111 research outputs found
Analysis of WIMP and Post WIMP Interactive Systems based on Formal Specification
While designing interactive software, the use of a formal specification technique is of great help by providing non-ambiguous, complete and concise descriptions. The advantages of using such a formalism is widened if it is provided by formal analysis techniques that allow to prove properties about the design, thus giving an early verification to the designer before the application is actually implemented. This paper presents how models built using the Interactive Cooperative Objects formalism (ICOs) are amenable to formal verification. The emphasis is on the behavioral part of the description of the interactive systems and more precisely on the properties at the interaction technique level. However, the process and the associated tools can be generalized to the other parts of the interactive systems (including the non-interactive parts)
Beyond Formal Methods for Critical Interactive Systems: Dealing with Faults at Runtime
International audienceFormal methods provide support for validation and verification of interactive systems by means of complete and unambiguous description of the envisioned system. They can also be used (for instance in the requirements/needs identification phase) to define precisely what the system should do and how it should meet user needs. If the entire development process in supported by formal methods (for instance as required by DO 178C [7] and its supplement 333 [8]) then classical formal method engineers would argue that the resulting software is defect free. However, events that are beyond the envelope of the specification may occur and trigger unexpected behaviors from the formally specified system resulting in failures. Sources of such failures can be permanent or transient hardware failures, due to (when such systems are deployed in the high atmosphere e.g. aircrafts or spacecrafts) natural faults triggered by alpha-particles from radioactive contaminants in the chips or neutron from cosmic radiation. This position paper proposes a complementary view to formal approaches first by presenting an overview of causes of unexpected events on the system side as well as on the human side and then by discussing approaches that could provide support for taking into account system faults and human errors at design time
Fine Grain Modeling of Task Deviations for Assessing Qualitatively the Impact of Both System Failures and Human Error on Operator Performance
International audienceOperators of critical interactive systems are trained and qualified before being allowed to operate critical systems in “real” contexts. However, during operation, things might happen differently from during training sessions as system failures may occur and operators may make errors when interacting with the system. Both events may also be cross-related as a misunderstanding of a system failure can lead to an erroneous subsequent operation.The proposed approach focuses on assessing the impact that potential failures and/or human errors may have on human performance. This analysis targets the design and development phases of the system, when user tasks are analyzed in order to build the right system (i.e. corresponding to the users’ needs and activities they have to perform on the system). We use a task modeling notation for describing precisely operators’ activities as well as information, knowledge and objects required for performing these activities. These task models are then augmented into several variants through integration of potential system failure patterns (with associated recovery tasks) and human error patterns. The produced deviated task models are used to assess the impact of the task deviation on the operators’ performance
A multi-formalism approach for model-based dynamic distribution of user interfaces of critical interactive systems.
International audienceEvolution in the context of use requires evolutions in the user interfaces even when they are currently used by operators. User Centered Development promotes reactive answers to this kind of evolutions either by software evolutions through iterative development approaches or at runtime by providing additional information to the operators such as contextual help for instance. This paper proposes a model-based approach to support proactive management of context of use evolutions. By proactive management we mean mechanisms in place to plan and implement evolutions and adaptations of the entire user interface (including behaviour) in a generic way. The approach proposed handles both concentration and distribution of user interfaces requiring both fusion of information into a single UI or fission of information into several ones. This generic model-based approach is exemplified on a safety critical system from space domain. It presents how the new user interfaces can be generated at runtime to provide a new user interface gathering in a single place all the information required to perform the task. These user interfaces have to be generated at runtime as new procedures (i.e. sequences of operations to be executed in a semi-autonomous way) can be defined by operators at any time in order to react to adverse events and to keep the space system in operation. Such contextual, activity-related user interfaces complement the original user interfaces designed for operating the command and control system. The resulting user interface thus corresponds to a distribution of user interfaces in a focus+context way improving usability by increasing both efficiency and effectiveness
