Quantifying Safety in Software Architectural Designs

Incorporating safety in the software architectural design decisions is important for the successful applications in safety-critical systems. However, most of the existing software design rationales do not consider the quantitative aspect of the software architectures with respect to safety. As a result, alternative architectures cannot be compared adequately with respect to safety. In this paper, we present an analytical approach for quantifying safety in software architectural designs. We use the concept of architectural service routes to quantify system safety in terms of software architectural attributes. We show how to make appropriate architectural design decisions based on their impacts on safety. We compare different example architectures with respect to system safety

The Impact of Individual Differences in Fine Motor Abilities on Wheelchair Control Behavior and Especially on Safety-Critical Collisions with Objects in the Surroundings

In order to significantly reduce the number of safety-critical collisions of wheelchair users with objects spread in their environment, a study has been conducted which relates wheelchair user's fine motor abilities with the collisions while driving through a standardized course in a realistic office environment. The conducted inferential statistics demonstrate that especially the participants' aiming capacity can sign significantly predict the collisions occurring while driving through the course. A graphical and qualitative analysis of these effects demonstrates in addition that specific maneuvering tasks influence this relationship and that especially driving next to an object without colliding requires a high level of aiming capacity. The results demonstrate the need to develop a wheelchair system which adapts its assistive functionality to the aiming capacity and the difficulty of the maneuvering task in order to provide as much help as necessary without risking the degradation of the wheelchair user's skills

Fault Propagation Analysis on the Transaction-Level Model of an Acquisition System with Bus Fallback Modes

The early fault analysis is mandatory for safety critical systems, which are required to operate safely even on the presence of faults. System design methodologies tackle the early design and verification of systems by allowing several abstraction for their models, but still offer only digital bit faults as fault models. Therefore we develop a signal fault model for the Transaction-Level Modeling. We extend the TLM generic payload by the signal characteristics: Voltage level, delay, slope time and glitches. In order to analyze and process these, a TLM bus model is created, with which signal faults can be detected and translated to data failures. Furthermore, inserting this bus in an acquisition system and implementing fallback modes for the bus operation, the propagation of the signal faults through the system can be assessed. Simulating this model using probability distributions for the different signal faults, 5516 faults have been generated. From these, 5143 have been recovered, 239 isolated and 134 turned into failures

Dependable System Design for Assistance Systems for Electrically Powered Wheelchairs

In this paper a system design approach is proposed, which is based on a user needs assessment and a flexible and adaptable architecture for dependable system integration. The feasibility of the approach is shown on the example of an assistance system for electrically powered wheelchairs. The system requirements correspond to the cognitive and motor abilities of the wheelchair users. For the wheelchair system built up based on a commercial powered wheelchair several behaviors have been realized such as collision avoidance, local navigation and path planning well known from robotic systems, which are enhanced by human-interfacing components. Furthermore, the system design will be high lighted which is based on robotic systems engineering. Due to the fundamental properties of the system architecture the resulting assistance system is inherently dependable, flexible, and adaptable. Corresponding to the current situation and the users’ abilities the system changes the level of assistance during real-time operation. The resulting system behavior is evaluated using system performance and usability tests

Automotive Communication Security Methods and Recommendations for Securing In-vehicle and V2X Communications

Today’s vehicles contain approximately more than 100 interconnected computers (ECUs), several of which will be connected to the Internet or external devices and networks around the vehicle. In the near future vehicles will extensively communicate with their environment via Vehicle to Vehicle (V2V) and Vehicle to Infrastructure (V2I), together called V2X communications. Such level of connectivity enables car manufacturers to implement new entertainment systems and to provide safety features to decrease the number of road accidents. Moreover, authorities can deploy the traffic information provided by vehicular communications to improve the traffic management. Despite the great benefits that comes with vehicular communications, there are also risks associated with exposing a safety-critical integrated system to external networks. It has already been proved that vehicles can be remotely hacked and the safety critical functions such as braking system and steering wheel can be compromised to endanger the safety of passengers. This putshigh demands on IT security and car manufacturers to secure vehicular communications. This thesis proposes methods and recommendations for improving the security of internal and external vehicular communications.The main contributions of this thesis are contained in six included papers, and cover the following research areas of automotive security: (i) secure network architecture design, (ii) attack protection, (iii) attack detection, and (iv) V2X security. The first two papers in the collection are on the topic of secure network architecture design and propose an automated approach for grouping in-vehicle ECUs into security domains which facilitate the implementation of security measures in in-vehicle networks. The third paper is on the topic of attack protection and evaluates the applicability of existing Controller Area Network (CAN) bus authentication solutions to a vehicular context. In particular, this paper identifies five critical requirements for an authentication solution to be used in such a context. The fourth paper deals with the issue of attack detection in in-vehicle networks and proposes a specification agnostic method for detecting intrusion in vehicles. The fifth paper identifies weaknesses or deficiencies in the design of the ETSI V2X security standard and proposes changes to fix the identified weaknesses or deficiencies. The last paper investigates the security implications of adopting 5G New Radio (NR) for V2X communications

