ABSTRACT
Many guidelines for safety-critical industries such as aeronautics, medical devices, and railway communications, specify that traceability must be used to demonstrate that a rigorous process has been followed and to provide evidence that the system is safe for use. In practice, there is a gap between what is prescribed by guidelines and what is implemented in practice, making it difficult for organizations and certifiers to fully evaluate the safety of the software system. In this paper we present an approach, which parses a guideline to extract a Traceability Model depicting software artifact types and their prescribed traces. It then analyzes the traceability data within a project to identify areas of traceability failure. Missing traceability paths, redundant and/or inconsistent data, and other problems are highlighted. We used our approach to evaluate the traceability of seven safety-critical software systems and found that none of the evaluated projects contained traceability that fully conformed to its relevant guidelines.
- V. Ambriola and V. Gervasi. Process metrics for requirements analysis. In Proc. of the 7th European Workshop on Software Process Technology (EWSPT), Kaprun, Austria, pages 90–95, 2000. Google ScholarDigital Library
- P. Arkley and S. Riddle. Tailoring traceability information to business needs. In Proc. of the 14th IEEE International Requirements Engineering Conference (RE), Minneapolis/St. Paul, Minnesota, USA, pages 239–244, 2006. Google ScholarDigital Library
- BEL-V, BfS, CSN, ISTec, ONR, SSM, STUK. Licensing of safety critical software for nuclear reactors – common position of seven european nuclear regulators and authorised technical support organisations, 2013.Google Scholar
- M. Borg, O. C. Gotel, and K. Wnuk. Enabling traceability reuse for impact analyses: A feasibility study in a safety context. In Proc. of the 7th International Workshop on Traceability in Emerging Forms of Software Engineering (TEFSE), San Francisco, USA, pages 72–78. IEEE, 2013.Google ScholarCross Ref
- E. Bouillon, P. Mäder, and I. Philippow. A survey on usage scenarios for requirements traceability in practice. In J. Doerr and A. L. Opdahl, editors, Requirements Engineering: Foundation for Software Quality, volume 7830 of Lecture Notes in Computer Science, pages 158–173. Springer, 2013. Google ScholarDigital Library
- T. D. Breaux, A. I. Antón, and E. H. Spafford. A distributed requirements management framework for legal compliance and accountability. Computers & Security, 28(1):8––17, 2009.Google ScholarDigital Library
- T. D. Breaux and D. G. Gordon. Regulatory requirements traceability and analysis using semi-formal specifications. In Proc. of the 19th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ’13), Essen, Germany, pages 141–157. Springer, 2013. Google ScholarDigital Library
- T. D. Breaux and A. Rao. Formal analysis of privacy requirements specifications for multi-tier applications. In Proc. of the 21st IEEE International Requirements Engineering Conference (RE), Rio de Janeiro, Brasil, pages 14–23. IEEE, 2013.Google Scholar
- F. M. Caffery, V. Casey, M. Sivakumar, G. Coleman, P. Donnelly, and J. Burton. Software and Systems Traceability, chapter Medical Device Software Traceability, pages 321–339. Springer, 2011.Google Scholar
- CCMB-2006-09-001: Common criteria for information technology security evaluation: Part 1: Introduction and general model, v3.1 r1, 2006.Google Scholar
- J. Cleland-Huang, O. Gotel, J. Huffman Hayes, P. Mäder, and A. Zisman. Software traceability: Trends and future directions. In Proc. of the 36th International Conference on Software Engineering (ICSE), Hyderabad, India, 2014. Google ScholarDigital Library
- CoEST: Center of excellence for software traceability, http://www.CoEST.org.Google Scholar
- C. Comar, F. Gasperoni, and J. Ruiz. Open-do: An open-source initiative for the development of safety-critical software. In Proc. of the 4th IET International Conference on Systems Safety, London, UK, pages 1–5. IET, 2009.Google ScholarCross Ref
- CONNECT, developer.connectopensource.org, 2013.Google Scholar
- J. E. Cook and A. L. Wolf. Software process validation: quantitatively measuring the correspondence of a process to a model. Transactions on Software Engineering and Methodology (TOSEM), 8(2):147–176, 1999. Google ScholarDigital Library
- J. L. de la Vara and R. K. Panesar-Walawege. Safetymet: A metamodel for safety standards. In Proc. of the 16th International Conference on Model Driven Engineering Languages and Systems (MODELS), Miami, USA, pages 69–86. Springer, 2013.Google ScholarDigital Library
