1,680 research outputs found

    A Novel System-Theoretic Matrix-Based Approach to Analysing Safety and Security of Cyber-Physical Systems

    Get PDF
    Cyber-Physical Systems (CPSs) are getting increasingly complex and interconnected. Consequently, their inherent safety risks and security risks are so intertwined that the conventional analysis approaches which address them separately may be rendered inadequate. STPA (Systems-Theoretic Process Analysis) is a top-down hazard analysis technique that has been incorporated into several recently proposed integrated Safety and Security (S&S) analysis methods. This paper presents a novel methodology that leverages not only STPA, but also custom matrices to ensure a more comprehensive S&S analysis. The proposed methodology is demonstrated using a case study of particular commercial cloud-based monitoring and control system for residential energy storage systems

    A Novel System-Theoretic Matrix-Based Approach to Analysing Safety and Security of Cyber-Physical Systems

    Get PDF
    Cyber-Physical Systems (CPSs) are getting increasingly complex and interconnected. Consequently, their inherent safety risks and security risks are so intertwined that the conventional analysis approaches which address them separately may be rendered inadequate. STPA (Systems-Theoretic Process Analysis) is a top-down hazard analysis technique that has been incorporated into several recently proposed integrated Safety and Security (S&S) analysis methods. This paper presents a novel methodology that leverages not only STPA, but also custom matrices to ensure a more comprehensive S&S analysis. The proposed methodology is demonstrated using a case study of particular commercial cloud-based monitoring and control system for residential energy storage systems

    An illumination of the template enigma : software code generation with templates

    Get PDF
    Creating software is a process of refining a concept to an implementation. This process consists of several stages represented by documents, models and plans at several levels of abstraction. Mostly, the refinement process requires creativity of the programmers, but sometimes the task is boring and repetitive. This repetitive work is an indication that the program is not written at the most suitable level of abstraction. The level of abstraction offered by the used programming language might be too low to remove the recurring code. Code generators can be used to raise the level of abstraction of program specifications and to automate the repetitive work. This thesis focuses on code generators based on templates. Templates are one of the techniques to implement a code generator. Templates allow extension of the syntax of a programming language, enabling generative programming without modifying the underlying compiler. Four artifacts are involved in a template based generator: templates, input data, a template evaluator and output code. The templates we consider are a concrete (incomplete) representation of the output document, i.e. object code, that contains holes, i.e. the meta code. These holes are filled by the template evaluator using information from the input data to obtain the output code. Templates are widely used to generate HTML code in web applications. They can be used for generating all kinds of text, like e-mails or (source) code. In this thesis we limit the scope to the generation of source code. The central research question is how the quality of template based code generators can be improved. Quality, in general, is a broad notion and our scope is limited to the technical quality of templates and generated code. We focused on improving the maintainability of template based code generators and the correctness of the generated code. This is facilitated by the three main contributions provided by this thesis. First, the maintainability of template based code generators is increased by specifying the following requirement for our metalanguage. Our metalanguage should not be rich enough to allow programming in templates, without being too restrictive to express some code generators. We used the theory of formal languages to specify our metalanguage. Second, we ensure correctness of the templates and generated code. Third, the presented theory and techniques are validated by case studies. These case studies show application of templates in real world applications, increased maintainability and syntactical correctness of generated code. Our metalanguage should not be rich enough to allow programming in templates, without being too restrictive to express some code generators. The theory of formal languages is used to specify the requirements for our metalanguage. As we only consider to generate programming languages, it is sufficient to support the generation of languages defined by context-free grammars. This assumption is used to derive a metalanguage, that is rich enough to specify code generators that are able to instantiate all possible sentences of a context-free language. A specific case of a code generator, the unparser, is a program that can instantiate all sentences of a context-free language. We proved that an unparser can be implemented using a linear deterministic topdown tree-to-string transducer. We call this property unparser-completeness. Our metalanguage is based on a linear deterministic top-down tree-to-string transducer. Recall that the goal of specifying the requirements of the metalanguage is to increase the maintainability of template based code generators, without being too restrictive. To validate that our metalanguage is not too restrictive and leads to better maintainable templates, we compared it with four off-the-shelf text template systems by implementing an unparser. We have observed that the industrial template evaluators provide a Turing complete metalanguage, but they do not contain a block scoping mechanism for the meta-variables. This results in undesired additional boilerplate meta code in their templates. The second contribution is guaranteeing the correctness of the generated code. Correctness of the generated code can be divided in two concerns: syntactical correctness and semantical correctness. We start with syntactical correctness of the generated code. The use of text templates implies that syntactical correctness of the generated code can only be detected at compilation time. This means that errors detected during the compilation are reported on the level of the generated code. The developer is required to trace back manually the errors to their origin in the template or input data. We believe that programs manipulating source code should not consider the object code as text to detect errors as early as possible. We present an approach where the grammars of the object language and metalanguage can be combined in a modular way. Combining both grammars allows parsing both languages simultaneously. Syntax errors in both languages of the template will be found while parsing it. Moreover, only parsing a template is not sufficient to ensure that the generated code will be free of syntax errors. The template evaluator must be equipped with a mechanism to guarantee its output will be syntactically correct. We discuss our mechanism in short. A parse tree is constructed during the parsing of the template. This tree contains subtrees for the object code and subtrees for the meta code. While evaluating the template, subtrees of the meta code are substituted by object code subtrees. The template evaluator checks whether the root nonterminal of the object code subtree is equal to the root nonterminal of the meta code subtree. When both are equal, it is allowed to substitute the meta code. When the root nonterminals are distinct an accurate error message is generated. The template evaluator terminates when all meta code subtrees are substituted. The result is a parse tree of the object language and thus syntactically correct. We call this process syntax safe code generation. In order to validate that the presented techniques increase maintainability and ensure syntactical correctness, we implemented our ideas in a syntax safe template evaluator called Repleo. Repleo has been applied in four case studies. The first case is a real world situation, where it is required to generate a three tier web application from a data model. This case showed that multiple layers of an applications defined in different programming languages can be generated from a single model. The second case and third case are used to show that our metalanguage results in a better maintainable code generator. Our metalanguage forces to use a two layer code generator with separation of concerns between the two layers, where the original implementations are less modular. The last case study shows that ensuring syntactical correctness results in the prevention of cross-site scripting attacks in dynamic generation of web pages. Recall that one of our goals was ensuring the correctness of the generated code. We also showed that is possible to check static semantic properties of templates. Static semantic checks are defined for the metalanguage, for the object language and checks for the situations where the object language is dependent on the metalanguage. We implemented a prototype of a static semantic checker for PicoJava templates using attribute grammars. The use of attribute grammars leads to re-use of the original PicoJava checker. Summarizing, in this thesis we have formulated the requirements for a metalanguage and discussed how to implement a syntax safe template evaluator. This results in better maintainable template based code generators and more reliable generated code

    Property Model Methodology: A First Assessment in the Avionics Domain

    No full text
    International audienceThe aim of this paper is twofold. Firstly, it is intended to provide an overview of the goals, the concepts and the process of a new Model Based Systems Engineering methodology, called Property Model Methodology (PMM). The second aim is to provide a feedback on its application in the avionics domain. In this experiment, PMM has been used in order to develop a top level specification model regarding a textual specification of an avionics function, to validate the top level specification model, and according to PMM rules to develop (1) a design model of the function taking into account architectural constraints of an integrated avionics, (2) building block specification models and (3) building block design models. Building block specification models were validated regarding their encompassing system specification model and the selected system design model while the design models were integrated and verified, level by level up to the top level design model, regarding their specification model. This paper summarizes the lessons learnt during this process and some additional results related to safety issues. This paper, with others [1,2], proves the fundamental concepts of PMM and provides a starting point for further research on Model Based Systems Engineering of a wide range of engineered systems (discrete, hybrid, continuous and multi-physics systems), but also support additional systems engineering activities (e.g. safety-reliability activities)

    Comparative Analysis of Nuclear Event Investigation Methods, Tools and Techniques

    Get PDF
    Feedback from operating experience is one of the key means of enhancing nuclear safety and operational risk management. The effectiveness of learning from experience at NPPs could be maximised, if the best event investigation practices available from a series of methodologies, methods and tools in the form of a ‘toolbox’ approach were promoted. Based on available sources of technical, scientific, normative and regulatory information, an inventory, review and brief comparative analysis of information concerning event investigation methods, tools and techniques, either indicated or already used in the nuclear industry (with some examples from other high risk industry areas), was performed in this study. Its results, including the advantages and drawbacks identified from the different instruments, preliminary recommendations and conclusions, are covered in this report. The results of comparative analysis of nuclear event investigation methods, tools and techniques, presented in this interim report, are of a preliminary character. It is assumed that, for the generation of more concrete recommendations concerning the selection of the most effective and appropriate methods and tools for event investigation, new data, from experienced practitioners in the nuclear industry and/or regulatory institutions are needed. It is planned to collect such data, using the questionnaire prepared and performing the survey currently underway. This is the second step in carrying out an inventory of, reviewing, comparing and evaluating the most recent data on developments and systematic approaches in event investigation, used by organisations (mainly utilities) in the EU Member States. Once the data from this survey are collected and analysed, the final recommendations and conclusions will be developed and presented in the final report on this topic. This should help current and prospective investigators to choose the most suitable and efficient event investigation methods and tools for their particular needs.JRC.DDG.F.5-Safety of present nuclear reactor

    Automotive styling: Supporting engineering-styling convergence through surface-centric knowledge based engineering

    Get PDF
    The emotional impression a car imprints on a potential buyer is as equally important for its commercial success as fulfilling functional requirements. Hence, to create a positive emotional impression of a vehicle, great effort is put into a car's styling process. One of the key aspects during the early stages of the automotive design process is the convergence of styling and engineering design. While requirements stemming from engineering design are usually characterised by quantitative values, styling requirements are rather qualitative in nature. Converging these two requirement types is laborious. The present publication focuses on supporting this process through Knowledge Based Engineering. This is achieved by introducing a method which enables the designer to intuitively regard functional requirements during the styling phase. Moreover, the method improves the process of technical requirement checks regarding the shape and orientation of styling surfaces which exceed conventional package verifications

    Managing Epistemic Uncertainties in the Underlying Models of Safety Assessment for Safety-Critical Systems

    Get PDF
    When conducting safety assessment for safety-critical systems, epistemic uncertainty is an ever-present challenge when reasoning about the safety concerns and causal relationships related to hazards. Uncertainty around this causation thus needs to be managed well. Unfortunately, existing safety assessment tends to ignore unknown uncertainties, and stakeholders rarely track known uncertainties well through the system lifecycle. In this thesis, an approach is described for managing epistemic uncertainties about the system and safety causal models that are applied in a safety assessment. First, the principles that define the requirements for the approach are introduced. Next, these principles are used to construct three distinct steps that constitute an approach to manage such uncertainties. These three steps involve identifying, documenting and tracking the uncertainties throughout the system lifecycle so as to enable intervention to address the uncertainties. The approach is evaluated by integrating it with two existing safety assessment techniques, one using models from a system viewpoint and the other with models from a component viewpoint. This approach is also evaluated through peer reviews, semi-structured interviews with practitioners, and by review against requirements derived from the principles. Based on the evaluation results, it is plausible that our approach can provide a feasible and systematic way to manage epistemic uncertainties in safety assessment for safety-critical systems

    A Changing Landscape:On Safety & Open Source in Automated and Connected Driving

    Get PDF
    • …
    corecore