14,994 research outputs found
Recommended from our members
Evaluation of software dependability
It has been said that the term software engineering is an aspiration not a description. We would like to be able to claim that we engineer software, in the same sense that we engineer an aero-engine, but most of us would agree that this is not currently an accurate description of our activities. My suspicion is that it never will be.
From the point of view of this essay â i.e. dependability evaluation â a major difference between software and other engineering artefacts is that the former is pure design. Its unreliability is always the result of design faults, which in turn arise as a result of human intellectual failures. The unreliability of hardware systems, on the other hand, has tended until recently to be dominated by random physical failures of components â the consequences of the âperversity of natureâ. Reliability theories have been developed over the years which have successfully allowed systems to be built to high reliability requirements, and the final system reliability to be evaluated accurately. Even for pure hardware systems, without software, however, the very success of these theories has more recently highlighted the importance of design faults in determining the overall reliability of the final product. The conventional hardware reliability theory does not address this problem at all.
In the case of software, there is no physical source of failures, and so none of the reliability theory developed for hardware is relevant. We need new theories that will allow us to achieve required dependability levels, and to evaluate the actual dependability that has been achieved, when the sources of the faults that ultimately result in failure are human intellectual failures
Development of an instrument to evaluate the quality of delivered information systems
Delivered information systems are an integral part of many organisations’ information technology infrastructure. Their dynamic nature creates new challenges, not the least of which is the need to measure the quality/effectiveness of these systems. Given the size of investment in these systems, it would be invaluable for business to formulate a fresh, simple, easy to administer, multi-dimensional instrument capable of measuring the quality of delivered information systems or applications. Such an instrument would provide a practical and efficient means to pinpoint areas that key stakeholders, ranging from end-users to managers, perceive as requiring attention. In this paper, we report on the development of one such instrument. This instrument addresses key areas of performance and uses multiple statements to enhance stakeholders’ understanding of these areas.<br /
Recommended from our members
Cyber insurance of information systems: Security and privacy cyber insurance contracts for ICT and helathcare organizations
Nowadays, more-and-more aspects of our daily activities are digitalized. Data and assets in the cyber-space, both for individuals and organizations, must be safeguarded. Thus, the insurance sector must face the challenge of digital transformation in the 5G era with the right set of tools. In this paper, we present CyberSure-an insurance framework for information systems. CyberSure investigates the interplay between certification, risk management, and insurance of cyber processes. It promotes continuous monitoring as the new building block for cyber insurance in order to overcome the current obstacles of identifying in real-time contractual violations by the insured party and receiving early warning notifications prior the violation. Lightweight monitoring modules capture the status of the operating components and send data to the CyberSure backend system which performs the core decision making. Therefore, an insured system is certified dynamically, with the risk and insurance perspectives being evaluated at runtime as the system operation evolves. As new data become available, the risk management and the insurance policies are adjusted and fine-tuned. When an incident occurs, the insurance company possesses adequate information to assess the situation fast, estimate accurately the level of a potential loss, and decrease the required period for compensating the insured customer. The framework is applied in the ICT and healthcare domains, assessing the system of medium-size organizations. GDPR implications are also considered with the overall setting being effective and scalable
Evaluating Architectural Safeguards for Uncertain AI Black-Box Components
KĂŒnstliche Intelligenz (KI) hat in den vergangenen Jahren groĂe Erfolge erzielt und ist immer stĂ€rker in den Fokus geraten. Insbesondere Methoden des Deep Learning (ein Teilgebiet der KI), in dem Tiefe Neuronale Netze (TNN) zum Einsatz kommen, haben beeindruckende Ergebnisse erzielt, z.B. im autonomen Fahren oder der Mensch-Roboter-Interaktion. Die immense DatenabhĂ€ngigkeit und KomplexitĂ€t von TNN haben jedoch gravierende Schwachstellen offenbart. So reagieren TNN sensitiv auf bestimmte Einflussfaktoren der Umwelt (z.B. Helligkeits- oder KontrastĂ€nderungen in Bildern) und fĂŒhren zu falschen Vorhersagen. Da KI (und insbesondere TNN) in sicherheitskritischen Systemen eingesetzt werden, kann solch ein Verhalten zu lebensbedrohlichen Situationen fĂŒhren. Folglich haben sich neue Forschungspotenziale entwickelt, die sich explizit der Absicherung von KI-Verfahren widmen.
