https://www.mdu.se/

mdu.sePublications
Change search
Link to record
Permanent link

Direct link
UL Muram, Faiz
Publications (10 of 18) Show all publications
Castellanos Ardila, J. P., Gallina, B. & UL Muram, F. (2022). Compliance checking of software processes: A systematic literature review. Journal of Software: Evolution and Process, 34(5), Article ID e2440.
Open this publication in new window or tab >>Compliance checking of software processes: A systematic literature review
2022 (English)In: Journal of Software: Evolution and Process, ISSN 2047-7473, E-ISSN 2047-7481, Vol. 34, no 5, article id e2440Article, review/survey (Refereed) Published
Abstract [en]

The processes used to develop software need to comply with normative requirements (e.g., standards and regulations) to align with the market and the law. Manual compliance checking is challenging because there are numerous requirements with changing nature and different purposes. Despite the importance of automated techniques, there is not any systematic study in this field. This lack may hinder organizations from moving toward automated compliance checking practices. In this paper, we characterize the methods for automatic compliance checking of software processes, including used techniques, potential impacts, and challenges. For this, we undertake a systematic literature review (SLR) of studies reporting methods in this field. As a result, we identify solutions that use different techniques (e.g., anthologies and metamodels) to represent processes and their artifacts (e.g., tasks and roles). Various languages, which have diverse capabilities for managing competing and changing norms, and agile strategies, are also used to represent normative requirements. Most solutions require tool-support concretization and enhanced capabilities to handle processes and normative diversity. Our findings outline compelling areas for future research. In particular, there is a need to select suitable languages for consolidating a generic and normative-agnostic solution, increase automation levels, tool support, and boost the application in practice by improving usability aspects.

Place, publisher, year, edition, pages
WILEY, 2022
Keywords
compliance checking, normative frameworks, software processes, systematic literature review
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-57706 (URN)10.1002/smr.2440 (DOI)000768555100001 ()2-s2.0-85126225058 (Scopus ID)
Available from: 2022-03-30 Created: 2022-03-30 Last updated: 2022-06-07Bibliographically approved
UL Muram, F. & Javed, M. A. (2021). Drone-based Risk Management of Autonomous Systems Using Contracts and Blockchain. In: Proceedings - 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2021: . Paper presented at 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2021 (pp. 679-688). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Drone-based Risk Management of Autonomous Systems Using Contracts and Blockchain
2021 (English)In: Proceedings - 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2021, Institute of Electrical and Electronics Engineers Inc. , 2021, p. 679-688Conference paper, Published paper (Refereed)
Abstract [en]

The drones provide an active measure to identify, monitor, analyze and resolve risks of autonomous systems during operational phase. To date, however, the published studies have not considered them for managing risks in a dynamic manner. The capability to deal with unknowns and uncertainties during operational phase is regarded as essential to exploit the autonomous systems at their full potential. This paper targets the drone-based assurance of autonomous systems. The hazard and threat analyses are performed during design and development phase by using the Hazard and Operability (HAZOP) and Threat and Operability (THROP) techniques, respectively. Based on the analyses results, the safety and security requirements are derived. The assume-guarantee contracts are also derived for uncertainty sources; they are integrated in the blockchain-based smart contracts. The simulators are leveraged for performing the verification and validation as well as improving systems. For assuring safety and security during operational phase, the contracts derived for uncertainty sources are checked. In case of divergence, the drones provide assistance; otherwise, depending on the severity risk factor, system control is taken to avoid the mishap risk. The applicability of the proposed methodology is exemplified in the context of a quarry site production scenario. 

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2021
Keywords
Assume-Guarantee, Autonomous Vehicles, Blockchain, Drones, Risk Management, Smart Contracts
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-54639 (URN)10.1109/SANER50967.2021.00086 (DOI)000675825200077 ()2-s2.0-85106644487 (Scopus ID)9781728196305 (ISBN)
Conference
2021 IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2021
Available from: 2021-06-10 Created: 2021-06-10 Last updated: 2021-09-09Bibliographically approved
UL Muram, F., Javed, M. A. & Kanwal, S. (2021). Facilitating the Compliance of Process Models with Critical System Engineering Standards using Natural Language Processing. In: International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings: . Paper presented at International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings (pp. 306-313). Science and Technology Publications, Lda
Open this publication in new window or tab >>Facilitating the Compliance of Process Models with Critical System Engineering Standards using Natural Language Processing
2021 (English)In: International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings, Science and Technology Publications, Lda , 2021, p. 306-313Conference paper, Published paper (Refereed)
Abstract [en]

