Complexity, Emergence and the Challenges of Assurance: The Need for a Systems Paradigm

The complexity of modern products, systems, and processes makes the task to identify, characterise, and provide sufficient assurance about the desirable properties a major challenge. Stakeholders also demand a degree of enhanced confidence about the absence of undesirable properties with a potential to cause harm or loss. This develops a framework of seven fundamental facets of performance as an ontology for emergent behavioural properties and a separate framework for the emergent structural properties of complex systems. The emergent behavioural aspects are explored and we develop a systems framework for assurance based on an Assessment and Management paradigm each comprising a number of principles and processes. The key argument advanced is that in the face of complexity and incessant change, enhanced confidence in the achievement of desirable and avoidance of undesirable properties requires a systems approach empowered by suitable modelling and relevant diagnostic tools explaining the nature of emergent properties. Our principal focus is on safety, security, and sustainability emergent behavioural (performance) aspects of complex products, systems, and processes

Certifications of Critical Systems – The CECRIS Experience

In recent years, a considerable amount of effort has been devoted, both in industry and academia, to the development, validation and verification of critical systems, i.e. those systems whose malfunctions or failures reach a critical level both in terms of risks to human life as well as having a large economic impact.Certifications of Critical Systems – The CECRIS Experience documents the main insights on Cost Effective Verification and Validation processes that were gained during work in the European Research Project CECRIS (acronym for Certification of Critical Systems). The objective of the research was to tackle the challenges of certification by focusing on those aspects that turn out to be more difficult/important for current and future critical systems industry: the effective use of methodologies, processes and tools.The CECRIS project took a step forward in the growing field of development, verification and validation and certification of critical systems. It focused on the more difficult/important aspects of critical system development, verification and validation and certification process. Starting from both the scientific and industrial state of the art methodologies for system development and the impact of their usage on the verification and validation and certification of critical systems, the project aimed at developing strategies and techniques supported by automatic or semi-automatic tools and methods for these activities, setting guidelines to support engineers during the planning of the verification and validation phases

Certifications of Critical Systems – The CECRIS Experience

In recent years, a considerable amount of effort has been devoted, both in industry and academia, to the development, validation and verification of critical systems, i.e. those systems whose malfunctions or failures reach a critical level both in terms of risks to human life as well as having a large economic impact.Certifications of Critical Systems – The CECRIS Experience documents the main insights on Cost Effective Verification and Validation processes that were gained during work in the European Research Project CECRIS (acronym for Certification of Critical Systems). The objective of the research was to tackle the challenges of certification by focusing on those aspects that turn out to be more difficult/important for current and future critical systems industry: the effective use of methodologies, processes and tools.The CECRIS project took a step forward in the growing field of development, verification and validation and certification of critical systems. It focused on the more difficult/important aspects of critical system development, verification and validation and certification process. Starting from both the scientific and industrial state of the art methodologies for system development and the impact of their usage on the verification and validation and certification of critical systems, the project aimed at developing strategies and techniques supported by automatic or semi-automatic tools and methods for these activities, setting guidelines to support engineers during the planning of the verification and validation phases

A Systems View of Railway Safety and Security

This chapter approaches the concerns over safety and security of modern mainline and light railways from a systems perspective. It addresses the two key concerns from the view point of systemic emergence arising from the interaction between all the principal constituents of the railway system, namely infrastructure, rolling stock, energy and human element comprising workers, passengers and the neighbours of the railways

Um Método de aquisição de conhecimento para customização de modelos de capacidade/maturidade de processos de software

