An Assessment of IMPAC - Integrated Methodology for Propulsion and Airframe Controls

This report documents the work done under a NASA sponsored contract to transition to industry technologies developed under the NASA Lewis Research Center IMPAC (Integrated Methodology for Propulsion and Airframe Control) program. The critical steps in IMPAC are exercised on an example integrated flight/propulsion control design for linear airframe/engine models of a conceptual STOVL (Short Take-Off and Vertical Landing) aircraft, and MATRIXX (TM) executive files to implement each step are developed. The results from the example study are analyzed and lessons learned are listed along with recommendations that will improve the application of each design step. The end product of this research is a set of software requirements for developing a user-friendly control design tool which will automate the steps in the IMPAC methodology. Prototypes for a graphical user interface (GUI) are sketched to specify how the tool will interact with the user, and it is recommended to build the tool around existing computer aided control design software packages

Time for Addressing Software Security Issues: Prediction Models and Impacting Factors

Finding and fixing software vulnerabilities have become a major struggle for most software development companies. While generally without alternative, such fixing efforts are a major cost factor, which is why companies have a vital interest in focusing their secure software development activities such that they obtain an optimal return on this investment. We investigate, in this paper, quantitatively the major factors that impact the time it takes to fix a given security issue based on data collected automatically within SAP’s secure development process, and we show how the issue fix time could be used to monitor the fixing process. We use three machine learning methods and evaluate their predictive power in predicting the time to fix issues. Interestingly, the models indicate that vulnerability type has less dominant impact on issue fix time than previously believed. The time it takes to fix an issue instead seems much more related to the component in which the potential vulnerability resides, the project related to the issue, the development groups that address the issue, and the closeness of the software release date. This indicates that the software structure, the fixing processes, and the development groups are the dominant factors that impact the time spent to address security issues. SAP can use the models to implement a continuous improvement of its secure software development process and to measure the impact of individual improvements. The development teams at SAP develop different types of software, adopt different internal development processes, use different programming languages and platforms, and are located in different cities and countries. Other organizations, may use the results—with precaution—and be learning organizations

A Unified Approach for Static and Runtime Verification: Framework and Applications

Static verification of software is becoming ever more effective and efficient. Still, static techniques either have high precision, in which case powerful judgements are hard to achieve automatically, or they use abstractions supporting increased automation, but possibly losing important aspects of the concrete system in the process. Runtime verification has complementary strengths and weaknesses. It combines full precision of the model (including the real deployment environment) with full automation, but cannot judge future and alternative runs. Another drawback of runtime verification can be the computational overhead of monitoring the running system which, although typically not very high, can still be prohibitive in certain settings. In this paper, we propose a framework to combine static analysis techniques and runtime verification with the aim of getting the best of both techniques. In particular, we discuss an instantiation of our framework for the deductive theorem prover KeY, and the runtime verification tool LARVA. Apart from combining static and dynamic verification, this approach also combines the data centric analysis of KeY with the control centric analysis of LARVA. An advantage of the approach is that, through the use of a single specification which can be used by both analysis techniques, expensive parts of the analysis could be moved to the static phase, allowing the runtime monitor to make significant assumptions, dropping parts of expensive checks at runtime. We also discuss specific applications of our approach

Comprehension of spacecraft telemetry using hierarchical specifications of behavior ⋆

Abstract. A key challenge in operating remote spacecraft is that ground operators must rely on the limited visibility available through spacecraft telemetry in order to assess spacecraft health and operational status. We describe a tool for processing spacecraft telemetry that allows ground operators to impose structure on received telemetry in order to achieve a better comprehension of system state. A key element of our approach is the design of a domain-specific language that allows operators to express models of expected system behavior using partial specifications. The language allows behavior specifications with data fields, similar to other recent runtime verification systems. What is notable about our approach is the ability to develop hierarchical specifications of behavior. The language is implemented as an internal DSL in the Scala programming language that synthesizes rules from patterns of specification behavior. The rules are automatically applied to received telemetry and the inferred behaviors are available to ground operators using a visualization interface that makes it easier to understand and track spacecraft state. We describe initial results from applying our tool to telemetry received from the Curiosity rover currently roving the surface of Mars, where the visualizations are being used to trend subsystem behaviors, in order to identify potential problems before they happen. However, the technology is completely general and can be applied to any system that generates telemetry such as event logs.

RV-Android: Efficient Parametric Android Runtime Verification, a Brief Tutorial

International audienceRV-Android is a new freely available open source runtime library for monitoring formal safety properties on Android. RV-Android uses the commercial RV-Monitor technology as its core monitoring library generation technology, allowing for the verification of safety properties during execution and operating entirely in userspace with no kernel or operating system modifications required. RV-Android improves on previous Android monitoring work by replacing the JavaMOP framework with RV-Monitor, a more advanced monitoring library generation tool with core algorithmic improvements that greatly improve resource consumption , e and battery life considerations. We demonstrate the developer usage of RV-Android with the standard Android build process, using instrumentation mechanisms e↵ective on both Android binaries and source code. Our method allows for both property development and advanced application testing through runtime verification. We showcase the user frontend of RV-Monitor, which is available for public demo use and requires no knowledge of RV concepts. We explore the extra expres-siveness the MOP paradigm provides over simply writing properties as aspects through two sample security properties, and show an example of a real security violation mitigated by RV-Android on-device. Lastly, we propose RV as an extension to the next-generation Android permissions system debuting in Android M

