Indirect Control Path Analysis and Goal Coverage Strategies for Elaborating System Safety Goals in Composite Systems

Correctly specifying requirements for composite systems is essential to system safety, particularly in a distributed development environment. Goal-oriented requirements engineering can be used to formally specify system goals and decompose them into realizable subgoals for system components. However, an additional aim of safety goal elaboration is to meet a goal coverage strategy. In this paper we propose new tactics for elaborating system safety goals across a composite system. First, indirect control path analysis (ICPA) is used to identify safety-related components and their relationships to the parent goals. Then, goal coverage strategies guide goal elaboration along indirect control paths identified by the ICPA. We demonstrate applicability in real safety critical embedded systems with two case studies: a distributed elevator and a semiautonomous automotive system.