https://www.mdu.se/

mdu.sePublications
Change search
Refine search result
1 - 26 of 26
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Ali, Nazakat
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Castellanos Ardila, Julieth Patricia
    Punnekkat, Sasikumar
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. Mälardalen University,School of Innovation, Design and Engineering,Västerås,Sweden.
    Towards an Integrated Safety-Security Ontology for System of Systems2024Conference paper (Refereed)
    Abstract [en]

    In the modern world, connectivity and shared intelligence enable independent constituent systems (CS) to form systems of systems (SoS) capable of performing sophisticated missions. However, the sheer scale of an SoS can make it challenging to manage all components comprehensively, hiding potential security and safety concerns. These factors underscore the need for advancing conceptual models that permit a better understanding of the SoS intricacies. This paper presents a conceptual model for an integrated safety-security ontology for SoS, called SSO-SoS. Such a model is based on international standards, existing literature, and relevant conceptual models, where we pay special attention to safety, security, and mitigation for SoS. We also illustrate the SSO-SoS with a case study from the construction sector. Our conceptual model provides a hierarchical organization that permits stakeholders to navigate through different layers of information, enhancing their ability to identify, address, and understand the required SoS knowledge.

  • 2.
    Castellanos Ardila, Julieth Patricia
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    A Safety-centered Planning-time Framework for Automated Process Compliance Checking2021Doctoral thesis, comprehensive summary (Other academic)
    Abstract [en]

    Safety-critical systems, whose failure could lead to catastrophic consequences, are everywhere. Not only environments with high-risk functions, e.g., nuclear power plants, are safety-critical systems. Our vehicles, medical devices that perform different kinds of treatments, airplanes, and industrial robots, are also safety-critical systems. The more harm the system can cause, the more careful the system has to be designed, implemented, and maintained. By following practices of reasonable care, typically collected within industry standards, manufacturers demonstrate that they aim at preventing safety-critical systems from failing or causing various types of damage. Thus, compliance with standards, especially safety standards, is a must-do for manufacturers of safety-critical systems.

    Industry standards often adopt a prescriptive approach, which focuses on process-related requirements. To comply with such standards, manufacturers have to carefully prepare process plans that properly address the applicable requirements. A compliant process plan should include the sequence of tasks mandated by applicable standards as well as the resources allocated to such tasks, e.g., personnel, work products, required tools, and methods, which are also framed with key properties. The planning task could be supported by checking that planned processes fulfill the properties set down by standards at given points.

    Compliance checking of process plans is rarely done for just one standard. In automotive, for instance, it is recommended that manufacturers follow at least standards for functional safety, cybersecurity, and software process improvements. Manufacturers also need to perform tailoring, i.e., select and modify requirements depending on the individual project. In safety standards, tailoring is often performed by taking into account existing safety criticality levels. Moreover, new versions of the standards, which are frequently released, demand recertification. In addition, compliance checking is not only done to one process plan. Companies commonly need to plan several processes simultaneously. Consequently, it is not easy to manually check that process plans comply with the requirements of standards.

    Automated compliance checking could help process engineers in such organizations to detect compliance violations and enforce compliance at planning time. Thus, the main goal of this dissertation is to facilitate automated compliance checking of the process plans used to engineer safety-critical systems against the standards mandated (or recommended) in the safety-critical context. To reach our goal, we adopt modern methods and tools, adapt them by mainly focusing on software and risk analysis process plans, and contribute to the state-of-the-art as follows:

    1. We identify aspects that make compliance checking of process plans demanding and formulate requirements for a technical solution to these problems. 

    2. We introduce ACCEPT (Automated Compliance Checking of Engineering Process plans against sTandards), an iterative and comprehensible framework for supporting process engineers to check and enforce process plan compliance. 

    3. We propose mechanisms for facilitating the creation and reuse of the specifications required to check process plan compliance.

    4. We investigate the significance of our proposed solutions by applying different validation mechanisms. As a result, our solutions show to be useful to support process engineers in the compliance checking tasks required during process planning.

    This dissertation's contributions aim at planting the seeds for the future development of tools that support process engineers moving towards automated compliance checking practices. 

