25 research outputs found
A framework for trustworthiness assessment based on fidelity in cyber and physical domains
We introduce a method for the assessment of trust for n-open systems based on a measurement of fidelity and present a prototypical implementation of a complaint architecture. We construct a MAPE loop which monitors the compliance between corresponding figures of interest in cyber- and physical domains; derive measures of the system's trustworthiness; and use them to plan and execute actions aiming at guaranteeing system safety and resilience. We conclude with a view on our future work
A framework for trustworthiness assessment based on fidelity in cyber and physical domains
We introduce a method for the assessment of trust for n-open systems based on a measurement of fidelity and present a prototypical implementation of a complaint architecture. We construct a MAPE loop which monitors the compliance between corresponding figures of interest in cyber- and physical domains; derive measures of the system's trustworthiness; and use them to plan and execute actions aiming at guaranteeing system safety and resilience. We conclude with a view on our future work
UML consistency rules: a systematic mapping study
Context: The Unified Modeling Language (UML), with its 14
different diagram types, is the de-facto standard tool for objectoriented
modeling and documentation. Since the various UML
diagrams describe different aspects of one, and only one, software
under development, they are not independent but strongly depend
on each other in many ways. In other words, the UML diagrams
describing a software must be consistent. Inconsistencies between
these diagrams may be a source of the considerable increase of
faults in software systems. It is therefore paramount that these
inconsistencies be detected, ana
Behavior Trees with Dataflow: Coordinating Reactive Tasks in Lingua Franca
Behavior Trees (BTs) provide a lean set of control flow elements that are
easily composable in a modular tree structure. They are well established for
modeling the high-level behavior of non-player characters in computer games and
recently gained popularity in other areas such as industrial automation. While
BTs nicely express control, data handling aspects so far must be provided
separately, e. g. in the form of blackboards. This may hamper reusability and
can be a source of nondeterminism. We here present a dataflow extension to BTs
that explicitly models data relations and communication. We provide a combined
textual/graphical approach in line with modern, productivity-enhancing
pragmatics-aware modeling techniques. We realized and validated that approach
in the recently introduced polyglot coordination language Lingua Franca (LF)
Explanation of the Model Checker Verification Results
Immer wenn neue Anforderungen an ein System gestellt werden, mĆ¼ssen die Korrektheit und Konsistenz der Systemspezifikation Ć¼berprĆ¼ft werden, was in der Praxis in der Regel manuell erfolgt. Eine mƶgliche Option, um die Nachteile dieser manuellen Analyse zu Ć¼berwinden, ist das sogenannte Contract-Based Design. Dieser Entwurfsansatz kann den Verifikationsprozess zur ĆberprĆ¼fung, ob die Anforderungen auf oberster Ebene konsistent verfeinert wurden, automatisieren. Die Verifikation kann somit iterativ durchgefĆ¼hrt werden, um die Korrektheit und Konsistenz des Systems angesichts jeglicher Ćnderung der Spezifikationen sicherzustellen.
Allerdings ist es aufgrund der mangelnden Benutzerfreundlichkeit und der Schwierigkeiten bei der Interpretation von Verifizierungsergebnissen immer noch eine Herausforderung, formale AnsƤtze in der Industrie einzusetzen. Stellt beispielsweise der Model Checker bei der Verifikation eine Inkonsistenz fest, generiert er ein Gegenbeispiel (Counterexample) und weist gleichzeitig darauf hin, dass die gegebenen Eingabespezifikationen inkonsistent sind. Hier besteht die gewaltige Herausforderung darin, das generierte Gegenbeispiel zu verstehen, das oft sehr lang, kryptisch und komplex ist. DarĆ¼ber hinaus liegt es in der Verantwortung der Ingenieurin bzw. des Ingenieurs, die inkonsistente Spezifikation in einer potenziell groĆen Menge von Spezifikationen zu identifizieren.
Diese Arbeit schlƤgt einen Ansatz zur ErklƤrung von Gegenbeispielen (Counterexample Explanation Approach) vor, der die Verwendung von formalen Methoden vereinfacht und fƶrdert, indem benutzerfreundliche ErklƤrungen der Verifikationsergebnisse der Ingenieurin bzw. dem Ingenieur prƤsentiert werden. Der Ansatz zur ErklƤrung von Gegenbeispielen wird mittels zweier Methoden evaluiert: (1) Evaluation anhand verschiedener Anwendungsbeispiele und (2) eine Benutzerstudie in Form eines One-Group Pretest-Posttest Experiments.Whenever new requirements are introduced for a system, the correctness and consistency of the system specification must be verified, which is often done manually in industrial settings. One viable option to traverse disadvantages of this manual analysis is to employ the contract-based design, which can automate the verification process to determine whether the refinements of top-level requirements are consistent. Thus, verification can be performed iteratively to ensure the systemās correctness and consistency in the face of any change in specifications.
Having said that, it is still challenging to deploy formal approaches in industries due to their lack of usability and their difficulties in interpreting verification results. For instance, if the model checker identifies inconsistency during the verification, it generates a counterexample while also indicating that the given input specifications are inconsistent. Here, the formidable challenge is to comprehend the generated counterexample, which is often lengthy, cryptic, and complex. Furthermore, it is the engineerās responsibility to identify the inconsistent specification among a potentially huge set of specifications.
This PhD thesis proposes a counterexample explanation approach for formal methods that simplifies and encourages their use by presenting user-friendly explanations of the verification results. The proposed counterexample explanation approach identifies and explains relevant information from the verification result in what seems like a natural language statement. The counterexample explanation approach extracts relevant information by identifying inconsistent specifications from among the set of specifications, as well as erroneous states and variables from the counterexample. The counterexample explanation approach is evaluated using two methods: (1) evaluation with different application examples, and (2) a user-study known as one-group pretest and posttest experiment
Integration of analysis techniques in security and fault-tolerance
This thesis focuses on the study of integration of formal methodologies in security protocol analysis and fault-tolerance analysis. The research is developed in two different directions: interdisciplinary and intra-disciplinary. In the former, we look for a beneficial interaction between strategies of analysis in security protocols and fault-tolerance; in the latter, we search for connections among different approaches of analysis within the security area. In the following we summarize the main results of the research
Complete Model-Based Testing Applied to the Railway Domain
Testing is the most important verification technique to assert the correctness of an embedded system. Model-based testing (MBT) is a popular approach that generates test cases from models automatically. For the verification of safety-critical systems, complete MBT strategies are most promising. Complete testing strategies can guarantee that all errors of a certain kind are revealed by the generated test suite, given that the system-under-test fulfils several hypotheses. This work presents a complete testing strategy which is based on equivalence class abstraction. Using this approach, reactive systems, with a potentially infinite input domain but finitely many internal states, can be abstracted to finite-state machines. This allows for the generation of finite test suites providing completeness. However, for a system-under-test, it is hard to prove the validity of the hypotheses which justify the completeness of the applied testing strategy. Therefore, we experimentally evaluate the fault-detection capabilities of our equivalence class testing strategy in this work. We use a novel mutation-analysis strategy which introduces artificial errors to a SystemC model to mimic typical HW/SW integration errors. We provide experimental results that show the adequacy of our approach considering case studies from the railway domain (i.e., a speed-monitoring function and an interlocking-system controller) and from the automotive domain (i.e., an airbag controller). Furthermore, we present extensions to the equivalence class testing strategy. We show that a combination with randomisation and boundary-value selection is able to significantly increase the probability to detect HW/SW integration errors