mdh.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Alternative names
Publications (10 of 24) Show all publications
Sljivo, I., Jaradat, O., Bate, I. & Graydon, P. (2015). Deriving Safety Contracts to Support Architecture Design of Safety Critical Systems. In: Proceedings of IEEE International Symposium on High Assurance Systems Engineering: . Paper presented at 6th IEEE International Symposium on High Assurance Systems Engineering, HASE 2015; Daytona Beach; United States; 8 January 2015 through 10 January 2015; Category numberE5428; Code 112813 (pp. 126-133). , january
Open this publication in new window or tab >>Deriving Safety Contracts to Support Architecture Design of Safety Critical Systems
2015 (English)In: Proceedings of IEEE International Symposium on High Assurance Systems Engineering, 2015, Vol. january, p. 126-133Conference paper, Published paper (Refereed)
Abstract [en]

The use of contracts to enhance the maintainability of safety-critical systems has received a significant amount of research effort in recent years. However some key issues have been identified: the difficulty in dealing with the wide range of properties of systems and deriving contracts to capture those properties; and the challenge of dealing with the inevitable incompleteness of the contracts. In this paper, we explore how the derivation of contracts can be performed based on the results of failure analysis. We use the concept of safety kernels to alleviate the issues. Firstly the safety kernel means that the properties of the system that we may wish to manage can be dealt with at a more abstract level, reducing the challenges of representation and completeness of the “safety” contracts. Secondly the set of safety contracts is reduced so it is possible to reason about their satisfaction in a more rigorous manner.

National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-27904 (URN)10.1109/HASE.2015.27 (DOI)000380911000016 ()2-s2.0-84936877188 (Scopus ID)978-1-4799-8111-3 (ISBN)
Conference
6th IEEE International Symposium on High Assurance Systems Engineering, HASE 2015; Daytona Beach; United States; 8 January 2015 through 10 January 2015; Category numberE5428; Code 112813
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive SystemsSafeCer - Safety Certification of Software-Intensive Systems with Reusable Components
Available from: 2015-04-26 Created: 2015-04-26 Last updated: 2018-01-11Bibliographically approved
Graydon, P. (2015). Formal Assurance Arguments: A Solution in Search of a Problem?. In: Proceedings of the International Conference on Dependable Systems and Networks: . Paper presented at 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015, 22 June 2015 through 25 June 2015 (pp. 517-528).
Open this publication in new window or tab >>Formal Assurance Arguments: A Solution in Search of a Problem?
2015 (English)In: Proceedings of the International Conference on Dependable Systems and Networks, 2015, p. 517-528Conference paper, Published paper (Refereed)
Abstract [en]

An assurance case comprises evidence and argument showing how that evidence supports assurance claims (e.g., about safety or security). It is unsurprising that some computer scientists have proposed formalising assurance arguments: most associate formality with rigour. But while engineers can sometimes prove that source code refines a formal specification, it is not clear that formalisation will improve assurance arguments or that this benefit is worth its cost. For example, formalisation might reduce the benefits of argumentation by limiting the audience to people who can read formal logic. In this paper, we present (1) a systematic survey of the literature surrounding formal assurance arguments, (2) an analysis of errors that formalism can help to eliminate, (3) a discussion of existing evidence, and (4) suggestions for experimental work to definitively answer the question.

Keywords
assurance argument, formal argumentation, safety case, security case, Formal logic, Assurance case, Computer scientists, Formalisation, Source codes, Systematic errors
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-30650 (URN)10.1109/DSN.2015.28 (DOI)000380425700046 ()2-s2.0-84950136069 (Scopus ID)9781479986293 (ISBN)
Conference
45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2015, 22 June 2015 through 25 June 2015
Note

Export Date: 30 December 2015

Available from: 2015-12-30 Created: 2015-12-30 Last updated: 2018-02-16Bibliographically approved
Jaradat, O., Graydon, P. & Bate, I. (2014). An Approach to Maintaining Safety Case Evidence After A System Change. In: 2014 Tenth European Dependable Computing Conference EDCC 2014: . Paper presented at 2014 Tenth European Dependable Computing Conference EDCC 2014, 13-16 May 2014, Newcastle, United Kingdom.
Open this publication in new window or tab >>An Approach to Maintaining Safety Case Evidence After A System Change
2014 (English)In: 2014 Tenth European Dependable Computing Conference EDCC 2014, 2014Conference paper, Published paper (Refereed)
Abstract [en]

Developers of some safety critical systems construct a safety case. Developers changing a system during development or after release must analyse the change's impact on the safety case. Evidence might be invalidated by changes to the system design, operation, or environmental context. Assumptions valid in one context might be invalid elsewhere. The impact of change might not be obvious. This paper proposes a method to facilitate safety case maintenance by highlighting the impact of changes.