    Download full text (pdf)
    fulltext
  • 3.
    Castellanos Ardila, Julieth Patricia
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Facilitating Automated Compliance Checking of Processes against Safety Standards2018Conference paper (Refereed)
  • 4.
    Castellanos Ardila, Julieth Patricia
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Facilitating Automated Compliance Checking of Processes against Safety Standards2019Licentiate thesis, comprehensive summary (Other academic)
    Abstract [en]

    A system is safety-critical if its malfunctioning could have catastrophic consequences for people, property or the environment, e.g., the failure in a car's braking system could be potentially tragic. To produce such type of systems, special procedures, and strategies, that permit their safer deployment into society, should be used. Therefore, manufacturers of safety-critical systems comply with domain-specific safety standards, which embody the public consensus of acceptably safe. Safety standards also contain a repository of expert knowledge and best practices that can, to some extent, facilitate the safety-critical system’s engineering. In some domains, the applicable safety standards establish the accepted procedures that regulate the development processes. For claiming compliance with such standards, companies should adapt their practices and provide convincing justifications regarding the processes used to produce their systems, from the initial steps of the production. In particular, the planning of the development process, in accordance with the prescribed process-related requirements specified in the standard, is an essential piece of evidence for compliance assessment. However, providing such evidence can be time-consuming and prone-to-error since it requires that process engineers check the fulfillment of hundreds of requirements based on their processes specifications. With access to suitable tool-supported methodologies, process engineers would be able to perform their job efficiently and accurately.

    Safety standards prescribe requirements in natural language by using notions that are subtly similar to the concepts used to describe laws. In particular, requirements in the standards introduce conditions that are obligatory for claiming compliance. Requirements also define tailoring rules, which are actions that permit to comply with the standard in an alternative way. Unfortunately, current approaches for software verification are not furnished with these notions, which could make their use in compliance checking difficult. However, existing tool-supported methodologies designed in the legal compliance context, which are also proved in the business domain, could be exploited for defining an adequate automated compliance checking approach that suits the conditions required in the safety-critical context.

    The goal of this Licentiate thesis is to propose a novel approach that combines: 1) process modeling capabilities for representing systems and software process specifications, 2) normative representation capabilities for interpreting the requirements of the safety standards in an adequate machine-readable form, and 3) compliance checking capabilities to provide the analysis required to conclude whether the model of a process corresponds to the model with the compliant states proposed by the standard's requirements. Our approach contributes to facilitating compliance checking by providing automatic reasoning from the requirements prescribed by the standards, and the description of the process they regulate. It also contributes to cross-fertilize two communities that were previously isolated, namely safety-critical and legal compliance contexts. Besides, we propose an approach for mastering the interplay between highly-related standards. This approach includes the reuse capabilities provided by SoPLE (Safety-oriented Process Line Engineering), which is a methodological approach aiming at systematizing the reuse of process-related information in the context of safety-critical systems. With the addition of SoPLE, we aim at planting the seeds for the future provision of systematic reuse of compliance proofs. Hitherto, our proposed methodology has been evaluated with academic examples that show the potential benefits of its use.

    Download full text (pdf)
    fulltext
  • 5.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    A Personal Opinion Survey on Process-based Compliance Checking in the Safety Context2020In: Quality of Information and Communications Technology. QUATIC 2020. Communications in Computer and Information Science, vol 1266, 2020, Vol. 1266, p. 169-183Conference paper (Refereed)
    Abstract [en]

    Manually checking the compliance of process plans against the requirements of applicable standards is a common practice in the safety-critical context. We hypothesize that automating this task could be of interest. To test our hypothesis, we conducted a personal opinion survey among practitioners who participate in safety-related process compliance checking. In this paper, we present the results of this survey. Practitioners indicated the methods used and their challenges, as well as their interest in a novel method that could permit them to move from manual to automated practices via compliance checking.

  • 6.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Formal Contract Logic Based Patterns for Facilitating Compliance Checking against ISO 262622018In: CEUR Workshop Proceedings, Volume 2049, 2018, p. 65-72Conference paper (Refereed)
    Abstract [en]

    ISO 26262 demands a confirmation review of the safety plan, which includes the compliance checking of planned processes against safety requirements. Formal Contract Logic (FCL), a logic-based language stemming from business compliance, provides means to formalize normative requirements enabling automatic compliance checking. However, formalizing safety requirements in FCL requires skills, which cannot be taken for granted. In this paper, we provide a set of ISO 26262-specific FCL compliance patterns to facilitate rules formalization. First, we identify and define the patterns, based on Dwyer' et al.'s specification patterns style. Then, we instantiate the patterns to illustrate their applicability. Finally, we sketch conclusions and future work.

