https://www.mdu.se/

This study introduces a Mitigation Ontology (MO) designed for the analysis of safety-critical systems. Recognizing the paramount importance of systematically addressing potential risks and hazards in complex systems, the proposed ontology serves as a structured framework for comprehensively modeling and analyzing mitigation strategies. Leveraging ontological principles, the framework enables a precise representation of safety-critical information, emphasizing the relationships and dependencies among various mitigation elements. To encapsulate the essence of safety-critical systems and support understanding of the mechanisms of situations, events, and associated hazards, we propose a hazard and mitigation domain ontology, i.e., the MO to provide a combined ontological interpretation of hazard and mitigation strategies. The MO facilitates a more thorough and standardized analysis of safety measures, contributing to enhanced understanding, communication, and implementation of mitigation strategies in software and hardware levels of safety-critical systems. The MO is grounded on Unified Foundational Ontology (UFO) and based on widely accepted standards, and scientific guides. We demonstrate our proposed ontology in the autonomous vehicle domain to check how it can help to analyze the safety of real-world safety-critical systems. Through the ontology instantiation process for a case study from the autonomous vehicle domain, we have verified that safety-critical related hazards, causes and consequences, and other entities contributing to hazards were well identified. we have seen that the MO offers a shared vocabulary that facilitates communication among diverse communities, preventing misunderstandings among engineers and stakeholders involved in safety-critical systems. Additionally, the conceptual model serves as a reference point for developers of safety-critical systems, enabling them to systematically extract and analyze safety requirements specifications and provide safety mechanisms.

Mission planning for multi-agent autonomous systems aims to generate feasible and optimal mission plans that satisfy the given requirements. In this article, we propose a mission-planning methodology that combines (i) a path-planning algorithm for synthesizing path plans that are safe in environments with complex road conditions, and (ii) a task-scheduling method for synthesizing task plans that schedule the tasks in the right and fastest order, taking into account the planned paths. The task-scheduling method is based on model checking, which provides means of automatically generating task execution orders that satisfy the requirements and ensure the correctness and efficiency of the plans by construction. We implement our approach in a tool named MALTA, which offers a user-friendly GUI for configuring mission requirements,  a module for path planning, an integration with the model checker UPPAAL, and functions for automatic generation of formal models, and parsing of the execution traces of models. Experiments with the tool demonstrate its applicability and performance in various configurations of an industrial case study of an autonomous quarry. We also show the adaptability of our tool by employing it on a special case of the industrial case study.

Today, well-established hazard analysis techniques are available and widely used to identify hazards for single systems in various industries. However, hazard analysis techniques for a System of Systems (SoS) are not properly investigated. SoS is a complex system where multiple systems work together to achieve a common goal. However, the interaction between systems may lead to unforeseen interactions and interdependencies between systems. This increases the difficulty of identifying and assessing system failures and potential safety hazards. In this paper, we explore whether Hazard Ontology (HO) can be applied to an SoS and whether it can identify emergent hazards, their causes, sources, and consequences. To conduct our exploration, we apply the HO to a quarry automation site (an SoS) from the construction equipment domain. The results indicate that the HO is a promising technique that facilitates the identification of emergent hazards and their components. 

While ontology comparison and alignment have been extensively researched in the last decade, there are still some challenges to these disciplines, such as incomplete ontologies, those that cover only a portion of a domain, and differences in domain modeling due to varying viewpoints. Although the literature has compared ontological concepts from the same domain, comparisons of concepts from different domains (e.g., security and safety) remain unexplored. To compare the concepts of security and safety domains, a security ontology must first be created to bridge the gap between these domains. Therefore, this paper presents a Combined Security Ontology (CSO) based on the Unified Foundational Ontology (UFO) that could be compared to or aligned with other ontologies. This CSO includes the core ontological concepts and their respective relationships that had been extracted through a previous systematic literature review. The CSO concepts and their relationships were mapped to the UFO to get a common terminology that facilitates to bridge the gap between the security and safety domains. Since the proposed CSO is based on the UFO, it could be compared to or aligned with other ontologies from different domains.

The development quality for the control software for autonomous vehicles is rapidly progressing, so that the control units in the field generally perform very reliably. Nevertheless, fatal misjudgments occasionally occur putting people at risk: such as the recent accident in which a Tesla vehicle in Autopilot mode rammed a police vehicle. Since the object recognition software which is a part of the control software is based on machine learning (ML) algorithms at its core, one can distinguish a training phase from a deployment phase of the software. In this paper we investigate to what extent the deployment phase has an impact on the robustness and reliability of the software; because just as traditional, software based on ML degrades with time. A widely known effect is the so-called concept drift: in this case, one finds that the deployment conditions in the field have changed and the software, based on the outdated training data, no longer responds adequately to the current field situation. In a previous research paper, we developed the SafeML approach with colleagues from the University of Hull, where datasets are compared for their statistical distance measures. In doing so, we detected that for simple, benchmark data, the statistical distance correlates with the classification accuracy in the field. The contribution of this paper is to analyze the applicability of the SafeML approach to complex, multidimensional data used in autonomous driving. In our analysis, we found that the SafeML approach can be used for this data as well. In practice, this would mean that a vehicle could constantly check itself and detect concept drift situation early. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

