2. Critical systems
•
Systems whose failure or unavailability can lead to
loss of life, injury, environmental damage or serious
economic consequences for businesses or countries
•
Almost all public and private sector activities in
developed countries now rely on critical, softwareintensive systems
•
Long-lifetime systems
Critical systems engineering, 2013
Slide 2
4. Critical systems engineering
• The focus in critical systems
engineering is on the use of techniques
and methods to develop dependable
and secure systems
Critical systems engineering, 2013
Slide 4
5. •
The costs of critical system failure are so high that
development methods may be used that are not costeffective for other types of system.
•
A key difference between critical systems engineering
and other types of software engineering is often the
need to demonstrate compliance to laws and
regulations.
Critical systems engineering, 2013
Slide 5
6. Regulation
•
Regulators are government-appointed bodies whose
job is to ensure that companies and other bodies
conform to national and international laws.
•
This normally involves interpreting the law and
government policy and establishing standards and
regulations that must be followed by industry.
Critical systems engineering, 2013
Slide 6
8. System certification
• The regulators check that the system is
conformant to current regulations and
standards and that due care and
attention has been paid to making the
system safe
Critical systems engineering, 2013
Slide 8
9. System certification
• Some critical systems have to be ‘certified’ by
an external regulator before they can be put
into use
– Aviation systems
– Nuclear systems
– Railway systems
– (Some) medical systems
Critical systems engineering, 2013
Slide 9
10. Certification costs
•
Certification is very expensive as it involves preparing
detailed documents for the regulator
•
There may be several thousand pages of
documentation that must be created and analysed
•
Certification costs can be comparable or even exceed
the system development costs
Critical systems engineering, 2013
Slide 10
11. • System owners and developers jointly
produce evidence (a safety case or a
dependability case) that demonstrates
to the regulator that a system is safe
and dependable
Critical systems engineering, 2013
Slide 11
12. Compliance
• Even when system do not need certification
before use, their owners may need to
demonstrate compliance with existing laws
and regulations
• This may involve collecting information about
the design and operation of a system
Critical systems engineering, 2013
Slide 12
14. Critical systems engineering
• System failure costs are high
– Additional costs during system development are
justified if these reduce the likelihood of failure
– Tools and techniques to reduce the chances of
failure that are not cost-effective for other systems
may be used
Critical systems engineering, 2013
Slide 14
15. • Systems last a long time
– This requires the use of stable technologies
and the development of extensive system
documentation
Critical systems engineering, 2013
Slide 15
16. • Systems must demonstrate compliance
– Product and process record keeping
– Safety and dependability case development
Critical systems engineering, 2013
Slide 16
17. Critical systems engineering
processes
• Usually plan-driven processes where each
process stage is planned and carefully
documented
• Agile processes are not suitable for critical
systems engineering although some agile
practices such as test-first development may
be used
Critical systems engineering, 2013
Slide 17
18. • It is importantto have a complete description
of the system requirements and specification
so that they can be checked and analysed
before development begins
• Disciplined configuration management of all
software and hardware is essential
Critical systems engineering, 2013
Slide 18
19. Dependable systems
• Fault avoidance
• Fault detection and removal
• Fault tolerance
• Failure recovery and restart
Critical systems engineering, 2013
Slide 19
20. Software engineering techniques
• Formal methods for systems specification and
analysis
• Fault detection tools such as model checkers
and static analyzers
Critical systems engineering, 2013
Slide 20
22. • Fault-tolerant architectures and software
redundancy
• Argumentation systems to support the
development of dependability cases
Critical systems engineering, 2013
Slide 22
24. Summary
• Focuses on the use of techniques and
methods to develop dependable and secure
systems
• The CSE process may have to develop
information to satisfy a regulator that a
system is safe and compliant with regulations
Critical systems engineering, 2013
Slide 24
25. • A plan-based process is normally used
• Techniques that are not used for other types
of system may be cost-effective for critical
systems
Critical systems engineering, 2013
Slide 25