The DefSafe Project - Specifying and Acquiring Safety Critical Systems

Safety-Critical Systems (SCSs) are in widespread use in defence. They include weapons and avionics systems, command and control systems, and mine-clearing and missile decoy systems. They are complex and often software-intensive.

The 3-year DefSafe project with the Australian government's Defence Materiel Organisation (DMO) commenced in January 1999. The aim of the project was to increase the assurance of Australian Defence safety-critical systems and to help the DMO formulate a consistent, co-ordinated and managed approach to the procurement of SCSs.

A major early focus of the project was to provide training and consultancy support to safety-related DMO projects. In this role, the project supported more than two dozen DMO system aquisition projects through a number of different interactions, from facilitation of hazard analysis workshops through to detailed review of system designs and safety features. Interaction took place at a wide variety of stages in the system life-cycle, from pre-contract conceptual planning stages, through to post-development sustainment and re-engineering.

A comprehensive survey of international standards for SCSs was conducted, covering a broad range of safety engineering issues and a cross-section of civilian and defence safety standards. Technical studies were also undertaken to address issues identified as shortcomings in existing system-safety standards, including:

• the role of operators in safety critical systems
• the problem of Non-Development Items and Off-The-Shelf Components, and
• the treatment of physical reliability and random failures in system safety assurance.

The technical studies went forward as part of Australia's contribution to international defence research collaboration through The Technical Cooperation Panel (TTCP).

Def(Aust) 5679 is the Australian Department of Defence's standard on Procurement of Safety Critical Computer-Based Systems. The DefSafe project assisted DSTO in the further development of Def(Aust) 5679 by providing a technical review and assisting in the collection of public comment. It also undertaken literature surveys and technical studies aimed at addressing some of the difficult technical issues in safety assurance.

The project was also active in education and training in the DMO. A half-day course on Def(Aust) 5679 was developed, and an overview of software safety assurance was provided as part of Software Acquisition Management training. A report on initial lessons learnt was presented at the Fourth Australian Workshop on Safety Critical Systems and Software.

Experience of problems encountered and effective solutions found was consolidated into development of policy, procedures and guidance for acquisition management of SCSs for inclusion in the DMO Knowledge System.

Another major DefSafe project achievement was the development and trial of +SAFE, a safety-directed extension of the Software Engineering Institute's Capability Maturity Model Integration^SM method for assessing suppliers' safety management and safety engineering capabilities. [^SM Capability Maturity Model Integration is a service mark of Carnegie Mellon University.] +SAFE has generated a large amount of interest around the world, including from the Federal Aviation Administration in the US and the Ministry of Defence in the UK.

Other technical studies produced during the project included:

• implications of the new MIL-STD 882D standard for Australian Defence acquisition
• evaluation of hazard management tools
• a proposal for harmonisation of the treatment of random failures and design failures in the Def(Aust) 5679 standard
• a review of architectural design principles for safety-critical systems
• a comparison of the treatment of Safety Integrity Levels in international safety standards

Project personnel:

Standing: Andrew Hussey, David Tombs, Axel Wabenhorst, Graeme Smith. Sitting: Peter Lindsay, Brenton Atchison.

Other contributors included: Mark Bofinger, David Hemer, Karl Lermer, Andrew Rae, Neil Robinson, and Wendy Johnston.

Some project outputs:

• B. Atchison, P. Lindsay and T. Cant. Improving safety management in defence acquisition
• A. Wabenhorst and B. Atchison. A survey of international safety standards
• B. Atchison and P. Lindsay. A Comparison of MIL-STD 882C and MIL-STD 882D for Australian Defence Acquisition.
• A. Hussey and B. Atchison. Hazard Analysis of Interactive Systems.
• A. Hussey and B. Atchison. Safe Architectural Design Principles.
• P. Lindsay and G. Smith. Safety Assurance of Commercial-Off-The-Shelf Software.
• N. Robinson, P. Lindsay and A. Pitman. Extending the Integrated Capability Maturity Model (CMMI) for Safety-Related Applications.
• P. Lindsay. Improved acquisition processes for safety-critical systems in the Australian Department of Defence.
• L. Wildman. Requirements reformulation using formal specification: a case study.
• M. Bofinger, N. Robinson, P. Lindsay, M. Spiers, M. Ashford and A. Pitman. Experience with Extending CMMI for Safety Related Applications.

 

For more information about the DefSafe project, contact Prof Peter Lindsay.

Related Software Verification Research Centre (SVRC) projects:

• Human-Computer Interaction safety analysis
• Active Missile Decoy system safety evaluation