Floor Koornneef Coen van Gulijk (Eds.) 8 3 Computer Safety, 3 9 S C Reliability, and Security N L SAFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR Delft, the Netherlands, September 22, 2015, Proceedings 123 Lecture Notes in Computer Science 9338 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zürich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7408 Floor Koornneef Coen van Gulijk (Eds.) (cid:129) Computer Safety, Reliability, and Security SAFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR Delft, the Netherlands, September 22, 2015 Proceedings 123 Editors Floor Koornneef CoenvanGulijk University of Technology University of Huddersfield Delft Huddersfield TheNetherlands UK ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-319-24248-4 ISBN978-3-319-24249-1 (eBook) DOI 10.1007/978-3-319-24249-1 LibraryofCongressControlNumber:2015948709 LNCSSublibrary:SL2–ProgrammingandSoftwareEngineering SpringerChamHeidelbergNewYorkDordrechtLondon ©SpringerInternationalPublishingSwitzerland2015 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade. Printedonacid-freepaper SpringerInternationalPublishingAGSwitzerlandispartofSpringerScience+BusinessMedia (www.springer.com) Preface It has become a tradition to organize workshops in conjunction with the annual SAFECOMP conferences. This year, we accepted proposals for 5 domain-specific high-quality workshops. This resulted in 5 workshops where safety and safety-related security formed the core content. This volume presents the proceedings of these workshopsattheDelftUniversityofTechnologyonSeptember22,2015,precedingthe SAFECOMP 2015 conference from 23 to 25 September. The SAFECOMP 2015 proceedings can be found in LNCS volume 9337. The workshops allow for deep immersion into dedicated topics. This year’s workshops are sequels to earlier workshops, which shows that the workshops are relevant to the scientific society that deals with safety in programmable industrial systems. The workshops maintained high-quality standards and were organized by well-known chairs and respected Program Committees. The workshops constitute a valuableadditiontotheSAFECOMPconferenceandthescientificsocietysurrounding it. This year’s workshops were the following: (cid:129) ASSURE2015-AssuranceCasesforSoftware-IntensiveSystems,chairedbyEwen Denney, Ibrahim Habli and Ganesh Pai; (cid:129) DECSoS 2015 - EWICS/ERCIM/ARTEMIS Dependable Cyber-physical Systems and Systems-of-Systems Workshop, chaired by Erwin Schoitsch and Amund Skavhaug; (cid:129) ISSE 2015 - International Workshop on the Integration of Safety and Security Engineering, chaired by Laurent Rioux, John Favaro, and Sanja Aaramaa; (cid:129) ReSA4CI 2015 - International Workshop on Reliability and Security Aspects for Critical Infrastructure Protection, chaired by Silvia Bonomi and Ilaria Matteucci; (cid:129) SASSUR2015-InternationalWorkshoponNextGenerationofSystemAssurance ApproachesforSafety-CriticalSystems,chairedbyAlejandraRuiz,TimKellyand Jose Luis de la Vara. Thisyear36paperswereaccepted,resultingin3full-dayand2half-daychallenging workshops. The authors are from Austria, Canada, France, Germany, Hungary, Italy, Ireland, Japan, the Netherlands, Norway, Portugal, Singapore, Slovakia, Spain, Sweden,theUK,andtheUSA.SimilartotheSAFECOMPconference,theworkshops provide a truly international platform where academia and industry meet. It hasbeenanhonor andpleasure for us,astheSAFECOMP 2015programchairs, to work with the workshop chairs and the authors. We thank the workgroup chairs, authors, the members of workshop Program and Steering Committees and the Local OrganizingCommitteefordoingagreatjobandfortheirpleasantcooperation.Wealso thank Saba Chockalingam and Yamin Huang for their contribution in formatting and completing the proceedings. September 2015 Floor Koornneef Coen van Gulijk Organizing Committee EWICS TC7 Chair Francesca Saglietti University of Erlangen-Nuremberg, Germany General Chair Pieter van Gelder Delft University of Technology, the Netherlands Program Co-chairs Floor Koornneef Delft University of Technology, the Netherlands Coen van Gulijk University of Huddersfield, UK Workshop Chair Frank Ortmeier Otto von Guericke Universität Magdeburg, Germany Finance Chair Erika van Verseveld Delft University of Technology, the Netherlands Publicity Chair Sandra Koreman schetsboek.com, the Netherlands ASSURE 2015 The 3rd International Workshop on Assurance Cases for Software-Intensive Systems Ewen Denney1, Ibrahim Habli2, and Ganesh Pai1 1SGT/NASA Ames Research Center, Moffett Field,CA 94035,USA {ewen.denney, ganesh.pai}@nasa.gov 2Departmentof Computer Science, University of York,YorkYO105DD, UK [email protected] 