Relating computer systems to sequence diagrams with underspecification, inherent nondeterminism and probabilistic choice : Part 1

Having a sequence diagram specification and a computer system, we need to answer the question: Is the system compliant with the sequence diagram specification in the desired way? We present a procedure for answering this question for three variations of sequence diagrams.The procedure is independent of the choice of programming language used for the system. The semantics of sequence diagrams is denotational and based on traces. In order to answer the initial question, the procedure starts by obtaining the trace-set of the system by e.g. testing, and then transforming this into the same semantic model as that used for the sequence diagram. In addition to extending our earlier work on refinement relations for sequence diagrams, we define conformance relations relating systems to sequence diagrams. The work is split in two parts. This paper presents part 1, in which we introduce the necessary definitions for using the compliance checking procedure on sequence diagrams with underspecification and sequence diagrams with inherent nondeterminism. In part 2 [RRS07], we present the definitions for using the procedure on sequence diagrams with probabilistic choice

Specification and Refinement of Soft Real-time Requirements Using Sequence Diagrams

Soft real-time requirements are often related to communication in distributed systems. Therefore it is interesting to understand how UML sequence diagrams can be used to specify such requirements. We propose a way of integrating soft real-time requirements in sequence diagram specifications by adding probabilities to timed sequence diagrams. Our approach builds on timed STAIRS, which is an approach to the compositional and incremental development of sequence diagrams supporting specification of mandatory as well as potential behavior

Risk-Based Decision Support Model for Offshore Installations

Background: During major maintenance projects on offshore installations, flotels are often used to accommodate the personnel. A gangway connects the flotel to the installation. If the offshore conditions are unfavorable, the responsible operatives need to decide whether to lift (disconnect) the gangway from the installation. If this is not done, there is a risk that an uncontrolled autolift (disconnection) occurs, causing harm to personnel and equipment. Objectives: We present a decision support model, developed using the DEXi tool for multi-criteria decision making, which produces advice on whether to disconnect/connect the gangway from/to the installation. Moreover, we report on our development method and experiences from the process, including the efforts invested. An evaluation of the resulting model is also offered, primarily based on feedback from a small group of offshore operatives and domain experts representing the end user target group. Methods/Approach: The decision support model was developed systematically in four steps: establish context, develop the model, tune the model, and collect feedback on the model. Results: The results indicate that the decision support model provides advice that corresponds with expert expectations, captures all aspects that are important for the assessment, is comprehensible to domain experts, and that the expected benefit justifies the effort for developing the model. Conclusions: We find the results promising, and believe that the approach can be fruitful in a wider range of risk-based decision support scenarios. Moreover, this paper can help other decision support developers decide whether a similar approach can suit them

Security risk analysis of system changes exemplified within the oil and gas domain

Changes, such as the introduction of new technology, may have considerable impact on the risk to which a system or organization is exposed. For example, in the oil & gas domain, introduction of technology that allows offshore installations to be operated from onshore means that fewer people are exposed to risk on the installation, but it also introduces new risks and vulnerabilities. We need suitable methods and techniques in order to understand how a change will affect the risk picture. This paper presents an approach that offers specialized support for analysis of risk with respect to change. The approach allows links between elements of the target of analyses and the related parts of the risk model to be explicitly captured, which facilitates tool support for identifying the parts of a risk model that need to be reconsidered when a change is made to the target. Moreover, the approach offers language constructs for capturing the risk picture before and after a change. The approach is demonstrated on a case concerning new software technology to support decision making on petroleum installations.acceptedVersio

Using Indicators to Monitor Risk in Interconnected Systems: How to Capture and Measure the Impact of Service Dependencies on the Quality of Provided Services

Interconnected systems are collections of systems that interact through the use of services. Their often complex service dependencies and very dynamic nature make them hard to analyze and predict with respect to quality attributes. In this report we put forward a method for the capture and monitoring of impact of service dependencies on the quality of provided services. The method is divided into four main steps focusing on documenting the interconnected systems and the service dependencies, establishing the impact of service dependencies on risk to quality of provided services, identifying measurable indicators for dynamic monitoring, and specifying their design and deployment, respectively. We illustrate the method in an example-driven fashion based on a case study from the domain of power supply. Oppdragsgiver: Research Council of Norwa

Dynamic monitoring of safety barriers in petroleum installations

Accidents on petroleum installations can have huge consequences, resulting in loss of life, environmental damages as well as economic loss. A number of so called safety barriers are therefore from earlier implemented with the objective of reducing the risk. In order to assess the quality and risk level, a proper understanding of the ability of the barrier systems to perform as intended, is needed. However, due to the complexity of the barrier systems, this ability may depend on a multitude of technical and human factors. Furthermore, it may quickly change over time. In order to be able to perform corrective and preventative measures, early warnings should be captured and their implications interpreted. We argue that measurable indicators can be identified and aggregated, in order to calculate overall quality of a barrier system. Thus, the indicators can be exploited in a monitoring environment for purpose of predicting significant change of quality level, as well as for validation of the quality requirements. In this paper we present an approach to facilitate design of indicators for automated monitoring of the quality of safety barrier systems in petroleum installations. We moreover report on results and experiences from applying this approach in an industrial case study with a petroleum operator. The approach applied consists of a process and a tool-supported modeling language. The approach relies on relevant parts of PREDIQT and CORAS methods for quality prediction and risk analysis, respectively. The evaluation indicates that the approach facilitates development of an algorithm for monitoring barrier system quality for a given installation. The experiences from the case study moreover show that the presented approach is, to a large degree, well suited for its intended purpose, but it also points to areas in need for improvement.acceptedVersio

A Systematic Method for Risk-Driven Test Case Design Using Annotated Sequence Diagrams

Risk-driven testing is a testing approach that aims at focusing the testing process on the aspects or features of the system under test that are most exposed to risk. Current risk-driven testing approaches succeed in identifying the aspects or features that are most exposed to risks, and thereby support testers in planning the testing process accordingly. However, they fail in supporting testers to employ risk analysis to systematically design test cases. Because of this, there exists a gap between risks, which are often described and understood at a high level of abstraction, and test cases, which are often defined at a low level of abstraction. In this paper, we bridge this gap. We give an example-driven presentation of a novel method, intended to assist testers, for systematically designing test cases by making use of risk analysis.acceptedVersio

A Systematic Method for Risk-driven Test Case Design Using Annotated Sequence Diagrams

Risk-driven testing is a testing approach that aims at focusing the testing on the aspects or features of the system under test that are most exposed to risk. Current risk-driven testing approaches succeed in identifying the aspects or features that are most exposed to risks, and thereby support testers in planning the testing process accordingly. However, they fail in supporting testers to employ risk analysis to systematically design test cases. Because of this, there exists a gap between risks, which are often described and understood at a high level of abstraction, and test cases, which are often defined at a low level of abstraction. In this report, we bridge this gap. We give an example-driven presentation of a novel method, intended to assist testers, for systematically designing test cases by making use of risk analysis. Oppdragsgiver: Norwegian Research Counci