National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-26425 (URN)9781479938056 (ISRN)
Conference
2014 Tenth European Dependable Computing Conference EDCC 2014, 13-16 May 2014, Newcastle, United Kingdom
Available from: 2014-11-02 Created: 2014-10-31 Last updated: 2015-10-07Bibliographically approved
Graydon, P. & Bate, I. (2014). On the Nature and Content of Safety Contracts. In: Proceedings - 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering, HASE 2014: . Paper presented at 15th IEEE International Symposium on High Assurance Systems Engineering HASE 2014, 9-11 Jan 2014, Miami, United States (pp. 245-246).
Open this publication in new window or tab >>On the Nature and Content of Safety Contracts
2014 (English)In: Proceedings - 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering, HASE 2014, 2014, p. 245-246Conference paper, Published paper (Refereed)
Abstract [en]

Component-based software engineering researchers have explored component reuse, typically at the source-code level. Contracts explicitly describe component behaviour, reducing development risk by exposing potential incompatibilities early. But to benefit fully from reuse, developers of safety-critical systems must also reuse safety evidence. Full reuse would require both extending the existing notion of component contracts to cover safety properties and using these contracts in both component selection and system certification. In this paper, we explore some of the ways in which this is not as simple as it first appears.

Keywords
CBSE, safety, contracts, modular safety case
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-25125 (URN)10.1109/HASE.2014.44 (DOI)000351728000035 ()2-s2.0-84898604848 (Scopus ID)978-1-4799-3465-2 (ISBN)
Conference
15th IEEE International Symposium on High Assurance Systems Engineering HASE 2014, 9-11 Jan 2014, Miami, United States
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive Systems
Available from: 2014-06-09 Created: 2014-06-05 Last updated: 2015-04-23Bibliographically approved
Graydon, P. & Bate, I. (2014). Realistic Safety Cases for the Timing of Systems. The Computer Journal, 57(5), 759-774
Open this publication in new window or tab >>Realistic Safety Cases for the Timing of Systems
2014 (English)In: The Computer Journal, ISSN 1460-2067, Vol. 57, no 5, p. 759-774Article in journal (Refereed) Published
Abstract [en]

Timing is often seen as the most important property of systems after function, and safety-critical systems are no exception. In this paper, we consider how timing is typically treated in safety assurance and in particular the safety arguments being proposed by industry and academia. A critique of these arguments is performed based on how systems are generally developed and how evidence is gathered. Significant weaknesses are exposed resulting in a more appropriate safety argument being proposed. As part of this work techniques for identifying relationships, in the form of contracts, between parts of the argument and the strength of evidence are used. The work is demonstrated using a Computer Assisted Braking example, specifically an Anti-Lock Braking System for a car, as it is a classic example of a component that may be used ?Out of Context?, as discussed in a number of safety standards, and may also be reused across a number of systems as well as part of a product line.

Place, publisher, year, edition, pages
Oxford Journals, 2014
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-21333 (URN)10.1093/comjnl/bxt027 (DOI)000336044400007 ()2-s2.0-84899785777 (Scopus ID)
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive Systems
Available from: 2013-09-19 Created: 2013-09-11 Last updated: 2015-02-05Bibliographically approved
Graydon, P. & Bate, I. (2014). The Nature and Content of Safety Contracts: Challenges and Suggestions for a Way Forward. In: Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC: . Paper presented at The 20th IEEE Pacific Rim International Symposium on Dependable Computing PRDC 2014, 19-21 Nov 2014, Singapore, Singapore (pp. 135-144).
Open this publication in new window or tab >>The Nature and Content of Safety Contracts: Challenges and Suggestions for a Way Forward
2014 (English)In: Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC, 2014, p. 135-144Conference paper, Published paper (Refereed)
Abstract [en]