Ein wesentliches Problem bei vielen KI-Verfahren besteht darin, dass ihr Verhalten oder Vorhersagen auf Grund ihrer hohen KomplexitĂ€t nicht erklĂ€rt bzw. nachvollzogen werden können. Solche KI-Modelle werden auch als Black-Box bezeichnet. Bestehende Arbeiten adressieren dieses Problem, in dem zur Laufzeit âbösartigeâ Eingabedaten identifiziert oder auf Basis von Ein- und Ausgaben potenziell falsche Vorhersagen erkannt werden. Arbeiten in diesem Bereich erlauben es zwar potenziell unsichere ZustĂ€nde zu erkennen, machen allerdings keine Aussagen, inwiefern mit solchen Situationen umzugehen ist. Somit haben sich eine Reihe von AnsĂ€tzen auf Architektur- bzw. Systemebene etabliert, um mit KI-induzierten Unsicherheiten umzugehen (z.B. N-Version-Programming-Muster oder Simplex Architekturen). DarĂŒber hinaus wĂ€chst die Anforderung an KI-basierte Systeme sich zur Laufzeit anzupassen, um mit sich verĂ€ndernden Bedingungen der Umwelt umgehen zu können. Systeme mit solchen FĂ€higkeiten sind bekannt als Selbst-Adaptive Systeme. Software-Ingenieure stehen nun vor der Herausforderung, aus einer Menge von Architekturellen Sicherheitsmechanismen, den Ansatz zu identifizieren, der die nicht-funktionalen Anforderungen bestmöglich erfĂŒllt. Jeder Ansatz hat jedoch unterschiedliche Auswirkungen auf die QualitĂ€tsattribute des Systems. Architekturelle Entwurfsentscheidungen gilt es so frĂŒh wie möglich (d.h. zur Entwurfszeit) aufzulösen, um nach der Implementierung des Systems Ănderungen zu vermeiden, die mit hohen Kosten verbunden sind. DarĂŒber hinaus mĂŒssen insbesondere sicherheitskritische Systeme den strengen (QualitĂ€ts-) Anforderungen gerecht werden, die bereits auf Architektur-Ebene des Software-Systems adressiert werden mĂŒssen.
Diese Arbeit befasst sich mit einem modellbasierten Ansatz, der Software-Ingenieure bei der Entwicklung von KI-basierten System unterstĂŒtzt, um architekturelle Entwurfsentscheidungen (bzw. architekturellen Sicherheitsmechanismen) zum Umgang mit KI-induzierten Unsicherheiten zu bewerten. Insbesondere wird eine Methode zur ZuverlĂ€ssigkeitsvorhersage von KI-basierten Systemen auf Basis von etablierten modellbasierten Techniken erforscht. In einem weiteren Schritt wird die Erweiterbarkeit/Verallgemeinerbarkeit der ZuverlĂ€ssigkeitsvorhersage fĂŒr Selbst-Adaptive Systeme betrachtet. Der Kern beider AnsĂ€tze ist ein Umweltmodell zur Modellierung () von KI-spezifischen Unsicherheiten und () der operativen Umwelt des Selbst-Adaptiven Systems. Zuletzt wird eine Klassifikationsstruktur bzw. Taxonomie vorgestellt, welche, auf Basis von verschiedenen Dimensionen, KI-basierte Systeme in unterschiedliche Klassen einteilt. Jede Klasse ist mit einem bestimmten Grad an VerlĂ€sslichkeitszusicherungen assoziiert, die fĂŒr das gegebene System gemacht werden können.
Die Dissertation umfasst vier zentrale BeitrÀge.
1. DomÀnenunabhÀngige Modellierung von KI-spezifischen Umwelten: In diesem Beitrag wurde ein Metamodell zur Modellierung von KI-spezifischen Unsicherheiten und ihrer zeitlichen Ausdehnung entwickelt, welche die operative Umgebung eines selbstadaptiven Systems bilden.
