Development of a Normative Package for Safety-Critical Software Using Formal Regulatory Requirements

  • Sergiy A. Vilkomir
  • Aditya K. Ghose
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3009)


Important tasks in requirement engineering are resolving requirements inconsistencies between regulators and developers of safety-critical computer systems, and the validation of regulatory requirements. This paper proposes a new approach to the regulatory process, including formulating requirements and elaborating methods for their assessment. We address the differences between prescriptive and nonprescriptive regulation, and suggest a middle approach. Also introduced is the notion of a normative package as the collection of documents to be used by a regulator and provided to a developer. It is argued that the normative package should include not only regulatory requirements but also methods of their assessment. We propose the use of formal regulatory requirements as a basis for development of software assessment methods. This approach is illustrated with examples of requirements for protecting computer control systems against unauthorized access, using the Z notation as the method of formalization.


Regulatory Requirement Formal Requirement Unauthorized Access International Electrotechnical Commission Nuclear Regulatory Commission 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Blyth, D., Boldyreff, C., Ruggles, C., Tetteh-Lartey, N.: The case for formal methods in standards. IEEE Software 7(5), 65–67 (1990)CrossRefGoogle Scholar
  2. 2.
    Bowen, J.P.: Formal Specification and Documentation Using Z: A Case Study Approach. International Thomson Computer Press (1996)Google Scholar
  3. 3.
    Brown, S.: Overview of IEC 61508. Design of electrical/electronic/programmable electronic safety-related systems. Computing & Control Engineering Journal 11(1), 6–12 (2000)Google Scholar
  4. 4.
    Cortellessa, V., Cukic, B., Mili, A., Shereshevsky, M., Sandhu, H., Del Gobbo, D., Napolitano, M.: Certifying Adaptive Flight Control Software. In: Proceedings of the ISACC 2000 - The Software Risk Management Conference, Reston, VA, USA (2000)Google Scholar
  5. 5.
    McDermid, J.A., Pumfrey, D.J.: Software Safety: Why is there no Consensus? In: Proceedings of the 19th International System Safety Conference, Huntsville, AL, USA (2001)Google Scholar
  6. 6.
    Emmerich, W., Finkelstein, A., Montangero, C., Antonelli, S., Armitage, S., Stevens, R.: Managing standards compliance. IEEE Transactions on Software Engineering 25(6), 836–851 (1999)CrossRefGoogle Scholar
  7. 7.
    Emmet, L., Bloomfield, R.: Viewpoints on Improving the Standards Making Process: Document Factory or Consensus Management? In: Proceedings of the Third International Software Engineering Standards Symposium (ISSES 1997),Walnut Creek, California, USA (1997)Google Scholar
  8. 8.
    Eriksson, L.-H.: Specifying Railway Interlocking Requirements for Practical Use. In: Proceedings of the 15th International Conference on Computer Safety, Reliability and Security (SAFECOMP 1996), Vienna, Austria (1996)Google Scholar
  9. 9.
    European Commission. Nuclear Safety and Environment. Common position of European nuclear regulators for the licensing of safety critical software for nuclear reactors. Report EUR 19265 (2000)Google Scholar
  10. 10.
    Fenton, N.E., Neil, M.: Astrategy for improving safety related software engineering standards. IEEE Transactions on Software Engineering 24(11), 1002–1013 (1998)CrossRefGoogle Scholar
  11. 11.
    Hayhurst, K.J., Holloway, C.M.: Challenges in software aspects of aerospace systems. In: Proceedings of 26th Annual NASA Goddard Software Engineering Workshop (IEEE/NASA SEW-26 2001), Greenbelt, MD, USA, pp. 7–130 (2001)Google Scholar
  12. 12.
    IAEA Safety Standards Series No. GS-R-1. Legal and Governmental Infrastructure for Nuclear, Radiation, RadioactiveWaste and Transport Safety: Safety Requirements. International Atomic Energy Agency, Vienna (2000)Google Scholar
  13. 13.
