conference, SAFECOMP 2012, Magdeburg, Germany, September 25-28, 2012. Proceedings 31. Springer, 1–12.
D. Dermeval, J. Vilela, I. Bittencourt, J. Castro, S. Isotani, P. Brito, and A. Silva. 2016. Applications of ontologies in requirements engineering: a systematic review of the literature. Requirements Engineering 21, 4 (01 Nov 2016), 405–437.
S. Easterbrook, J. Singer, M. Storey, and D. Damian. 2008. Selecting Empirical Methods for Software Engineering Research. Springer, London, 285–311.
Eclipse Foundation. 2023. Eclipse OpenCert. [link]
FDA 2018 2014. FDA — Infusion Pumps Total Product Life Cycle – Guidance for Industry and FDA Staff. Guidance. Food and Drug Administration, USA.
Mariano Fernández-López, Asunción Gómez-Pérez, and Natalia Juristo. 1997. METHONTOLOGY: from ontological art towards ontological engineering. In Proc. AAAI Spring Symposium. American Association for Artificial Intelligence, 33–40.
Generic Infusion Pump Research Project. 2023. The Generic Infusion Pump (GIP) - A workbench for improving safety, security and usability of medical systems. [link]
Christine Golbreich and Evan K. Wallace. 2012. OWL 2 Web Ontology Language New Features and Rationale. Technical Report. World Wide Web Consortium. [link]
Asunción Gómez-Pérez and Richard Benjamins. 1999. Overview of knowledge sharing and reuse components: Ontologies and problem-solving methods. IJCAI and the Scandinavian AI Societies. CEUR Workshop Proceedings.
GSN v3 2021. Goal Structuring Notation Community Standard (Version 3). Standard. The Assurance Case Working Group. [link]
John Hatcliff, Brian Larson, Todd Carpenter, Paul Jones, Yi Zhang, and Joseph Jorgens. 2018. The Open PCA pump project: an exemplar open source medical device as a community resource. In Proceedings of the 2018 Medical Cyber-Physical Systems (MedCPS) Workshop.
J. Hatcliff, A. Wassyng, T. Kelly, C. Comar, and P. Jones. 2014. Certifiably Safe Software-dependent Systems: Challenges and Directions. In Proc. of the on Future of Software Engineering (FOSE 2014). ACM, India, 182–200.
ISO 26262:2018 2018. ISO 26262 – Road vehicles – Functional safety – Part 10. Standard. ISO, Switzerland.
ISO/AWI TS 81001-2-1 2021. ISO/AWI TS 81001-2-1 – Health software and health IT systems safety, effectiveness and security – Part 2-1: Coordination – Guidance for the use of assurance cases for safety and security. Technical Specification.
ISO/IEC/IEEE 15026-2 2022. ISO/IEC/IEEE 15026-2 – Systems and software engineering – Systems and software assurance – Part 2: Assurance case. Standard.
Tim Kelly. 2018. Safety Cases. John Wiley & Sons, Inc., Hoboken, NJ, USA, 361–385. DOI: 10.1002/9781119443070.ch16
Barbara A. Kitchenham and Shari L. Pfleeger. 2008. Personal Opinion Surveys. In Guide to Advanced Empirical Software Engineering. Springer London, London, 63–92. DOI: 10.1007/978-1-84800-044-5_3
Brian Larson. 2014. Open PCA Pump Assurance Case. Technical Report. The University of York, York. [link] Not available. Last accessed: 2019-08-07.
Brian R. Larson and John Hatlicff. 2018. Open Patient-Controlled Analgesia Infusion Pump System Requirements 1.0.0. Technical Report. Kansas State University, Kansas State University. [link] Accessed: 2019-08-07.
P. Mäder, P. Jones, Y. Zhang, and J. Cleland-Huang. 2013. Strategic Traceability for Safety-Critical Projects. IEEE Software 30, 3 (May 2013), 58–66.
MoD DefStan 00-056:2017 2017. Defence Standard 00-056 – Safety Management Requirements for Defence Systems – Part 2 – Guidance on establishing a means of complying with part 1. Standard. Ministry of Defence, UK.
Mark A. Musen. 2015. The protégé project: a look back and a look forward. AI Matters 1, 4 (2015), 4–12. DOI: 10.1145/2757001.2757003
Sunil Nair, Jose Luis de la Vara, Mehrdad Sabetzadeh, and Lionel Briand. 2014. An extended systematic literature review on provision of evidence for safety certification. Information and Software Technology 56, 7 (jul 2014), 689–717. DOI: 10.1016/j.infsof.2014.03.001
Ignazio Palmisano. 2023. OWL API main repository. [link]
B. Ramesh and M. Jarke. 2001. Toward reference models for requirements traceability. IEEE Transactions on Software Engineering 27, 1 (Jan 2001), 58–93.
Patricia Rodríguez-dapena. 1999. Software safety certification: a multidomain problem. IEEE Software 16, 4 (1999), 31–38.
J. Rushby. 2015. The interpretation and evaluation of assurance cases. Comp. Science Laboratory, SRI Intl., Tech. Rep. SRI-CSL-15-01 (2015).
Konstantin Schekotihin, Patrick Rodler, Wolfgang Schmid, Matthew Horridge, and Tania Tudorache. 2018. Test-Driven Ontology Development in Protégé.. In ICBO.
Guus Schreiber. 2008. Knowledge engineering. In Handbook of Knowledge Representation. Elsevier, Chapter 25, 929–946.
Mari Carmen Suárez-Figueroa, Asunción Gómez-Pérez, and Boris Villazón-Terrazas. 2009. How to Write and Use the Ontology Requirements Specification Document. Springer Berlin Heidelberg, Berlin, Heidelberg, 966–982.
J. Valaski, S. Reinehr, and A. Malucelli. 2016. Which Roles Ontologies play on Software Requirements Engineering? A Systematic Review. In Proceedings of the International Conference on Software Engineering Research and Practice (SERP). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), Athens, 24–30.
Jéssyka Vilela, Jaelson Castro, Luiz Eduardo G. Martins, and Tony Gorschek. 2017. Integration between requirements engineering and safety analysis: A systematic literature review. Journal of Systems and Software 125 (2017), 68 – 92.
Jéssyka Vilela, Jaelson Castro, Luiz Eduardo G Martins, and Tony Gorschek. 2018. Safe-RE: a safety requirements metamodel based on industry safety standards. In Proceedings of the XXXII Brazilian Symposium on Software Engineering. ACM, 196–201.
W3C. 2023. Resource Description Framework (RDF). [link]
W3C. 2023. Semantic Web Standards. [link]
Claes Wohlin, Per Runeson, Martin Höst, Magnus C. Ohlsson, Björn Regnell, and Anders Wesslén. 2012. Experimentation in software engineering. DOI: 10.1007/978-3-642-29044-2
Published
2025-11-04
How to Cite
ALMENDRA, Camilo; SILVA, Carla; CAMPELO, David.
An Ontology for Safety Assurance Information Management. In: BRAZILIAN SOFTWARE QUALITY SYMPOSIUM (SBQS), 24. , 2025, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 204-214.
DOI: https://doi.org/10.5753/sbqs.2025.14928.
