Abstract
The complexity of most embedded software limits our ability to assure safety after the fact, e.g., by testing or formal verification of code. Instead, to achieve high confidence in safety requires considering it from the start of system development and designing the software to reduce the potential for hazardous behavior. An approach to building safety into embedded software will be described that integrates system hazard analysis, user task analysis, traceability, and informal specifications combined with executable and analyzable models. The approach has been shown to be feasible and practical by applying it to complex systems experimentally and by its use on real projects.
This work was partially supported by NSF ITR Grant xxx
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
B. Curtis, H. Krasner and N. Iscoe. A field study of the software design process for large systems. Communications of the ACM, 31(2): 1268–1287, 1988.
M.S. Jaffe, N.G. Leveson, M.P.E. Heimdahl, and B. Melhart. Software requirements analysis for real-time process-control systems. IEEE Trans. on Soft. Eng., SE-17(3), Mar 1991.
Heimdahl, M.P.E. and Leveson, N.G. Completeness and Consistency in Hierarchical State-Based Requirements. IEEE Trans. on Soft. Eng., SE-22, No. 6, June 1996.
Johnson, W.G. MORT Safety Assurance Systems, Marcel Dekker, Inc., 1980.
Leveson, N.G. Intent Specifications. IEEE Trans. on Soft. Eng., Jan. 2000.
Leveson, N.G. Completeness in Formal Specification Language Design for Process-Control Systems. ACM Formal Methods in Software Practice, Aug 2000
Leveson, N.G., Heimdahl, M.P.E., Hildreth, H., and Reese, J.D. Requirements Specification for Process-Control Systems. IEEE Trans. on Soft. Eng., SE-20, No. 9, Sept. 1994.
Leveson, N.G., Reese, J.D., Koga, S., Pinnel, L.D., and Sandys, S.D. Analyzing Requirements Specifications for Mode Confusion Errors. Int. Workshop on Human Error, Safety, and System Development, Glasgow, March 1997.
Leveson, N.G. and Stolzy, J.L. Safety Analysis Using Petri Nets. IEEE Trans. on Soft. Eng., Vol. SE-13, No. 3, March 1987, pp. 386–397.
Neogi, N. Hazard Elimination Using Backward Reachability and Hybrid Modeling Techniques. Ph.D. Dissertation, Aeronautics and Astronautics, MIT, May 2002.
Reese, J.D. and Leveson, N.G. Software Deviation Analysis. International Conference on Software Engineering, Boston, May 1997.
Rodriguez, M., Zimmerman, M., Katahira, M., de Villepin, M., Ingram, B., and Leveson, N.G. Identifying Mode Confusion Potential in Software Design. Digital Aviation Systems Conference, Philadelphia, October 2000.
Sarter, N.D. and Woods, D. “How in the World did I Ever Get into That Mode?” Human Factors 37, 5–19.
Wiener, E.L., Chidester, T.R., Kanki, B.G., Palmer E.A., Curry, R.E., and Gregorich, S.E. The Impact of Cockpit Automation on Crew Coordination and Communications. NASA Ames Research Center, 1991.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Leveson, N.G. (2002). An Approach to Designing Safe Embedded Software. In: Sangiovanni-Vincentelli, A., Sifakis, J. (eds) Embedded Software. EMSOFT 2002. Lecture Notes in Computer Science, vol 2491. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45828-X_2
Download citation
DOI: https://doi.org/10.1007/3-540-45828-X_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44307-0
Online ISBN: 978-3-540-45828-9
eBook Packages: Springer Book Archive