- N. Dinesh, A. Joshi, I. Lee, and O. Sokolsky. Checking traces for regulatory conformance. In Proc. of the 8th International Workshop on Runtime Verification (RV), Budapest, Hungary, pages 86–103. Springer, 2008. Google ScholarDigital Library
- P. Duvall, S. Matyas, and A. Glover. Continuous Integration: Improving Software Quality and Reducing Risk. Addison-Wesley, 2007. Google ScholarDigital Library
- ECSS. ECSS-E-40C: principles and requirements applicable to space software engineering, 2009.Google Scholar
- P. Farail, P. Goutillet, A. Canals, C. Le Camus, D. Sciamma, P. Michel, X. Crégut, and M. Pantel. The TOPCASED project: a toolkit in open source for critical aeronautic systems design. Ingenieurs de l’Automobile, 1(781):54–59, 2006.Google Scholar
- Food and Drug Administration. General Principles of Software Validation; Final Guidance for Industry and FDA Staff, 2002.Google Scholar
- Gene-Auto, gforge.enseeiht.fr/projects/geneauto, 2013.Google Scholar
- D. G. Gordon and T. D. Breaux. A cross-domain empirical study and legal evaluation of the requirements water marking method. Requirements Engineering, 18(2):147–173, 2013.Google ScholarDigital Library
- O. Gotel, J. Cleland-Huang, J. Hayes, A. Zisman, A. Egyed, P. Grünbacher, A. Dekhtyar, G. Antoniol, J. Maletic, and P. Mäder. Traceability fundamentals. In J. Cleland-Huang, O. Gotel, and A. Zisman, editors, Software and Systems Traceability, pages 3–22. Springer London, 2012.Google Scholar
- O. Gotel and A. Finkelstein. Extended requirements traceability: results of an industrial case study. In Proc. of the 3rd IEEE Int. Symp. on Requirements Engineering (RE), Annapolis, USA, 1997. Google ScholarDigital Library
- O. Gotel and C. Finkelstein. An analysis of the requirements traceability problem. In Proc. of the 1st IEEE Int. Conf. on Requirements Engineering (RE), Colorado Springs, USA, pages 94 –101, apr 1994.Google ScholarCross Ref
- W. S. Greenwell, E. A. Strunk, and J. C. Knight. Failure analysis and the safety-case lifecycle. In Proc. of the 7th Working Conference on Human Error, Safety and Systems Development, Toulouse, France, pages 163–176, 2004.Google ScholarCross Ref
- Health Care Protocol Translator (HCPT), svn.assembla.com/svn/HITTeam, 2013.Google Scholar
- J. Hill and S. Tilley. Creating safety requirements traceability for assuring and recertifying legacy safety-critical systems. In Proc. of the 18th IEEE Int. Requirements Engineering Conference (RE), Sydney, Australia, pages 297–302, 2010. Google ScholarDigital Library
- A. Hindle. Software process recovery: Recovering process from artifacts. In G. Antoniol, M. Pinzger, and E. J. Chikofsky, editors, Proc. of the 17th Working Conference on Reverse Engineering (WCRE), Beverly, USA, pages 305–308, 2010. Google ScholarDigital Library
- ISO. ISO:26262-6:2011 Road vehicles - functional safety - part 6: Product development at the software level, 2011.Google Scholar
- H. Jonsson, S. Larsson, and S. Punnekkat. Agile practices in regulated railway software development. In Proc. of the 23rd IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), Dallas, Texas, pages 355–360. IEEE, 2012. Google ScholarDigital Library
- V. Katta and T. Stalhane. A conceptual model of traceability for safety systems. In CSDM-Poster, 2010.Google Scholar
- M. Kifer and G. Lausen. F-logic: A higher-order language for reasoning about objects, inheritance, and scheme. In Proc. of the ACM SIGMOD International Conference on Management of Data, Portland, USA, pages 134–146, 1989. Google ScholarDigital Library
- M. Kifer, G. Lausen, and J. Wu. Logical foundations of object-oriented and frame-based languages. Journal of the ACM (JACM), 42(4):741–843, 1995. Google ScholarDigital Library
- X. Larrucea, A. Combelles, and J. Favaro. Safety-critical software {guest editors’ introduction}. IEEE Software, 30(3):25–27, 2013. Google ScholarDigital Library
- P. Mäder, O. Gotel, and I. Philippow. Getting back to basics: Promoting the use of a traceability information model in practice. In Proc. of the 5th International Workshop on Traceability in Emerging Forms of Software Engineering (TEFSE), Vancouver, Canada, pages 21 –25, 2009. Google ScholarDigital Library
- P. Mäder, O. Gotel, and I. Philippow. Motivation matters in the traceability trenches. In Proc. of the 17th IEEE International Conference on Requirements Engineering (RE), Atlanta, Georgia, USA, pages 143–148, 2009. Google ScholarDigital Library
