The use of Bayesian Belief Networks for combining disparate sources of information in the safety assessment of software based systems
Abstract
The objective of the research has been to investigate the possibility to transfer the requirements of a software safety standard into Bayesian belief networks (BBNs). The BBN methodology has mainly been developed and applied in the AI society, but more recently it has been proposed to apply it to the assessment of programmable systems. The relation to AI application is relevant in the sense that the method reflects the way of an assessor's thinking during the assessment process. Conceptually, software reliability is almost impossible to compute, since many of the aspects of the software which influence the reliability are of qualitative nature and not directly measurable, but have to be estimated e.g. by expert judgement.
The conclusion from the research presented in this thesis is that the use of Bayesian Belief Networks for combining disparate sources of information in the safety assessment of software based systems, combined with questionnaires, offers a systematic way to combine quantitative and qualitative evidences of relevance for the safety assessment of programmable systems, e.g. in a licensing process or in a PSA analysis.
The BBN is constructed in two levels. The higher level is based on the four qualities: quality of the producer, quality of the production, quality of the product, and quality of the analysis. The higher-level BBN is general, and independent of the standard, and is based on the research discussed in chapter 2. The lower-level BBNs reflect the recommendations of RTCA/DO-178B. Each top node of the lower-level BBNs is linked to intermediate nodes representing the 10 lifecycle stages identified in DO-178B. Each of these nodes are again linked to other intermediate nodes, representing the objectives of each lifecycle. The further proposed step is to identify a list of questions to each objective. In the described research these questions are based on the understanding of the text in the main part of DO-178B, and formulated so that the answer could be given by a "yes" or a "no".
For both the higher and lower level networks there is a need for further validation. This is demonstrated through the experimental investigation with the BBNs. However, a hypothesis is that a reallocation of objectives or questions only will give local (or partial) effects, and not changes in the overall assessment. A reason for this could be that there are a few "soft evidences" and dependencies connecting these evidences that are more sensitive than the other. So fare, there has, however, not been possible to find such evidences.
Although the BBNs and results are based upon a real application, this approach has not been applied to a real development or assessment. A first try could be to apply the approach for decision support in the approval of safety critical programmable systems. Another try could be to apply the approach as decision support early in the development of a system, in order to point on where to set in the effort and thus being able to reach specific objectives of the final product.
The establishment of the BBNs and prior probability distributions can be rather time consuming. However, the process of building up the network, e.g. by making questionnaires, and doing the elicitation of the prior distributions related to a standard (RTCA/DO-178B), and not to the actual system, implies that the network and questions are of a general nature, and can be reused in many applications. They can also be gradually improved based on experience. The experiences with modelling the requirements of the avionics standard RTCA/DO-178B as BBNs, point in the direction that this approach can be transferred to the modelling of other software standards built on the same basic framework, and which follow the same principles. This holds even though they may differ in the aspect they put special emphasis on.
Conceptually, estimation of the dependability of programmable systems is nearly impossible to compute, since many of the characteristics to be considered are of qualitative nature and not directly measurable, but have to be estimated. The most difficult activity in the experiment described was to perform the expert judgment, in particular in the assignment of values to the conditional probability distributions. Even if some of the project members can be considered as experts within their fields, it is highly recommendable to make use of some expert judgment tools or expert judgment expertise. Note also that knowledge within BBN and probabilistic theory is of great advantage in the construction of the networks and the assessment of the probability distributions, and also an advantage in the evaluation of the results from the computations.
Has parts
Gran, Bjørn Axel; Dahll, Gustav. The Use of Bayesian Belief Nets in Safety Assessment of Software Based Systems. Int. J. General systems. 24(2): 205-229, 2000.Gran, Bjørn Axel. Assessment of programmable systems using Bayesian belief nets. Safety Science. 40(9): 797-812, 2002.
Gran, Bjørn Axel. Use of Bayesian Belief Networks when combining disparate sources of information in the safety assessment of software-based systems. International Journal of Systems Science. 33(6): 529-542, 2002.
Gran, Bjørn Axel. Applying Bayesian belief net in software safety assessment on a real, safety related programmable system. Safety and Reliability - Towards a safer world: 1045-1052, 2001.
Gran, Bjørn Axel; Thunem, Harald. EISTRAM - Experimental Investigation of the PIE-technique. Safety and Reliability: 409-416, 1998.