mdh.sePublications
Change search
Refine search result
1 - 9 of 9
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Castellanos Ardila, Julieth Patricia
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Facilitating Automated Compliance Checking of Processes against Safety Standards2018Conference paper (Refereed)
  • 2.
    Castellanos Ardila, Julieth Patricia
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Facilitating Automated Compliance Checking of Processes against Safety Standards2019Licentiate thesis, comprehensive summary (Other academic)
    Abstract [en]

    A system is safety-critical if its malfunctioning could have catastrophic consequences for people, property or the environment, e.g., the failure in a car's braking system could be potentially tragic. To produce such type of systems, special procedures, and strategies, that permit their safer deployment into society, should be used. Therefore, manufacturers of safety-critical systems comply with domain-specific safety standards, which embody the public consensus of acceptably safe. Safety standards also contain a repository of expert knowledge and best practices that can, to some extent, facilitate the safety-critical system’s engineering. In some domains, the applicable safety standards establish the accepted procedures that regulate the development processes. For claiming compliance with such standards, companies should adapt their practices and provide convincing justifications regarding the processes used to produce their systems, from the initial steps of the production. In particular, the planning of the development process, in accordance with the prescribed process-related requirements specified in the standard, is an essential piece of evidence for compliance assessment. However, providing such evidence can be time-consuming and prone-to-error since it requires that process engineers check the fulfillment of hundreds of requirements based on their processes specifications. With access to suitable tool-supported methodologies, process engineers would be able to perform their job efficiently and accurately.

    Safety standards prescribe requirements in natural language by using notions that are subtly similar to the concepts used to describe laws. In particular, requirements in the standards introduce conditions that are obligatory for claiming compliance. Requirements also define tailoring rules, which are actions that permit to comply with the standard in an alternative way. Unfortunately, current approaches for software verification are not furnished with these notions, which could make their use in compliance checking difficult. However, existing tool-supported methodologies designed in the legal compliance context, which are also proved in the business domain, could be exploited for defining an adequate automated compliance checking approach that suits the conditions required in the safety-critical context.

    The goal of this Licentiate thesis is to propose a novel approach that combines: 1) process modeling capabilities for representing systems and software process specifications, 2) normative representation capabilities for interpreting the requirements of the safety standards in an adequate machine-readable form, and 3) compliance checking capabilities to provide the analysis required to conclude whether the model of a process corresponds to the model with the compliant states proposed by the standard's requirements. Our approach contributes to facilitating compliance checking by providing automatic reasoning from the requirements prescribed by the standards, and the description of the process they regulate. It also contributes to cross-fertilize two communities that were previously isolated, namely safety-critical and legal compliance contexts. Besides, we propose an approach for mastering the interplay between highly-related standards. This approach includes the reuse capabilities provided by SoPLE (Safety-oriented Process Line Engineering), which is a methodological approach aiming at systematizing the reuse of process-related information in the context of safety-critical systems. With the addition of SoPLE, we aim at planting the seeds for the future provision of systematic reuse of compliance proofs. Hitherto, our proposed methodology has been evaluated with academic examples that show the potential benefits of its use.

  • 3.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Formal Contract Logic Based Patterns for Facilitating Compliance Checking against ISO 262622018In: CEUR Workshop Proceedings, Volume 2049, 2018, p. 65-72Conference paper (Refereed)
    Abstract [en]

    ISO 26262 demands a confirmation review of the safety plan, which includes the compliance checking of planned processes against safety requirements. Formal Contract Logic (FCL), a logic-based language stemming from business compliance, provides means to formalize normative requirements enabling automatic compliance checking. However, formalizing safety requirements in FCL requires skills, which cannot be taken for granted. In this paper, we provide a set of ISO 26262-specific FCL compliance patterns to facilitate rules formalization. First, we identify and define the patterns, based on Dwyer' et al.'s specification patterns style. Then, we instantiate the patterns to illustrate their applicability. Finally, we sketch conclusions and future work.

  • 4.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Towards Efficiently Checking Compliance Against Automotive Security and Safety Standards2017In: The 7th IEEE International Workshop on Software Certification WoSoCer 2017, 2017, p. 317-324Conference paper (Refereed)
    Abstract [en]

    The growing connectivity of the systems that we rely on e.g. transportation vehicles is pushing towards the introduction of new standards aimed at providing a baseline to address cybersecurity besides safety. If the interplay of the two normative spaces is not mastered, compliance management might become more time consuming and costly, preventing engineers from dedicating their energies to system engineering. In this paper, we build on top of previous work aimed at increasing efficiency and confidence in compliance management. More specifically, we contribute to building a terminological framework needed to enable the systematization of commonalities and variabilities within ISO 26262 and SAE J3061. Then, we focus our attention on the requirements for software design and implementation and we use defeasible logic to prove compliance. Based on the compliance checking results, we reveal reuse opportunities. Finally, we draw our conclusions and sketch future research directions.

