Hazards in advising autonomy: developing requirements for a hazard modelling methodology incorporating system dynamics

This paper describes the continuation of a research project to identify and develop tools for the identification and management of hazards likely to arise with the quality and reliability of automatic advice - such as in an automated system advisory function, especially where supporting a “Sense & Avoid” capability as embodied within an airborne autonomous system. An earlier literature survey has been used to map detail onto a Use Case model representing an outline certifiable system development process; thereby helping to identify an appropriate research direction within the broad range of potential end-user requirements. From this direction, an approach has emerged to evaluate hypothetical deviations from declared intent within a behavioral modeling framework to be styled upon Owen's STAMP-Based Hazard Analysis (STPA). For this approach an outline exemplar describing an air-proximity hazard arising between two air-vehicles has been developed, and the representation of the control structure and system dynamics describing this model are considered. Arising from this model some consideration is then given towards the expression of a more systematic approach in the construction of such models, leading towards new methods to derive safety requirements for implementation within autonomous air systems

Formalizing Safety Requirements Using Controlling Automata

Safety is an important element of dependability. It is defined as the absence of accidents. Most accidents involving software-intensive systems have been system accidents, which are caused by unsafe inter-system or inter-component interactions. To validate the absence of system hazards concerning dysfunctional interactions, industrials call for approaches of modeling system safety requirements and interaction constraints among components. This paper proposes such a formalism, namely interface control systems (or shortly C-Systems). An interface C-System is composed of an interface automaton and a controlling automaton, which formalizes safe interactions and restricts system behavior at the meta level. This framework differs from the framework of traditional model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a top-down technique for modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. The contributions of this work include formalizing safety requirements and a way of automatically ensuring system safety.Comment: 6 pages. In Proceedings of the 2nd International Conference on Dependability (DEPEND 2009), Athens, Greece. IEEE Computer Society, 200

A model-driven approach to survivability requirements assessment for critical systems

Survivability is a crucial property for those systems – such as critical infrastructures or military Command and Control Information Systems – that provide essential services, since the latter must be operational even when the system is compromised due to attack or faults. This article proposes a model-driven method and a tool –MASDES– to assess the survivability requirements of critical systems. The method exploits the use of (1) (mis)use case technique and UML profiling for the specification of the survivability requirements and (2) Petri nets and model checking techniques for the requirement assessment. A survivability assessment model is obtained from an improved specification of misuse cases, which encompasses essential services, threats and survivability strategies. The survivability assessment model is then converted into a Petri net model for verifying survivability properties through model checking. The MASDES tool has been developed within the Eclipse workbench and relies on Papyrus tool for UML. It consists of a set of plug-ins that enable (1) to create a survivability system view using UML and profiling techniques and (2) to verify survivability properties. In particular, the tool performs model transformations in two steps. First, a model-to-model transformation generates, from the survivability view, a Petri net model and properties to be checked in a tool-independent format. Second, model-to-text transformations produce the Petri net specifications for the model checkers. A military Command and Control Information Systems has been used as a case study to apply the method and to evaluate the MASDES tool, within an iterative-incremental software development process

Requirements Engineering Methodologies: identification and evaluation of orientations

Este artigo parte de uma revisão sistemática para avaliar as abordagens existentes no domínio da Engenharia de Requisitos (ER) e suas implementações. O objetivo foi identificar quais as metodologias da ER são mais citadas no meio acadêmico, identificando as orientações existentes e as que despertam mais interesse no meio acadêmico e/ou na indústria. Foram utilizadas as bases da Web of Science e o Google Acadêmico, considerando-se o período de 20 anos (1994 a 2015). Com base na definição da metodologia da pesquisa, foram elaboradas questões para avaliar a qualidade e adequação dos trabalhos ao contexto da investigação. Foram analisados 184 artigos, sendo identificadas as metodologias Goal, Scenario e Object-oriented como as mais representativas em quantitativo de artigos e citações. Identificou-se, também, que metade dos trabalhos possui experimentação e que, quando ela ocorre, prevalece no contexto industrial. O trabalho complementa a visão de trabalhos anteriores que abordam as técnicas usadas em fases específicas da ERThis article is based on a systematic review to evaluate existing approaches in the field of Requirements Engineering (RE) and their implementations. The objective was to identify the methodologies of ER are most cited in academia, identifying existing guidelines and that arouse more interest in academia and / or industry. The bases Web of Science and Google Scholar were used, considering the 20-year period (1994-2015). From the definition of research methodology, questions were designed to assess the quality and appropriateness of the work to the research context. It was analyzed 184 articles, identified methodologies Goal, Scenario and Object-oriented as the most representative in quantity of articles and citations. It is also identified that about half of work has experimentation an they occurs in industrial environment. The work complements the vision of previous works that address the techniques used at specific stages of the ER

