Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS - a collection of Technical Notes Part 1

This report provides an introduction and overview of the Technical Topic Notes (TTNs) produced in the Towards Identifying and closing Gaps in Assurance of autonomous Road vehicleS (Tigars) project. These notes aim to support the development and evaluation of autonomous vehicles. Part 1 addresses: Assurance-overview and issues, Resilience and Safety Requirements, Open Systems Perspective and Formal Verification and Static Analysis of ML Systems. Part 2: Simulation and Dynamic Testing, Defence in Depth and Diversity, Security-Informed Safety Analysis, Standards and Guidelines

Disruptive Innovations and Disruptive Assurance: Assuring Machine Learning and Autonomy

Autonomous and machine learning-based systems are disruptive innovations and thus require a corresponding disruptive assurance strategy. We offer an overview of a framework based on claims, arguments, and evidence aimed at addressing these systems and use it to identify specific gaps, challenges, and potential solutions

A QFD framework for quality, innovation and high-tech product development dynamics

The customer mostly chooses a product on the base of its quality, which therefore arises as the main cause of its commercial success. In a nearly axiomatic drawing, it follows that the effect of innovation is the improvement of quality, which itself becomes the aim of innovation. Even though the previous statement relates quality and innovation, it still does not explain their dynamics. To stress them, the ‘quality' concept must be analyzed in more detail. In fact, in addition to the ‘perceived quality', the quality ensured through `design, manufacturing and marketing' combined domains should be dealt with. This paper enhances this issue taking advantage of principles and models made available by control theory schemes coupled with quality function development (QFD) and best practice software modeling based on unified modeling language (UML

Supporting group maintenance through prognostics-enhanced dynamic dependability prediction

Condition-based maintenance strategies adapt maintenance planning through the integration of online condition monitoring of assets. The accuracy and cost-effectiveness of these strategies can be improved by integrating prognostics predictions and grouping maintenance actions respectively. In complex industrial systems, however, effective condition-based maintenance is intricate. Such systems are comprised of repairable assets which can fail in different ways, with various effects, and typically governed by dynamics which include time-dependent and conditional events. In this context, system reliability prediction is complex and effective maintenance planning is virtually impossible prior to system deployment and hard even in the case of condition-based maintenance. Addressing these issues, this paper presents an online system maintenance method that takes into account the system dynamics. The method employs an online predictive diagnosis algorithm to distinguish between critical and non-critical assets. A prognostics-updated method for predicting the system health is then employed to yield well-informed, more accurate, condition-based suggestions for the maintenance of critical assets and for the group-based reactive repair of non-critical assets. The cost-effectiveness of the approach is discussed in a case study from the power industry

Human-machine diversity in the use of computerised advisory systems: a case study

Computer-based advisory systems form with their users composite, human-machine systems. Redundancy and diversity between the human and the machine are often important for the dependability of such systems. We discuss the modelling approach we applied in a case study. The goal is to assess failure probabilities for the analysis of X-ray films for detecting cancer, performed by a person assisted by a computer-based tool. Differently from most approaches to human reliability assessment, we focus on the effects of failure diversity — or correlation — between humans and machines. We illustrate some of the modelling and prediction problems, especially those caused by the presence of the human component. We show two alternative models, with their pros and cons, and illustrate, via numerical examples and analytically, some interesting and non-intuitive answers to questions about reliability assessment and design choices for human-computer systems

Real-Time Physiological Simulation and Modeling toward Dependable Patient Monitoring Systems

We present a novel approach to describe dependability measures for intelligent patient monitoring devices. The strategy is based on using a combination of methods from system theory and real-time physiological simulations. For the first time not only the technical device but also the patient is taken into consideration. Including the patient requires prediction of physiology which is achieved by a real-time physiological simulation in a continuous time domain, whereby one of the main ingredients is a temporal reasoning element. The quality of the reasoning is expressed by a dependability analysis strategy. Thereby, anomalies are expressed as differences between simulation and real world data. Deviations are detected for current and they are forecasted for future points in time and can express critical situations. By this method, patient specific differences in terms of physiological reactions are described, allowing early detection of critical states

Model-Based Security Testing

Security testing aims at validating software system requirements related to security properties like confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Although security testing techniques are available for many years, there has been little approaches that allow for specification of test cases at a higher level of abstraction, for enabling guidance on test identification and specification as well as for automated test generation. Model-based security testing (MBST) is a relatively new field and especially dedicated to the systematic and efficient specification and documentation of security test objectives, security test cases and test suites, as well as to their automated or semi-automated generation. In particular, the combination of security modelling and test generation approaches is still a challenge in research and of high interest for industrial applications. MBST includes e.g. security functional testing, model-based fuzzing, risk- and threat-oriented testing, and the usage of security test patterns. This paper provides a survey on MBST techniques and the related models as well as samples of new methods and tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582