Safety and Security Integrated Model-based Safety Engineering with I-SafE
To improve the completeness and consistency of safety-critical systems specifications, we present an integrated multi-analysis and multi-viewpoint safety engineering tool called I-SafE, which is a solution that supports general safety analysis as well as the specification and analysis of safety requirements traceability to architecture and failure models.
Safety engineering artifacts still have been defined by means of natural text in documents, spreadsheets, or databases. One major issue caused by that is inconsistency between safety requirements, failure models, and architecture . However, safety requirements often result from a safety analysis of the architecture, and, lately, must be allocated to elements of the architecture. In this regard, the existing inconsistencies and incompleteness lead to intensive efforts being required to update the artifacts impacted by the changes, and, consequently, significantly decrease the efficiency of the safety assurance architecture .
To contribute to overcoming this challenge, in this paper we introduce I-SafE: Integrated Safety Engineering, which is an Enterprise Architect based tool that supports the specification of traceable safety requirements, failure models, and architecture models, contributing, then, to ensure safety-by-construction, as safety is considered early in the process of the system design.
The I-SafE features described in this paper will be illustrated using a simplified version of a fictitious electric motor drive (E-Drive) system, which is depicted in the Figure 1.
Specifying Architecture Models with the Embedded Modeling Profile
I-SafE supports the specification of Functional, Logical, and Technical aspects of the architecture, which are based on the Embedded Modelling Profile . Examples of the architecture modelling toolbox provided by I-SafE is depicted in Figure 2.
Creation of Failure Models with I-SafE
I-SafE supports creating failure models of the types Component Fault Trees - CFTs, Failure Modes and Effects Analysis - FMEAs, and Markov Chains that are associated to architecture elements. Due to space constraints, only the CFT and FMEA support are described in this paper.
Component Fault Trees (CFT) extend standard fault trees with the concept of modularity in component based specifications. For example, Figure 3 depicts a CFT created with I-SafE for the emergency shut-off component of the E-Drive system illustrated in Figure 1.
The I-SafE’s support regarding the specification of FMEA is based on interface-focused IF-FMEA  for each system component. For instance, Figure 4 depicts an FMEA for the E-Drive's Pedal Sensor shown in Figure 1.
Tracing safety requirements specified with natural language to failure models and the architecture
In order to conveniently support the creation of trace links, I-SafE provides an autocomplete mechanism that suggests elements that should be referenced in the safety requirement being specified. These suggestions are made when the text being written has similarities with the names of elements present in the failure models or architecture models. For instance, as shown in Figure 5, as soon as the user starts to type the text fragment “The M”, the suggestions of the architecture component “MicroController” (cf. Figure 1), along with other elements that have similarities with this string, such as the MicroController CFT (cf. Figure 2), are shown in the suggestion list.