Compliance of process models with relevant standards is mandatory for certifying the critical systems. However, it is often carried out in a manual manner, which is complex and labour-intensive. Previous studies have not considered the automated processing of standard documents for achieving and demonstrating the process compliance. This paper leverages natural language processing for extracting the normative process models embedded in the standard documents. The mapping rules are established for structuring the standard requirements and content elements of process models, such as tasks, roles and work products. They are organized into a process structure by considering the phases, activities and milestones. During the planning phase, the standard requirements, process models and compliance mappings are generated in EPF Composer; it supports the major parts of the OMG's Software & Systems Process Engineering Metamodel (SPEM) 2.0. The reverse compliance of extended or pre-existing process models can be carried out during the execution phase; specifically, the compliance gaps are detected, possible measures for their resolution are provided and missing elements are added after the process engineer approval. The applicability of the proposed methodology is demonstrated for the ECSS-E-ST-40C compliant space system engineering process.

Place, publisher, year, edition, pages
Science and Technology Publications, Lda, 2021
Keywords
Compliance Management, EPF Composer, Mapping Rules, Model Extraction, Natural Language Processing, Process Engineering, SPEM 2.0, Standard Documents, Knowledge engineering, Mapping, Natural language processing systems, Regulatory compliance, Systems engineering, Language processing, Meta model, Natural languages, System process, System process engineering metamodel 2.0
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-62531 (URN)2-s2.0-85125228014 (Scopus ID)9789897585081 (ISBN)
Conference
International Conference on Evaluation of Novel Approaches to Software Engineering, ENASE - Proceedings
Available from: 2023-05-31 Created: 2023-05-31 Last updated: 2023-05-31Bibliographically approved
Javed, M. A., UL Muram, F., Punnekkat, S. & Hansson, H. (2021). Safe and secure platooning of automated guided vehicles in Industry 4.0. Journal of systems architecture, 121, Article ID 102309.
Open this publication in new window or tab >>Safe and secure platooning of automated guided vehicles in Industry 4.0
2021 (English)In: Journal of systems architecture, ISSN 1383-7621, E-ISSN 1873-6165, Vol. 121, article id 102309Article in journal (Refereed) Published
Abstract [en]

Automated Guided Vehicles (AGVs) are widely used for materials transportation. Operating them in a platooned manner has the potential to improve safety, security and efficiency, control overall traffic flow and reduce resource usage. However, the published studies on platooning focus mainly on the design of technical solutions in the context of automotive domain. In this paper we focus on a largely unexplored theme of platooning in production sites transformed to the Industry 4.0, with the aim of providing safety and security assurances. We present an overall approach for a fault- and threat tolerant platooning for materials transportation in production environments. Our functional use cases include the platoon control for collision avoidance, data acquisition and processing by considering range, and connectivity with fog and cloud levels. To perform the safety and security analyses, the Hazard and Operability (HAZOP) and Threat and Operability (THROP) techniques are used. Based on the results obtained from them, the safety and security requirements are derived for the identification and prevention/mitigation of potential platooning hazards, threats and vulnerabilities. The assurance cases are constructed to show the acceptable safety and security of materials transportation using AGV platooning. We leveraged a simulation-based digital twin for performing the verification and validation as well as fine tuning of the platooning strategy. Simulation data is gathered from digital twin to monitor platoon operations, identify unexpected or incorrect behaviour, evaluate the potential implications, trigger control actions to resolve them, and continuously update assurance cases. The applicability of the AGV platooning is demonstrated in the context of a quarry site.

Place, publisher, year, edition, pages
Sweden: , 2021
Keywords
AGVs, Safety, Security, Assurance cases, Platooning, Dynamic risk management, Industry 4.0
National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-56571 (URN)10.1016/j.sysarc.2021.102309 (DOI)000718041000004 ()2-s2.0-85118482447 (Scopus ID)
Projects
SUCCESS: Safety assurance of Cooperating Construction Equipment in Semi-automated SitesInSecTT: Intelligent Secure Trustable Things
Available from: 2021-11-22 Created: 2021-11-22 Last updated: 2021-12-02Bibliographically approved
UL Muram, F., Kanwal, S. & Javed, M. A. (2021). Supporting Automated Verification of Reconfigurable Systems with Product Lines and Model Checking. In: Ali, R Kaindl, H Maciaszek, L (Ed.), ENASE: PROCEEDINGS OF THE 16TH INTERNATIONAL CONFERENCE ON EVALUATION OF NOVEL APPROACHES TO SOFTWARE ENGINEERING. Paper presented at 16th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE), APR 26-27, 2021, ELECTR NETWORK (pp. 297-305). SCITEPRESS
Open this publication in new window or tab >>Supporting Automated Verification of Reconfigurable Systems with Product Lines and Model Checking
2021 (English)In: ENASE: PROCEEDINGS OF THE 16TH INTERNATIONAL CONFERENCE ON EVALUATION OF NOVEL APPROACHES TO SOFTWARE ENGINEERING / [ed] Ali, R Kaindl, H Maciaszek, L, SCITEPRESS , 2021, p. 297-305Conference paper, Published paper (Refereed)
Abstract [en]