  • 7.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Reusing (Safety-oriented) compliance artifacts while recertifying2021In: MODELSWARD 2021 - Proceedings of the 9th International Conference on Model-Driven Engineering and Software Development, SciTePress , 2021, p. 53-64Conference paper (Refereed)
    Abstract [en]

    Revisions of safety-related standards lead to the release of new versions. Consequently, products and processes need to be recertified. To support that need, product line-oriented best practices have been adopted to systematize reuse at various levels, including the engineering process itself. As a result, Safety-oriented Process Line Engineering (SoPLE) is introduced to systematize reuse of safety-oriented process-related artifacts. To systematize reuse of artifacts during automated process compliance checking, SoPLE was conceptually combined with a logic-based framework. However, no integrated and tool-supported solution was provided. In this paper, we focus on process recertification (interpreted as the need to show process plan adherence with the new version of the standard) and propose a concrete technical and tool-supported methodological framework for reusing (safety-oriented) compliance artifacts while recertifying. We illustrate the benefits of our methodological framework by considering ISO 14971 versions, and measuring the enabled reuse. 

  • 8.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Separation of Concerns in Process Compliance Checking: Divide-and-Conquer2020In: Communications in Computer and Information Science, Düsseldorf, Germany: Springer International Publishing , 2020, Vol. 1251, p. 135-147Conference paper (Refereed)
    Abstract [en]

    In the safety-critical context, part of the software process improvement effort is expended in process-based compliance. To facilitate this task, we proposed a method for automated process-based compliance checking, which can be used as a basis for decision making. Our method requires users to create a knowledge base that contains formalized requirements and processes checkable for compliance. Such task may have some degree of complexity. Thus, in this paper, we exploit the natural separation of concerns in the state of practice to offer adequate means to facilitate the creation of the required concepts by using a divide-and-conquer strategy. For this, we discuss the impact of process factors in compliance assessment and provide separation of concerns based on SPEM 2.0 (Systems and Software Process Engineering Metamodel). Then, we illustrate the defined concerns and discuss our findings.

  • 9.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Towards Efficiently Checking Compliance Against Automotive Security and Safety Standards2017In: The 7th IEEE International Workshop on Software Certification WoSoCer 2017, 2017, p. 317-324Conference paper (Refereed)
    Abstract [en]

    The growing connectivity of the systems that we rely on e.g. transportation vehicles is pushing towards the introduction of new standards aimed at providing a baseline to address cybersecurity besides safety. If the interplay of the two normative spaces is not mastered, compliance management might become more time consuming and costly, preventing engineers from dedicating their energies to system engineering. In this paper, we build on top of previous work aimed at increasing efficiency and confidence in compliance management. More specifically, we contribute to building a terminological framework needed to enable the systematization of commonalities and variabilities within ISO 26262 and SAE J3061. Then, we focus our attention on the requirements for software design and implementation and we use defeasible logic to prove compliance. Based on the compliance checking results, we reveal reuse opportunities. Finally, we draw our conclusions and sketch future research directions.

  • 10.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. IS (Embedded Systems).
    Towards Increased Efficiency and Confidence in Process Compliance2017In: 24th European & Asian Systems, Software & Service Process Improvement & Innovation EuroAsiaSPI2 '17, 2017, p. 162-174Conference paper (Refereed)
    Abstract [en]

    Nowadays, the engineering of (software) systems has to comply with di erent standards, which often exhibit common requirements or at least a signi cant potential for synergy. Compliance management is a delicate, time-consuming, and costly activity, which would bene- t from increased con dence, automation, and systematic reuse. In this paper, we introduce a new approach, called SoPLE&Logic-basedCM. SoPLE&Logic-basedCM combines (safety-oriented) process line engineering with defeasible logic-based approaches for formal compliance checking. As a result of this combination, SoPLE&Logic-basedCM enables automation of compliance checking and systematic reuse of process elements as well as compliance proofs. To illustrate SoPLE&Logic-basedCM, we apply it to the automotive domain and we draw our lessons learnt.

