Vertical Safety Interfaces – Improving the Efficiency of Modular Certification

  • Bastian Zimmer
  • Susanne Bürklen
  • Michael Knoop
  • Jens Höfflinger
  • Mario Trapp
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6894)


Modular certification is a technique for transferring the modularity of an embedded system’s architecture to the traditionally monolithic craft of safety engineering. Particularly when applying integrated architectures like AUTOSAR or IMA, modular certification allows the construction of modular safety cases, which ensures the flexible handling of platforms and applications. However, the task of integrating these safety cases is still a manual and expensive endeavor, lowering the intended flexibility of an integrated architecture. We propose a tool-supported semi-automatic integration method that preserves the architecture’s flexibility and helps to lower the integration costs. Our method is based on a language capable of specifying the conditions for a valid integration of a platform and of an application using a contract-based approach to model safety case interfaces. This paper presents the language in detail.


Platform Service Application Developer Safety Concept Safety Case Language Element 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Website of ifm electronics,
  2. 2.
    Website of the autosar standard,
  3. 3.
    ARINC: Arinc 653, avionic application software standard interface, part 1 (2005)Google Scholar
  4. 4.
    Bate, I., Hawkins, R., McDermid, J.: A contract-based approach to designing safe systems. In: Proceedings of the 8th Australian Workshop on Safety-Critical Systems and Software (SCS 2003), pp. 25–36 (2003)Google Scholar
  5. 5.
    Bate, I., Kelly, T.: Architectural considerations in the certification of modular systems. In: Anderson, S., Bologna, S., Felici, M. (eds.) SAFECOMP 2002. LNCS, vol. 2434, pp. 321–324. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Conmy, P., McDermid, J.: High level failure analysis for integrated modular avionics. In: Proceedings of the 6th Australian Workshop on Safety Critical Systems and Software (SCS 2001), pp. 13–22. ACM, New York (2001)Google Scholar
  7. 7.
    Conmy, P., Nicholson, M., McDermid, J.: Safety assurance contracts for integrated modular avionics. In: Proceedings of the 8th Australian Workshop on Safety-Critical Systems and Software (SCS 2003), pp. 69–78 (2003)Google Scholar
  8. 8.
    Conmy, P., Paige, R.: Challenges when using model driven architecture in the development of safety critical software. In: Proceedings of the Fourth International Workshop on Model-Based Methodologies for Pervasive and Embedded Software (MOMPES 2007), pp. 127–136. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
  9. 9.
    Damm, W., Metzner, A., Peikenkamp, T., Votintseva, A.: Boosting re-use of embedded automative applications through rich components. In: Proceedings of the Workshop on Foundations of Interface Technologies 2005, FIT 2005 (2005)Google Scholar
  10. 10.
    Domis, D., Trapp, M.: Integrating safety analyses and component-based design. In: Harrison, M.D., Sujan, M.-A. (eds.) SAFECOMP 2008. LNCS, vol. 5219, pp. 58–71. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Fenn, J., Hawkins, R., Williams, P., Kelly, T.: Safety case composition using contracts - refinements based on feedback from an industrial case study. In: Proceedings of the 15th Safety Critical Systems Symposium (SSS 2007). Springer, Heidelberg (2007)Google Scholar
  12. 12.
    Grunske, L.: Towards an integration of standard component-based safety evaluation techniques with saveccm. In: Hofmeister, C., Crnković, I., Reussner, R. (eds.) QoSA 2006. LNCS, vol. 4214, pp. 199–213. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Jones, C.B.: Tentative steps toward a development method for interfering programs. ACM Trans on Programming Languages and Systems 5(4), 596–619 (1983)CrossRefzbMATHGoogle Scholar
  14. 14.
    Kelly, T., Weaver, R.: The goal structuring notation – a safety argument notation. In: Proceedings of the Dependable Systems and Networks Conference 2004 (DSN 2004). IEEE, Los Alamitos (2004)Google Scholar
  15. 15.
    McDermid, J., Pumfrey, D.: A development of hazard analysis to aid software design. In: Proceedings of the 9th Annual Conference on Computer Assurance (COMPASS 1994), pp. 17–25. IEEE, Los Alamitos (1994)CrossRefGoogle Scholar
  16. 16.
    Meyer, B.: Applying ”design by contract”. IEEE Computer 25(10), 40–51 (1992)CrossRefGoogle Scholar
  17. 17.
    Papadopoulos, Y., McDermid, J., Sasse, R., Heiner, G.: Analysis and synthesis of the behaviour of complex programmable electronic systems in conditions of failure. Elsevier - Reliability Engineering & System Safety 3(71), 229–247 (2001)CrossRefGoogle Scholar
  18. 18.
    Rushby, J.: Partitioning in avionics architectures: Requirements, mechanisms and assurance (1999)Google Scholar
  19. 19.
    Rushby, J.: Modular certification (2001)Google Scholar
  20. 20.
    Schneider, D., Trapp, M.: Conditional safety certificates in open systems. In: Proceedings of the 1st Workshop on Critical Automotive Applications: Robustness & Safety, CARS 2010, pp. 57–60. ACM, New York (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Bastian Zimmer
    • 1
  • Susanne Bürklen
    • 2
  • Michael Knoop
    • 2
  • Jens Höfflinger
    • 2
  • Mario Trapp
    • 1
  1. 1.Fraunhofer Institute for Experimental Software EngineeringKaiserslauternGermany
  2. 2.Robert Bosch GmbHStuttgartGermany

Personalised recommendations