Development of a Normative Package for Safety-Critical Software Using Formal Regulatory Requirements [chapter]

Sergiy A. Vilkomir, Aditya K. Ghose
2004 Lecture Notes in Computer Science  
The important tasks in requirement engineering are resolving requirements inconsistencies between regulators and developers of safety-critical computer systems, and the validation of regulatory requirements. This paper proposes a new approach to the regulatory process, including formulating requirements and elaborating methods for their assessment. We address the differences between prescriptive and nonprescriptive regulation, and suggest a middle approach. Also introduced is the notion of a
more » ... mative package as the collection of documents to be used by a regulator and provided to a developer. It is argued that the normative package should include not only regulatory requirements but also methods of their assessment. We propose the use of formal regulatory requirements as a basis for development of software assessment methods. This approach is illustrated with examples of requirements for protecting computer control systems against unauthorized access, using the Z notation as the method of formalization.
doi:10.1007/978-3-540-24659-6_38 fatcat:v3yy4ini5rarrkqtltxwabm7k4