  • 5.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. IS (Embedded Systems).
    Towards Increased Efficiency and Confidence in Process Compliance2017In: 24th European & Asian Systems, Software & Service Process Improvement & Innovation EuroAsiaSPI2 '17, 2017, p. 162-174Conference paper (Refereed)
    Abstract [en]

    Nowadays, the engineering of (software) systems has to comply with di erent standards, which often exhibit common requirements or at least a signi cant potential for synergy. Compliance management is a delicate, time-consuming, and costly activity, which would bene- t from increased con dence, automation, and systematic reuse. In this paper, we introduce a new approach, called SoPLE&Logic-basedCM. SoPLE&Logic-basedCM combines (safety-oriented) process line engineering with defeasible logic-based approaches for formal compliance checking. As a result of this combination, SoPLE&Logic-basedCM enables automation of compliance checking and systematic reuse of process elements as well as compliance proofs. To illustrate SoPLE&Logic-basedCM, we apply it to the automotive domain and we draw our lessons learnt.

  • 6.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Governatori, Guido
    Data61, CSIRO, Australia.
    Lessons Learned while formalizing ISO 26262 for Compliance Checking2018In: Proceedings of the 2nd Workshop on Technologies for Regulatory Compliance (TeReCom), 2018, p. 5-16Conference paper (Refereed)
    Abstract [en]

    A confirmation review of the safety plan is required during compliance assessment with ISO 26262. Its production could be facilitated by creating a specification of the standard’s requirements in FCL (Formal Contract Logic), which is a language that can be used to automatically checking compliance. However, we have learned, via previous experiences, that interpreting ISO 26262 requirements and specifying them in FCL is complex. Thus, we perform a formalization-oriented pre-processing of ISO 26262 to find effective ways to proceed with this task. In this paper, we present the lessons learned from this pre-processing which includes the identification of the essential normative parts to be formalized, the identification of SCP (Safety Compliance Patterns) and its subsequent documentation as templates, and the definition of a methodological guideline to facilitate the formalization of normative clauses. Finally, we illustrate the defined methodology by formalizing ISO 26262 part 3 and discuss our findings.

  • 7.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    UL Muram, Faiz
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Enabling Compliance Checking against Safety Standards from SPEM 2.0 Process Models2018In: The Euromicro Conference on Software Engineering and Advanced Applications SEAA 2018, 2018Conference paper (Refereed)
    Abstract [en]

    Compliance with process-based safety standards may imply the provision of a safety plan and its corresponding compliance justification. The provision of this justification is time-consuming since it requires that the process engineer checks the fulfillment of hundred of requirements by taking into account the evidence provided by the process entities. Available methodologies and their implemented tools can be used to automate this checking and provide a compliance report that can be part of the justification to be scrutinized by the safety auditor. In this paper, we explain our compliance checking vision for supporting the process engineer, in which the interaction between SPEM 2.0 (Software & Systems Process Engineering Metamodel) and Regorous (a tool-supported methodology for compliance checking) is established. Then, we focus on SPEM 2.0 to identify mechanisms to provide the minimal set of elements required to be processed by Regorous and describe how to implement them in EPF Composer. We also illustrate these mechanisms by modeling a simple example from ISO 26262 and show how a compliance report can be used to trace unfulfilled requirements.

  • 8.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    UL Muram, Faiz
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Transforming SPEM 2.0-compatible process models into models checkable for compliance2018In: Communications in Computer and Information Science, Springer Verlag , 2018, Vol. 918, p. 233-247Conference paper (Refereed)
    Abstract [en]

    Manual compliance with process-based standards is time-consuming and prone-to-error. No ready-to-use solution is currently available for increasing efficiency and confidence. In our previous work, we have presented our automated compliance checking vision to support the process engineer’s work. This vision includes the creation of a process model, given by using a SPEM 2.0 (Systems & Software Process Engineering Metamodel)-reference implementation, to be checked by Regorous, a compliance checker used in the business context. In this paper, we move a step further for the concretization of our vision by defining the transformation, necessary to automatically generate the models required by Regorous. Then, we apply our transformation to a small portion of the design phase recommended in the rail sector. Finally, we discuss our findings, and present conclusions and future work. 

  • 9.
    Gallina, Barbara
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    UL Muram, Faiz
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Castellanos Ardila, Julieth Patricia
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Compliance of agilized (Software) development processes with safety standards: A vision2018In: ACM International Conference Proceeding Series, Association for Computing Machinery , 2018, article id Article number a14Conference paper (Refereed)
    Abstract [en]

    Hybrid software development, meant as a combination of traditional and agile methods/practices, has become a reality in safety-critical systems engineering. The spreading of hybrid software development stems from the impossibility to face the manyfold challenges via the definition of a process by the book. In this context, compliance management becomes challenging and the role of existing means for compliance should be clarified/rethought. In this position paper, we discuss the challenges and we propose our compliance management vision, which is being implemented in the context of the EU ECSEL AMASS project.

1 - 9 of 9
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf