Managing Complex Safety Cases

  • T. P. Kelly


Safety case reports are often complex documents presenting complex arguments. To manage the complexity of safety case construction, system safety cases are often decomposed into subsystem safety cases. In this paper we discuss the motivation and problems of partitioning the safety case, both as practiced historically, and as required in new modular, reconfigurable systems such as Integrated Modular Avionics. Recent work on managing safety cases “in-the-large” is presented. In particular, we demonstrate how notions of software and systems architecture design can be read-across to establish the concepts of “safety case architecture” and contract based reasoning for managing inter-safety case dependency. Problems of division of responsibility in safety case development will also be discussed.


Unify Modelling Language Software Architecture System Safety Argument Strategy Safety Case 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Arinc (1991) Design Guidance for Integrated Modular Avionics, Aeronautical Radio, Inc.Google Scholar
  2. Bass, L., Clements, P. and Kazman, R. (1998) Software Architecture in Practice, Addison-Wesley.Google Scholar
  3. Cenelec (1998) ENV 50129 Railway applications - Safety related electronic systems for signalling, European Committee for Electrotechnical Standardisation.Google Scholar
  4. Hofineister, C., Nord, R. and Soni, D. (1999) Applied Software Architecture, Addison-Wesley.Google Scholar
  5. HSE (2000) Railway Safety Cases - Railway (Safety Case) Regulations 2000 - Guidance on Regulations, HSE Books.Google Scholar
  6. Kelly, T. (2001) Concepts and Principles of Compositional Safety Case Construction (Contract Research Report for QinetiQ COMSA/2001/1/1), Department of Computer Science, University of York (available from Scholar
  7. Kelly, T. P. (1997) A Six-Step Method for the Development of Goal Structures,York Software Engineering.Google Scholar
  8. Kelly, T. P. and McDermid, J. A. (2001) A Systematic Approach to Safety Case Maintenance, Reliability Engineering and System Safety, 71, 271.CrossRefGoogle Scholar
  9. Meyer, B. (1992) Applying Design by Contract, IEEE Computer, 25, 40–52.Google Scholar
  10. MoD (1996) Defence Standard 00–56 Safety Management Requirements for Defence Systems, Ministry of Defence.Google Scholar
  11. MoD (1997) Defence Standard 00–55, Requirements of Safety Related Software in Defence Equipment, Ministry of Defence.Google Scholar
  12. Railtrack (2000) Engineering Safety Management - Issue 3, Electrical Engineering and Control Systems, RailtrackGoogle Scholar
  13. Rtca (1992) Software Considerations in Airborne Systems and Equipment Certification, RTCAGoogle Scholar
  14. Rushby, J. (1999) Partitioning in Avionics Architectures: Requirements, Mechanisms, and Assurance (NASA Contractor Report CR-1999–209347),NASA Langley Research Center.Google Scholar

Copyright information

© Springer-Verlag London Limited 2003

Authors and Affiliations

  • T. P. Kelly
    • 1
  1. 1.Department of Computer ScienceUniversity of YorkYorkUK

Personalised recommendations