ACHIEVEMENT AND ASSURANCE OF SAFETY
Related titles: Directions in Safety-critical Systems Proceedings of the First Safety-critical Systems Symposium, Bristol 1993 Redmill and Anderson (eds) 3-540-19817-2 Technology and Assessment of Safety-critical Systems Proceedings of the Second Safety-critical Systems Symposium, Birmingham 1994 Redmill and Anderson (eds) 3-540-19859-8 SAFECOMP '93 Proceedings of the 12th International Conference on Computer Safety, Reliability and Security, Poznan-Kiekrz, Poland 1993 G6rski (ed.) 3-540-19838-5
ACHIEVEMENT AND ASSURANCE OF SAFETY Proceedings of the Third Safety-critical Systems Symposium Brighton, UK 7-9 February 1995 Edited by FELIX REDMILL and TOM ANDERSON Springer London Berlin Heidelberg New York Paris Tokyo Hong Kong Barcelona Budapest
Felix Redmill Redmill Consultancy 22 Onslow Gardens London NIO 3JU, UK Tom Anderson Centre for Software Reliability University of Newcastle-upon-Tyne Newcastle-upon-Tyne NEI 7RU, UK ISBN-13:978-3-540-19922-9 e-isbn-13:978-1-4471-3003-1 001: 10.1007/978-1-4471-3003-1 British Ubrary Cataloguing in Publication Data A catalogue record for this book is available from the British Ubrary Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by ay means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms of licences issued by the Copyright Ucensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publishers. Springer-Verlag London Limited 1995 The use of registered names, trademarks etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant laws and regulations and therefore free for general use. The publisher makes no representation, express or implied, with regard to the accuracy of the information contained in this book and cannot accept any legal responsibility or liability for any errors or omissions that may be made. Typesetting: Camera ready by authors 3413830-543210 Printed on acid-free paper
PREFACE Each year there are improvements in safety-critical system technology. These arise both from developments in the contributing technologies, such as safety engineering, software engineering, human factors and risk assessment, and from the adoption or adaptation of appropriate techniques from other domains, such as security. For these improvements to be of real benefit, they need to be applied during the appropriate stage in the life cycle of the system, whether it be development, assessment, or operation. For this to occur, they must be communicated and explained. Each year the Safety-critical Systems Symposium offers a distinguished forum for the presentation of papers on such developments, and also for papers from industry on the lessons learned from the use of technologies and methods. The results of many collaborative research projects, with components from both industry and academia, are reported in a universally understandable form. In 1995 the Symposium was held in Brighton, a venue calculated to stimulate not just the presenters of papers, but all the delegates. Yet, this book of Proceedings is intended not only for the delegates but also for readers not able to attend the event itself. We welcome both categories of reader. Delegates have the benefit of attending the presentations and the opportunity to participate in the discussions; those who take up this book after the event can peruse it attheir leisure and, perhaps, on account of it will resolve to attend subsequent symposia. We hope that all who read it will find the chapters both readily comprehensible and informative - they have been commissioned to provide a broad view of what is occurring in the field of safety-critical systems. The opening chapter offers a view of the work of the Health and Safety Executive - a body which, through its standards, guidelines and other publications, has been influential in the safety-critical domain, both in the UK and internationally. Thereafter, the volume covers a wide range of topics, culminating with chapters on the applications of new technologies in the field of safety-critical systems. Exploration of the common ground between safety and security, and the lessons which the safety-critical systems field can learn from proven security technology (and vice-versa!) is overdue. It is therefore gratifying to have two chapters which report on work in this area. Chapters on verification and validation provide insights into good practice in Germany and new practice in the UK. The growing awareness of the importance of risk analysis, hazard identification, and safety assessment is reflected and, we hope, will be stimulated, by chapters on these topics. Then there are chapters on Prograrnmable Logic Controllers, and the use of languages in safety-critical software
development. Finally, new technologies are represented by chapters on neural networks, artificial intelligence, formal methods and robotics. Several of the chapters report on the goals and results of collaborative projects and, thus, on technologies which are being prepared for use in the immediate future. Contriving the receipt of all papers in time for publication is never an easy task, and we would like to thank the authors for their part in making this Proceedings a full record of the Symposium. For considerable effort and dedication in organising the event, special appreciation goes to Joan Atkinson. Felix Redmill and Tom Anderson October 1994.
Contents The Safety-critical Systems Club... v Achieving Safety in Complex Control Systems Adrian Ellis... 1 Measuring the Benefits of Transport Safety Mike Jones-Lee and G Loomes... 15 Programming Languages and Safety-Related Systems Les Hatton... 48 On the Qualification of Safety-Critical Structures - the SAFESA Approach. Nigel Knowles and John Maguire... 65 FRESCO - An Investigation into a Framework for the Assessment of Safety-Critical Systems John Hunt, P Lucas and Guy Wingate... 71 Independent Safety Assessment of Rail Systems in their Operational Environment Morris Chudleigh and James Catmur... 80 Enhancing Safety Assurance Using Security Concepts John Elliott, Andy Lovering and Chris Gerrard... 90 Extending a Security Evaluation Standard (the ITSEC) to Dependability Alan Hawes... 117 A Framework for Enhancing the Safety Process for Advanced Robot Applications John Elliott, Steve Brooks, Peter Hughes and Nick Kanuritch... 131 Safe Systems for Mobile Robots - The Safe-SAM Project Derek Seward, Frank Margrave, Ian Sommerville and Gerald Kotonya 153 Nuclear Electric's Contributions to the CONTESSE Testing Framework and its Early Application Gordon Hughes, Deryk Pavey, John May, Pat Hall, Hong Zhu and Dan Lunn... 171
Current Practice in Verification, Validation and Licensing of Safety Critical Systems - The Assessor's Point of View Gunter GWe and Gerhard Rabe... 188 A Code of Practice for the Development of Safe PLC Software Stephen Clarke, Gerald Moran, Peter Faulkner, David Hedley, Des Maisey and Stuart Pegler... 207 Using Incident Analysis to Derive a Methodology for Assessing Safety in Programmable Systems Eamon Broomfield and Paul Chung... 223 Process Systems Applications of Artificial Neural Networks Gary Montague, Julian Morris and Paul Turner... 240 A Knowledge-based Approach to the Safe Design of Distributed Networks Khurshid Ahmad... 290 Where do Specifications Come From? Derek Partridge... 302 Formalising Fault Trees Janusz Gorski and Andrzej Wardzinski... 311 Author Index... 329