mdh.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Alternative names
Publications (10 of 89) Show all publications
Jaradat, O. & Bate, I. (2017). Using Safety Contracts to Guide the Maintenance of Systems and Safety Cases. In: European Dependable Computing Conference EDCC'17: . Paper presented at European Dependable Computing Conference EDCC'17, 04 Sep 2017, Geneva, Switzerland (pp. 95-102).
Open this publication in new window or tab >>Using Safety Contracts to Guide the Maintenance of Systems and Safety Cases
2017 (English)In: European Dependable Computing Conference EDCC'17, 2017, p. 95-102Conference paper, Published paper (Refereed)
Abstract [en]

Changes to safety-critical systems are inevitable and can impact the safety confidence about a system as their effects can refute articulated claims about safety or challenge the supporting evidence on which this confidence relies. In order to maintain the safety confidence under changes, system developers need to re-analyse and re-verify the system to generate new valid items of evidence. Identifying the effects of a particular change is a crucial step in any change management process as it enables system developers to estimate the required maintenance effort and reduce the cost by avoiding wider analyses and verification than strictly necessary. This paper presents a sensitivity analysis-based technique which aims at measuring the ability of a system to contain a change (i.e., robustness) without the need to make a major re-design. The proposed technique exploits the safety margins in the budgeted failure probabilities of events in a probabilistic fault-tree analysis to compensate for unaccounted deficits or changes due to maintenance. The technique utilises safety contracts to provide prescriptive data for what is needed to be revisited and verified to maintain system safety when changes happen. We demonstrate the technique on an aircraft wheel braking system.

National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-37017 (URN)10.1109/EDCC.2017.20 (DOI)000419858700017 ()2-s2.0-85041210865 (Scopus ID)978-1-5386-0602-5 (ISBN)
Conference
European Dependable Computing Conference EDCC'17, 04 Sep 2017, Geneva, Switzerland
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive SystemsFuture factories in the CloudSafeCOP - Safe Cooperating Cyber-Physical Systems using Wireless Communication
Funder
EU, Horizon 2020, 692529 Vinnova
Available from: 2017-11-27 Created: 2017-11-27 Last updated: 2019-04-18Bibliographically approved
Jaradat, O. & Bate, I. (2017). Using Safety Contracts to Guide the Maintenance of Systems and Safety Cases: An Example. Västerås, Sweden: Mälardalen Real-Time Research Centre, Mälardalen University
Open this publication in new window or tab >>Using Safety Contracts to Guide the Maintenance of Systems and Safety Cases: An Example
2017 (English)Report (Other academic)
Abstract [en]

Changes to safety critical systems are inevitable and can impact the safety confidence about a system as their effects can refute articulated claims about safety or challenge the supporting evidence on which this confidence relies. In order to maintain the safety confidence due to changes, system developers need to re-analyse and re-verify the system to generate new valid items of evidence. Moreover, identifying the effects of a particular change is a crucial step in any change management process as it enables system developers to estimate the required maintenance effort and reduce the cost by avoiding wider analyses and verification than strictly necessary. This paper presents a sensitivity analysis-based technique which aims at measuring the ability of a system to contain a change (i.e., robustness) without the need to make a major re-design. The technique exploits the safety margins in the assigned failure probabilities to the events of a probabilistic fault-tree analysis to compensate some potential deficits in the overall failure probability budget due to changes. The technique also utilises safety contracts to provide prescriptive data for what is needed to be revisited and verified to maintain system safety when changes happen. We demonstrate the technique on a realistic safety critical system.