Societal costs of subclinical depressive symptoms in Dutch adolescents: a cost‐of‐illness study

Background: Subclinical depressive symptoms are highly prevalent among adolescents and are associated with negative consequences, which may pose an economic burden for society. We conducted a prevalence-based cost-of-illness study using a societal perspective to investigate the cost-of-illness of subclinical depressive symptoms among adolescents. Methods: Using a bottom-up approach, cost questionnaires were assessed to measure costs from 237 Dutch families with an adolescent aged 11–18 with subclinical depressive symptoms (of which 34 met the criteria of a depressive disorder). The study is registered in the Dutch Trial Register (Trial NL5584/NTR6176; www.trialregister.nl/trial/5584). Results: Our calculations show that adolescents with subclinical depressive symptoms cost the Dutch society more than €42 million annually, expressed in costs related to depressive symptoms. Secondary analyses were performed to test the reliability and stability of the costs. When costs related to psychological problems were considered, the annual costs amounted to €67 million. The total societal costs related to physical problems amounted to approximately €126 million. All costs combined (depressive, psychological, behavioural and physical problems and other reasons) amounted to a €243 million. Total costs were highest for physical-related problems of the adolescent (52% of the total costs), followed by psychological (28%), depressive (17%) and behavioural problems (1%). Using an international prevalence rate, societal costs related to depressive symptoms resulted in €54 million a year. Conclusions: Cost-effective prevention programmes seem warranted given the high societal costs and risk of future costs as subclinical depressive symptoms could be a precursor of clinical depression later in life

A randomised controlled trial of cognitive behavioural treatment for obsessive compulsive disorder in children and adolescents

Cognitive behaviour therapy (CBT) for young people with obsessive compulsive disorder (OCD) has become the treatment of first choice. However, the literature is largely based on studies emphasising exposure and response prevention. In this study, we report on a randomised controlled trial of CBT for young people carried out in typical outpatient clinic conditions which focused on cognitions. A randomised controlled trial compares 10 sessions of manualised cognitive behavioural treatment with a 12-week waiting list for adolescents and children with OCD. Assessors were blind to treatment allocation. 21 consecutive patients with OCD aged between 9 and 18 years were recruited. The group who received treatment improved more than a comparison group who waited for 3 months. The second group was treated subsequently using the same protocol and made similar gains. In conclusion, CBT can be delivered effectively to young people with OCD in typical outpatient settings

Sindarin: A Versatile Scripting API for the Pharo Debugger

International audienceDebugging is one of the most important and time consuming activities in software maintenance, yet mainstream debuggers are not well-adapted to several debugging scenarios. This has led to the research of new techniques covering specific families of complex bugs. Notably, recent research proposes to empower developers with scripting DSLs, plugin-based and moldable debuggers. However, these solutions are tailored to specific use-cases, or too costly for one-time-use scenarios. In this paper we argue that exposing a debugging scripting interface in mainstream debuggers helps in solving many challenging debugging scenarios. For this purpose, we present Sindarin, a scripting API that eases the expression and automation of different strategies developers pursue during their debugging sessions. Sindarin provides a GDB-like API, augmented with AST-bytecode-source code mappings and object-centric capabilities. To demonstrate the versatility of Sindarin, we reproduce several advanced breakpoints and non-trivial debugging mechanisms from the literature

Health costs in anthroposophic therapy users: a two-year prospective cohort study

BACKGROUND: Anthroposophic therapies (counselling, special medication, art, eurythmy movement, and rhythmical massage) aim to stimulate long-term self-healing processes, which theoretically could lead to a reduction of healthcare use. In a prospective two-year cohort study, anthroposophic therapies were followed by a reduction of chronic disease symptoms and improvement of quality of life. The purpose of this analysis was to describe health costs in users of anthroposophic therapies. METHODS: 717 consecutive outpatients from 134 medical practices in Germany, starting anthroposophic therapies for chronic diseases, participated in a prospective cohort study. We analysed direct health costs (anthroposophic therapies, physician and dentist consultations, psychotherapy, medication, physiotherapy, ergotherapy, hospital treatment, rehabilitation) and indirect costs (sick leave compensation) in the pre-study year and the first two study years. Costs were calculated from resource utilisation, documented by patient self-reporting. Data were collected from January 1999 to April 2003. RESULTS: Total health costs in the first study year (bootstrap mean 3,297 Euro; 95% confidence interval 95%-CI 3,157 Euro to 3,923 Euro) did not differ significantly from the pre-study year (3,186 Euro; 95%-CI 3,037 Euro to 3,711 Euro), whereas in the second year, costs (2,771 Euro; 95%-CI 2,647 Euro to 3,256 Euro) were significantly reduced by 416 Euro (95%-CI 264 Euro to 960 Euro) compared to the pre-study year. In each period hospitalisation and sick-leave together amounted to more than half of the total health costs. Anthroposophic therapies and medication amounted to 3%, 15%, and 8% of total health costs in the pre-study year, first year, and second study year, respectively. The cost reduction in the second year was largely accounted for by a decrease of inpatient hospitalisation, leading to a hospital cost reduction of 519 Euro (95%-CI 377 Euro to 904 Euro) compared to the pre-study year. CONCLUSION: In patients starting anthroposophic therapies for chronic disease, total health costs did not increase in the first year, and were reduced in the second year. This reduction was largely explained by a decrease of inpatient hospitalisation. Within the limits of a pre-post design, study findings suggest that anthroposophic therapies are not associated with a relevant increase in total health costs