Software engineering researchers have extensively explored the reuse of components at source-code level. Contracts explicitly describe component behaviour, reducing development risk by exposing potential incompatibilities early in the development process. But to benefit fully from reuse, developers of safety-critical systems must also reuse safety evidence. Full reuse would require both extending the existing notion of component contracts to cover safety properties and using these contracts in both component selection and system certification. This is not as simple as it first appears. Much of the review, analysis, and test evidence developers provide during certification is system-specific. This makes it difficult to define safety contracts that facilitate both selecting components to reuse and certifying systems. In this paper, we explore the definition and use of safety contracts, identify challenges to component-based software reuse safety-critical systems, present examples to illustrate several key difficulties, and discuss potential solutions to these problems.

Keywords
Component-based software engineering, safety, contracts, safety arguments, modular safety case
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-26785 (URN)10.1109/PRDC.2014.24 (DOI)000356602600019 ()2-s2.0-84919476333 (Scopus ID)9781479964741 (ISBN)
Conference
The 20th IEEE Pacific Rim International Symposium on Dependable Computing PRDC 2014, 19-21 Nov 2014, Singapore, Singapore
Projects
SYNOPSIS - Safety Analysis for Predictable Software Intensive SystemsSafeCer - Safety Certification of Software-Intensive Systems with Reusable Components
Available from: 2014-12-04 Created: 2014-12-02 Last updated: 2016-10-31Bibliographically approved
Graydon, P. (2014). Towards a Clearer Understanding of Context and Its Role in Assurance Argument Confidence. In: Bondavalli, A DiGiandomenico, F (Ed.), COMPUTER SAFETY, RELIABILITY, AND SECURITY (SAFECOMP 2014): . Paper presented at 33rd International Conference on Computer Safety, Reliability, and Security (SAFECOMP), SEP 10-12, 2014, Florence, ITALY (pp. 139-154). Malardalen Univ, Malardalen Real Time Res Ctr, Vasteras, Sweden.: SPRINGER-VERLAG BERLIN
Open this publication in new window or tab >>Towards a Clearer Understanding of Context and Its Role in Assurance Argument Confidence
2014 (English)In: COMPUTER SAFETY, RELIABILITY, AND SECURITY (SAFECOMP 2014) / [ed] Bondavalli, A DiGiandomenico, F, Malardalen Univ, Malardalen Real Time Res Ctr, Vasteras, Sweden.: SPRINGER-VERLAG BERLIN , 2014, p. 139-154Conference paper (Refereed)
Abstract [en]

The Goal Structuring Notation (GSN) is a popular graphical notation for recording safety arguments. One of GSN's key innovations is a context element that links short phrases used in the argument to detail available elsewhere. However, definitions of the context element admit multiple interpretations and conflict with guidance for building assured safety arguments. If readers do not share an understanding of the meaning of context that makes context's impact on the main safety claim clear, confidence in safety might be misplaced. In this paper, we analyse the definitions and usage of GSN context elements, identify contradictions and vagueness, propose a more precise definition, and make updated recommendations for assured safety argument structure.

Place, publisher, year, edition, pages
Malardalen Univ, Malardalen Real Time Res Ctr, Vasteras, Sweden.: SPRINGER-VERLAG BERLIN, 2014
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 8666
Keywords
Assurance argument, safety case, safety argument, goal structuring notation, context, confidence, assured safety argument
National Category
Medical Engineering
Identifiers
urn:nbn:se:mdh:diva-38381 (URN)000360208400010 ()978-3-319-10506-2 (ISBN)
Conference
33rd International Conference on Computer Safety, Reliability, and Security (SAFECOMP), SEP 10-12, 2014, Florence, ITALY
Available from: 2018-02-12 Created: 2018-02-12 Last updated: 2018-02-12Bibliographically approved
Graydon, P. (2014). Towards a clearer understanding of context and its role in assurance argument confidence. In: Lecture Notes in Computer Science, vol. 8666: . Paper presented at 33rd International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2014; Florence; Italy; 10 September 2014 through 12 September 2014 (pp. 139-154).
Open this publication in new window or tab >>Towards a clearer understanding of context and its role in assurance argument confidence
2014 (English)In: Lecture Notes in Computer Science, vol. 8666, 2014, p. 139-154Conference paper, Published paper (Refereed)
Abstract [en]

The Goal Structuring Notation (GSN) is a popular graphical notation for recording safety arguments. One of GSN's key innovations is a context element that links short phrases used in the argument to detail available elsewhere. However, definitions of the context element admit multiple interpretations and conflict with guidance for building assured safety arguments. If readers do not share an understanding of the meaning of context that makes context's impact on the main safety claim clear, confidence in safety might be misplaced. In this paper, we analyse the definitions and usage of GSN context elements, identify contradictions and vagueness, propose a more precise definition, and make updated recommendations for assured safety argument structure.

Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 8666
Keywords
Assurance argument, assured safety argument, confidence, context, goal structuring notation, safety argument, safety case
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-26009 (URN)10.1007/978-3-319-10506-2_10 (DOI)2-s2.0-84907073792 (Scopus ID)9783319105055 (ISBN)
Conference
33rd International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2014; Florence; Italy; 10 September 2014 through 12 September 2014
Available from: 2014-09-29 Created: 2014-09-26 Last updated: 2018-02-16Bibliographically approved
Rodriguez-Navas, G., Graydon, P. & Bate, I. (2013). From Fault Injection to Mutant Injection: the Next Step for Safety Analysis?. In: Hardware and Software: Verification and Testing: 8th International Haifa Verification Conference, HVC 2012, Haifa, Israel, November 6-8, 2012. Revised Selected Papers. Paper presented at 8th International Haifa Verification Conference, HVC 2012 (pp. 276-277). Paper presented at 8th International Haifa Verification Conference, HVC 2012. Springer
Open this publication in new window or tab >>From Fault Injection to Mutant Injection: the Next Step for Safety Analysis?
2013 (English)In: Hardware and Software: Verification and Testing: 8th International Haifa Verification Conference, HVC 2012, Haifa, Israel, November 6-8, 2012. Revised Selected Papers, Springer, 2013, p. 276-277Chapter in book (Refereed)
Abstract [en]

Mutation testing has been used to assess test suite coverage, and researchers have proposed adapting the idea for other uses. Safety kernels allow the use of untrusted software components in safety-critical applications: a trusted software safety kernel detects undesired behavior and takes remedial action. We propose to use specification mutation, model checking, and model-based testing to verify safety kernels for component-based, safety-critical computer systems.

Place, publisher, year, edition, pages
Springer, 2013
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 7857
National Category
Engineering and Technology Embedded Systems
Identifiers
urn:nbn:se:mdh:diva-23840 (URN)10.1007/978-3-642-39611-3_27 (DOI)978-3-642-39610-6 (ISBN)
Conference
8th International Haifa Verification Conference, HVC 2012
Available from: 2013-12-27 Created: 2013-12-19 Last updated: 2016-03-10Bibliographically approved
Rodriguez-Navas, G., Graydon, P. & Bate, I. (2013). From fault injection to mutant injection: The next step for safety analysis?. In: Lect. Notes Comput. Sci.: . Paper presented at 8th International on Hardware and Software: Verification and Testing, HVC 2012; Haifa; Israel; 6 November 2012 through 8 November 2012 (pp. 276-277).
Open this publication in new window or tab >>From fault injection to mutant injection: The next step for safety analysis?
2013 (English)In: Lect. Notes Comput. Sci., 2013, p. 276-277Conference paper, Published paper (Refereed)
Abstract [en]

Mutation testing has been used to assess test suite coverage, and researchers have proposed adapting the idea for other uses. Safety kernels allow the use of untrusted software components in safety-critical applications: a trusted software safety kernel detects undesired behavior and takes remedial action. We propose to use specification mutation, model checking, and model-based testing to verify safety kernels for component-based, safety-critical computer systems.

Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 7857
Keywords
component based design, mutation testing, safety analysis, Safety-critical systems, Model based testing, Safety critical applications, Safety critical systems, Software component, Undesired behavior, Computer software selection and evaluation, Hardware, Model checking, Safety engineering, Software testing
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-31635 (URN)10.1007/978-3-642-39611-3_27 (DOI)2-s2.0-84880721313 (Scopus ID)9783642396106 (ISBN)
Conference
8th International on Hardware and Software: Verification and Testing, HVC 2012; Haifa; Israel; 6 November 2012 through 8 November 2012
Available from: 2016-05-24 Created: 2016-05-24 Last updated: 2018-01-26Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-6352-4368

Search in DiVA

Show all publications