Hidden Implementation Dependencies in High Assurance and Critical Computing Systems

Critical and catastrophic failures in high assurance and critical computing systems can arise from unfounded assumptions of independence between system components, requirements, and constraints (work product sections), which can stem from misunderstandings and miscommunication between system engineers, managers, and operators and from inadequate or incomplete traceability between system work products. In this article, we propose a formal framework for the effective implementation of traceability between work product sections along with a technique for discovering potential causes of critical failures in high assurance and critical computing system models. We introduce a new abstraction of interrelated work product sections called implementation meta-work product and describe how our technique finds these meta-work products. We also demonstrate how this technique can be used to help analysts discover potential causes of safety-related errors in high assurance and critical computing systems by applying it to one case study of a known critical error and to one case study where we anticipate potential safety hazards