Beyond Formal Methods for Critical Interactive Systems: Dealing with Faults at Runtime
Formal methods provide support for validation and verification of interactive systems by means of complete and unambiguous description of the envisioned system. They can also be used (for instance in the requirements/needs identification phase) to define precisely what the system should do and how it should meet user needs. If the entire development process in supported by formal methods (for instance as required by DO 178C [7] and its supplement 333 [8]) then classical formal method engineers would argue that the resulting software is defect free. However, events that are beyond the envelope of the specification may occur and trigger unexpected behaviors from the formally specified system resulting in failures. Sources of such failures can be permanent or transient hardware failures, due to (when such systems are deployed in the high atmosphere e.g. aircrafts or spacecrafts) natural faults triggered by alpha-particles from radioactive contaminants in the chips or neutron from cosmic radiation. This position paper proposes a complementary view to formal approaches first by presenting an overview of causes of unexpected events on the system side as well as on the human side and then by discussing approaches that could provide support for taking into account system faults and human errors at design time
Approches outillées pour le développement de systèmes interactifs intégrant les aspects sûreté de fonctionnement et utilisabilité
Since the Airbus A380 and with the introduction of ARINC 661 standard, the glass cockpits are being replaced by interactive cockpits, by allowing the crew to control aircraft systems through display unit by using keyboard and cursor control unit (KCCU). Currently only secondary aircraft systems which are non-critical are managed using such interactive cockpits. To be able to generalize such features to critical aircraft system, the main question remains to understand how to match dependability requirements for such systems while preserving usability properties. To reach the goal of using such interactive techniques within safety critical aircraft systems, our research work has followed three main directions. The first approach is to tend to zero default design, by realizing the precise and unambiguous description of software components of interactive system, using formal description technique. The second approach consists in the use of fault tolerant mechanisms, to treat design residual fault, physical fault or environmental fault. These fault tolerant mechanisms enable the continuity of service despite the occurrence of fault. The third approach is the clarification of the impact of different fault tolerant mechanisms on the usability of the interactive system. This clarification is done by using and analyzing task models, describing the user activity of the systemDepuis l'A380 et avec l'introduction du standard ARINC 661, les systèmes d'affichage et de contrôle des cockpits sont passés d'un rôle de simple afficheur, à celui d'un système interactif permettant à l'équipage d'interagir sur les écrans grâce à l'utilisation d'un ensemble clavier/dispositif de pointage appelé KCCU. L'utilisation de cette nouvelle capacité d'interaction est à ce jour limitée à des interactions avec des systèmes avions non critiques. Pour envisager son extension à des systèmes critiques il faut se poser la question du respect d'exigences de sureté de fonctionnement imposées à de tels systèmes sans pour autant diminuer son niveau d'utilisabilité. Dans cette optique, nous proposons dans le cadre de nos travaux de recherche, différentes approches pour contribuer au développement d'un tel système interactif critique. La première approche est de tendre vers une conception zéro défaut, en réalisant une description précise et non ambigüe des composants logiciels du système interactif en utilisant une technique de description formelle. La seconde approche est l'utilisation de techniques de tolérance aux fautes car il existe toujours des fautes résiduelles de conception, des fautes matérielles ou venant de l'environnement. Dans ce cas, l'utilisation de technique de tolérance aux fautes permet au système de continuer à remplir ses fonctions en dépit de l'occurrence de fautes. La troisième approche est l'explicitation de l'impact des différentes approches de tolérance aux fautes sur l'utilisabilité du système interactif. Cette explicitation est faite au travers de la réalisation et de l'analyse des modèles de tâche, décrivant l'activité de l'utilisateur du système
Approches outillées pour le développement des systèmes interactifs intégrant les aspects sûreté de fonctionnement et utilisabilité
Depuis l'A380 et avec l'introduction du standard ARINC 661, les systèmes d'affichage et de contrôle des cockpits sont passés d'un rôle de simple afficheur, à celui d'un système interactif permettant à l'équipage d'interagir sur les écrans grâce à l'utilisation d'un ensemble clavier/dispositif de pointage appelé KCCU. L'utilisation de cette nouvelle capacité d'interaction est à ce jour limitée à des interactions avec des systèmes avions non critiques. Pour envisager son extension à des systèmes critiques il faut se poser la question du respect d'exigences de sureté de fonctionnement imposées à de tels systèmes sans pour autant diminuer son niveau d'utilisabilité. Dans cette optique, nous proposons dans le cadre de nos travaux de recherche, différentes approches pour contribuer au développement d'un tel système interactif critique. La première approche