Papers by Bertrand Ricque
HAL (Le Centre pour la Communication Scientifique Directe), Oct 11, 2022
International audienceCyber-physical systems have evolved faster than development technologies, w... more International audienceCyber-physical systems have evolved faster than development technologies, which in turn have evolved faster than safety standards, despite periodic revisions. By 2020, a significant cumulative gap exists between development assurance and its perceived effectiveness on safety of the highly complex systems developed nowadays. This paper explores how this gap could be at least partly closed. First, we review new techniques that are emerging from hybrid system research and that might influence verification of system safety in the future, then we discuss some problems in industrial practice of safety assessment and in safety standards. These problems are widely acknowledged in all industrial domains, especially when facing certification of AI-enabled autonomous vehicles (cars, drones, trains, underwater unmanned vehicles etc.). Finally, we propose some orientations to evolve the development assurance standards so that they may facilitate accommodation of these new t...
This paper provides a global perspective on qualification of tools used for development or verifi... more This paper provides a global perspective on qualification of tools used for development or verification of safety critical software. The increasing complexity and criticality of safety critical software requires a high degree of rigor in the development and verification processes. These processes are regulated by standards such as DO178C/ED-12C for airborne software, EN 50128 for railway equipment, IEC 61508 / IEC 61511 / IEC 62061 for industry, ISO 26262 for automotive, ECSS (in particular Q80, E40) for European space and IEC 60880 for the nuclear industry. Development and verification of application software increasingly rely on the use of tools automating complex verification and/or development activities. This paper provides a comparative overview of the current major standards regarding tools, and proposes improvements in the approach for tool qualification.
Safety standards in most domains (aeronautics, automotive, industry, nuclear, railway, space) con... more Safety standards in most domains (aeronautics, automotive, industry, nuclear, railway, space) consider software (and more generally, design) as a deterministic artefact. They propose a global rationale combining probabilistic evidence on hardware random failures and deterministic evidence on systematic causes of failures including software. In a context where software is more and more pervasive in all systems, and where it is sometimes advocated that software complexity and size seem to provide some relevance to a probabilistic view of software behaviour, several initiatives suggest to change the way to address software in the global system safety assessment. This is a complex question with many facets. Among them the authors propose to discuss in the paper:-foundations, relevance and limits of probabilistic assessment for software,-relationship between software criticality category, (or class, DAL/SIL/ASIL/SSIL etc.) and probabilistic safety objectives,-the rationale for software d...
Cet article presente les travaux menes dans le cadre du projet DISCOMS, initie apres Fukushima, e... more Cet article presente les travaux menes dans le cadre du projet DISCOMS, initie apres Fukushima, et dedie a la surveillance du corium en cas d’Accident Grave (AG) avec percement de la cuve du reacteur. Apres etablissement des objectifs et identification des localisations possibles pour les capteurs, la modelisation des rayonnements a ete menee pour deux generations de reacteurs (le parc en exploitation ‘Gen2’, et ‘Gen3’ soit le reacteur EPR), tant en fonctionnement normal qu’en AG. Eu egard aux conditions extremes de l’interaction corium-beton, une modelisation thermique a diverses profondeurs du radier a ete realisee, afin d’optimiser l’enfouissement des capteurs. Ceci a permis la conception des Collectrons et le choix des fibres optiques monomodes a meme de resister a la temperature et a la dose pendant les 60 ans de fonctionnement, suivis d’un AG. Grâce a des tests en irradiateur, plusieurs fibres optiques presentant une faible attenuation induite ont ete qualifiees pour leur mise...
This paper compares the influence of Development Assurance Levels (DALs) on the prescribed object... more This paper compares the influence of Development Assurance Levels (DALs) on the prescribed objectives, activities, methods and tools of six different software development assurance standards, indeed that of civil aviation, automotive, space, process automation, nuclear and railway. Through an inventory of their respective requirements, we attempt to compare the software safety levels ensured by each standard for its lowest and highest DALs. We first explain the rationale of the comparison, i.e on what basis we compare the securing effects of the various process-based or product-based requirements issued by the six software development assurance standards. Then we review the DAL-dependent variability of each standard and finally outline some tentative cross-domain equivalence classes or ranking.
