Um método para o desenvolvimento e certificação de software de sistemas embarcados baseado em redes de petri coloridas e casos de garantia.

Sistemas embarcados estão presentes em atividades diárias da população em geral, de ambientes domésticos até industriais e governamentais. O uso de sistemas embarcados tem aumentado como resultado, por exemplo, da disseminação da comunicação sem fio, de dispositivos eletrônicos com custos e tamanhos reduzidos, e de software embarcado em equipamentos eletrônicos. Software embarcado pode ser projetado como parte, desde sistemas embarcados simples para o controle de equipamentos domésticos, até sistemas críticos de segurança. Quanto mais complexo um sistema embarcado, maior a probabilidade de ocorrer situações adversas que ofereçam riscos financeiros, físicos, entre outros. Em sistemas embarcados críticos de segurança (e.g., médicos, aviônicos e aeroespaciais), falhas podem resultar em desastres naturais e danos à integridade física da população. Diante deste cenário, sistemas devem ser desenvolvidos de modo que sejam seguros e eficazes, e que estejam em conformidade com requisitos regulatórios. Portanto, um desafio importante que emerge dessa situação é o desenvolvimento de sistemas de acordo com sua especificação de requisitos, e ao mesmo tempo confiáveis e certificáveis. É no contexto de sistemas embarcados críticos de segurança que se insere esse trabalho. Propõe-se um método para o desenvolvimento e certificação de software desses sistemas. O método é baseado em redes de Petri coloridas (Coloured Petri Nets - CPN) e casos de garantia (assurance cases) representados com a notação estruturada por metas (Goal Structuring Notation - GSN). Conceitos associados com os processos de certificação prescritivo (padrões de processo) e baseado em metas (características de produto) são integrados durante o processo de desenvolvimento. Além disso, a definição e rastreabilidade de requisitos regulatórios e específicos do produto, juntamente com a verificação de conformidade com requisitos regulatórios, é realizada por meio de casos de garantia. Por fim, neste trabalho também é apresentado um estudo de caso sobre um sistema de Eletrocardiografia (ECG) configurado como um monitor cardíaco. Esse estudo de caso serve como cenário de implementação e avaliação experimental do método.Embedded systems are part of the general population’s everyday life, from domestic, to industrial and governmental environments. The use of embedded systems has grown as a result, for example, of the dissemination of wireless communication, low power and portable electronic devices, and software embedded into electronic equipments. Embedded software can be designed to compose from simple embedded systems used to control domestic equipments, to safety-critical systems. The most complex an embedded system is, the more adverse situations are likely to occur, leading to financial risks, safety risks, among other. In safety-critical embedded systems (e.g., medical, avionics, and aerospace), failures may result in natural disasters and injuries to the population. Given this scenario, systemsmust be developedinorder tobesafeand effective, andto conform to regulatory requirements. Therefore, an important challenge that raises from this situation is to develop systems according to their requirements specification, and at the same time, being reliable and certifiable. This work is applied in the context of safety-critical embedded systems. A method to develop and certify software embedded in these systems is proposed. The method is based on Coloured Petri Nets (CPN) and assurance cases represented with the Goal Structuring Notation (GSN). Concepts related to prescriptive (process standards) and goal based (product features) certification processes are integrated during the development process. Moreover, the requirements specification and regulatory andproduct- specificrequirementstraceability,alongwiththeverificationofconformanceto regulatory requirements, is carried out through assurance cases. Finally, a case study on an Electrocardiography (ECG) system configured as a cardiac monitor is presented. The case study is useful as an implementation scenario and experimental evaluation of the method

Управление информационными рисками: учебное пособие

В пособии рассматриваются основные понятия и методы управления информационными рисками. При этом основу составляют положения современных принятых и разрабатываемых стандартов, в частности, в области информационной безопасности. Большое внимание уделено технологии управления информационными рисками. Данная книга существенно дополняет материал пособия и курса «Основы информационной безопасности». Учебное пособие выполнено в рамках инновационной образовательной программы Российского университета дружбы народов, направление «Комплекс экспортоориентированных инновационных образовательных программ по приоритетным направлениям науки и технологий», и входит в состав учебно-методического комплекса, включающего описание курса, программу и электронный учебник

A model-based approach for Objectification of the Risk Analysis according to ISO 26262

