Archives

  • 2018-07
  • 2018-10
  • 2018-11
  • 2019-04
  • 2019-05
  • 2019-06
  • 2019-07
  • 2019-08
  • 2019-09
  • 2019-10
  • 2019-11
  • 2019-12
  • 2020-01
  • 2020-02
  • 2020-03
  • 2020-04
  • 2020-05
  • 2020-06
  • 2020-07
  • 2020-08
  • 2020-09
  • 2020-10
  • 2020-11
  • 2020-12
  • 2021-01
  • 2021-02
  • 2021-03
  • 2021-04
  • 2021-05
  • 2021-06
  • 2021-07
  • 2021-08
  • 2021-09
  • 2021-10
  • 2021-11
  • 2021-12
  • 2022-01
  • 2022-02
  • 2022-03
  • 2022-04
  • 2022-05
  • 2022-06
  • 2022-07
  • 2022-08
  • 2022-09
  • 2022-10
  • 2022-11
  • 2022-12
  • 2023-01
  • 2023-02
  • 2023-03
  • 2023-04
  • 2023-05
  • 2023-06
  • 2023-07
  • 2023-08
  • 2023-09
  • 2023-10
  • 2023-11
  • 2023-12
  • 2024-01
  • 2024-02
  • 2024-03
  • POE specialises Rogers definition of engineering

    2020-12-04

    POE specialises Rogers' definition of engineering [37] to systems engineering as: As such, systems engineering becomes a problem solving exercise, the problem being, given a physical environment E, to find the system S that Agarose GPG/ME meets a real-world need N to the satisfaction of a group of stakeholders K, written . Each of E, S and N are typically complex objects: E (resp. S) being formed from a collection of domains (resp. components), with N being, perhaps, a collection of use cases, user stories, requirements clauses, etc. We thus use a number of notations, graphical and otherwise, to represent and illustrate problems, from natural language, causal calculi, program code, to a problem diagram-like notation [19] (see Fig. 5). A design is a sequence of solvability preserving transformations that move a problem to known solved problems . Problem transformations relate a conclusion problem P to a collection of premise problems, P, , (), via a step rationale J. By identifying premise and conclusion problems, such transformations build into design trees. Fig. 7 shows the whole design tree for the case study, to be explicated in the sequel. During design, POE interleaves analysis in and of the problem space with synthesis in and of the solution space: Within the POE ‘toolkit’, the PSP is a form of Assurance-Driven Design (ADD; [11]) through which assurance is seen as a driving force in the design of a system rather than as a ‘bolt-on’. ADD results from the interpretation of Eq. (1) not as a relation between a conclusion problem and a set of premise problems mediated by a step rationale, but as a relationship between a (conclusion, step rationale) pair and a set of premises. This places the step rationale, and so the safety case which will be derived from it, on a par with the solution artefact: any step towards a solution must consider both assurance and product needs. Pressing assurance concerns, discovered during the exploration of J0, are then allowed to drive problem solving.
    Case study Given the emerging importance of COTS within safety-critical system development and that little is known about the construction of safety cases that involve them, we speculatively investigated the application of ADD (through the PSP) to evaluate its benefits and limitations. The full development can be read in the technical report that accompanies this paper [34]. Here, we give some highlights of the development that form the basis of the evaluation. The reader may wish to refer to Fig. 7 throughout this section, together with accompanying domain descriptions (Fig. 8), phenomena descriptions (Fig. 9) and requirements (Fig. 10). All development in POE begins with the technical device that is the null problem, P. The null problem represents the existence of a problem of which no detail is known and forms the root of a development tree, such as that in Fig. 7. As mentioned above, ADD considers a problem, step rationale pair and so, alongside, P, we must consider the initial step rationale J0. This motivates problem exploration, by which the problem is populated, as are any associated concerns.
    Safety case Based on the original SIL assessments for the case study, Def-Stan 00–56 places the IMPS and ACS as ‘Medium’ integrity systems. For this level of integrity of the communications interface, the evidence should be provided as a safety case and be able to show that: The raw evidence generated throughout the development was extensive, including large amounts of test evidence, review evidence, quality assurance evidence, as well as the deliverable items, much of which is contained in [34]. The overarching safety justification for the IMPS (covering both hardware and software) was a product- and process-based argument in order to meet the requirements of Def-Stan 00-56 that the IMPS was tolerably safe. Def-Stan 00-56 defines tolerable as a level of risk between broadly acceptable and unacceptable that may be tolerated when Histone deacetyltransferase ,HDAC has been demonstrated to be As Low as Reasonably Practicable (ALARP). For the IMPS this meant that all individual hazards were documented and the associated risks were demonstrated to be acceptable, and a robust argument provided that the IMPS was justified against the Safety Roles identified in Section 3.4.2. As a consequence a GSN argument was constructed, following a top-down approach, to argue that the IMPS was tolerably safe.