30 REE N°3/2014 LES DRONES Bertrand Ricque Chef de Programme, SAGEM DS Introduction Definir ce qu... more 30 REE N°3/2014 LES DRONES Bertrand Ricque Chef de Programme, SAGEM DS Introduction Definir ce que l’on entend par « drone » est un exer- cice difficile. Pour commencer, il faut se rendre a l’evi- dence que les Anglo-saxons et les Francais n’utilisent pas le terme de la meme maniere. La classification uti- lisee le plus couramment en dehors des medias grand public est celle des Etats-Unis : UAV pour les vehicules aeriens sans pilote, UUV pour les vehicules sous-ma- rins, USV pour les vehicules de surface et UGC pour ce que l’on appelle egalement des robots terrestres. La denomination « drone » pour designer un engin mobile dote d’autonomie reste tres francaise. De plus, le drone en tant que vehicule, ne peut exister sans d’autres composantes comme les stations de controle et de commande, les pilotes ou contro- leurs, et les equipements supportant les transmissions entre le ou les vehicules et les stations de controle. Le tout constitue en fait un « systeme de drones ». Un peu d’hist...
28 REE N°3/2014 LES GRANDS DOSSIERS Introduction Les drones sont devenus un sujet d’attention de ... more 28 REE N°3/2014 LES GRANDS DOSSIERS Introduction Les drones sont devenus un sujet d’attention de la part des medias. Ils font regulierement la une des hebdomadaires et font frequemment l’objet de dossiers dans les emissions de tele- vision. Il y a en effet quelque chose de specta- culaire et meme de fascinant, a voir ces engins sans pilote, de taille tres variable, evoluer dans les airs sous le controle de l’homme. L’interet des relais d’opinion comme celui du public est donc frequemment suscite par des aspects sensationnalistes qui laissent parfois l’ingenieur reveur. Les drones, comme tout systeme tech- nologique emergent, sont porteurs de la part du public de projections simplistes qui font souvent abstraction de realites contextuelles que les acteurs techniques et economiques ne peuvent ignorer. Il est vrai que les drones sont l’expression de grands progres technologiques dans des domaines varies et qu’ils sont porteurs de perspectives de developpement tres importantes, dans le ...
This paper presents an analysis of the impact of the Development Assurance Level (DAL) or Safety ... more This paper presents an analysis of the impact of the Development Assurance Level (DAL) or Safety Integrity Level (SIL) on the system activities in various application domains represented in the CG2E “Club des Grandes Entreprises en Embarqué”) and specially on the dependability, safety norms and standards working group. The main goals of this paper are to: • Analyse the impact in each application domain, • Identify and discuss the similarities and the dissimilarities in order to find the cross domain synergies The covered application domains and norms are: Civil aviation (ARP 4754, ARP 4761), Automotive (ISO 26262), Space (ECSS-Q-ST-30C, ECSS-Q-ST-40C), Nuclear plants (IEC 60880, IEC 61513), Railway (CENELEC 50126, 50129), Automation, industrial control (IEC 61508, 61511, 62061).
The position of software regarding the global system safety is subject to significant variations ... more The position of software regarding the global system safety is subject to significant variations among the various application domains and their safety standards. As a consequence, the position regarding whether, how and to which extent software safety analyses could or should contribute to the global safety assessment also varies. In Civil Aviation [ARP 4754A; ARP 4761; DO 178C], Nuclear [IEC 61513, IEC 60880] and to some extent Space [ECSS Q40; ECSS Q80], safety analyses are performed at system level and on functions, sub-systems and equipment, but not under the form of dedicated safety analyses applied to software. In these domains, the rationale is that software contributes to system safety through adherence to software development and validation rules i.e. through an argument on confidence in software correctness to an extent adapted to the consequences of failures. However it is worth noting that the assessment of the consequences of failures, and hence the determination of th...
This paper presents a comparative analysis across several industrial domains, of the fundamental ... more This paper presents a comparative analysis across several industrial domains, of the fundamental notion of safety categories or levels (Safety Integrity Levels, Development Assurance Levels, etc.) underlying the safety framework enforced by safety standards. This work is one of the facets of an in-depth comparison of safety standards across application domains [1], performed by a working group gathering experts from 6 industrial domains (automotive, aviation, industrial automation, nuclear, railway and space), which aims at establishing the bases for more efficient processes and tools to support the development, validation and support to certification of critical embedded systems.
2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W), 2016
Uploads
Papers by Bertrand Ricque