Model-based testing of PLC programs with appropriate conformance relations

International audienceNumerous theoretical results have been obtained in the field of conformance testing, a very promising formal technique to improve dependability of critical systems. Nevertheless, developing on this basis PLC test techniques that produce correct conformance verdicts requires to take into account the real technological features of PLC. This paper proposes conformance relations that meet this objective. Examples illustrate the benefits of the contribution

Formal Specification and Verification for Automated Production Systems

Complex industrial control software often drives safety- and mission-critical systems, like automated production plants or control units embedded into devices in automotive systems. Such controllers have in common that they are reactive systems, i.e., that they periodically read sensor stimuli and cyclically execute the same program to produce actuator signals. The correctness of software for automated production is rarely verified using formal techniques. Although, due to the Industrial Revolution 4.0 (IR4.0), the impact and importance of software have become an important role in industrial automation. What is used instead in industrial practice today is testing and simulation, where individual test cases are used to validate an automated production system. Three reasons why formal methods are not popular are: (a) It is difficult to adequately formulate the desired temporal properties. (b) There is a lack of specification languages for reactive systems that are both sufficiently expressive and comprehensible for practitioners. (c) Due to the lack of an environment model the obtained results are imprecise. Nonetheless, formal methods for automated production systems are well studied academically---mainly on the verification of safety properties via model checking. In this doctoral thesis we present the concept of (1) generalized test tables (GTTs), a new specification language for functional properties, and their extension (2) relational test tables (RTTs) for relational properties. The concept includes the syntactical notion, designed for the intuition of engineers, and the semantics, which are based on game theory. We use RTTs for a novel confidential property on reactive systems, the provably forgetting of information. Moreover, for regression verification, an important relational property, we are able to achieve performance improvements by (3) creating a decomposing rule which splits large proofs into small sub-task. We implemented the verification procedures and evaluated them against realistic case studies, e.g., the Pick-and-Place-Unit from the Technical University of Munich. The presented contribution follows the idea of lowering the obstacle of verifying the dependability of reactive systems in general, and automated production systems in particular for the engineer either by introducing a new specification language (GTTs), by exploiting existing programs for the specification (RTTs, regression verification), or by improving the verification performance

Towards a definition of PLM-integrated dimensional measurement

Product Lifecycle Management (PLM) enables knowledge about products to be captured and reused. Since dimensional measurement is used to determine the size and shape of the products about which PLM is centered, we contend that it is an important process to integrate. Building on emerging industry-accepted standards, a framework was developed in an effort to define what integrating dimensional measurement with PLM involves. Following a survey of the state-of-the-art against this framework and a critical review, technology gaps are identified, and key challenges and research priorities are highlighted. © 2013 The Authors

A next generation manufacturing control system for a lean production environment

This thesis focuses on addressing the need for a new approach to the design and implementation of manufacturing control systems for the automotive industry and in particular for high volume engine manufacture. Whilst the operational domain in the automotive industry has moved to lean production techniques, the design of presentday manufacturing control systems is still based on systems intended for use in a mass production environment. The design and implementation of current manufacturing control systems is therefore inappropriate when viewed from a business context. The author proposes that it is possible to create a more appropriate manufacturing control systems based on an optimised use of advanced manufacturing technology within the complete business context. Literature is reviewed to provide a detailed understanding of the relationship between modem operating practices and the application of contemporary control systems. The primary tasks of manufacturing control systems, within the context of a structured systems approach to manufacturing technology, production management and industrial economics are identified. A study of modem manufacturing control system technology is carried out, highlighting the fundamental principles that influence application engineering in this area. The thesis develops a conceptual design framework that aids the identification of attributes required of a next generation manufacturing control system (NGCS), in order to enhance the business performance of lean automotive manufacturing. The architecture for a next generation control system is specified and a Proof of concept system implemented. Potential advances over contemporary practice are identified with the aid of a practical implementation at a major automotive manufacturer

Framework of Six Sigma implementation analysis on SMEs in Malaysia for information technology services, products and processes