The capability to dynamically reconfigure in response to change of mode or function, failures, or unanticipated hazardous conditions is fundamental for many critical systems. The modelling and verification of such systems are frequently carried out with product lines and model checking, respectively. At first, the objectives and related requirements of reconfigurable systems are mapped to a feature model, whereas the units related to operational modes are selected in individual configurations. After that, the proposed approach performs automated transformation of particular models into formal constraints and descriptions for leveraging the analytical powers of model checking techniques: the formal verification of completeness, consistency and conflict is carried out with NuSMV model checker. Finally, in circumstances when the counterexample is produced, its analysis is performed for the identification of corresponding problems and their resolutions. The applicability of the proposed approach is demonstrated through case study of attitude and orbit control system.

Place, publisher, year, edition, pages
SCITEPRESS, 2021
Keywords
Reconfigurable Systems, Product Lines, Model Transformations, Model Checking, Formal Methods, LTL
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-58637 (URN)10.5220/0010455702970305 (DOI)000783843700030 ()978-989-758-508-1 (ISBN)
Conference
16th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE), APR 26-27, 2021, ELECTR NETWORK
Available from: 2022-06-08 Created: 2022-06-08 Last updated: 2022-06-08Bibliographically approved
Castellanos Ardila, J. P., Gallina, B. & UL Muram, F. (2021). Systematic Literature Review of Compliance Checking Approaches for Software Processes. Västerås
Open this publication in new window or tab >>Systematic Literature Review of Compliance Checking Approaches for Software Processes
2021 (English)Report (Other academic)
Abstract [en]

Context: Software processes have increased demands coming from normative requirements. Organizations developing software comply with such demands to be in line with the market and the law. The state-of-the-art provides means to automatically check whether a software process complies with a set of normative requirements. However, no comprehensive and systematic review has been conducted to characterize such works. Objective: We characterize the current research on this topic, including an account of the used techniques, their potential impacts, and challenges. Method: We undertake a Systematic Literature Review (SLR) of primary studies reporting techniques for automated compliance checking of software processes. Results: We identified 41 papers reporting solutions focused on limited normative frameworks. Such solutions use specific languages for the processes and normative representation. Thus, the artifacts represented vary from one solution to the other. The level of automation, which in most methods requires tool-support concretization, focuses mostly on the reasoning process and requires human intervention, e.g., for creating the inputs for such reasoning. In addition, only a few contemplate agile environments and standards evolution. Conclusions: Our findings outline compelling areas for future research. In particular, there is a need to consolidate existing languages for process and normative representation, compile efforts in a generic and normative-agnostic solution, increase automation and tool support, and incorporate a layer of trust to guarantee that rules are correctly derived from the normative requirements.

Place, publisher, year, edition, pages
Västerås: , 2021. p. 55
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-55079 (URN)MDH-MRTC-336/2021-1-SE (ISRN)
Available from: 2021-06-22 Created: 2021-06-22 Last updated: 2021-06-24Bibliographically approved
Javed, M. A., UL Muram, F., Hansson, H., Punnekkat, S. & Thane, H. (2021). Towards dynamic safety assurance for Industry 4.0. Journal of systems architecture, 114, Article ID 101914.
Open this publication in new window or tab >>Towards dynamic safety assurance for Industry 4.0
Show others...
2021 (English)In: Journal of systems architecture, ISSN 1383-7621, E-ISSN 1873-6165, Vol. 114, article id 101914Article in journal (Refereed) Published
Abstract [en]

