Integration of Safety Analysis in Model-Driven Software Development

I Safety critical software requires integrating verification techniques in software development methods. Software architectures must guarantee that developed systems will meet safety requirements and safety analyses are frequently used in the assessment. Safety engineers and software architects must reach a common understanding on an optimal architecture from both perspectives. Currently both groups of engineers apply different modelling techniques and languages: safety analysis models and software modelling languages. The solutions proposed seek to integrate both domains coupling the languages of each domain. It constitutes a sound example of the use of language engineering to improve efficiency in a software-related domain. A model-driven development approach and the use of a platform-independent language are used to bridge the gap between safety analyses (failure mode effects and criticality analysis and fault tree analysis) and software development languages (e.g. unified modelling language). Language abstract syntaxes (metamodels), profiles, language mappings (model transformations) and language refinements, support the direct application of safety analysis to software architectures for the verification of safety requirements. Model consistency and the possibility of automation are found among the benefits

A synthesis of logic and biology in the design of dependable systems

The technologies of model-based design and dependability analysis in the design of dependable systems, including software intensive systems, have advanced in recent years. Much of this development can be attributed to the application of advances in formal logic and its application to fault forecasting and verification of systems. In parallel, work on bio-inspired technologies has shown potential for the evolutionary design of engineering systems via automated exploration of potentially large design spaces. We have not yet seen the emergence of a design paradigm that combines effectively and throughout the design lifecycle these two techniques which are schematically founded on the two pillars of formal logic and biology. Such a design paradigm would apply these techniques synergistically and systematically from the early stages of design to enable optimal refinement of new designs which can be driven effectively by dependability requirements. The paper sketches such a model-centric paradigm for the design of dependable systems that brings these technologies together to realise their combined potential benefits

A synthesis of logic and bio-inspired techniques in the design of dependable systems

Much of the development of model-based design and dependability analysis in the design of dependable systems, including software intensive systems, can be attributed to the application of advances in formal logic and its application to fault forecasting and verification of systems. In parallel, work on bio-inspired technologies has shown potential for the evolutionary design of engineering systems via automated exploration of potentially large design spaces. We have not yet seen the emergence of a design paradigm that effectively combines these two techniques, schematically founded on the two pillars of formal logic and biology, from the early stages of, and throughout, the design lifecycle. Such a design paradigm would apply these techniques synergistically and systematically to enable optimal refinement of new designs which can be driven effectively by dependability requirements. The paper sketches such a model-centric paradigm for the design of dependable systems, presented in the scope of the HiP-HOPS tool and technique, that brings these technologies together to realise their combined potential benefits. The paper begins by identifying current challenges in model-based safety assessment and then overviews the use of meta-heuristics at various stages of the design lifecycle covering topics that span from allocation of dependability requirements, through dependability analysis, to multi-objective optimisation of system architectures and maintenance schedules

Crack formation and damage evolution during consolidation in TBM driven tunnel linings in fine-grained soils

The paper deals with the numerical modelling of crack formation in segmental tunnel linings. A series of numerical analyses was conducted using the finite difference code FLAC2D. The primary aims of the analyses were to back-analyse the damage pattern observed in a TBM driven hydraulic tunnel excavated in clayey soils and to evaluate the safety level of the excavation assessing the stress and strain state of the lining. The excavation of the tunnel and the lining installation were simulated in plane-strain undrained conditions, adopting the stress reduction method. To take into consideration the peculiar interaction mechanism, identified as the cause the damages, the stress release was differentiated based on the orientation along the tunnel wall. Two distinct modelling strategies were used to model the tunnel lining: at first, simple beam elements were used, then, small continuum elements and cable elements were employed to represent the concrete and the steel bars respectively. The implemented algorithm allowed to simulate explicitly the formation of the cracks and their progressive development. Finally, consolidation analyses were carried out to assess the evolution of the damage and the long-term stress and strain level of the lining. The numerical analyses allowed to reproduce the observed damage pattern and to reliably evaluate the stress and strain state in the damaged lining. Furthermore, the long-term analyses showed that the consolidation process has a beneficial effect as the equalization of the pore pressures causes a reduction of the load eccentricity on the lining, thus progressively increasing the level of safety over time. The investigation of the causes of the reported damage and its numerical modelling allowed to remark the importance of proper tail void grouting when excavating under high cover depths in squeezing soils

How pharmacoepidemiology networks can manage distributed analyses to improve replicability and transparency and minimize bias

Several pharmacoepidemiology networks have been developed over the past decade that use a distributed approach, implementing the same analysis at multiple data sites, to preserve privacy and minimize data sharing. Distributed networks are efficient, by interrogating data on very large populations. The structure of these networks can also be leveraged to improve replicability, increase transparency, and reduce bias. We describe some features of distributed networks using, as examples, the Canadian Network for Observational Drug Effect Studies, the Sentinel System in the USA, and the European Research Network of Pharmacovigilance and Pharmacoepidemiology. Common protocols, analysis plans, and data models, with policies on amendments and protocol violations, are key features. These tools ensure that studies can be audited and repeated as necessary. Blinding and strict conflict of interest policies reduce the potential for bias in analyses and interpretation. These developments should improve the timeliness and accuracy of information used to support both clinical and regulatory decisions

Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

An architecture-based dependability modeling framework using AADL

For efficiency reasons, the software system designers' will is to use an integrated set of methods and tools to describe specifications and designs, and also to perform analyses such as dependability, schedulability and performance. AADL (Architecture Analysis and Design Language) has proved to be efficient for software architecture modeling. In addition, AADL was designed to accommodate several types of analyses. This paper presents an iterative dependency-driven approach for dependability modeling using AADL. It is illustrated on a small example. This approach is part of a complete framework that allows the generation of dependability analysis and evaluation models from AADL models to support the analysis of software and system architectures, in critical application domains

Fully coupled, hygro-thermo-mechanical sensitivity analysis of a pre-stressed concrete pressure vessel

Following a recent world wide resurgence in the desire to build and operate nuclear power stations as a response to rising energy demands and global plans to reduce carbon emissions, and in the light of recent events such as those at the Fukushima Dai-ichi nuclear power plant in Japan, which have raised questions of safety, this work has investigated the long term behaviour of concrete nuclear power plant structures.<p></p> A case example of a typical pre-stressed concrete pressure vessel (PCPV), generically similar to several presently in operation in the UK was considered and investigations were made with regard to the extended operation of existing plants beyond their originally planned for operational life spans, and with regard to the construction of new build plants.<p></p> Extensive analyses have been carried out using a fully coupled hygro-thermo-mechanical (HTM) model for concrete. Analyses were initially conducted to determine the current state of a typical PCPV after 33+ years of operation. Parametric and sensitivity studies were then carried out to determine the influence of certain, less well characterised concrete material properties (porosity, moisture content, permeability and thermal conductivity). Further studies investigated the effects of changes to operational conditions including planned and unplanned thermal events.<p></p> As well as demonstrating the capabilities and usefulness of the HTM model in the analysis of such problems, it has been shown that an understanding of the long-term behaviour of these safety–critical structures in response to variations in material properties and loading conditions is extremely important and that further detailed analysis should be conducted in order to provide a rational assessment for life extension.<p></p> It was shown that changes to the operating procedures led to only minor changes in the behaviour of the structure over its life time, but that unplanned thermal excursions, like those seen at the Fukushima Dai-ichi plant could have more significant effects on the concrete structures.<p></p&gt