For the past two decades, the majority of Malaysia’s IT companies have been widely adopting a Quality Assurance (QA) approach as a basis for self-improvement and internal-assessment in IT project management. Quality Control (QC) is a comprehensive top-down observation approach used to fulfill requirements for quality outputs which focuses on the aspect of process outputs evaluation. However in the Malaysian context, QC and combination of QA and QC as a means of quality improvement approaches have not received significant attention. This research study aims to explore the possibility of integrating QC and QA+QC approaches through Six Sigma quality management standard to provide tangible and measureable business results by continuous process improvement to boost customer satisfactions. The research project adopted an exploratory case study approach on three Malaysian IT companies in the business area of IT Process, IT Service and IT Product. Semi-structured interviews, online surveys, self-administered questionnaires, job observations, document analysis and on-the-job-training are amongst the methodologies employed in these case studies. These collected data and viewpoints along with findings from an extensive literature review were used to benchmark quality improvement initiatives, best practices and to develop a Six Sigma framework for the context of the SMEs in the Malaysian IT industry. This research project contributed to both the theory and practice of implementing and integrating Six Sigma in IT products, services and processes. The newly developed framework has been proven capable of providing a general and fundamental start-up decision by demonstrating how a company with and without formal QIM can be integrated and implemented with Six Sigma practices to close the variation gap between QA and QC. This framework also takes into consideration those companies with an existing QIM for a new face-lift migration without having to drop their existing QIM. This can be achieved by integrating a new QIM which addresses most weaknesses of the current QIM while retaining most of the current business routine strengths. This framework explored how Six Sigma can be expanded and extended to include secondary external factors that are critical to successful QIM implementation. A vital segment emphasizes Six Sigma as a QA+QC approach in IT processes; and the ability to properly manage IT processes will result in overall performance improvement to IT Products and IT Services. The developed Six Sigma implementation framework can serve as a baseline for SMEs to better manage, control and track business performance and product quality; and at the same time creates clearer insights and un-biased views of Six Sigma implementation onto the IT industries to drive towards operational excellence

Assessment of Factors Affecting Sales Volume: A Case Study of Mesfin Industrial Engineering PLC

This project paper entitled “Assessment of Factors Affecting Sales Volume: A Case Study of Mesfin industrial engineering PLC” has been formulated by five leading research questions. The objective of this study is to assess the internal and external environmental factors affecting sales volume of Mesfin Industrial Engineering PLC. Taking this view in to account, the internal factors like price, product quality, place, and promotion mix elements, level of inventory of MIE has been discussed. In addition to this, the external environmental factors like natural, economical, technological, political-legal ,and the nature of competition in the market have been assessed &described and also the way these factors are affecting the company has been described. Further more, the sales trend of the company and the type of promotion tools that company employ have been assessed. Finally, based on the findings, some suggestions on how to improve the existing situation have been forwarded. This study was conducted using the case study method in the form of descriptive research. To carry out this study both primary and secondary data have been used. For the theoretical foundation and analysis, the existing literatures were investigated. To collect the primary data from the customers of the company, questionnaire has been employed. In addition to this, an interview was conducted face-to-face and questions were asked according to the interview schedule. It was carried out in the form of discussion with the sales division manager and the general manager of the company. For the purpose of this study both qualitative and quantitative data were obtained. The quantitative data were analyzed using different types of descriptive statistics by applying Microsoft Excel where as qualitative data were analyzed qualitatively .The major findings that the researcher has come up with are poor delivery, no close proximity with suppliers of raw materials, no sales professionals, absence of adequate training to sales persons and higher price. Further more, the company employees advertising as a method of promotion tool where as sales promotion and public relation are not extensively used. Personal selling as a promotional tool is not well used and nothing has been done on this area. The company’s sales volume was fluctuating for the last eight years due to longer lead time, interruption of electric power, lack of order from customers and shortage of raw materials. Based on the findings of this study, the researcher has put valuable recommendations on what the company should do to improve its existing conditions and to play a great role in the metal manufacturing industry

Contribution à la commande sûre des Systèmes à Événements Discrets

Les activités de recherche rentrent dans le spectre de la section 61 du CNU et ont pour domaine l’Automatique des Systèmes à Événements Discrets (SED). Elles sont conduites en vue d’accroître la sûreté de fonctionnement des systèmes automatisés comme ceux qu’il est possible de trouver dans le cadre de la production manufacturière, de la production d'énergie ou du transport. Une grande partie de ces recherches a concerné la conception sûre des systèmes de contrôle-commande à base d’Automates Programmables Industriels (API) et plus particulièrement les thématiques suivantes :- la vérification formelle de programmes de contrôle-commande,- la synthèse algébrique de programmes de contrôle-commande à partir de spécifications informelles,- le test de conformité d’un contrôleur logique vis-à-vis de sa spécification.D'autres recherches ont porté sur la formalisation des outils pour l’analyse de sûreté, utilisés dans le cadre de l’analyse prévisionnelle des risques d’un équipement ou d’une installation industrielle. Cette formalisation des outils utilisés en sûreté a été faite en examinant avec un point de vue SED une problématique qui ne l’était pas à son origine. Il a été étudié :- la modélisation algébrique des arbres de défaillances dynamiques,- l’analyse prévisionnelle des risques d’un point de vue qualitatif pour les systèmes réparables à partir de Boolean logic Driven Markov Processes (BDMPs),- l’analyse prévisionnelle des risques d’un point de vue quantitatif pour les systèmes réparables à l’aide de chaînes de Markov.D'une manière générale, ces activités de recherche ont pour objectif de proposer des apports formels ou méthodologiques à des outils de modélisation généralement issus de l’industrie tout en répondant à des besoins industriels déjà présents ou sur le point de le devenir