2. ZuverlĂ€ssigkeitsvorhersage von KI-basierten Systemen: Der vorgestellte Ansatz erweitert eine existierende Architekturbeschreibungssprache (genauer: Palladio Component Model) zur Modellierung von Komponenten-basierten Software-Architekturen sowie einem dazugehörigenWerkzeug zur ZuverlĂ€ssigkeitsvorhersage (fĂŒr klassische Software-Systeme). Das Problem der Black-Box-Eigenschaft einer KI-Komponente wird durch ein SensitivitĂ€tsmodell adressiert, das, in AbhĂ€ngigkeit zu verschiedenen Unsicherheitsfaktoren, die PrĂ€dektive Unsicherheit einer KI-Komponente modelliert.
3. Evaluation von Selbst-Adaptiven Systemen: Dieser Beitrag befasst sich mit einem Rahmenwerk fĂŒr die Evaluation von Selbst-Adaptiven Systemen, welche fĂŒr die Absicherung von KI-Komponenten vorgesehen sind. Die Arbeiten zu diesem Beitrag verallgemeinern/erweitern die Konzepte von Beitrag 2 fĂŒr Selbst-Adaptive Systeme.
4. Klassen der VerlÀsslichkeitszusicherungen: Der Beitrag beschreibt eine Klassifikationsstruktur, die den Grad der Zusicherung (in Bezug auf bestimmte Systemeigenschaften) eines KI-basierten Systems bewertet.
Der zweite Beitrag wurde im Rahmen einer Fallstudie aus dem Bereich des Autonomen Fahrens validiert. Es wurde geprĂŒft, ob PlausibilitĂ€tseigenschaften bei der ZuverlĂ€ssigkeitsvorhersage erhalten bleiben. Hierbei konnte nicht nur die PlausibilitĂ€t des Ansatzes nachgewiesen werden, sondern auch die generelle Möglichkeit Entwurfsentscheidungen zur Entwurfszeit zu bewerten. FĂŒr die Validierung des dritten Beitrags wurden ebenfalls PlausibilitĂ€tseigenschaften geprĂŒft (im Rahmen der eben genannten Fallstudie und einer Fallstudie aus dem Bereich der Mensch-Roboter-Interaktion). DarĂŒber hinaus wurden zwei weitere Community-Fallstudien betrachtet, bei denen (auf Basis von Simulatoren) Selbst-Adaptive Systeme bewertet und mit den Ergebnissen unseres Ansatzes verglichen wurden. In beiden FĂ€llen konnte gezeigt werden, dass zum einen alle PlausibilitĂ€tseigenschaft erhalten werden und zum anderen, der Ansatz dieselben Ergebnisse erzeugt, wie die DomĂ€nen-spezifischen Simulatoren. DarĂŒber hinaus konnten wir zeigen, dass unser Ansatz Software-Ingenieure bzgl. der Bewertung von Entwurfsentscheidungen, die fĂŒr die Entwicklung von Selbst-Adaptiven Systemen relevant sind, unterstĂŒtzt. Der erste Beitrag wurde implizit mit Beitrag 2 und mit 3 validiert. FĂŒr den vierten Beitrag wurde die Klassifikationsstruktur auf bekannte und reprĂ€sentative KI-Systeme angewandt und diskutiert. Es konnte jedes KI-System in eine der Klassen eingeordnet werden, so dass die generelle Anwendbarkeit der Klassifikationsstruktur gezeigt wurde
Model-connected safety cases
Regulatory authorities require justification that safety-critical systems exhibit acceptable levels of safety. Safety cases are traditionally documents which allow the exchange of information between stakeholders and communicate the rationale of how safety is achieved via a clear, convincing and comprehensive argument and its supporting evidence. In the automotive and aviation industries, safety cases have a critical role in the certification process and their maintenance is required throughout a systemâs lifecycle. Safety-case-based certification is typically handled manually and the increase in scale and complexity of modern systems renders it impractical and error prone.Several contemporary safety standards have adopted a safety-related framework that revolves around a concept of generic safety requirements, known as Safety Integrity Levels (SILs). Following these guidelines, safety can be justified through satisfaction of SILs. Careful examination of these standards suggests that despite the noticeable differences, there are converging aspects. This thesis elicits the common elements found in safety standards and defines a pattern for the development of safety cases for cross-sector application. It also establishes a metamodel that connects parts of the safety case with the target system architecture and model-based safety analysis methods. This enables the semi- automatic construction and maintenance of safety arguments that help mitigate problems related to manual approaches. Specifically, the proposed metamodel incorporates system modelling, failure information, model-based safety analysis and optimisation techniques to allocate requirements in the form of SILs. The system architecture and the allocated requirements along with a user-defined safety argument pattern, which describes the target argument structure, enable the instantiation algorithm to automatically generate the corresponding safety argument. The idea behind model-connected safety cases stemmed from a critical literature review on safety standards and practices related to safety cases. The thesis presents the method, and implemented framework, in detail and showcases the different phases and outcomes via a simple example. It then applies the method on a case study based on the Boeing 787âs brake system and evaluates the resulting argument against certain criteria, such as scalability. Finally, contributions compared to traditional approaches are laid out