The goal of Industry 4.0 is to be faster, more efficient and more customer-centric, by enhancing the automation and digitalisation of production systems. Frequently, the production in Industry 4.0 is categorised as safetycritical, for example, due to the interactions between autonomous machines and hazardous substances that can result in human injury or death, damage to machines, property or the environment. In order to demonstrate the acceptable safety of production operations, safety cases are constructed to provide comprehensive, logical and defensible justification of the safety of a production system for a given application in a predefined operating environment. However, the construction and maintenance of safety cases in alignment with Industry 4.0 are challenging tasks. For their construction, besides the modular, dynamic and reconfigurable nature of Industry 4.0, the architectural levels of the things, fog and cloud computing have to be considered. The safety cases constructed at system design and development phases might be invalidated during production operations, thus necessitating some means for dynamic safety assurance. Moreover, flexible manufacturing in Industry 4.0 also underlines the need for safety assurance in a dynamic manner during the operational phase. Currently published studies are not explicitly supporting the safety assurance of Industry 4.0, which is the focus of this paper with special emphasis on dynamic safety assurance. At first, the Hazard and Operability (HAZOP) and Fault Tree Analysis (FTA) techniques are used for the identification and mitigation/elimination of potential hazards. Next, based on the hazard analysis results, we derived the safety requirements and safety contracts. Subsequently, safety cases are constructed using the OpenCert platform and safety contracts are associated with them to enable necessary changes during runtime. Finally, we use a simulations based approach to identify and resolve the deviations between the system understanding reflected in the safety cases and the current system operation. The dynamic safety assurance is demonstrated using a use case scenario of materials transportation and data flow in the Industry 4.0 context.

Place, publisher, year, edition, pages
ELSEVIER, 2021
Keywords
Dynamic assurance, Safety cases, Industry 4, 0, Supply chain, AGVs, Fog and cloud computing
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:mdh:diva-56118 (URN)10.1016/j.sysarc.2020.101914 (DOI)000697350100015 ()2-s2.0-85092935364 (Scopus ID)
Available from: 2021-10-07 Created: 2021-10-07 Last updated: 2021-11-09Bibliographically approved
UL Muram, F., Javed, M. A., Hansson, H. & Punnekkat, S. (2020). Dynamic Reconfiguration of Safety-Critical Production Systems. In: Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC: . Paper presented at 25th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2020, 1 December 2020 through 4 December 2020 (pp. 120-129). IEEE Computer Society
Open this publication in new window or tab >>Dynamic Reconfiguration of Safety-Critical Production Systems
2020 (English)In: Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC, IEEE Computer Society , 2020, p. 120-129Conference paper, Published paper (Refereed)
Abstract [en]

The current trends of digitalization and Industry 4.0 are bringing ample opportunities for manufacturing industry to fine tune their products and processes at will, to meet changing market needs within short notice. However, the characteristics of advanced production systems, such as dynamic interactions between machines and reconfigurations, if not carefully orchestrated, could potentially lead to production failures or mishaps, making them safety-critical. Previous studies on hazard analysis, safety-performance tradeoffs and assurance cases have not specifically considered the dynamic reconfiguration scenarios in production systems. In this paper, for the hazard identification and mitigation/elimination, the principal characteristics of highly reconfigurable production systems have been given special consideration. Even if the hazard analysis results are incorporated in the initial designs of production systems, operational changes, such as adding/removing machines in response to market demands, system failures, or unanticipated hazardous conditions may still adversely impact the production safety and operational performance. For the operational changes, we perform the quantitative assessment through configuration analytics to determine the corresponding impacts on safety, performance and production demands. After that, the assurance case models are obtained with production line to cope with the potential problems during the dynamic safety assurance. The applicability of the proposed methodology is demonstrated in the context of a quarry site production scenario.

Place, publisher, year, edition, pages
IEEE Computer Society, 2020
Keywords
Hazard Analysis, Manufacturing Systems, Production Line, Quarry Site, Reconfiguration, Safety Cases, Commerce, Dynamic models, Critical production, Dynamic re-configuration, Hazard identification, Manufacturing industries, Operational changes, Operational performance, Quantitative assessments, Reconfigurable production systems, Hazards
National Category
Other Engineering and Technologies
Identifiers
urn:nbn:se:mdh:diva-53482 (URN)10.1109/PRDC50213.2020.00023 (DOI)000653149400013 ()2-s2.0-85099886444 (Scopus ID)9781728180038 (ISBN)
Conference
25th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2020, 1 December 2020 through 4 December 2020
Available from: 2021-02-19 Created: 2021-02-19 Last updated: 2021-06-24Bibliographically approved
Javed, M. A., UL Muram, F., Fattouh, A. & Punnekkat, S. (2020). Enforcing geofences for managing automated transportation risks in production sites. In: Communications in Computer and Information Science: . Paper presented at 16th European Dependable Computing Conference, EDCC 2020; Munich; Germany; 7 September 2020 through 10 September 2020; Code 244489 (pp. 113-126). Springer Science and Business Media Deutschland GmbH, 1279
Open this publication in new window or tab >>Enforcing geofences for managing automated transportation risks in production sites
2020 (English)In: Communications in Computer and Information Science, Springer Science and Business Media Deutschland GmbH , 2020, Vol. 1279, p. 113-126Conference paper, Published paper (Refereed)
Abstract [en]