Die Entwicklung elektrischer Fahrzeugsysteme wird in Zukunft voraussichtlich immer mehr von der ISO 26262 beeinflusst. Eine wesentliche Anforderung der Norm ist die Durchführung einer Gefährdungsidentifikation und Risikobewertung (GuR). Ziel dieser GuR ist es vom zu entwickelnden System ausgehende Gefährdungen zu identifizieren und hinsichtlich ihres Risikopotenzials zu bewerten. Sind potenzielle Gefährdungen erkannt, können diese mittels des in ISO 26262 vorgeschlagenen Ansatzes zur Ableitung eines Automotive Safety Integrity Levels (ASIL) hinsichtlich des von ihnen ausgehenden Risikos bewertet werden. Diese Bewertung basiert in hohem Maße auf der subjektiven - meist konservativen - (Experten-)Einschätzung der den ASIL charakterisierenden Parameter Expositionswahrscheinlichkeit (E), Schadensausmaß (S) und Kontrollierbarkeit (C), weswegen Sicherheitsfunktionen häufig überdimensioniert werden. In dieser Arbeit wird eine Methode beschrieben, wie diese subjektiven Einflüsse durch Simulation und Analyse von Petrinetz-Modellen reduziert werden können. Hierbei wird sich nach intensiver Diskussion der die ASIL-Parameter bestimmenden Faktoren auf die modellbasierte Objektivierung des Parameters E beschränkt. Die Methode und die Struktur der, wie zunächst angenommen, einem deterministischem Verhalten folgenden Modelle werden im Sinne einer Anwendbarkeitsstudie zur Einstufung der Expositionswahrscheinlichkeit exemplarisch angewendet, validiert und plausibilisiert. Im Folgenden wird davon ausgegangen, dass eine Vielzahl von reale Fahrsituationen charakterisierenden Faktoren einem stochastischem Verhalten folgen. In diesem Fall stößt die analytische Berechnung von E an ihre Grenzen, weswegen deren Plausibilität nur noch durch den Vergleich mit herkömmlichen Schätzungen überprüft werden kann. Die entwickelte Methode kann sowohl zu einer ASIL-Reduktion, und damit einhergehenden Einsparpotenzialen bei den Entwicklungskosten, als auch zu einer ASIL-Erhöhung,und damit verbundenem Mehraufwand bei der Entwicklung, führen. In beiden Fällen kann die Methode aufgrund ihres strukturierten modellbasierten Ansatzes helfen die ASIL-Einstufung gegenüber Entscheidungsträgern zu vertreten, wodurch die praktische Verwertbarkeit der Methode gegeben ist.The development of future electrical systems in motor vehicles is expected to be more and more influenced by the standard ISO 26262. This standard provides requirements for the entire safety lifecycle. One essential requirement of ISO 26262 consists in performing a hazard analysis and risk assessment. The objective of this phase is to identify and categorize the hazards emanating from the item to be developed in terms of their risk potential. Once the hazards have been identified, these can be evaluated in terms of the risk posed by them, using the approach recommended in ISO 26262 to determine an Automotive Safety Integrity Level (ASIL). This assessment is largely based on subjective - mostly conservative - (experts`)estimations of the ASIL-characterizing parameters: probability of exposure (E), severity (S) and controllability (C). This is the reason why safety related systems are often oversized. In this thesis a method is described thanks to which these subjective evaluations can be reduced by simulation and analysis of Petri net models. After an intensive discussion of the ASIL-determining parameters (E, S and C), the scope of the method is limited to the model-based objectification of the parameter E. The developed Petri net models, initially supposed to be obeying a deterministic behavior, are used to determine E and to validate the gleaned values and the correctness of the model against the results of an event tree analysis. Moreover, the determined parameter E is validated with respect to its plausibility by comparing it with the result of an assessment carried out conventionally under the terms of ISO 26262. In the following it is assumed that a large number of factors characterizing real driving situations are following a stochastic behavior. In this case, the analytical calculation of E is limited and the determined values` plausibility can only be validated by comparison with the results of a conventional estimation. The developed method logically can lead to both, an ASIL-reduction, and thus to a reduction of the development costs, as well as an ASIL-increase, and thus to related additional effort in the development. In both cases due to its structured model-based approach, the presented method can back up an ASIL-classification in front of decision-makers. Thus the practical usefulness of the method is given

Safety and Reliability - Safe Societies in a Changing World

The contributions cover a wide range of methodologies and application areas for safety and reliability that contribute to safe societies in a changing world. These methodologies and applications include: - foundations of risk and reliability assessment and management - mathematical methods in reliability and safety - risk assessment - risk management - system reliability - uncertainty analysis - digitalization and big data - prognostics and system health management - occupational safety - accident and incident modeling - maintenance modeling and applications - simulation for safety and reliability analysis - dynamic risk and barrier management - organizational factors and safety culture - human factors and human reliability - resilience engineering - structural reliability - natural hazards - security - economic analysis in risk managemen

Prediction of Robot Execution Failures Using Neural Networks

In recent years, the industrial robotic systems are designed with abilities to adapt and to learn in a structured or unstructured environment. They are able to predict and to react to the undesirable and uncontrollable disturbances which frequently interfere in mission accomplishment. In order to prevent system failure and/or unwanted robot behaviour, various techniques have been addressed. In this study, a novel approach based on the neural networks (NNs) is employed for prediction of robot execution failures. The training and testing dataset used in the experiment consists of forces and torques memorized immediately after the real robot failed in assignment execution. Two types of networks are utilized in order to find best prediction method - recurrent NNs and feedforward NNs. Moreover, we investigated 24 neural architectures implemented in Matlab software package. The experimental results confirm that this approach can be successfully applied to the failures prediction problem, and that the NNs outperform other artificial intelligence techniques in this domain. To further validate a novel method, real world experiments are conducted on a Khepera II mobile robot in an indoor structured environment. The obtained results for trajectory tracking problem proved usefulness and the applicability of the proposed solution

Neural Extended Kalman Filter for State Estimation of Automated Guided Vehicle in Manufacturing Environment

To navigate autonomously in a manufacturing environment Automated Guided Vehicle (AGV) needs the ability to infer its pose. This paper presents the implementation of the Extended Kalman Filter (EKF) coupled with a feedforward neural network for the Visual Simultaneous Localization and Mapping (VSLAM). The neural extended Kalman filter (NEKF) is applied on-line to model error between real and estimated robot motion. Implementation of the NEKF is achieved by using mobile robot, an experimental environment and a simple camera. By introducing neural network into the EKF estimation procedure, the quality of performance can be improved

Model-Based Usability Analysis of Safety-Critical Systems: A Formal Methods Framework

Complex, safety-critical systems are designed with a broad range of automated and configurable components, and usability problems often emerge for the end user during setup, operation, and troubleshooting procedures. Usability evaluations should consider the entire human-device interface including displays, controls, hardware configurations, and user documentation/procedures. To support the analyst, human factors researchers have developed a set of methods and measures for evaluating human-system interface usability, while formal methods researchers have developed a set of model-based technologies that enable mathematical verification of desired system behaviors. At the intersection of these disciplines, an evolving set of model-based frameworks enable highly automated verification of usability early in the design cycle. Models can be abstracted to enable broad coverage of possible problems, while measures can be formally verified to "prove" that the system is usable. Currently, frameworks cover a subset of the target system and user behaviors that must be modeled to ensure usability: procedures, visual displays, user controls, automation, and possible interactions among them. Similarly, verification methodologies focus on a subset of potential usability problems with respect to modeled interactions. This work provides an integrated formal methods framework enabling the holistic modeling and verification of safety-critical system usability. Building toward the framework, a set of five, novel approaches extend the capabilities of extant frameworks in different ways. Each approach is demonstrated in a medical device case study to show how the methods can be employed to identify potential usability problems in existing systems. A formal approach to documentation navigation models an end user navigating through a printed or electronic document and verifies page reachability. A formal approach to procedures in documentation models an end user executing steps as written and aids in identifying problems involving what device components are identified in task descriptions, what system configurations are addressed, and what temporal orderings of procedural steps could be improved. A formal approach to hardware configurability models end-user motor capabilities, relationships among the user and device components in the spatial environment, and opportunities for the user to physically manipulate components. An encoding tool facilitates the modeling process, while a verification methodology aids in ensuring that configurable hardware supports correct end- user actions and prevents incorrect ones. A formal approach to interface understandability models what information is provided to the end user through visual, audible, and haptic sensory channels, including explanations provided in accompanying documentation. An encoding tools facilitates the development of models and specifications, while the verification methodology aids in ensuring that what is displayed on the device is consistent; and, if needed, an explanation of what is displayed is provided in documentation. A formal approach to controlled actuators leverages an existing modeling technique and data collected from other engineering activities to model actuator dynamics mapping to referent data. An encoding tool facilitates model development, and a verification methodology aids in validating the model with respect to source data. Finally, new methodologies are combined within the integrated framework. A model architecture supports the analyst in representing a broad range of interactions among constituent framework models, and a set of ten specifications is developed to enable holistic usability verification. An implementation of the framework is demonstrated within a case study based on a medical device under development. This application shows how the framework could be utilized early in the design of a safety-critical system, without the need for a fully implemented device or a team of human evaluators.Ph.D., Biomedical Science -- Drexel University, 201