ARRL: A CRITERION FOR COMPOSITIONAL SAFETY AND SYSTEMS ENGINEERING A normative approach to specifying components

Safety engineering standards define rigorous and controllable processes for system development. Nevertheless, safety standards differences from distinct domains are non-negligible. We focus in particular on the aviation, automotive and railway standards, all related to the transportation market. We argue that the Safety Integrity Levels are not sufficient to be used as a top level requirement for developing a safety critical system. We argue that Quality of Service is a more generic criterion that takes the trustworthiness as perceived by users into deeper account. In addition safety engineering standards provide very little guidance on how to compose safe systems from components, while this is the established engineering practice. We develop a novel normative concept called Assured Reliability and Resilience Level as a criterion that takes the industrial practice into account and show how it complements the Safety Integrity Level concept. An important difference is that it requires a component to carry a contract and the supporting evidence. ARRL can make a significant contribution to foster cross-domain safety engineering.