  • 11.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Governatori, Guido
    CSIRO, Brisbane, Australia.
    Compliance-aware Engineering Process Plans: The case of Space Software Engineering Processes2021In: Artificial Intelligence and Law, ISSN 0924-8463, E-ISSN 1572-8382, Vol. 29, no 4, p. 587-627Article in journal (Refereed)
    Abstract [en]

    Safety-critical systems manufacturers have the duty of care, i.e., they should take correct steps while performing acts that could foreseeably harm others. Commonly, industry standards prescribe reasonable steps in their process requirements, which regulatory bodies trust. Manufacturers perform careful documentation of compliance with each requirement to show that they act under acceptable criteria. To facilitate this task, a safety-centered planning-time framework, called ACCEPT, has been proposed. Based on compliance-by-design, ACCEPT capabilities (i.e., processes and standards modeling, and automatic compliance checking) permit to design Compliance-aware Engineering Process Plans (CaEPP), which are able to show the planning-time allocation of standard demands, i.e., if the elements set down by the standard requirements are present at given points in the engineering process plan. In this paper, we perform a case study to understand if the ACCEPT produced models could support the planning of space software engineering processes. Space software is safety and mission-critical, and it is often the result of industrial cooperation. Such cooperation is coordinated through compliance with relevant standards. In the European context, ECSS-E-ST-40C is the de-facto standard for space software production. The planning of processes in compliance with project-specific ECSS-E-ST-40C applicable requirements is mandatory during contractual agreements. Our analysis is based on qualitative criteria targeting the effort dictated by task demands required to create a CaEPP for software development with ACCEPT. Initial observations show that the effort required to model compliance and processes artifacts is significant. However, such an effort pays off in the long term since models are, to some extend, reusable and flexible. The coverage level of the models is also analyzed based on design decisions. In our opinion, such a level is adequate since it responds to the information needs required by the ECSS-E-ST-40C framework.

    Download full text (pdf)
    Compliance-aware process plans
  • 12.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Governatori, Guido
    Data61, CSIRO, Australia.
    Lessons Learned while formalizing ISO 26262 for Compliance Checking2018In: Proceedings of the 2nd Workshop on Technologies for Regulatory Compliance (TeReCom), 2018, p. 5-16Conference paper (Refereed)
    Abstract [en]

    A confirmation review of the safety plan is required during compliance assessment with ISO 26262. Its production could be facilitated by creating a specification of the standard’s requirements in FCL (Formal Contract Logic), which is a language that can be used to automatically checking compliance. However, we have learned, via previous experiences, that interpreting ISO 26262 requirements and specifying them in FCL is complex. Thus, we perform a formalization-oriented pre-processing of ISO 26262 to find effective ways to proceed with this task. In this paper, we present the lessons learned from this pre-processing which includes the identification of the essential normative parts to be formalized, the identification of SCP (Safety Compliance Patterns) and its subsequent documentation as templates, and the definition of a methodological guideline to facilitate the formalization of normative clauses. Finally, we illustrate the defined methodology by formalizing ISO 26262 part 3 and discuss our findings.

    Download full text (pdf)
    fulltext
  • 13. Castellanos Ardila, Julieth Patricia
    et al.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    UL Muram, Faiz
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Compliance checking of software processes: A systematic literature review2022In: Journal of Software: Evolution and Process, ISSN 2047-7473, E-ISSN 2047-7481, Vol. 34, no 5, article id e2440Article, review/survey (Refereed)
    Abstract [en]

    The processes used to develop software need to comply with normative requirements (e.g., standards and regulations) to align with the market and the law. Manual compliance checking is challenging because there are numerous requirements with changing nature and different purposes. Despite the importance of automated techniques, there is not any systematic study in this field. This lack may hinder organizations from moving toward automated compliance checking practices. In this paper, we characterize the methods for automatic compliance checking of software processes, including used techniques, potential impacts, and challenges. For this, we undertake a systematic literature review (SLR) of studies reporting methods in this field. As a result, we identify solutions that use different techniques (e.g., anthologies and metamodels) to represent processes and their artifacts (e.g., tasks and roles). Various languages, which have diverse capabilities for managing competing and changing norms, and agile strategies, are also used to represent normative requirements. Most solutions require tool-support concretization and enhanced capabilities to handle processes and normative diversity. Our findings outline compelling areas for future research. In particular, there is a need to select suitable languages for consolidating a generic and normative-agnostic solution, increase automation levels, tool support, and boost the application in practice by improving usability aspects.

  • 14.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    UL Muram, Faiz
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Enabling Compliance Checking against Safety Standards from SPEM 2.0 Process Models2018In: The Euromicro Conference on Software Engineering and Advanced Applications SEAA 2018, 2018Conference paper (Refereed)
    Abstract [en]

    Compliance with process-based safety standards may imply the provision of a safety plan and its corresponding compliance justification. The provision of this justification is time-consuming since it requires that the process engineer checks the fulfillment of hundred of requirements by taking into account the evidence provided by the process entities. Available methodologies and their implemented tools can be used to automate this checking and provide a compliance report that can be part of the justification to be scrutinized by the safety auditor. In this paper, we explain our compliance checking vision for supporting the process engineer, in which the interaction between SPEM 2.0 (Software & Systems Process Engineering Metamodel) and Regorous (a tool-supported methodology for compliance checking) is established. Then, we focus on SPEM 2.0 to identify mechanisms to provide the minimal set of elements required to be processed by Regorous and describe how to implement them in EPF Composer. We also illustrate these mechanisms by modeling a simple example from ISO 26262 and show how a compliance report can be used to trace unfulfilled requirements.