est de tendre vers une conception zéro défaut, en réalisant une description précise et non ambigüe des composants logiciels du système interactif en utilisant une technique de description formelle. La seconde approche est l'utilisation de techniques de tolérance aux fautes car il existe toujours des fautes résiduelles de conception, des fautes matérielles ou venant de l'environnement. Dans ce cas, l'utilisation de technique de tolérance aux fautes permet au système de continuer à remplir ses fonctions en dépit de l'occurrence de fautes. La troisième approche est l'explicitation de l'impact des différentes approches de tolérance aux fautes sur l'utilisabilité du système interactif. Cette explicitation est faite au travers de la réalisation et de l'analyse des modèles de tâche, décrivant l'activité de l'utilisateur du système.Since the Airbus A380 and with the introduction of ARINC 661 standard, the glass cockpits are being replaced by interactive cockpits, by allowing the crew to control aircraft systems through display unit by using keyboard and cursor control unit (KCCU). Currently only secondary aircraft systems which are non-critical are managed using such interactive cockpits. To be able to generalize such features to critical aircraft system, the main question remains to understand how to match dependability requirements for such systems while preserving usability properties. To reach the goal of using such interactive techniques within safety critical aircraft systems, our research work has followed three main directions. The first approach is to tend to zero default design, by realizing the precise and unambiguous description of software components of interactive system, using formal description technique. The second approach consists in the use of fault tolerant mechanisms, to treat design residual fault, physical fault or environmental fault. These fault tolerant mechanisms enable the continuity of service despite the occurrence of fault. The third approach is the clarification of the impact of different fault tolerant mechanisms on the usability of the interactive system. This clarification is done by using and analyzing task models, describing the user activity of the system
Engineering Annotations: A Generic Framework For Gluing Design Artefacts in Models of Interactive Systems
International audienceAlong the design process of interactive system many intermediate artefacts (such as user interface prototypes, task models describing user work and activities, dialog models specifying system behavior, interaction models describing user interactions …) are created, tested, revised and improved until the development team produces a validated version of the full-fledged system. Indeed, to build interactive systems there is a need to use multiple artefacts/models (as they provide a complementary view). However, relevant information for describing the design solution and/or supporting design decisions (such as rational about the design, decisions made, recommendations, etc.) is not explicitly capturable in the models/artefacts, hence the need for annotations. Multi-artefacts approaches usually argue that a given information should only be present in one artefact to avoid duplication and increase maintainability of the artefacts. Nonetheless, annotations created on one artefact are usually relevant to other artefacts/models. So that, there is a need for tools and techniques to coordinate annotations across artefacts/models which is the contribution of the present work. In this paper, we propose a model-based approach that was conceived to handle annotations in a systematic way along the development process of interactive systems. As part of the solution, we propose an annotation model built upon the W3C's Web Annotation Data Model. The feasibility of the approach is demonstrated by means of a tool suite featuring a plugin, which has been deployed and tested over the multi-artefacts. The overall approach is illustrated on the design of an interactive cockpit application performing two design iterations. The contribution brings two main benefits for interactive systems engineering: i) it presents a generic pattern for integrating information in multiple usually heterogenous artefacts throughout the design process of interactive systems; and ii) it highlights the need for tools helping to rationalize and to document the various artefacts and the related decisions made during interactive systems design. CCS CONCEPTS • Human-centered computing • Human computer interaction (HCI
From Resilience-Building to Resilience-Scaling Technologies: Directions -- ReSIST NoE Deliverable D13
This document is the second product of workpackage WP2, "Resilience-building and -scaling technologies", in the programme of jointly executed research (JER) of the ReSIST Network of Excellence. The problem that ReSIST addresses is achieving sufficient resilience in the immense systems of ever evolving networks of computers and mobile devices, tightly integrated with human organisations and other technology, that are increasingly becoming a critical part of the information infrastructure of our society. This second deliverable D13 provides a detailed list of research gaps identified by experts from the four working groups related to assessability, evolvability, usability and diversit
Resilience-Building Technologies: State of Knowledge -- ReSIST NoE Deliverable D12
This document is the first product of work package WP2, "Resilience-building and -scaling technologies", in the programme of jointly executed research (JER) of the ReSIST Network of Excellenc
- …