Place, publisher, year, edition, pages
Västerås, Sweden: Mälardalen Real-Time Research Centre, Mälardalen University, 2017
Series
MRTC Reports, ISSN 1404-3041
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-35495 (URN)MDH-MRTC-317/2017-1-SE (ISRN)
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive SystemsFuture factories in the CloudSafeCOP - Safe Cooperating Cyber-Physical Systems using Wireless Communication
Funder
EU, Horizon 2020, 692529 Vinnova
Available from: 2017-06-01 Created: 2017-06-01 Last updated: 2019-04-16Bibliographically approved
Jaradat, O. & Bate, I. (2016). Deriving Hierarchical Safety Contracts. In: Proceedings: 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015. Paper presented at 21st IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2015; Zhangjiajie; China; 18 November 2015 through 20 November 2015; Category numberE5673; Code 118981 (pp. 119-128). , jan
Open this publication in new window or tab >>Deriving Hierarchical Safety Contracts
2016 (English)In: Proceedings: 2015 IEEE 21st Pacific Rim International Symposium on Dependable Computing, PRDC 2015, 2016, Vol. jan, p. 119-128Conference paper, Published paper (Refereed)
Abstract [en]

Safety cases need significant amount of time and effort to produce. The required amount of time and effort can be dramatically increased due to system changes as safety cases should be maintained before they can be submitted for certification or re-certification. Anticipating potential changes is useful since it reveals traceable consequences that will eventually reduce the maintenance efforts. However, considering a complete list of anticipated changes is difficult. What can be easier though is to determine the flexibility of system components to changes. Using sensitivity analysis is useful to measure the flexibility of the different system properties to changes. Furthermore, contracts have been proposed as a means for facilitating the change management process due to their ability to record the dependencies among system’s components. In this paper, we extend a technique that uses a sensitivity analysis to derive safety contracts from Fault Tree Analyses (FTA) and uses these contracts to trace changes in the safety argument. The extension aims to enabling the derivation of hierarchical and correlated safety contracts.We motivate the extension through an illustrative example within which we identify limitations of the technique and discuss potential solutions to these limitations. 

National Category
Electrical Engineering, Electronic Engineering, Information Engineering Computer Systems
Identifiers
urn:nbn:se:mdh:diva-29131 (URN)10.1109/PRDC.2015.21 (DOI)000380403300013 ()2-s2.0-84964371811 (Scopus ID)978-146739376-8 (ISBN)
Conference
21st IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2015; Zhangjiajie; China; 18 November 2015 through 20 November 2015; Category numberE5673; Code 118981
Available from: 2015-09-25 Created: 2015-09-25 Last updated: 2018-11-02Bibliographically approved
Malekzadeh, M. & Bate, I. (2016). Improving the Stop-Test Decision When Testing Data are Slow to Converge. Sweden: Mälardalen Real-Time Research Centre, Mälardalen University
Open this publication in new window or tab >>Improving the Stop-Test Decision When Testing Data are Slow to Converge
2016 (English)Report (Other academic)
Abstract [en]

Testing of safety-critical systems is an important and costly endeavor. To date work has been mainly focusing on the design and application of diverse testing strategies. However, they have left the important decision of “when to stop testing” as an open research issue. In our previous work, we proposed a convergence algorithm that informs the tester when it is concluded that testing for longer will not reveal sufficiently important new findings, hence, should be stopped. The stoptest decision proposed by the algorithm was in the context of testing the worst-case timing characteristics of a system and was evaluated based on the As Low As Reasonably Practicable (ALARP) principle. The ALARP principle is an underpinning concept in many safety standards which is a cost-benefit argument. ALARP implies that a tolerable risk should be reduced to a point at which further risk-reduction is grossly disproportionate compared to the benefit attained. An ALARP stop-test decision means that the cost associated with further testing, after the algorithm stops, does not justify the benefit, i.e., any further increased in the observed worst-case timing.

In order to make a stop-test decision, the convergence algorithm used the Kullback-Leibler DIVergence (KL DIV) statistical test and was shown to be successful while being applied on system’s tasks having similar characteristics. However, there were some experiments in which the stop-test decision did not comply to the ALARP principle, i.e., it stopped sooner than expected by the ALARP criteria. Therefore, in this paper, we investigate whether the performance of the algorithm could be improved in such experiments focusing on the KL DIV test. More specifically, we firstly determine which features of KL DIV could adversely affect the algorithm performance. Secondly, we investigate whether another statistical test, i.e., the Earth Mover’s Distance (EMD), could potentially cover weaknesses of KL DIV. Finally, we experimentally evaluate our hypothesis of whether EMD does improve the algorithm where KL DIV has shown to not perform as expected.