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnoclógico, Programa de Pós-Graduação em Engenharia e Gestão do Conhecimento, Florianópolis, 2011A Engenharia do Conhecimento provê métodos que possibilitam o entendimento das estruturas e processos utilizados por especialistas, no intuito de criar uma melhor integração da tecnologia da informação em suporte ao trabalho intelectual. Um dos principais processos da Engenharia do Conhecimento é a aquisição de conhecimento, que consiste em extrair o conhecimento necessário a partir de suas diversas fontes, de modo a poder codificá-lo e reutilizá-lo. O conhecimento representado na forma de melhores práticas constitui-se no encapsulamento de experiências que, quando repetidas, levam a alcançar resultados semelhantes. Nesse sentido, os Modelos de Capacidade/ Maturidade de Processo de Software (SPCMMs) são frameworks de melhores práticas de desenvolvimento de software e têm sido customizados para atender as necessidades específicas de qualidade de cada domínio de desenvolvimento de software. Neste sentido, esta tese apresenta um método de aquisição de conhecimento para customização de SPCMMs para domínios específicos, desenvolvido com base nas experiências de desenvolvimento de SPCMMs relatadas na literatura, nos processos e técnicas de aquisição de conhecimento, processos de desenvolvimento de normas de qualidade e em frameworks de desenvolvimento de modelos de qualidade de processo. O método é avaliado por especialistas e utilizado na customização de dois SPCMMs. Os resultados observados revelam primeiros indícios de que o método é adequado e aplicável à aquisição de conhecimento para a customização de SPCMMs. O método desenvolvido contribui para a Engenharia do Conhecimento na pesquisa atual em aquisição do conhecimento a partir de fontes não estruturadas e na área de aplicação em Engenharia de Software fornecendo um suporte sistemático para a customização de SPCMMs

INTEGRATION OF SOFTWARE SAFETY ASSURANCE PRINCIPLES WITH AN AGILE DEVELOPMENT METHOD

Agile software development has had success in different domains. However there is one area where the implementation of agile methods still needs significant development – that is in the field of agile and safety-critical system development. In this field, software engineering processes need to be justified against the requirements of software safety assurance standards (such as ISO 26262 in the automotive domain). It is therefore important that agile development processes can be justified to levels of assurance equivalent to that provided by traditional development approaches. While there is existing literature concerning the integration of agile methods with specific safety-critical system development standards and agile methods, the question of how fundamental software safety assurance principles can be addressed within agile methods has received little attention. In this thesis we describe the results of practitioner surveys that highlight the primary concerns regarding the use of agile methods within safety-critical development. In the context of this survey, and of existing work on software safety assurance principles, we then present an initial proposal as to how assurance could be addressed with an existing agile development method – Scrum. This proposal was submitted to practitioners for initial feedback and evaluation. The results of this evaluation are also presented

Process Based Unification for Multi-Model Software Process Improvement

A number of differences among quality approaches exist and there can be various situations in which the usage of multiple approaches is required, e.g. to strengthen a particular process with multiple quality approaches or to reach certification of the compliance to a number of standards. First of all it has to be decided which approaches have potential for the organization. In many cases one approach does not contain enough information for process implementation. Consequently, the organization may need to use several approaches and the decision has to be made how the chosen approaches can be used simultaneously. This area is called Multi-model Software Process Improvement (MSPI). The simultaneous usage of multiple quality approaches is called the multi-model problem. In this dissertation we propose a solution for the multi-model problem which we call the Process Based Unification (PBU) framework. The PBU framework consists of the PBU concept, a PBU process and the PBU result. We call PBU concept the mapping of quality approaches to a unified process. The PBU concept is operationalized by a PBU process. The PBU result includes the resulting unified process and the mapping of quality approaches to the unified process.Comment: PhD Thesi

Application of Track Geometry Deterioration Modelling and Data Mining in Railway Asset Management

