Newer
Older
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- Documentation on Support for Assurance Case Maintenances. -->
<head>
<link rel="stylesheet" type="text/css" href="../layout/stylesheet.css">
<title>Support for Assurance Case Maintenance</title>
</head>
<body>
<div class="header">
<div class="box">
<div class="navbar">
<!--a href="https://www.fortiss.org/" align="left">
<img src="fortiss-logo.png" width="90px" height="20px" align="left">
</a-->
<div class="dropdown">
<button class="btn" id="hamburger">
<label for="hamburger" class="hamburger">
<span class="hamburgerLine"></span>
<span class="hamburgerLine"></span>
<span class="hamburgerLine"></span>
</label>
</button>
<div class="dropdown-content">
<a href="../getting_started.html"> Main Page</a>
<a href="../ModandSim/model_element_attributes.html">Modeling and Simulation</a>
<a href="../ta/technical_viewpoint.html">Deployment and Code Generation</a>
<a href="../dse/dse_perspective.html">Design Space Exploration (DSE)</a>
<a href="../assuranceCases/creation.html">Assurance Case Modeling</a>
<a href=".././af3_further_resources.html">Further Resources</a>
</div>
</div>
<div class="dropdown">
<button class="dropbtn">Assurance Case Modeling <i class="triangle"></i></button>
<div class="dropdown-content">
<a href="creation.html">Modeling GSN-based Assurance Cases</a>
<a href="assessment.html">Quantitative Assessment of Assurance Cases</a>
</div>
</div>
<div class="topnav-right">
<a href="mailto:af_user@lists.fortiss.org?subject=Reporting 'maintenance.html' Documentation Problem!&body= Dear Af3 team, I am reporting an issue related to Assurance Case Modeling.
{Please specify the problem precisely here.}.">Report a Problem?</a>
</div>
</div>
</head>
</div>
</div>
<div class="box">
<button onclick="topFunction()" id="upBtn" title="Go to top">Top</button>
<p> Throughout the operational life of any system, changing regulatory
requirements, additional assurance evidence and a changing design can
challenge the corresponding assurance case. In order to maintain an
accurate account of the assurance of the system, all such challenges must
be assessed for their impact on the original assurance argument.</p>
<h2>Why do we need maintenance? </h2>
<p>An assurance case consists of many inter-dependent parts: requirements,
argument, evidence, design and process information. As a result, a single
change to an assurance case may necessitate many other consequential
changes - creating a 'ripple effect'. It is significant to recognize the
importance of every challenge to an assurance case. Furthermore, the
indirect impact is crucial and one of the biggest challenges. Any of these
challenges imply the re-generation of the system's assurance case of a system.
The construction and maintenance of assurance case arguments is expensive and tedious,
as it is mainly a manual process
that requires a considerable amount of time. Therefore, ExplicitCase provides safety
engineers with tool-supported change impact analysis.</p>
<!--##################### CIA for assurance cases-->
<h2>Change Impact Analysis (CIA) for assurance cases</h2>
<p>The change impact analysis includes the handling of challenges regarding
the following different argument elements.</p>
<ul>
<li>
<p>If the challenged item is a Goal, it challenges its relationship to
both the parent Goal and to the supporting evidence provided. It also
challenges the solutions that support the Goal.</p>
</li>
<li>
<p>If the challenged item is a Solution, it challenges its role as a
solution to all goals relying upon it through the SupportedBy
relationship.</p>
</li>
<li>
<p>If the challenged item is a Context, it challenges the relationship
with all goals previously expressed in the context of that item using
the InContextOf relationship. More specifically, changing a Context
challenges all goals, strategies and solutions that introduce this
Context. In addition, it challenges all goals, strategies and
solutions which inherit this Context.</p>
</li>
</ul>
<!--##################### Potential vs actual change effect-->
<h3>Potential vs. actual change effect</h3>
<p>The rules described above constitute the potential change effect and not
necessarily the actual change. There is a significant difference between
actual and potential change. The nodes to which the impact of the
challenge in a connected GSN node propagates are called impacted nodes.
The potential change includes further analysis of the possible effects on
the rest of GSN nodes after one element is challenged. A safety engineer
has to review all the potential challenges and decide upon them.
ExplicitCase implements as a starting point, the potential change effect.</p>
<!--##################### CIA in ExplicitCase-->
<h3>Change impact analysis in ExplicitCase</h3>
<p> The assurance case maintenance in ExplicitCase requires the
participation of different entities and stakeholders (see Fig. 8). The
system modeling is done by the system engineer and the GSN modeling of the
assurance cases by the safety engineer. The safety engineer has also
responsibilities such as hyperlinking GSN with System Models and
annotating GSN assurance cases with maintainability information.
ExplicitCase recognizes challenges to validity of GSN assurance cases and
identifies the impact of a GSN node challenge. Finally, the safety
engineer gives input to the system engineer regarding the reasons why,
after a change in one system model element, other system model elements,
should be reviewed.</p>
<figure> <img src="./pictures/maintenance-process.png"> <figcaption>Consistency Checks between System and Safety Case Models.</figcaption> </figure>
<li> Create an assurance case module; </li>
<p> <img src="./pictures/maintenance1.PNG"></p>
<li> Select an argument element in the <span class="italic">Model Navigator View</span> and right-click on it.
Select the <span class="bold">Set to Challenged</span> button from the opened
<span class="italic">Context Menu</span>; </li>
<li> The challenged solution has changed its color to red; </li>
<p> <img src="./pictures/maintenance3.PNG"></p>
<li> Right-click again on the challenged argument element in the <span class="italic">Model Navigator View</span>.
Select the <span class="bold">Show Potential Change Impact</span> button from the opened
<span class="italic">Context Menu</span>; </li>
<li> The potentially impacted argument elements, by the challenged
element, have turned their color to yellow; </li>
</div>
<script src="../layout/jsscript/topBtn.js">
</script>
</body>