Arguing Safety - A Systematic Approach to Managing Safety Cases 论文

摘要

A safety case should present a clear, comprehensive and defensible argument that a system is acceptably safe to operate within a particular context. However, many existing safety cases, in their attempt to manage potentially complex arguments, are poorly structured, presented and understood. This creates problems in developing and maintaining safety cases, and in capturing successful safety arguments for use on future projects. This thesis defines and demonstrates a coherent approach to the development, presentation, maintenance and reuse of the safety arguments within a safety case. This approach is based upon a graphical technique -- the Goal Structuring Notation (GSN) -- and has three strands. Firstly, a method for the use of GSN is defined together with an approach to supporting incremental safety case development. Secondly, the thesis presents a systematic process for the maintenance of a GSN-structured safety argument. Thirdly, the concept of `Safety Case Patterns' is defined as a means of supporting and promoting the reuse of successful safety arguments between safety cases. Examples of the approach are provided throughout. Evaluation of the approach is described through tool implementation, case studies, pilot projects and industrial project applications. Through these activities the approach has been shown to be both a valid and capable tool for safety case management.