- P. Mäder, P. L. Jones, Y. Zhang, and J. Cleland-Huang. Strategic traceability for safety-critical projects. IEEE Software, 30(3):58–66, 2013. Google ScholarDigital Library
- J. C. Maxwell and A. I. Anton. A refined production rule model for aiding in regulatory compliance. Technical report, North Carolina State University. Department of Computer Science, 2010.Google Scholar
- S. Nejati, M. Sabetzadeh, D. Falessi, L. Briand, and T. Coq. A sysml-based approach to traceability management and design slicing in support of safety certification: Framework, tool support, and case studies. Information and Software Technology, 54(6):569–590, 2012. Google ScholarDigital Library
- The Open-DO Initiative, www.open-do.org, 2013.Google Scholar
- R. K. Panesar-Walawege, M. Sabetzadeh, and L. Briand. A model-driven engineering approach to support the verification of compliance to safety standards. In Proc. of the 22nd IEEE International Symposium on Software Reliability Engineering (ISSRE), Hiroshima, Japan, pages 30–39, 2011. Google ScholarDigital Library
- M.-A. Peraldi-Frati and A. Albinet. Requirement traceability in safety critical systems. In Proc. of the 1st Workshop on Critical Automotive applications: Robustness & Safety, CARS’’10, Valencia, Spain, pages 11–14, 2010. Google ScholarDigital Library
- B. Ramesh. Factors influencing requirements traceability practice. Communications of the ACM, 41(12):37 – 44, 1998. Google ScholarDigital Library
- B. Ramesh and M. Jarke. Toward reference models for requirements traceability. IEEE Transactions on Software Engineering, 27(1):58–93, 2001. Google ScholarDigital Library
- Rate Adjustment by Managing Inflows (RAMI), www.chris-edwards.org/340, 2013.Google Scholar
- P. Rempel, P. Mäder, and T. Kuschke. An empirical study on project-specific traceability strategies. In Proc. of the 21st IEEE International Requirements Engineering Conference (RE’13), Rio de Janeiro, Brasil, pages 195–204, 2013.Google ScholarCross Ref
- P. Rempel, P. Mäder, T. Kuschke, and I. Philippow. Requirements traceability across organizational boundaries - a survey and taxonomy. In Proc. of the 19th International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ’13), Essen, Germany, pages 125–140. Springer, 2013. Google ScholarDigital Library
- RTCA/EUROCAE. DO-178B/ED-12B: Software considerations in airborne systems and equipment certification, 2000.Google Scholar
- Secure Auditing for Linux (SAL), secureaudit.sourceforge.net, 2013.Google Scholar
- P. Sánchez, D. Alonso, F. Rosique, B. Álvarez, and J. A. Pastor. Introducing safety requirements traceability support in model-driven development of robotic applications. IEEE Transactions on Computers, 60(8):1059–1071, 2011. Google ScholarDigital Library
- TOPCASED the open-source toolkit for critical systems, www.topcased.org, 2013.Google Scholar
- Flora-2, http://flora.sourceforge.net, 2013.Google Scholar
- TOPCASED-REQ, gforge.enseeiht.fr/projects/topcased-req, 2013.Google Scholar
- TOPCASED-SAM, gforge.enseeiht.fr/projects/topcased-sam, 2013.Google Scholar
- Q. Yang, J. J. Li, and D. M. Weiss. A survey of coverage-based testing tools. The Computer Journal, 52(5):589–597, 2009. Google ScholarDigital Library
Index Terms
- Mind the gap: assessing the conformance of software traceability to relevant guidelines
Recommendations
Strategic Traceability for Safety-Critical Projects
To support any claim that a product is safe for its intended use, manufacturers must establish traceability within that product's development life cycle. Unfortunately, traceability information submitted to regulators and third parties is often weak, ...
Hazard analysis of interoperability conformance profiles: an industrial case study in healthcare
CASCON '19: Proceedings of the 29th Annual International Conference on Computer Science and Software EngineeringInitiatives to establish interoperability across heterogeneous systems often rely on published standards and conformance profiles. In many cases, participating systems need to be certified to conform to these standards before they are admitted. ...
A UML profile for developing airworthiness-compliant (RTCA DO-178B), safety-critical software
MODELS'07: Proceedings of the 10th international conference on Model Driven Engineering Languages and SystemsMany safety-related, certification standards exist for developing safety-critical systems. System safety assessments are common practice and system certification according to a standard requires submitting relevant software safety information to ...
Comments