Supporting the automated generation of modular product line safety cases

Abstract The effective reuse of design assets in safety-critical Software Product Lines (SPL) would require the reuse of safety analyses of those assets in the variant contexts of certification of products derived from the SPL. This in turn requires the traceability of SPL variation across design, including variation in safety analysis and safety cases. In this paper, we propose a method and tool to support the automatic generation of modular SPL safety case architectures from the information provided by SPL feature modeling and model-based safety analysis. The Goal Structuring Notation (GSN) safety case modeling notation and its modular extensions supported by the D-Case Editor were used to implement the method in an automated tool support. The tool was used to generate a modular safety case for an automotive Hybrid Braking System SPL

An approach to safety analysis of clinical workflows

A clinical workflow considers the information and processes that are involved in providing a clinical service. They are safety critical since even minor faults have the potential to propagate and consequently cause harm to a patient, or even for a patient's life to be lost. Experiencing these kinds of failures has a destructive impact on all the involved parties. Due to the large number of processes and tasks included in the delivery of a clinical service, it can be difficult to determine the individuals or the processes that are responsible for adverse events, since such an analysis is typically complex and slow to do manually. Using automated tools to carry out an analysis can help in determining the root causes of potential adverse events and consequently help in avoiding preventable errors through either the alteration of existing workflows, or the design of a new workflow. This paper describes a technical approach to safety analysis of clinical workflows, utilising a safety analysis tool (Hierarchically-Performed Hazard Origin and Propagation Studies (HiP-HOPS)) that is already in use in the field of mechanical systems. The paper then demonstrates the applicability of the approach to clinical workflows by applying it to analyse the workflow in a radiology department. We conclude that the approach is applicable to this area of healthcare and provides a mechanism both for the systematic identification of adverse events and for the introduction of possible safeguards in clinical workflows

On Provably Correct Decision-Making for Automated Driving

The introduction of driving automation in road vehicles can potentially reduce road traffic crashes and significantly improve road safety. Automation in road vehicles also brings several other benefits such as the possibility to provide independent mobility for people who cannot and/or should not drive. Many different hardware and software components (e.g. sensing, decision-making, actuation, and control) interact to solve the autonomous driving task. Correctness of such automated driving systems is crucial as incorrect behaviour may have catastrophic consequences. Autonomous vehicles operate in complex and dynamic environments, which requires decision-making and planning at different levels. The aim of such decision-making components in these systems is to make safe decisions at all times. The challenge of safety verification of these systems is crucial for the commercial deployment of full autonomy in vehicles. Testing for safety is expensive, impractical, and can never guarantee the absence of errors. In contrast, formal methods, which are techniques that use rigorous mathematical models to build hardware and software systems can provide a mathematical proof of the correctness of the system. The focus of this thesis is to address some of the challenges in the safety verification of decision-making in automated driving systems. A central question here is how to establish formal verification as an efficient tool for automated driving software development.A key finding is the need for an integrated formal approach to prove correctness and to provide a complete safety argument. This thesis provides insights into how three different formal verification approaches, namely supervisory control theory, model checking, and deductive verification differ in their application to automated driving and identifies the challenges associated with each method. It identifies the need for the introduction of more rigour in the requirement refinement process and presents one possible solution by using a formal model-based safety analysis approach. To address challenges in the manual modelling process, a possible solution by automatically learning formal models directly from code is proposed

Specification and use of component failure patterns

Safety-critical systems are typically assessed for their adherence to specified safety properties. They are studied down to the component-level to identify root causes of any hazardous failures. Most recent work with model-based safety analysis has focused on improving system modelling techniques and the algorithms used for automatic analyses of failure models. However, few developments have been made to improve the scope of reusable analysis elements within these techniques. The failure behaviour of components in these techniques is typically specified in such a way that limits the applicability of such specifications across applications. The thesis argues that allowing more general expressions of failure behaviour, identifiable patterns of failure behaviour for use within safety analyses could be specified and reused across systems and applications where the conditions that allow such reuse are present.This thesis presents a novel Generalised Failure Language (GFL) for the specification and use of component failure patterns. Current model-based safety analysis methods are investigated to examine the scope and the limits of achievable reuse within their analyses. One method, HiP-HOPS, is extended to demonstrate the application of GFL and the use of component failure patterns in the context of automated safety analysis. A managed approach to performing reuse is developed alongside the GFL to create a method for more concise and efficient safety analysis. The method is then applied to a simplified fuel supply and a vehicle braking system, as well as on a set of legacy models that have previously been analysed using classical HiP-HOPS. The proposed GFL method is finally compared against the classical HiP-HOPS, and in the light of this study the benefits and limitations of this approach are discussed in the conclusions

Formal transformation methods for automated fault tree generation from UML diagrams

With a growing complexity in safety critical systems, engaging Systems Engineering with System Safety Engineering as early as possible in the system life cycle becomes ever more important to ensure system safety during system development. Assessing the safety and reliability of system architectural design at the early stage of the system life cycle can bring value to system design by identifying safety issues earlier and maintaining safety traceability throughout the design phase. However, this is not a trivial task and can require upfront investment. Automated transformation from system architecture models to system safety and reliability models offers a potential solution. However, existing methods lack of formal basis. This can potentially lead to unreliable results. Without a formal basis, Fault Tree Analysis of a system, for example, even if performed concurrently with system design may not ensure all safety critical aspects of the design. [Continues.]</div

