A Modular Safety Case for an IEC-61508 Compliant Generic Hypervisor

The development of mixed-criticality systems that integrate several functionalities of different criticality levels (e.g., SIL1-4 according to IEC-1508) on the same embedded computing platform provide benefit in terms of cost, size, weight, reliability and scalability. The soaring demand for high performance mixedcriticality system has contributed to their capabilities expansion. This upward trend is subject to certification processes with different levels of rigorousness, which lead to prohibitive cost. This paper presents the modular safety concept of an IEC-61508 generic hypervisor where the minimum reasonable safety arguments and evidences are defined. Additionally, the use of the modularity approach limits the impact of changes to a reduced area of the safety case, enabling in turn the reusability of the safety cases parts. The work described in this paper has been reviewed and approved by a certification body, within the context of a European research project.