Code Integrity Attestation for PLCs using Black Box Neural Network Predictions

Cyber-physical systems (CPSs) are widespread in critical domains, and significant damage can be caused if an attacker is able to modify the code of their programmable logic controllers (PLCs). Unfortunately, traditional techniques for attesting code integrity (i.e. verifying that it has not been modified) rely on firmware access or roots-of-trust, neither of which proprietary or legacy PLCs are likely to provide. In this paper, we propose a practical code integrity checking solution based on privacy-preserving black box models that instead attest the input/output behaviour of PLC programs. Using faithful offline copies of the PLC programs, we identify their most important inputs through an information flow analysis, execute them on multiple combinations to collect data, then train neural networks able to predict PLC outputs (i.e. actuator commands) from their inputs. By exploiting the black box nature of the model, our solution maintains the privacy of the original PLC code and does not assume that attackers are unaware of its presence. The trust instead comes from the fact that it is extremely hard to attack the PLC code and neural networks at the same time and with consistent outcomes. We evaluated our approach on a modern six-stage water treatment plant testbed, finding that it could predict actuator states from PLC inputs with near-100% accuracy, and thus could detect all 120 effective code mutations that we subjected the PLCs to. Finally, we found that it is not practically possible to simultaneously modify the PLC code and apply discreet adversarial noise to our attesters in a way that leads to consistent (mis-)predictions.Comment: Accepted by the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2021

The IACS Cybersecurity Certification Framework (ICCF). Lessons from the 2017 study of the state of the art.

The principal goal of this report is to present the experiments of the IACS component Cybersecurity Certification Framework (ICCF) performed in 2017 by the NETs (National Exercise Teams) of several Member States, namely France, Poland and Spain. Based on real life use cases and simulations of ICCF activities, this report documents the current practices of these countries and NET members’ views in relation to IACS products cybersecurity certification. These studies have led to a series of findings that will be useful for the future of the ICCF in the context of the European Cybersecurity Certification Framework. In conclusion, a plan of action is proposed for the 2018-2019 period.JRC.E.2-Technology Innovation in Securit

Framework of Six Sigma implementation analysis on SMEs in Malaysia for information technology services, products and processes

For the past two decades, the majority of Malaysia’s IT companies have been widely adopting a Quality Assurance (QA) approach as a basis for self-improvement and internal-assessment in IT project management. Quality Control (QC) is a comprehensive top-down observation approach used to fulfill requirements for quality outputs which focuses on the aspect of process outputs evaluation. However in the Malaysian context, QC and combination of QA and QC as a means of quality improvement approaches have not received significant attention. This research study aims to explore the possibility of integrating QC and QA+QC approaches through Six Sigma quality management standard to provide tangible and measureable business results by continuous process improvement to boost customer satisfactions. The research project adopted an exploratory case study approach on three Malaysian IT companies in the business area of IT Process, IT Service and IT Product. Semi-structured interviews, online surveys, self-administered questionnaires, job observations, document analysis and on-the-job-training are amongst the methodologies employed in these case studies. These collected data and viewpoints along with findings from an extensive literature review were used to benchmark quality improvement initiatives, best practices and to develop a Six Sigma framework for the context of the SMEs in the Malaysian IT industry. This research project contributed to both the theory and practice of implementing and integrating Six Sigma in IT products, services and processes. The newly developed framework has been proven capable of providing a general and fundamental start-up decision by demonstrating how a company with and without formal QIM can be integrated and implemented with Six Sigma practices to close the variation gap between QA and QC. This framework also takes into consideration those companies with an existing QIM for a new face-lift migration without having to drop their existing QIM. This can be achieved by integrating a new QIM which addresses most weaknesses of the current QIM while retaining most of the current business routine strengths. This framework explored how Six Sigma can be expanded and extended to include secondary external factors that are critical to successful QIM implementation. A vital segment emphasizes Six Sigma as a QA+QC approach in IT processes; and the ability to properly manage IT processes will result in overall performance improvement to IT Products and IT Services. The developed Six Sigma implementation framework can serve as a baseline for SMEs to better manage, control and track business performance and product quality; and at the same time creates clearer insights and un-biased views of Six Sigma implementation onto the IT industries to drive towards operational excellence