    IAEA Safety Standards Series No. NS-G-1.1: Software for Computer Based Systems Important to Safety in Nuclear Power Plants. Safety Guide. In: International Atomic Energy Agency, Vienna (2000)Google Scholar
  14. 14.
    IEC 61508. Functional safety of electrical/electronic/ programmable electronic safety-related systems. Part 3: Software requirements. International Electrotechnical Commission (1998)Google Scholar
  15. 15.
    IEC 60880. Software for computers in the safety systems of nuclear power stations. Edn.: 1.0, International Electrotechnical Commission (1986)Google Scholar
  16. 16.
    IEEE Std 7-4.3.2-1993. IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations (1994)Google Scholar
  17. 17.
    ISO/IEC TR 10000-1:1998. Information technology – Framework and taxonomy of International Standardized Profiles – Part 1: General principles and documentation framework, 4th edn. (1998) Google Scholar
  18. 18.
    Kharchenko, V.S., Shostak, I.V., Manzhos, Y.S.: The Intelligent System for Licensing Critical Software. Aerospace Engineering and Technologies (4), 46–51 (2002) (in Russian)Google Scholar
  19. 19.
    Lutz, R.: Software Engineering for Safety: A Roadmap. In: Proceedings of the 22nd International Conference on Software Engineering (ICSE 2000), Limerick, Ireland, ACM, New York (2000)Google Scholar
  20. 20.
    NUREG BR-0303. Guidance for Performance-Based Regulation. Prepared by N.P. Kadambi, U.S. Nuclear Regulatory Commission,Washington, DC, USA (2002) Google Scholar
  21. 21.
    Penny, J., Eaton, A., Bishop, P.G., Bloomfield, A.E.: The Practicalities of Goal-Based Safety Regulation. In: Proceedings of the Ninth Safety-Critical Syste0ms Symposium, Bristol, UK, pp. 35–48 (2001)Google Scholar
  22. 22.
    Regulatory Guide 1.152. Criteria for Digital Computers in Safety Systems of Nuclear Power Plants. Revision 1, U.S. Nuclear Regulatory Commission,Washington, DC, USA (1996) Google Scholar
  23. 23.
    RTCA/DO-178B. Software Considerations inAirborne Systems and Equipment Certification. RTCA, Washington DC, USA (1992) Google Scholar
  24. 24.
    Spivey, J.M.: The Z Notation: A Reference Manual, 2nd edn. Prentice Hall International Series in Computer Science (1992)Google Scholar
  25. 25.
    Thuy, N.N.Q., Ficheux-Vapne, F.: IEC 880: feedback of experience and guidelines for future work. In: Proceedings of Second IEEE International Software Engineering Standards Symposium (ISESS 1995), pp. 117–126 (1995)Google Scholar
  26. 26.
    UK Def Stan 00-55 (Part 1)/Issue 2. Requirements for Safety Related Software in Defence Equipment. Part 1: Requirements (1997) Google Scholar
  27. 27.
    UK Def Stan 00-55 (Part 2)/Issue 2. Requirements for Safety Related Software in Defence Equipment. Part 2: Guidance (1997) Google Scholar
  28. 28.
    UK Def Stan 00-56 (Part 1)/Issue 2. Safety Management Requirements for Defence Systems. Part 1: Requirements (1996) Google Scholar
  29. 29.
    Vilkomir, S.A., Bowen, J.P.: Establishing Formal Regulatory Requirements or Safety-Critical Software Certification. In: Proceedings ofAQuIS 2002: 5th International Conference on Achieving Quality In Software and SPICE 2002: 2nd International Conference on Software Process Improvement and Capability Determination, Venice, Italy, pp. 7–18 (2002), Available
  30. 30.
    Vilkomir, S.A., Kharchenko, V.S.: An “Asymmetric” Approach to the Assessment of Safety- Critical Software During Certification and Licensing. In: Proceedings of ESCOM-SCOPE 2000 Conference, Munich, Germany, pp. 467–475 (2000)Google Scholar
  31. 31.
    Vilkomir, S.A., Kharchenko, V.S.: Methodology of the review of software for safety important systems. In: Proceedings of ESREL 1999 - The Tenth European Conference on Safety and Reliability, Munich-Garching, Germany, vol. 1, pp. 593–596 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Sergiy A. Vilkomir
    • 1
  • Aditya K. Ghose
    • 1
  1. 1.Decision Systems Lab, School of IT and Computer ScienceUniversity of WollongongAustralia

Personalised recommendations