As the world enters the information era, more and more dependable services controlling and even making our decisions are moved to the ubiquitous smart devices. While various standards are in place to impose the societal ethical norms on decision-making of those devices, the rights of the individuals to satisfy their own moral norms are not addressed with the same scrutiny. Hence, the right of the individuals to reason on their own and evaluate morality of certain decisions is at stake. In this work we propose an agent-centred approach for assuring ethics in dependable technological service systems. We build upon assurance of safety and security and propose the notion of ethics assurance case as a way to assure that individual users have been made aware of all the ethically challenging decisions that might be performed or enabled by the service provider. We propose a framework for identifying and categorising ethically challenging decisions, and documenting the ethics assurance case. We apply the framework on an illustrative example.

This paper presents the platooning research within the Safe Cooperating Cyber-Physical Systems using Wireless Communication (SafeCOP) project. Cooperating Cyber-Physical Systems (CO-CPS) using wireless communication and having multiple stakeholders, dynamic system definitions (openness), and unpredictable operating environments, are the main application of SafeCOP. In addition to safety assurance methods and tools, SafeCOP devises a runtime manager architecture that detects irregular operation, hence, prompting a safe degraded mode in case of need. SafeCOP lays a safety and security umbrella over the usage of current wireless technologies, contributes to new standards and regulations by providing scientifically validated solutions to establish standards which also addresses cooperation and system-of-systems issues. SafeCOP addresses several use cases that solve customer related problems. However, in this paper we will present a use case that extract generic principles from the combination of the previous use cases to stimulate the European collaboration around the project objectives, and to collect general requirements for the SafeCOP solution, applicable across all the areas considered. We consider a CO-CPS composed of two or more systems moving in a platoon while cooperating in a safe function.

Assurance cases in form of structured arguments are often required by standards to show that a system is acceptable for its intended purpose with respect to a particular assurance viewpoint such as safety or security. The goal of such a case is to present an argument that connects the requirements of a particular viewpoint with the supporting evidence. Building a set of assurance cases for the different viewpoints can be time-consuming and costly. Means are needed to automate and reuse the assurance case artefacts between the assurance cases for the different viewpoints. In this paper we present how assumption/guarantee contracts can be used to facilitate reuse of assurance case artefacts by building multiple-viewpoint assurance cases from the contracts. More specifically, we build upon the previous work on argument-fragment generation from such contracts to allow for generating viewpoint specific argument-fragments. We illustrate the approach on a motivating case.

Safety-critical systems usually need to comply with a domain-specific safety standard. To reduce the cost and time needed to achieve the standard compliance, reuse of safety-relevant components is not sufficient without the reuse of the accompanying artefacts. Developing reusable safety components out-of-context of a particular system is challenging, as safety is a system property, hence support is needed to capture and validate the context assumptions before integration of the reusable component and its artefacts in-context of the particular system. We have previously developed a concept of strong and weak safety contracts to facilitate systematic reuse of safety-relevant components and their accompanying artefacts. In this work we define a safety contracts development process and provide guidelines to bridge the gap between reuse of safety elements developed out-of-context of a particular system and their integration in the ISO 26262 safety standard. We use a real-world case for demonstration of the process.

The use of contracts to enhance the maintainability of safety-critical systems has received a significant amount of research effort in recent years. However some key issues have been identified: the difficulty in dealing with the wide range of properties of systems and deriving contracts to capture those properties, and the challenge of dealing with the inevitable incompleteness of the contracts. In this paper, we explore how the derivation of contracts can be performed based on the results of failure analysis. We use the concept of safety kernels to alleviate the issues. Firstly the safety kernel means that the properties of the system that we may wish to manage can be dealt with at a more abstract level, reducing the challenges of representation and completeness of the "safety" contracts. Secondly the set of safety contracts is reduced so it is possible to reason about their satisfaction in a more rigorous manner.

Safety-critical systems usually need to comply with a domain-specific safety standard, which often require a safety case in form of an explained argument supported by evidence to show that the sys ...

Our aim is to contribute to bridging the gap between the justified need from industry to reuse third-party components and skepticism of the safety community in integrating and reusing components developed without real knowledge of the system context. We have developed a notion of safety contract that will help to capture safety-related information for supporting the reuse of software components in and across safety-critical systems. In this paper we present our extension of the contract formalism for specifying strong and weak assumption/guarantee contracts for out-of-context reusable components. We elaborate on notion of satisfaction, including refinement, dominance and composition check. To show the usage and the expressiveness of our extended formalism, we specify strong and weak safety contracts related to a wheel braking system.

Our aim is to develop a notion of safety contracts and related reasoning that supports the reuse of software components in and across safety-critical systems, including support for certification related activities such as using the contract reasoning in safety argumentation. In this paper we introduce a formalism for specifying assumption/guarantee contracts for components developed out of context. We are utilising the concepts of weak and strong assumptions and guarantees to customise ne-grained contracts for addressing a broader component context and specification of properties for speci c alternative contexts. These out of context contracts can be conveniently instantiated to a speci c context, thereby providing support for component reuse.

Safety standards define development processes by indicating the set of partially ordered tasks that have to be executed to achieve acceptably safe systems. Process compliance constitutes a fundamental ingredient in safety argumentation for certification purposes. Certification is a very expensive, time-consuming and quality demanding activity. To increase quality and reduce time and cost, reuse-based approaches are being investigated. In this paper, we adopt process line approach in the framework of safety processes. This means that we treat a family of processes as a product line, and we identify commonalities and variabilities between them. The resulting information guides developers in reusing parts of the process, the system and safety case, e.g. which parts to make more generic, isolating changes in others to avoid ripple effects etc.