Reducing Certification Costs Through Assured Dynamic Software Configuration

Engineering activities in the operation and maintenance phase of safety-critical systems are becoming increasingly important. The ever more rising software complexity in terms of an amount of implemented functions led to a proportional increase of various change demands. Most of these demands are initiated to repair the system from defects, i.e., due to design faults not identified in the development for example. Maintaining changes in the operation phase can be very cost-intensive, because regulations of safety standards require to re-verify and re-validate the system in most cases, in order to ensure that the systems integrity is not compromised by the incorporated changes. In this paper, we describe an approach to perform changes on software in the operation and maintenance phase of systems lifecycle. To prevent the impact of changes on systems integrity, certain design limitations are set, so that controlled types of changes are permitted only. Furthermore, since also in cases of strong design limitations the systems integrity can be compromised, a support for systems modelling and analysis has been provided. The modelling captures certain functional and non-functional aspects of the system, which are then analyzed to decide whether changes can be performed or not. The main outcome here is that specific types of changes can be maintained without having an impact on systems integrity and therefore without requiring an extensive re-verification and re-validation. We report on possible improvements in costs of changes, by considering several industrial use cases and their typical change scenarios in the maintenance phase.