Modernin rautatiejärjestelmän hallinnassa rahankäyttö kohdistuu valtaosin nykyisen rataverkon korjauksiin ja parannuksiin ennemmin kuin uusien ratojen rakentamiseen. Nykyisen rataverkon kunnossapitotyöt aiheuttavat suurten kustannusten lisäksi myös usein liikennerajoitteita tai yhteyksien väliaikaisia sulkemisia, jotka heikentävät rataverkon käytettävyyttä Siispä oikea-aikainen ja pitkäaikaisia parannuksia aikaansaava kunnossapito ovat edellytyksiä kilpailukykyisille ja täsmällisille rautatiekuljetuksille. Tällainen kunnossapito vaatii vankan tietopohjan radan nykyisestä kunnosta päätöksenteon tueksi. Ratainfran omistajat teettävät päätöksenteon tueksi useita erilaisia radan kuntoa kuvaavia mittauksia ja ylläpitävät kattavia omaisuustietorekistereitä. Kenties tärkein näistä datalähteistä on koneellisen radantarkastuksen tuottamat mittaustulokset, jotka kuvastavat radan geometrian kuntoa. Nämä mittaustulokset ovat tärkeitä, koska ne tuottavat luotettavaa kuntotietoa: mittaukset tehdään toistuvasti, 2–6 kertaa vuodessa Suomessa rataosasta riippuen, mittausvaunu pysyy useita vuosia samana, tulokset ovat hyvin toistettavia ja ne antavat hyvän yleiskuvan radan kunnosta. Vaikka laadukasta dataa on paljon saatavilla, käytännön omaisuudenhallinnassa on merkittäviä haasteita datan analysoinnissa, sillä vakiintuneita menetelmiä siihen on vähän. Käytännössä seurataan usein vain mittaustulosten raja-arvojen ylittymistä ja pyritään subjektiivisesti arvioimaan rakenteiden kunnon kehittymistä ja korjaustarpeita. Kehittyneen analytiikan puutteet estävät kuntotietojen laajamittaisen hyödyntämisen kunnossapidon suunnittelussa, mikä vaikeuttaa päätöksentekoa. Tämän väitöskirjatutkimuksen päätavoitteita olivat kehittää ratageometrian heikkenemiseen mallintamismenetelmiä, soveltaa tiedonlouhintaa saatavilla olevan omaisuusdatan analysointiin sekä jalkauttaa kyseiset tutkimustulokset käytännön rataomaisuudenhallintaan. Ratageometrian heikkenemisen mallintamismenetelmien kehittämisessä keskityttiin tuottamaan nykyisin saatavilla olevasta datasta uutta tietoa radan kunnon kehityksestä, tehdyn kunnossapidon tehokkuudesta sekä tulevaisuuden kunnossapitotarpeista. Tiedonlouhintaa sovellettiin ratageometrian heikkenemisen juurisyiden selvittämiseen rataomaisuusdatan perusteella. Lopuksi hyödynnettiin kypsyysmalleja perustana ratageometrian heikkenemisen mallinnuksen ja rataomaisuusdatan analytiikan käytäntöön viennille. Tutkimustulosten perusteella suomalainen radantarkastus- ja rataomaisuusdata olivat riittäviä tavoiteltuihin analyyseihin. Tulokset osoittivat, että robusti lineaarinen optimointi soveltuu hyvin suomalaisen rataverkon ratageometrian heikkenemisen mallinnukseen. Mallinnuksen avulla voidaan tuottaa tunnuslukuja, jotka kuvaavat rakenteen kuntoa, kunnossapidon tehokkuutta ja tulevaa kunnossapitotarvetta, sekä muodostaa havainnollistavia visualisointeja datasta. Rataomaisuusdatan eksploratiiviseen tiedonlouhintaan käytetyn GUHA-menetelmän avulla voitiin selvittää mielenkiintoisia ja vaikeasti havaittavia korrelaatioita datasta. Näiden tulosten avulla saatiin uusia havaintoja ongelmallisista ratarakennetyypeistä. Havaintojen avulla voitiin kohdentaa jatkotutkimuksia näihin rakenteisiin, mikä ei olisi ollut mahdollista, jollei tiedonlouhinnan avulla olisi ensin tunnistettu näitä rakennetyyppejä. Kypsyysmallin soveltamisen avulla luotiin puitteet ratageometrian heikkenemisen mallintamisen ja rataomaisuusdatan analytiikan kehitykselle Suomen rataomaisuuden hallinnassa. Kypsyysmalli tarjosi käytännöllisen tavan lähestyä tarvittavaa kehitystyötä, kun eteneminen voitiin jaotella neljään eri kypsyystasoon, jotka loivat selkeitä välitavoitteita. Kypsyysmallin ja asetettujen välitavoitteiden avulla kehitys on suunniteltua ja edistystä voidaan jaotella, mikä antaa edellytykset tämän laajamittaisen kehityksen onnistuneelle läpiviennille. Tämän väitöskirjatutkimuksen tulokset osoittavat, miten nykyisin saatavilla olevasta datasta saadaan täysin uutta ja merkityksellistä tietoa, kun sitä käsitellään kehittyneen analytiikan avulla. Tämä väitöskirja tarjoaa datankäsittelyratkaisujen luomisen ja soveltamisen lisäksi myös keinoja niiden käytäntöönpanolle, sillä tietopohjaisen päätöksenteon todelliset hyödyt saavutetaan vasta käytännön radanpidossa.In the management of a modern European railway system, spending is predominantly allocated to maintaining