Contract-Based Justification for COTS Component within Safety Critical Applications

Commercial-Off-The-Shelf (COTS) software components are being used within complex safety-critical applications. However, to use them with confidence, it is necessary to ensure that potential failures of the COTS component does not contribute to system level hazards. To this end, we have established a contract-based approach to capture the application-specific safety requirements, and corresponding assurance requirements, derived for a potential COTS component. This “contract” can be used to form the basis of a packaged safety argument (i.e. a safety case) for the component. This COTS component safety case (or safety case module) can then be used to form part of an overall system safety case. Using the previously developed concepts of compositional safety case construction (Kelly 2003), we describe the activity of matching application level safety objectives and assurance requirements to those claims and levels of assurance that can be established for the COTS component. The role of argument mitigation strategies is described for those situations where direct matches cannot be achieved. An example derived from an industrial COTS-based application is used to illustrate the approach.1