A Safety Case Approach to Assuring Configurable Architectures of Safety-Critical Product Lines

Companies are increasingly adopting a product-line approach to the development of safety-critical systems. A product line offers large-scale reuse by exploiting common features and assets shared by systems within a specific domain. In this paper, we discuss the challenges of justifying the safety of architectural configurations and variation when developing product-line safety cases. We then address these challenges by defining an approach to developing product-line safety cases using the patterns and modular extensions of the Goal Structuring Notation (GSN). In this approach, we use the GSN patterns extension for explicitly capturing safety case variations and tracing these variations to their extrinsic source in the architectural model. Further, we use the GSN modular extension to organise the safety case into core and variable argument modules which are loosely coupled by means of argument contracts. We demonstrate this approach in a case study based on a product line of aeroengine control systems.