Andromeda: A model-connected framework for safety assessment and assurance

Abstract

Safety is a key factor in the development of critical systems, encompassing both conventional types, such as aircraft, and modern technologies, such as autonomous vehicles. Failures during their operation can be potentially far-reaching and impact people and the environment. To certify these systems and enable their employment, regulatory bodies require, among others, a safety case. However, the growing complexity of modern systems and iterative nature of development pose significant challenges to the traditional approaches for creating safety cases that are still used in practice. Furthermore, safety cases are often generated in an ad-hoc manner and remain disconnected from system models and related artefacts. Without these connections it is difficult to construct the proper infrastructure for producing and maintaining safety cases in a structured manner throughout the system lifecycle. This paper presents our innovative method, Andromeda, and its underpinning metamodel, which establish connections between safety cases, system models, safety assessment activities aligned with international safety standards, and argument patterns. Automation is applied across various stages of the production of argument structures that support safety assurance and certification activities. Andromeda is complemented by tool-support designed to facilitate its application, and we demonstrate our work through a case study from the aviation industry.