Metodologias da Engenharia de Requisitos: identificação e avaliação das orientações

Este artigo parte de uma revisão sistemática para avaliar as abordagens existentes no domínio da Engenharia de Requisitos (ER) e suas implementações. O objetivo foi identificar quais as metodologias da ER são mais citadas no meio acadêmico, identificando as orientações existentes e as que despertam mais interesse no meio acadêmico e/ou na indústria. Foram utilizadas as bases da Web of Science e o Google Acadêmico, considerando o período de 20 anos (1994 a 2015). A partir da definição da metodologia da pesquisa, foram elaboradas questões para avaliar a qualidade e adequação dos trabalhos ao contexto da investigação. Foram analisados 184 artigos, sendo identificadas as metodologias Goal, Scenario e Object-oriented como as mais representativas em quantitativo de artigos e citações. Identificou-se também que acerca da  metade dos trabalhos possui experimentação e que, quando ela ocorre, prevalece no contexto industrial. O trabalho complementa a visão de trabalhos anteriores que abordam as técnicas usadas em fases específicas da ER

Integration of safety risk assessment techniques into requirement elicitation

Incomplete and incorrect requirements may cause the safety-related software systems to fail to achieve their safety goals. It is crucial to ensure software safety by identifying proper software safety requirements during the requirements elicitation activity. Practitioners apply various Safety Risk Assessment Techniques (SRATs) to identify, analyze and assess safety risk.Nevertheless, there is a lack of guidance on how appropriate SRATs and safety process can be integrated into requirements elicitation activity to bridge the gap between the safety and requirements engineering practices. In this research, we proposed an Integration Framework that integrates safety activities and techniques into existing requirements elicitation activity

Architectural level risk assessment

Many companies develop and maintain large-scale software systems for public and financial institutions. Should a failure occur in one of these systems, the impact would be enormous. It is therefore essential, in maintaining a system\u27s quality, to identify any defects early on in the development process in order to prevent the occurrence of failures. However, testing all modules of these systems to identify defects can be very expensive. There is therefore a need for methodologies and tools that support software engineers in identifying the defected and complex software components early on in the development process.;Risk assessment is an essential process for ensuring high quality software products. By performing risk assessment during the early software development phases we can identify complex modules, thus enables us to enhance resource allocation decisions.;To assess the risk of software systems early on in the software\u27s life cycle, we propose an architectural level risk assessment methodology. It uses UML specifications of software systems which are available early on in the software life cycle. It combines the probability of software failures and the severity associated with these failures to estimate software risk factors of software architectural elements (components/connectors), the scenarios, the use cases and systems. As a result, remedial actions to control and improve the quality of the software product can be taken.;We build a risk assessment model which will enable us to identify complex and noncomplex software components. We will be able to estimate programming and service effort, and estimate testing effort. This model will enable us also to identify components with high risk factor which would require the development of effective fault tolerant mechanisms.;To estimate the probability of software failure we introduced and developed a set of dynamic metrics which are used to measure dynamic of software architectural elements from UML static models.;To estimate severity of software failure we propose UML based severity methodology. Also we propose a validation process for both risk and severity methodologies. Finally we propose prototype tool support for the automation of the risk assessment methodology

A bi-directional analysis technique for software safety and software security

With the recent rapid development of software technology, safety-critical and security-critical software is playing a more important role in people\u27s lives. The importance of system safety and system security has promoted much research on systematic techniques to develop complete safety and security requirements. Among the techniques used in the analysis of the software safety, bi-directional analysis has shown promise in security requirement analysis. This method combines a forward search from potential failure modes to their effects with a backward search from feasible hazards to the contributing causes of each hazard. We use bi-directional analysis to investigate the requirements for two applications in the areas of safety analysis and security analysis. The two contributions of this work both involve the application of the bi-directional analysis and develop systematic methods to apply it to these two different types of non-functional requirements analysis. The first application is to construct a systematic safety requirements analysis technique for a smart door product line. The final results include a reusable safety analysis and the discovery of missing safety requirements. The second application investigates a systematic security requirements technique for a Delay Tolerant Network protocol called the Bundle Protocol. This work improves an existing security analysis technique by integrating it with the bi- directional analysis to demonstrate and challenge the correctness and completeness of the resulting security requirements specifications. We also report the discovery of missing security requirements and the remediation of the security requirements. Both applications explore the technique of applying bi-directional analysis to software safety analysis and software security analysis and find that the bi-directional analysis assists in finding incorrect and incomplete requirements