Automatic Generation of Minimal Cut Sets

A cut set is a collection of component failure modes that could lead to a system failure. Cut Set Analysis (CSA) is applied to critical systems to identify and rank system vulnerabilities at design time. Model checking tools have been used to automate the generation of minimal cut sets but are generally based on checking reachability of system failure states. This paper describes a new approach to CSA using a Linear Temporal Logic (LTL) model checker called BT Analyser that supports the generation of multiple counterexamples. The approach enables a broader class of system failures to be analysed, by generalising from failure state formulae to failure behaviours expressed in LTL. The traditional approach to CSA using model checking requires the model or system failure to be modified, usually by hand, to eliminate already-discovered cut sets, and the model checker to be rerun, at each step. By contrast, the new approach works incrementally and fully automatically, thereby removing the tedious and error-prone manual process and resulting in significantly reduced computation time. This in turn enables larger models to be checked. Two different strategies for using BT Analyser for CSA are presented. There is generally no single best strategy for model checking: their relative efficiency depends on the model and property being analysed. Comparative results are given for the A320 hydraulics case study in the Behavior Tree modelling language.Comment: In Proceedings ESSS 2015, arXiv:1506.0325

Security Modelling using EVES

This report describes the work on Security Modelling in EVES performed for the Communications Security Establishment under Contract Number W2213-2-0289/01-SV

Prototype Proof Checker

This report is a brief user's guide to the prototype proof checker. The proof browser was developed to be part of the EVES system [1] and will not be described here. 2 EVES Project TR-95-5482-04 2 The Prototype Proof Checke

Proof Logging Final Report

This report is divided into four sections. The section on design describes the issues that arose during the design of Proof Logging and the trade-offs involved. The section on difficulties describes the areas that caused the most problems. The section on lessons learned describes a number of things that the completion of Proof Logging taught us. The section on future work describes aspects of proof logging that remain to be completed. Proof Logging Tool Development TR-95-5471-05

A User's Guide to a Skeletal CSP Theory in EVES

This report documents the EVES library units for the specification and proving of safety properties about systems composed of the CSP (communicating sequential processes) constructs. There are four specification units, plus their corresponding models, for a total of eight EVES library units. Together, these are intended to be sufficient for the development of specifications based upon CSP. This report will describe the installation, contents, and use of these library units. Appendices provide the source for the complete specifications and examples. The work described in this report was funded by contract number N00014-92-P-2025, issued by the Naval Research Laboratory, Washington, DC, and administered by DCMAO Syracuse, NY. "Development of a Skeletal CSP Theory in EVES" [KP 1992] is the companion report to this work. 2 Installatio

EVES Proof Checking and Browsing Final Report

this document, we report on our experiences with the above tasks. 2 EVES Proof Checking and Browsing FR-95-5482-06 2 Mathematic

Addendum to the "Final Report for the Investigation of Proof Techniques Within the EVES Verification Technology"

This report is an addendum to the "Final Report for the Investigation of Proof Techniques Within the EVES Verification Technology" [5], which reported on the work performed for the Canadian Department of National Defence under contract number W2207-0-AF09/01-SV. The purpose of that work was to research and experiment with various approaches for enhancing the capabilities of the theorem prover NEVER and, hence, the overall effectiveness of EVES. This addendum discusses two further tasks: 1. an improved understanding of how to use NEVER's forward chaining mechanisms (frules and grules) to write "complete" rulesets, thereby implementing decision procedures for various kinds of mathematical theories. In particular, based on ongoing work, it will record either a specific means for writing such procedures (along with a mathematical justification for the approach), or the difficulties in achieving a general approach. 2. an attempt to integrate the separate prototype Knuth-Bendix tool into EVES. Proof Techniques TR-93-5451-03

Model-based Safety Risk Assessment using Behaviour Trees

For complex engineered systems, it is important to conduct technical risk assessment early in the system development life-cycle, in order to identify critical system requirements, such as safety requirements, that should be included in design. This paper proposes a model-based approach to such assessment, which can be applied from the system requirements analysis stage onwards. The approach starts with the application of the Behaviour Trees modelling notation to natural language functional requirements. The BT model is then extended to include the events and conditions that might contribute to hazards, and automated model checking is used to identify the mechanisms by which component or subsystem failures can lead to hazardous system failures. The approach is intended to be used iteratively in design and analysis, to assist system designers in assessing the effectiveness of system safety requirements. A hypothetical bushfire-fighting management system is used to illustrate the approach