Towards Automated Evidence Generation for Rapid and Continuous Software Certification

Software system traceability plays a crucial role in the development and assurance of any dependable softwareintensive system. Federal agencies developing or regulating mission-centric or safety-critical software systems require traceability as a core component of the approval and certification process. Manually generating and managing traceability links is a tedious and error-prone task that requires great effort. The state-of-the-art automated traceability techniques rely on information retrieval and machine learning techniques. While these techniques create semantic links between artifacts, they are inadequate for analyzing the satisfiability of the underling traceability criteria. Therefore, in this paper, we describe SHERLOCK, an integrated environment to facilitate the rapid and continuous certification of software systems. At the core of SHERLOCK’S capabilities is the novel concept of Traceability Certification Models (TCM) and a Catalog of Certification Assurance Case Patterns (CACP) which guides the efforts of establishing the required trace links for fulfilling the criteria for a given certification. By relying on TCMs, CACPs as well as traceability and change impact analysis techniques, SHERLOCK can report the system’s traceability coverage in terms of missing traceability links required for certification, and deprecated/unnecessary links. We showcase SHERLOCK’S capabilities using a case study of certifying an Attitude and Orbit Control System (AOCS).