Safety and security ontologies quickly become essential support for integrating heterogeneous knowledge from various sources. Today, there is little standardization of ontologies and almost no discussion of how to compare concepts and their relationships, establish a general approach to create relationships or model them in general. However, concepts with similar names are not semantically similar or compatible in some cases. In this case, the problem of correspondence arises among the concepts and relationships found in the ontologies. To solve this problem, a comparison between the Hazard Ontology (HO) and the Combined Security Ontology (CSO) is proposed, in which the value of equivalence between their concepts and their relationships was extracted and analyzed. Although the HO covers the concepts related to the safety domain and the CSO includes securityrelated concepts, both are based on the Unified Foundational Ontology (UFO). For this study, HO and CSO were compared, and the results were summarized in the form of comparison tables. Our main contribution involves the comparisons among the concepts in HO and CSO to identify equivalences and differences between the two. Due to the increasing number of ontologies, their mapping, merging, and alignment are primary challenges in bridging the gaps that exist between the safety and security domains. 

Planning is a critical function of multi-agent autonomous systems, which includes path finding and task scheduling. Exhaustive search-based methods such as model checking and algorithmic game theory can solve simple instances of multi-agent planning. However, these methods suffer from the state-space explosion when the number of agents is large. Learning-based methods can alleviate this problem but lack a guarantee of the correctness of the results. In this paper, we introduce MoCReL, a new version of our previously proposed method that combines model checking with reinforcement learning in solving the planning problem. The approach takes advantage of reinforcement learning to synthesize path plans and task schedules for large numbers of autonomous agents, and of model checking to verify the correctness of the synthesized strategies. Further, MoCReL can compress large strategies into smaller ones that have down to 0.05% of the original sizes, while preserving their correctness, which we show in this paper. MoCReL is integrated into a new version of UPPAAL Stratego that supports calling external libraries when running learning and verification of timed games models. 

Security ontologies have been developed to facilitate the organization and management of security knowledge. A comparison and evaluation of how these ontologies relate to one another is challenging due to their structure, size, complexity, and level of expressiveness. Differences between ontologies can be found on both the ontological and linguistic levels, resulting in errors and inconsistencies (i.e., different concept hierarchies, types of concepts, definitions) when comparing and aligning them. Moreover, many concepts related to security ontologies have not been thoroughly explored and do not fully meet security standards. By using standards, we can ensure that concepts and definitions are unified and coherent. In this study, we address these deficiencies by reviewing existing security ontologies to identify core concepts and relationships. The primary objective of the systematic literature review is to identify core concepts and relationships that are used to describe security issues. We further analyse and map these core concepts and relationships to five security standards (i.e., NIST SP 800-160, NIST SP 800-30 rev.1, NIST SP 800-27 rev.A, ISO/IEC 27001 and NISTIR 8053). As a contribution, this paper provides a set of core concepts and relationships that comply with the standards mentioned above and allow for a new security ontology to be developed.

Path planning and task scheduling are two challenging problems in the design of multiple autonomous agents. Both problems can be solved by the use of exhaustive search techniques such as model checking and algorithmic game theory. However, model checking suffers from the infamous state-space explosion problem that makes it inefficient at solving the problems when the number of agents is large, which is often the case in realistic scenarios. In this paper, we propose a new version of our novel approach called MCRL that integrates model checking and reinforcement learning to alleviate this scalability limitation. We apply this new technique to synthesize path planning and task scheduling strategies for multiple autonomous agents. Our method is capable of handling a larger number of agents if compared to what is feasibly handled by the model-checking technique alone. Additionally, MCRL also guarantees the correctness of the synthesis results via post-verification. The method is implemented in UPPAAL STRATEGO and leverages our tool MALTA for model generation, such that one can use the method with less effort of model construction and higher efficiency of learning than those of the original MCRL. We demonstrate the feasibility of our approach on an industrial case study: an autonomous quarry, and discuss the strengths and weaknesses of the methods.

With the emergence of "Industry 4.0", the integration of cloud technologies and industrial cyber-physical systems becomes increasingly important to boost productivity. The industrial cyber-physical systems infrastructures and their fusion with the cloud lead to massive amounts of data acquired for controlling particular processes, but also for supporting decision-making. Although cloud-assisted systems are increasingly important in many domains, and ensuring their dependability is crucial, existing platforms do not provide satisfactory support to meet the dependability demands of industrial applications. The overall goal of the ACICS project is to provide models, methods and tools that facilitate a substantial increase of dependability of cloud-based platforms for industrial cyber-physical applications, with respect to consistency, security and interoperability of data, timing predictability of using shared virtual resources, together with a framework of guaranteeing quality-of-service enforcement by formal analysis and verification. In this paper, we present the main conceptual ideas behind the ACICS approach.