Automated generation of a Petri net model: application to an end of life manufacturing process

As the complexity of engineering systems and processes increases, determining their optimal performance also becomes increasingly complex. There are various reliability techniques available to model performance, for example fault trees, simulation etc., but generating the models can become a significant task that is cumbersome, error-prone and tedious. This can result in significant resources being devoted to the generation of the models and there is much room for error. Hence over the years work has been undertaken into automatically generating reliability models. Such an approach enables the detection of the most critical components and design errors at an early design stage, supporting alternative designs and systems. The aim of the research described in this paper is the automatic generation of a Petri Net model for a given system or process. The Petri Net approach enables complex systems and processes to be modelled using a modular approach. The methodology of the automated Petri Net generation outlined in this work is to extract the information required for the model from the system description in a form used by industry, such as a UML Activity Diagram, into a database using XML transformations. An algorithm is then applied to generate the Petri Net incidence matrices of the necessary nets, which is the mathematical representation of the model. The algorithm builds the nets up in a modular fashion enabling changes to be made to the overall net in a cost effective way hence allowing various designs to be easily assessed. In this work the procedure will be demonstrated by its application to an end of life manufacturing process

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

SOTIF-Compliant Scenario Generation Using Semi-Concrete Scenarios and Parameter Sampling

The SOTIF standard (ISO 21448) requires scenario-based testing to verify and validate Advanced Driver Assistance Systems and Automated Driving Systems but does not suggest any practical way to do so effectively and efficiently. Existing scenario generation approaches either focus on exploring or exploiting the scenario space. This generally leads to test suites that cover many known cases but potentially miss edge cases or focused test suites that are effective but also contain less diverse scenarios. To generate SOTIF-compliant test suites that achieve higher coverage and find more faults, this paper proposes semi-concrete scenarios and combines them with parameter sampling to adequately balance scenario space exploration and exploitation. Semi-concrete scenarios enable combinatorial scenario generation techniques that systematically explore the scenario space, while parameter sampling allows for the exploitation of continuous parameters. Our experimental results show that the proposed concept can generate more effective test suites than state-of-the-art coverage-based sampling. Moreover, our results show that including a feedback mechanism to drive parameter sampling further increases test suites' effectiveness.Comment: accepted at IEEE ITSC 202

Research and development of diagnostic algorithms to support fault accommodating control for emerging shipboard power system architectures

The U.S. Navy has proposed development of next generation warships utilising an increased amount of power electronics devices to improve flexibility and controllability. The high power density finite inertia network is envisioned to employ automated fault detection and diagnosis to aid timely remedial action. Integration of condition monitoring and fault diagnosis to form an intelligent power distribution system is anticipated to assist decision support for crew while enhancing security and mission availability. This broad research being in the conceptual stage has lack of benchmark systems to learn from. Thorough studies are required to successfully enable realising benefits offered by using increased power electronics and automation. Application of fundamental analysis techniques is necessary to meticulously understand dynamics of a novel system and familiarisation with associated risks and their effects. Additionally, it is vital to find ways of mitigating effects of identified risks. This thesis details the developing of a generalised methodology to help focus research into artificial intelligence (AI) based diagnostic techniques. Failure Mode and Effects Analysis (FMEA) is used in identifying critical parts of the architecture. Sneak Circuit Analysis (SCA) is modified to provide signals that differentiate faults at a component level of a dc-dc step down converter. These reliability analysis techniques combined with an appropriate AI-algorithm offer a potentially robust approach that can potentially be utilised for diagnosing faults within power electronic equipment anticipated to be used onboard the novel SPS. The proposed systematic methodology could be extended to other types of power electronic converters, as well as distinguishing subsystem level faults. The combination of FMEA, SCA with AI could also be used for providing enhanced decision support. This forms part of future research in this specific arena demonstrating the positives brought about by combining reliability analyses techniques with AI for next generation naval SPS.The U.S. Navy has proposed development of next generation warships utilising an increased amount of power electronics devices to improve flexibility and controllability. The high power density finite inertia network is envisioned to employ automated fault detection and diagnosis to aid timely remedial action. Integration of condition monitoring and fault diagnosis to form an intelligent power distribution system is anticipated to assist decision support for crew while enhancing security and mission availability. This broad research being in the conceptual stage has lack of benchmark systems to learn from. Thorough studies are required to successfully enable realising benefits offered by using increased power electronics and automation. Application of fundamental analysis techniques is necessary to meticulously understand dynamics of a novel system and familiarisation with associated risks and their effects. Additionally, it is vital to find ways of mitigating effects of identified risks. This thesis details the developing of a generalised methodology to help focus research into artificial intelligence (AI) based diagnostic techniques. Failure Mode and Effects Analysis (FMEA) is used in identifying critical parts of the architecture. Sneak Circuit Analysis (SCA) is modified to provide signals that differentiate faults at a component level of a dc-dc step down converter. These reliability analysis techniques combined with an appropriate AI-algorithm offer a potentially robust approach that can potentially be utilised for diagnosing faults within power electronic equipment anticipated to be used onboard the novel SPS. The proposed systematic methodology could be extended to other types of power electronic converters, as well as distinguishing subsystem level faults. The combination of FMEA, SCA with AI could also be used for providing enhanced decision support. This forms part of future research in this specific arena demonstrating the positives brought about by combining reliability analyses techniques with AI for next generation naval SPS