Proceedings of the International Workshop on the Design of Dependable Critical Systems “Hardware, Software, and Human Factors in Dependable System Design”

As technology advances, technical systems become increasingly complex not only in terms of functionality and structure but also regarding their handling and operation. In order to keep such complex safety-critical and mission-critical systems controllable, they are required to be highly dependable. Since the costs for designing, testing, operating, and maintaining such systems significantly increase with the dependability requirements, new design approaches for the cost effective development and production of dependable systems are required, covering hardware, software, and human factor aspects. This workshop aims at presenting and discussing the latest developments in this field, spanning the entire spectrum from theoretical works on system architecture and dependability measures to practical applications in safety and mission critical domains

Analysing the reliability of actuation elements in series and parallel configurations for high-redundancy actuation

A high-redundancy actuator (HRA) is an actuation system composed of a high number of actuation elements, increasing both travel and force above the capability of an individual element. This approach provides inherent fault tolerance: if one of the elements fails, the capabilities of the whole actuator may be reduced, but it retains core functionality. Many different configurations are possible, with different implications for the actuator capability and reliability. This article analyses the reliability of the HRA based on the likelihood of an unacceptable reduction in capability. The analysis of the HRA is a highly structured problem, but it does not fit into known reliability categories (such as the k-out-of-n system), and a fault-tree analysis becomes prohibitively large. Instead, a multi-state systems approach is pursued here, which provides an easy, concise and efficient reliability analysis of the HRA. The resulting probability distribution can be used to find the optimal configuration of an HRA for a given set of requirements

Model-connected safety cases

Regulatory authorities require justification that safety-critical systems exhibit acceptable levels of safety. Safety cases are traditionally documents which allow the exchange of information between stakeholders and communicate the rationale of how safety is achieved via a clear, convincing and comprehensive argument and its supporting evidence. In the automotive and aviation industries, safety cases have a critical role in the certification process and their maintenance is required throughout a system’s lifecycle. Safety-case-based certification is typically handled manually and the increase in scale and complexity of modern systems renders it impractical and error prone.Several contemporary safety standards have adopted a safety-related framework that revolves around a concept of generic safety requirements, known as Safety Integrity Levels (SILs). Following these guidelines, safety can be justified through satisfaction of SILs. Careful examination of these standards suggests that despite the noticeable differences, there are converging aspects. This thesis elicits the common elements found in safety standards and defines a pattern for the development of safety cases for cross-sector application. It also establishes a metamodel that connects parts of the safety case with the target system architecture and model-based safety analysis methods. This enables the semi- automatic construction and maintenance of safety arguments that help mitigate problems related to manual approaches. Specifically, the proposed metamodel incorporates system modelling, failure information, model-based safety analysis and optimisation techniques to allocate requirements in the form of SILs. The system architecture and the allocated requirements along with a user-defined safety argument pattern, which describes the target argument structure, enable the instantiation algorithm to automatically generate the corresponding safety argument. The idea behind model-connected safety cases stemmed from a critical literature review on safety standards and practices related to safety cases. The thesis presents the method, and implemented framework, in detail and showcases the different phases and outcomes via a simple example. It then applies the method on a case study based on the Boeing 787’s brake system and evaluates the resulting argument against certain criteria, such as scalability. Finally, contributions compared to traditional approaches are laid out

Model-Based Engineering of Collaborative Embedded Systems

This Open Access book presents the results of the "Collaborative Embedded Systems" (CrESt) project, aimed at adapting and complementing the methodology underlying modeling techniques developed to cope with the challenges of the dynamic structures of collaborative embedded systems (CESs) based on the SPES development methodology. In order to manage the high complexity of the individual systems and the dynamically formed interaction structures at runtime, advanced and powerful development methods are required that extend the current state of the art in the development of embedded systems and cyber-physical systems. The methodological contributions of the project support the effective and efficient development of CESs in dynamic and uncertain contexts, with special emphasis on the reliability and variability of individual systems and the creation of networks of such systems at runtime. The project was funded by the German Federal Ministry of Education and Research (BMBF), and the case studies are therefore selected from areas that are highly relevant for Germany’s economy (automotive, industrial production, power generation, and robotics). It also supports the digitalization of complex and transformable industrial plants in the context of the German government's "Industry 4.0" initiative, and the project results provide a solid foundation for implementing the German government's high-tech strategy "Innovations for Germany" in the coming years

Dagstuhl-Workshop MBEES:

modellbasierte automobile Steuergeräteentwicklun