Establishing Formal Regulatory Requirements for Safety-Critical Software Certification

Formal methods are usually used for computer system specification, production and verification. In this paper, a new direction for the use of formal methods is proposed, namely formalization of the regulatory requirements for software of safety-critical control systems. Formal regulatory requirements, as opposed to formal specifications for a concrete system, have a generic nature, are applicable for a wide range of safety-critical control systems and are the basis for certification or licensing process. The use of formal regulatory requirements could help to eliminate ambiguity or misunderstanding of informal definitions, to allow rigorous assessment of satisfaction with respect to requirements and finally to increase the safety level of a system. As a formal method for describing the regulatory requirements, the Z notation is proposed. To demonstrate the approach, requirements for protection against common mode software failures and requirements for protection against unauthorized access are considered. Z schemas for these requirements are presented.