1 Introduction Software-intensive systems play a key role in high-risk applications. Increasingly, regulations, standards, and guidelines now mandate and/or recommend that assurance cases be developed as part of the process for certification/approval of such systems, e.g., in defense, aviation, automotive, and healthcare systems. An assurance case is a reasoned argument, supported by a body of evidence, that a system exhibits certain behavior in a defined environment. Typically, assurance cases focus on a particular property—e.g., safety, security, or more generally, dependability—and are developed in a phased manner at the system level, with relations to the system development activities, i.e., requirements development, design, implementation, verification, and deployment. Ultimately, assurance arguments will form a core part of the assurance case for the wider system. This volume contains the papers presented at the 3rd International Workshop on AssuranceCasesforSoftware-intensiveSystems(ASSURE2015),collocatedthisyear with the 34th International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2015), in Delft, the Netherlands. As with the previous two editions of ASSURE, this year’s workshop aims to provide an international forum for presenting emerging research, novel contributions, tool development efforts, and position papers on the foundations and applications of assurance case principles and techniques. The workshop goals are to: i) explore techniques to create and assess assurance cases for software-intensive systems; ii) examine the role of assurance cases in the engineering lifecycle of critical systems; iii) identify the dimensions of effective practice in the development/evaluation of assurance cases; iv) investigate the relationship between dependability techniques and assurance cases; and, v) identify critical research chal- lenges towards defining a roadmap for future development. VIII ASSURE 2015 2 Program ASSURE 2015 began with an invited keynote talk by Pippa Moore of the UK Civil AviationAuthority(CAA).Ninepaperswereacceptedthisyear,coveringfourthemes that address the workshop goals: foundations, methodology and patterns, tool support and tool demonstrations, and applications. Papers under the ‘foundations’ theme considered topics such as formalizing the structure of assurance arguments, and the representation of confidence. The ‘methodology and patterns’ theme included papers that dealt with argument patterns addressing security and safety, as well as lifecycle approaches for safety and dependability. Papers concerning domain-specific model-based tools for safety argumentation, systems for safety condition monitoring, and building blocks for assurance cases comprised the ‘tool support and tool demon- strations’ theme, whereas the ‘applications’ theme mainly dealt with medical device assurance. Similar to the previous year’s workshop, ASSURE 2015 concluded with a panel discussion, where researcher and practitioner panelists discussed the role of argumentation in certification and safety risk management. 3 Acknowledgments We thank all those who submitted papers to ASSURE 2015 and congratulate those authors whose papers were selected for inclusion into the workshop program and proceedings. For reviewing the submissions and providing useful feedback to the authors, we especially thank our distinguished Program Committee members. Their efforts have resulted in an exciting workshop program and, in turn, a successful third edition of the ASSURE workshop series. Finally, we thank the organizers of SAFE- COMP 2015 for their support of ASSURE 2015. ASSURE2015 IX ASSURE Program Organizers Ewen Denney SGT/NASA Ames Research Center, USA Ibrahim Habli University of York, UK Ganesh Pai SGT/NASA Ames Research Center, USA ASSURE Program Committee Robin Bloomfield City University, UK Jérémie Guiochet LAAS-CNRS, France Richard Hawkins University of York, UK David Higham Delphi Diesel Systems, UK Michael Holloway NASA Langley Research Center, USA Paul Jones Food and Drug Administration, USA Tim Kelly University of York, UK Yoshiki Kinoshita Kanagawa University, Japan John Knight University of Virginia, USA Andrew Rae Griffith University, Australia Roger Rivett Jaguar Land Rover Automotive, UK Christel Seguin ONERA, France Mark-Alexander University of Warwick, UK Sujan Kenji Taguchi AIST, Japan Alan Wassyng McMaster University, Canada Sean White Health and Social Care Information Centre, UK ASSURE Additional Reviewers Katrina Attwood University of York, UK Oleg Lisagor University of York, UK Mark Nicholson University of York, UK Makoto Takeyama Kaganawa University, Japan Ian Whiteside Avaloq Innovation, UK