SAFE-FLOW : a systematic approach for safety analysis of clinical workflows
The increasing use of technology in delivering clinical services brings substantial benefits to the healthcare industry. At the same time, it introduces potential new complications to clinical workflows that generate new risks and hazards with the potential to affect patientsâ safety. These workflows are safety critical and can have a damaging impact on all the involved parties if they fail.Due to the large number of processes included in the delivery of a clinical service, it can be difficult to determine the individuals or the processes that are responsible for adverse events. Using methodological approaches and automated tools to carry out an analysis of the workflow can help in determining the origins of potential adverse events and consequently help in avoiding preventable errors. There is a scarcity of studies addressing this problem; this was a partial motivation for this thesis.The main aim of the research is to demonstrate the potential value of computer science based dependability approaches to healthcare and in particular, the appropriateness and benefits of these dependability approaches to overall clinical workflows. A particular focus is to show that model-based safety analysis techniques can be usefully applied to such areas and then to evaluate this application.This thesis develops the SAFE-FLOW approach for safety analysis of clinical workflows in order to establish the relevance of such application. SAFE-FLOW detailed steps and guidelines for its application are explained. Then, SAFE-FLOW is applied to a case study and is systematically evaluated. The proposed evaluation design provides a generic evaluation strategy that can be used to evaluate the adoption of safety analysis methods in healthcare.It is concluded that safety of clinical workflows can be significantly improved by performing safety analysis on workflow models. The evaluation results show that SAFE-FLOW is feasible and it has the potential to provide various benefits; it provides a mechanism for a systematic identification of both adverse events and safeguards, which is helpful in terms of identifying the causes of possible adverse events before they happen and can assist in the design of workflows to avoid such occurrences. The clear definition of the workflow including its processes and tasks provides a valuable opportunity for formulation of safety improvement strategies
Evaluating Architectural Safeguards for Uncertain AI Black-Box Components
Although tremendous progress has been made in Artificial Intelligence (AI), it entails new challenges. The growing complexity of learning tasks requires more complex AI components, which increasingly exhibit unreliable behaviour. In this book, we present a model-driven approach to model architectural safeguards for AI components and analyse their effect on the overall system reliability
Developing a distributed electronic health-record store for India
The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India
Quantifying Assurance in Learning-enabled Systems
Dependability assurance of systems embedding machine learning(ML)
components---so called learning-enabled systems (LESs)---is a key step for
their use in safety-critical applications. In emerging standardization and
guidance efforts, there is a growing consensus in the value of using assurance
cases for that purpose. This paper develops a quantitative notion of assurance
that an LES is dependable, as a core component of its assurance case, also
extending our prior work that applied to ML components. Specifically, we
characterize LES assurance in the form of assurance measures: a probabilistic
quantification of confidence that an LES possesses system-level properties
associated with functional capabilities and dependability attributes. We
illustrate the utility of assurance measures by application to a real world
autonomous aviation system, also describing their role both in i) guiding
high-level, runtime risk mitigation decisions and ii) as a core component of
the associated dynamic assurance case.Comment: Author's pre-print version of manuscript accepted for publication in
the Proceedings of the 39th International Conference in Computer Safety,
Reliability, and Security (SAFECOMP 2020
Recommended from our members
Application of Advanced Early Warning Systems with Adaptive Protection
This project developed and field-tested two methods of Adaptive Protection systems utilizing synchrophasor data. One method detects conditions of system stress that can lead to unintended relay operation, and initiates a supervisory signal to modify relay response in real time to avoid false trips. The second method detects the possibility of false trips of impedance relays as stable system swings âencroachâ on the relaysâ impedance zones, and produces an early warning so that relay engineers can re-evaluate relay settings. In addition, real-time synchrophasor data produced by this project was used to develop advanced visualization techniques for display of synchrophasor data to utility operators and engineers
- âŠ