ConSerts: open, adaptive – and still safe!

Embedded systems are increasingly interconnecting with each other and with the Cloud in order to enable implementation of applications such as Car2X or Industry 4.0. The resulting systems of systems form dynamically at runtime. Their structure and behavior cannot be predicted completely a priori during development time and thus it becomes virtually impossible to provide a final safety case during development time. At runtime, systems meet  as equals and must then ensure the safety of the system of systems together.
With ConSerts – Conditional Safety Certificates – we have developed a process that allows assuring the safety of systems of systems at runtime on the basis of modular safety “certificates”. The safety assessment of individual systems itself is largely done in the classical way. However, modular, conditional certificates are issued on the basis of the functional interfaces. If systems meet at runtime in order to connect with each other, they can negotiate on the basis of these certificates whether, respectively in which configuration, they can cooperate safely with each other. In addition to application at runtime, the same concepts of ConSerts are also useful in an analog way in the development of semi-automatic modular safety cases during development time already. This makes it significantly easier to deal with systems that have many variants or configurations, for example, or to do incremental certification.    
Use ConSerts to have your systems cooperate safely with other systems. We provide you with special methods and tools for this purpose, which can be integrated with your existing safety and development methods and tools. ConSerts are also supported, in particular, by iSafE, which makes it possible, for instance, to highly automate modular safety cases at design time. Moreover, runtime libraries and protocols are available to provide your systems with the necessary safety intelligence on the basis of ConSerts, enabling you to check yourself at runtime whether, resp. under which constraints and system configurations, they can cooperate with other systems.