Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems.

Unlike practices in electrical and mechanical equipment engineering, Cyber-Physical Systems (CPS) do not have a set of standardized and harmonized practices for assurance and certification that ensures safe, secure and reliable operation with typical software and hardware architectures. This paper presents a recent initiative called AMASS (Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems) to promote harmonization, reuse and automation of labour-intensive certification-oriented activities via using model-based approaches and incremental techniques. AMASS will develop an integrated and holistic approach, a supporting tool ecosystem and a self-sustainable community for assurance and certification of CPS. The approach will be driven by architectural decisions (fully compatible with standards, e.g. AUTOSAR and IMA), including multiple assurance concerns such as safety, security and reliability. AMASS will support seamless interoperability between assurance/certification and engineering activities along with third-party activities (external assessments, supplier assurance). The ultimate aim is to lower certification costs in face of rapidly changing product features and market needs.This project has received funding from the Electronic Component Systems for European Leadership Joint Undertaking under grant agreement No 692474. This Joint Undertaking receives support from the European Union’s Horizon 2020 research and innovation programme and Spain, Czech Republic, Germany, Sweden, Austria, Italy, United Kingdom, Franc

How to increase efficiency with the certification of process compliance

Certification as well as self-assessment of safety-critical systems is an expensive and time-consuming activity due to the necessity of providing numerous deliverables. These deliverables can be process-related or product-related. Process-related deliverables are aimed at showing compliance with normative documents (e.g., safety standards), which impose specific requirements on the development process (e.g., reference models for the safety life-cycles). In this lecture, we limit our attention to process-related deliverables and we propose a solution aimed at reducing time and cost related to their provision. Our solution consists of the combination of three approaches: the safety-oriented process line engineering approach, the process-based argumentation line approach, and the model driven certification-oriented approach. More specifically, we define how these three approaches are combined and which techniques, tools and guidelines should be used to implement the resulting approach. Then, via small-sized but realistic process-fragments, we illustrate it. Finally, we present a roadmap for future research directions.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech

An empirical investigation of wood product information valued by young consumers

Recent media reports regarding wood products question the trustworthiness of wood origin declaration, the sustainability of production methods and the product quality. In light of this question, it becomes important to ensure consumer trust in wood and wood-based products. Current research indicates that providing product information enhances product trust and purchase intentions, while young consumers in particular seek detailed product information. However, it is necessary to determine which wood product information young consumers strongly value because providing a high amount leads to information overload. As information needs may vary between different consumer segments, the present work aims at identifying segments of young consumers and their preferred wood-product information. The importance of different wood product information items concerning the purchase decision was investigated with a German-language online survey (N = 185, age range 18–30). A cluster analysis revealed four consumer segments. Thereof, three segments (an environmentally oriented, an environmentally and quality oriented, and a quality oriented segment) valued the provision of wood product information. The preferred information types differed among the three segments. Overall, this paper provides insights into young consumers' preferences for wood product information and the consumer segments on which marketing should focus

Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

The Reliability of Organic Certification: An Approach to Investigate the Audit Quality

Increasing complexity and first scandals indicate that the current control structures for organic food is insufficient. The main challenges are different methods of implementation on the national level and the collaborative responsibility between the public and the private sector. Both often cause lacking clarity and disagreements. The following contribution focuses on instruments to enhance the quality of certification of organic food. Only a few of the suggested instruments have been included as necessary requirements yet. Given the risk of deficient quality assurance and at the same time increasing control costs, it seems urgent to trigger discussions on risk-oriented auditing and to improve the current certification system

Taming the cloud: Safety, certification and compliance for software services - Keynote at the Workshop on Engineering Service-Oriented Applications (WESOA) 2011

The maturity of IT processes, such as software development, can be and is often certified. Current trends in the IT industry suggest that software systems in the future will be very different from their counterparts today, with an increasing adoption of the Service-Oriented Architecture (SOA) design pattern and the deployment of Software-as-a-Service (SaaS) on Cloud infrastructures. In this talk we discuss some issues surrounding engineering Software Services for Cloud infrastructures and highlight the need for enhanced control, service-level agreement and compliance mechanisms for Software Services. Cloud Infrastructures and Service Mash-ups

Knowledge, Food and Place: a way of producing a way of knowing

The article examines the dynamics of knowledge in the valorisation of local food, drawing on the results from the CORASON project (A cognitive approach to rural sustainable development: the dynamics of expert and lay knowledge), funded by the EU under its Framework Programme 6. It is based on the analysis of several in-depth case studies on food relocalisation carried out in 10 European countries

System Dynamics in Food Quality Certifications: Development of an Audit Integrity System

Due to the complex structure of certification schemes the risk of flaws and scandals is generally high. It has further increased by several developments during the last years. With regard to their potential effects, it is questionable whether the certification approaches are actually able to detect deficiencies within the system and thus prevent crises which may lead to its breakdown. Hence, the ability of a standard to meet its objectives of food quality and safety needs to be enforced. In this contribution we launch the implementation of a controlling tool which automatically monitors audit quality based on information of the respective data bases. By analysing possible negative influences, opportunistic behaviour can thus be detected.certification, quality assurance systems, risk oriented auditing approach, Food Consumption/Nutrition/Food Safety, Food Security and Poverty,