Place, publisher, year, edition, pages
Sweden: Mälardalen Real-Time Research Centre, Mälardalen University, 2016
Series
MRTC Reports, ISSN 1404-3041
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-32583 (URN)MDH-MRTC-310/2016-1-SE (ISRN)
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive Systems
Available from: 2016-08-18 Created: 2016-08-18 Last updated: 2016-12-13Bibliographically approved
Jaradat, O. & Bate, I. (2016). Systematic Maintenance of Safety Cases to Reduce Risk. In: Lecture Notes in Computer Science, vol. 9923: . Paper presented at 4th International Workshop on Assurance Cases for Software-intensive Systems ASSURE2016, 20-23 Sep 2016, Trondheim, Norway (pp. 17-29).
Open this publication in new window or tab >>Systematic Maintenance of Safety Cases to Reduce Risk
2016 (English)In: Lecture Notes in Computer Science, vol. 9923, 2016, p. 17-29Conference paper, Published paper (Refereed)
Abstract [en]

The development of safety cases has become common practice in many safety critical system domains. Safety cases are costly since they need a significant amount of time and efforts to be produced. More- over, safety critical systems are expected to operate for a long period of time and constantly subject to changes during both development and operational phases. Hence, safety cases are built as living documents that should always be maintained to justify the safety status of the associated system and evolve as these system evolve. However, safety cases document highly interdependent elements (e.g., safety goals, evidence, assumptions, etc.) and even seemingly minor changes may have a major impact on them, and thus dramatically increase their cost. In this paper, we identify and discuss some challenges in the maintenance of safety cases. We also present two techniques that utilise safety contracts to facilitate the maintenance of safety cases, we discuss the roles of these techniques in coping with some of the identified maintenance challenges, and we finally discuss potential limitations and suggest some solutions.

Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 9923
Keywords
Safety CaseSafety ArgumentMaintenanceFTASensitivity AnalysisSafety ContractsImpact Analysis
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-32882 (URN)10.1007/978-3-319-45480-1_2 (DOI)000387734000003 ()2-s2.0-84988350318 (Scopus ID)9783319454795 (ISBN)
Conference
4th International Workshop on Assurance Cases for Software-intensive Systems ASSURE2016, 20-23 Sep 2016, Trondheim, Norway
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive SystemsFuture factories in the CloudSafeCOP - Safe Cooperating Cyber-Physical Systems using Wireless Communication
Available from: 2016-08-26 Created: 2016-08-24 Last updated: 2016-12-08Bibliographically approved
Sljivo, I., Jaradat, O., Bate, I. & Graydon, P. (2015). Deriving Safety Contracts to Support Architecture Design of Safety Critical Systems. In: Proceedings of IEEE International Symposium on High Assurance Systems Engineering: . Paper presented at 6th IEEE International Symposium on High Assurance Systems Engineering, HASE 2015; Daytona Beach; United States; 8 January 2015 through 10 January 2015; Category numberE5428; Code 112813 (pp. 126-133). , january
Open this publication in new window or tab >>Deriving Safety Contracts to Support Architecture Design of Safety Critical Systems
2015 (English)In: Proceedings of IEEE International Symposium on High Assurance Systems Engineering, 2015, Vol. january, p. 126-133Conference paper, Published paper (Refereed)
Abstract [en]

The use of contracts to enhance the maintainability of safety-critical systems has received a significant amount of research effort in recent years. However some key issues have been identified: the difficulty in dealing with the wide range of properties of systems and deriving contracts to capture those properties; and the challenge of dealing with the inevitable incompleteness of the contracts. In this paper, we explore how the derivation of contracts can be performed based on the results of failure analysis. We use the concept of safety kernels to alleviate the issues. Firstly the safety kernel means that the properties of the system that we may wish to manage can be dealt with at a more abstract level, reducing the challenges of representation and completeness of the “safety” contracts. Secondly the set of safety contracts is reduced so it is possible to reason about their satisfaction in a more rigorous manner.

