Using Hazard Analysis STAMP/STPA in Developing Model-Oriented Formal Specification toward Reliable Cloud Service

Formal methods have been used in the development of the reliable software system. However, one of the issues in using formal methods is how to model the system by considering what kind of system requirements and restrictions we should describe. In order to address this issue, we use a hazard model STAMP and an analytical method STPA based on STAMP. STAMP/STPA is proposed to overcome difficulties in approving conventional hazard analysis techniques for software-centric systems. In this report, we explain our approach and discuss our case study to develop implicit specifications for the cloud service in a model-oriented formal specification language, VDM++.