The key to system safety is the identification and elimination/mitigation of potential hazards and documentation of evidences for safety cases. This is generally done during the system design and development phase. However, for automated systems, there is also a need to deal with unknowns and uncertainties during operational phase. This paper focuses on virtual boundaries around geographic zones (i.e., geofences) that can serve as an active countermeasure for dynamic management of risks in automated transportation/production contexts. At first, hazard analysis is performed using the Hazard and Operability (HAZOP) and Fault Tree Analysis (FTA) techniques. Based on the hazard analysis, appropriate measures, such as geofences for elimination/mitigation of hazards are defined. Subsequently, they are translated into the safety requirements. We leverage on simulation based digital twins to perform verification and validation of production site by incorporating safety requirements in them. Finally, to manage risks in a dynamic manner, the operational data is gathered, deviations from specified behaviours are tracked, possible implications of control actions are evaluated and necessary adaptations are performed. The risk management is assured in situations, such as communication loss, subsystem failures and unsafe paths. This approach provides a basis to fill the gaps between the safety cases and the actual system safety emanating from system/environment evolution as well as obsolescence of evidences. The applicability of the proposed framework is exemplified in the context of a semi-automated quarry production scenario.

Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH, 2020
Keywords
Automated transportation, Digital twin, Geofence enforcement, Quarry site, Risk management, Safety assurance, Automation, Fault tree analysis, Hazards, Obsolescence, Active countermeasures, Dynamic management, Fault tree analyses (FTA), Hazard and operabilities, Safety requirements, System design and development, Transportation risks, Verification-and-validation
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-50907 (URN)10.1007/978-3-030-58462-7_10 (DOI)000890196700010 ()2-s2.0-85091113059 (Scopus ID)9783030584610 (ISBN)
Conference
16th European Dependable Computing Conference, EDCC 2020; Munich; Germany; 7 September 2020 through 10 September 2020; Code 244489
Available from: 2020-09-25 Created: 2020-09-25 Last updated: 2023-04-12Bibliographically approved
UL Muram, F., Gallina, B. & Kanwal, S. (2019). A Tool-supported Model-based Method for Facilitating the EN50129-compliant Safety Approval Process. In: Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification, RSSRail 2019: . Paper presented at 3rd International Conference Reliability, Safety and Security of Railway Systems: Modelling, Analysis, Verification and Certification RSS-Rail-2019, 04 Jun 2019, Lille, France (pp. 125-141).
Open this publication in new window or tab >>A Tool-supported Model-based Method for Facilitating the EN50129-compliant Safety Approval Process
2019 (English)In: Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification, RSSRail 2019, 2019, p. 125-141Conference paper, Published paper (Refereed)
Abstract [en]

Compliance with the CENELEC series is mandatory during the planning of as well as development of railway systems. For compliance purposes, the creation of safety plans, which define safety-related activities and all other process elements relevant at the planning phase, is also needed. These plans are expected to be executed during the development phase. Specifically, EN 50129 defines the safety plan acceptance and approval process, where interactions between the applicant and the certification body are recommended: after the planning phase, to ensure the compliance between plans and standards, and after the development phase, to ensure the effective and not-deviating-unless-justified execution of plans. In this paper, we provide a tool-supported method for facilitating the safety approval processes/certification liaison processes. More specifically, the facilitation consists in guidance for modelling planned processes and the requirements listed in the standards in order to enable the automatic generation of baselines, post-planning processes and evidence models, needed during the execution phase and change impact tracking for manual monitoring of the compatibility between plans and their execution. The applicability of the proposed method is illustrated in the context of EN 50126-1 and EN 50129 standards.

Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 11495
Keywords
EN 50129, EN 50126-1, safety management, safety processes, regulatory compliance, safety plans, model transformation
National Category
Engineering and Technology Computer Systems
Identifiers
urn:nbn:se:mdh:diva-43920 (URN)10.1007/978-3-030-18744-6_8 (DOI)000558742000010 ()2-s2.0-85066850709 (Scopus ID)9783030187439 (ISBN)
Conference
3rd International Conference Reliability, Safety and Security of Railway Systems: Modelling, Analysis, Verification and Certification RSS-Rail-2019, 04 Jun 2019, Lille, France
Projects
AMASS - Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems
Available from: 2019-06-14 Created: 2019-06-14 Last updated: 2020-08-27Bibliographically approved
Organisations

Search in DiVA

Show all publications