National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-27904 (URN)10.1109/HASE.2015.27 (DOI)000380911000016 ()2-s2.0-84936877188 (Scopus ID)978-1-4799-8111-3 (ISBN)
Conference
6th IEEE International Symposium on High Assurance Systems Engineering, HASE 2015; Daytona Beach; United States; 8 January 2015 through 10 January 2015; Category numberE5428; Code 112813
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive SystemsSafeCer - Safety Certification of Software-Intensive Systems with Reusable Components
Available from: 2015-04-26 Created: 2015-04-26 Last updated: 2018-01-11Bibliographically approved
Jaradat, O., Bate, I. & Punnekkat, S. (2015). Facilitating the Maintenance of Safety Cases. In: The 3rd International Conference on Reliability, Safety and Hazard - Advances in Reliability, Maintenance and Safety ICRES-ARMS'15: . Paper presented at The 3rd International Conference on Reliability, Safety and Hazard - Advances in Reliability, Maintenance and Safety ICRES-ARMS'15, 1-4 Jun 2015, Luleå, Sweden. , F5
Open this publication in new window or tab >>Facilitating the Maintenance of Safety Cases
2015 (English)In: The 3rd International Conference on Reliability, Safety and Hazard - Advances in Reliability, Maintenance and Safety ICRES-ARMS'15, 2015, Vol. F5Conference paper, Published paper (Refereed)
National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-28147 (URN)10.1007/978-3-319-23597-4_25 (DOI)2-s2.0-85043754923 (Scopus ID)
Conference
The 3rd International Conference on Reliability, Safety and Hazard - Advances in Reliability, Maintenance and Safety ICRES-ARMS'15, 1-4 Jun 2015, Luleå, Sweden
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive Systems
Available from: 2015-06-09 Created: 2015-06-08 Last updated: 2018-03-29Bibliographically approved
Malekzadeh, M. & Bate, I. (2015). Influential Nuisance Factors on a Decision of Sufficient Testing. In: Algorithms and Architectures for Parallel Processing: ICA3PP International Workshops and Symposiums, Zhangjiajie, China, November 18–20, 2015, Proceedings. Paper presented at The 15th International Conference on Algorithms and Architectures for Parallel Processing ICA3PP'15, 18-20 Nov 2015, Zhangjiajie, China (pp. 819-828).
Open this publication in new window or tab >>Influential Nuisance Factors on a Decision of Sufficient Testing
2015 (English)In: Algorithms and Architectures for Parallel Processing: ICA3PP International Workshops and Symposiums, Zhangjiajie, China, November 18–20, 2015, Proceedings, 2015, p. 819-828Conference paper, Published paper (Refereed)
Abstract [en]

Testing of safety-critical embedded systems is an important and costly endeavor. To date work has been mainly focusing on the design and application of diverse testing strategies. However, they have left an open research issue of when to stop testing a system. In our previous work, we proposed a convergence algorithm that informs the tester when the current testing strategy does not seem to be revealing new insight into the worst-case timing properties of system tasks, hence, should be stopped. This algorithm was shown to be successful while being applied across task sets having similar characteristics. For the convergence algorithm to become robust, it is important that it holds even if the task set characteristics here called nuisance factors, vary. Generally speaking, there might be either the main factors under analysis, called design factors, or nuisance factors that influence the performance of a process or system. Nuisance factors are not typically of interest in the context of the analysis. However, they vary from system to system and may have large effects on the performance, hence, being very important to be accounted for. Consequently, the current paper looks into a set of nuisance factors that affect our proposed convergence algorithm performance. More specifically, it is interested in situations when the convergence algorithm performance significantly degrades influencing its reliability. The work systematically analyzes each nuisance factor effect using a well-known statistical method, further, derives the most influential factors.

Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 9352
Keywords
Testing, Safety, ALARP, Nuisance factor, Real-time system, ANOVA, Analysis of variance
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-30474 (URN)10.1007/978-3-319-27161-3_75 (DOI)000373630000075 ()2-s2.0-84951948384 (Scopus ID)978-3-319-27160-6 (ISBN)
Conference
The 15th International Conference on Algorithms and Architectures for Parallel Processing ICA3PP'15, 18-20 Nov 2015, Zhangjiajie, China
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive Systems
Available from: 2015-12-21 Created: 2015-12-21 Last updated: 2016-08-19Bibliographically approved
Malekzadeh, M., Bate, I. & Punnekkat, S. (2015). Using Design of Experiments to Optimise a Decision of Sufficient Testing. In: The 41st Euromicro Conference on Software Engineering and Advanced Applications SEAA'15: . Paper presented at The 41st Euromicro Conference on Software Engineering and Advanced Applications SEAA'15, 26-28 Aug 2015, Funchal, Madeira, Portugal (pp. 53-60).
Open this publication in new window or tab >>Using Design of Experiments to Optimise a Decision of Sufficient Testing
2015 (English)In: The 41st Euromicro Conference on Software Engineering and Advanced Applications SEAA'15, 2015, p. 53-60Conference paper, Published paper (Refereed)
Abstract [en]

Testing of safety-critical embedded systems is an important and costly endeavor. To date researchers and practitioners have been mainly focusing on the design and application of diverse testing strategies, but leaving the test stopping criteria as an ad hoc decision and an open research issue. In our previous work, we proposed a convergence algorithm that informs the tester when the current testing strategy does not seem to be revealing new insight into the worst-case timing properties of tasks and hence should be stopped. This algorithm was shown to be successful but its trial and error tuning of parameters was an issue. In this paper, we use the Design of Experiment (DOE) approach to optimise the algorithm's performance and to improve its scalability. During our experimental evaluations the optimised algorithm showed improved performance by achieving relatively the same results with 42% less testing cost as compared to our previous work. The algorithm also has better scalability and opens up a new path towards achieving cost effective non-functional testing of real-time embedded systems.

National Category
Embedded Systems
Identifiers
urn:nbn:se:mdh:diva-30473 (URN)10.1109/SEAA.2015.79 (DOI)000380478300008 ()2-s2.0-84958238553 (Scopus ID)978-1-4673-7585-6 (ISBN)
External cooperation:
Conference
The 41st Euromicro Conference on Software Engineering and Advanced Applications SEAA'15, 26-28 Aug 2015, Funchal, Madeira, Portugal
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive Systems
Available from: 2015-12-21 Created: 2015-12-21 Last updated: 2016-09-01Bibliographically approved
Jaradat, O., Bate, I. & Punnekkat, S. (2015). Using Sensitivity Analysis to Facilitate The Maintenance of Safety Cases. In: Juan Antonio de la Puente, Tullio Vardanega (Ed.), Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): . Paper presented at 20th Ada-Europe International Conference on Reliable Software Technologies, Madrid Spain, June 22-26, 2015. (pp. 162-176). , 9111
Open this publication in new window or tab >>Using Sensitivity Analysis to Facilitate The Maintenance of Safety Cases
2015 (English)In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) / [ed] Juan Antonio de la Puente, Tullio Vardanega, 2015, Vol. 9111, p. 162-176Conference paper, Published paper (Refereed)
Abstract [en]

A safety case contains safety arguments together with supporting evidence that together should demonstrate that a system is acceptably safe. System changes pose a challenge to the soundness and cogency of the safety case argument. Maintaining safety arguments is a painstaking process because it requires performing a change impact analysis through interdependent elements. Changes are often performed years after the deployment of a system making it harder for safety case developers to know which parts of the argument are affected. Contracts have been proposed as a means for helping to manage changes. There has been significant work that discusses how to represent and to use them but there has been little on how to derive them. In this paper, we propose a sensitivity analysis approach to derive contracts from Fault Tree Analyses and use them to trace changes in the safety argument, thus facilitating easier maintenance of the safety argument. 

Series
Lecture Notes in Computer Science, ISSN 0302-9743
National Category
Electrical Engineering, Electronic Engineering, Information Engineering Computer Systems
Identifiers
urn:nbn:se:mdh:diva-29130 (URN)10.1007/978-3-319-19584-1_11 (DOI)2-s2.0-84947983647 (Scopus ID)978-3-319-19583-4 (ISBN)
Conference
20th Ada-Europe International Conference on Reliable Software Technologies, Madrid Spain, June 22-26, 2015.
Available from: 2015-09-25 Created: 2015-09-25 Last updated: 2018-11-02Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-2415-8219

Search in DiVA

Show all publications