and renewing the existing rail network rather than constructing completely new lines. In addition to major costs, the maintenance and renewals of the existing rail network often cause traffic restrictions or line closures, which decrease the usability of the rail network. Therefore, timely maintenance that achieves long-lasting improvements is imperative for achieving competitive and punctual rail traffic. This kind of maintenance requires a strong knowledge base for decision making regarding the current condition of track structures. Track owners commission several different measurements that depict the condition of track structures and have comprehensive asset management data repositories. Perhaps one of the most important data sources is the track recording car measurement history, which depicts the condition of track geometry at different times. These measurement results are important because they offer a reliable condition database; the measurements are done recurrently, two to six times a year in Finland depending on the track section; the same recording car is used for many years; the results are repeatable; and they provide a good overall idea of the condition of track structures. However, although high-quality data is available, there are major challenges in analysing the data in practical asset management because there are few established methods for analytics. Practical asset management typically only monitors whether given threshold values are exceeded and subjectively assesses maintenance needs and development in the condition of track structures. The lack of advanced analytics prevents the full utilisation of the available data in maintenance planning which hinders decision making. The main goals of this dissertation study were to develop track geometry deterioration modelling methods, apply data mining in analysing currently available railway asset data, and implement the results from these studies into practical railway asset management. The development of track geometry deterioration modelling methods focused on utilising currently available data for producing novel information on the development in the condition of track structures, past maintenance effectiveness, and future maintenance needs. Data mining was applied in investigating the root causes of track geometry deterioration based on asset data. Finally, maturity models were applied as the basis for implementing track geometry deterioration modelling and track asset data analytics into practice. Based on the research findings, currently available Finnish measurement and asset data was sufficient for the desired analyses. For the Finnish track inspection data, robust linear optimisation was developed for track geometry deterioration modelling. The modelling provided key figures, which depict the condition of structures, maintenance effectiveness, and future maintenance needs. Moreover, visualisations were created from the modelling to enable the practical use of the modelling results. The applied exploratory data mining method, General Unary Hypotheses Automaton (GUHA), could find interesting and hard-to-detect correlations within asset data. With these correlations, novel observations on problematic track structure types were made. The observations could be utilised for allocating further research for problematic track structures, which would not have been possible without using data mining to identify these structures. The implementation of track geometry deterioration and asset data analytics into practice was approached by applying maturity models. The use of maturity models offered a practical way of approaching future development, as the development could be divided into four maturity levels, which created clear incremental goals for development. The maturity model and the incremental goals enabled wide-scale development planning, in which the progress can be segmented and monitored, which enhances successful project completion. The results from these studies demonstrate how currently available data can be used to provide completely new and meaningful information, when advanced analytics are used. In addition to novel solutions for data analytics, this dissertation research also provided methods for implementing the solutions, as the true benefits of knowledge-based decision making are obtained in only practical railway asset management

Railway Research

This book focuses on selected research problems of contemporary railways. The first chapter is devoted to the prediction of railways development in the nearest future. The second chapter discusses safety and security problems in general, precisely from the system point of view. In the third chapter, both the general approach and a particular case study of a critical incident with regard to railway safety are presented. In the fourth chapter, the question of railway infrastructure studies is presented, which is devoted to track superstructure. In the fifth chapter, the modern system for the technical condition monitoring of railway tracks is discussed. The compact on-board sensing device is presented. The last chapter focuses on modeling railway vehicle dynamics using numerical simulation, where the dynamical models are exploited

Estrategias de pruebas de líneas de producto de sistemas de tiempo real especificados con diagramas de estados jerárquicos

Las Líneas de Producto Software han aparecido en la ingeniería del software como una técnica cuyo objetivo es el de poder crear diferentes variantes software a partir de una infraestructura común, del mismo modo que se hace en otros sectores industriales. Un aspecto que hasta ahora no se ha investigado con tanta extensión es el de las Pruebas de Línea de Producto Software. La cuestión fundamental es decidir hasta qué punto es posible probar las diferents variantes de forma común. En el caso más optimista, probando una funcionalidad sobre la parte general se podría dar por probada sobre todas las variantes. Por contra, en el caso más pesimista, las pruebas de una Línea de Producto Software serían exactamente iguales que las pruebas de varios productos independientes que se hicieran de forma separada. Como término medio, aunque se pruebe la misma funcionalidad en todas las variantes, se podrian reutilizar por ejemplo la arquitectura de pruebas, los casos de prueba, el entorno de pruebas, etc. Buscando dar una solución al problema de las pruebas de Líneas de producto Software de tiempo real, la Tesis Doctoral propone un método de pruebas basado en los diagramas de estados jerárquicos del lenguaje UML para definir los casos de prueba. Se propone una técnica para asegurar la correspondencia (trazabilidad) de los requisitos con los casos de prueba, estructurándolos de forma semejante a los requisitos y estudiando cómo las variantes de los requisitos impactan sobre los diferentes elementos de prueba. También se define dentro del método un flujo de actividades, cuyo objetivo es la automatización de las pruebas para así poder probar las diferentes variantes de la Línea de Producto Software de forma eficiente. Este método tiene tres fases: el Diseño de Pruebas, donde se agrupan en clases de prueba los requisitos tanto genéricos como específicos de cada variante, y se modela cada clase de prueba mediante diagramas de estados jerárquicos y, si es preciso, escenarios en los cuales se incluyen de forma explícita sus requisitos asociados. En la fase de Implementación de Pruebas, estos diagramas se describen por medio de tablas de estados y eventos, con la información adicional necesaria (los datos de prueba) para generar automáticamente el código con los casos de prueba ejecutables. En la fase final de Ejecución de Pruebas, se realiza el caso de prueba sobre el sistema real y se registra el resultado obtenido. Como aportación final, se propone un metamodelo donde se muestran todos los elementos del método de pruebas y las relaciones que existen entre ellos. Para comprobar que la solución propuesta al problema de las pruebas de Líneas de Producto Software de Tiempo real es satisfactoria, se ha elegido una doble estrategia consistente en la aplicación del método sobre un caso industrial real y en la elaboración de un conjunto de herramientas software prototipo, con las cuales se ha demostrado la validez del método propuesto y se ha delimitado su alcance. El caso industrial real escogido ha sido el de una Línea de Productos Software Tiempo Real de sistemas de control del tráfico ferroviario, en el que el autor desarrolla desde hace diez años su actividad profesional, lo cual da a esta Tesis Doctoral un marcado carácter industrial, tanto por la relevancia práctica del tema elegido como por reflejar una experiencia de aplicación industrial real. Las herramientas software desarrolladas, tanto en el caso de aplicación industrial real, como en el ámbito de la Tesis Doctoral, sirven de soporte a la generación de casos de prueba a partir de los modelos de diagramas de estados, la ejecución automatizada de las pruebas, el análisis de los resultados o veredictos de las pruebas y la medición de cobertura de requisitos alcanzada en las pruebas