  • 15.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    UL Muram, Faiz
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Facilitating automated compliance checking of processes in the safety-critical context2019In: Electronic Communications of the EASST, E-ISSN 1863-2122, Vol. 78, p. 1-21Article in journal (Refereed)
    Abstract [en]

    In some domains, the applicable safety standards prescribe processrelated requirements. Essential pieces of evidence for compliance assessment with such standard are the compliance justifications of the process plans used to engineer systems. These justifications should show that the process plans are produced in accordance with the prescribed requirements. However, providing the required evidence may be time-consuming and error-prone since safety standards are large, natural language-based documents with hundreds of requirements. Besides, a company may have many safety-critical-related processes to be examined. In this paper, we propose a novel approach that combines process modeling and compliance checking capabilities. Our approach aims at facilitating the analysis required to conclude whether the model of a process plan corresponds to a model with compliant states. Hitherto, our proposed methodology has been evaluated with academic examples that show the potential benefits of its use.

  • 16.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    UL Muram, Faiz
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Systematic Literature Review of Compliance Checking Approaches for Software Processes2021Report (Other academic)
    Abstract [en]

    Context: Software processes have increased demands coming from normative requirements. Organizations developing software comply with such demands to be in line with the market and the law. The state-of-the-art provides means to automatically check whether a software process complies with a set of normative requirements. However, no comprehensive and systematic review has been conducted to characterize such works. Objective: We characterize the current research on this topic, including an account of the used techniques, their potential impacts, and challenges. Method: We undertake a Systematic Literature Review (SLR) of primary studies reporting techniques for automated compliance checking of software processes. Results: We identified 41 papers reporting solutions focused on limited normative frameworks. Such solutions use specific languages for the processes and normative representation. Thus, the artifacts represented vary from one solution to the other. The level of automation, which in most methods requires tool-support concretization, focuses mostly on the reasoning process and requires human intervention, e.g., for creating the inputs for such reasoning. In addition, only a few contemplate agile environments and standards evolution. Conclusions: Our findings outline compelling areas for future research. In particular, there is a need to consolidate existing languages for process and normative representation, compile efforts in a generic and normative-agnostic solution, increase automation and tool support, and incorporate a layer of trust to guarantee that rules are correctly derived from the normative requirements.

  • 17.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    UL Muram, Faiz
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Transforming SPEM 2.0-compatible process models into models checkable for compliance2018In: Communications in Computer and Information Science, Springer Verlag , 2018, Vol. 918, p. 233-247Conference paper (Refereed)
    Abstract [en]

    Manual compliance with process-based standards is time-consuming and prone-to-error. No ready-to-use solution is currently available for increasing efficiency and confidence. In our previous work, we have presented our automated compliance checking vision to support the process engineer’s work. This vision includes the creation of a process model, given by using a SPEM 2.0 (Systems & Software Process Engineering Metamodel)-reference implementation, to be checked by Regorous, a compliance checker used in the business context. In this paper, we move a step further for the concretization of our vision by defining the transformation, necessary to automatically generate the models required by Regorous. Then, we apply our transformation to a small portion of the design phase recommended in the rail sector. Finally, we discuss our findings, and present conclusions and future work. 

  • 18. Castellanos Ardila, Julieth Patricia
    et al.
    Hansson, Hans
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Punekkat, Sasikumar
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Safe Integration of Autonomous Machines in Underground Mining Environments2022In: ISSE 2022 - 2022 8th IEEE International Symposium on Systems Engineering, Conference Proceedings, Institute of Electrical and Electronics Engineers Inc. , 2022Conference paper (Refereed)
    Abstract [en]

    Autonomous and Semi-Autonomous Machines (ASAMs) provide several benefits and have already emerged in mining environments. However, for cost-efficiency reasons and for ASAMs to reach their full potential, they should be capable of operating seamlessly with manually operated machines. Establishing the requirements for sufficient safety for such integration is a non-Trivial task. This paper proposes a methodology for safely integrating ASAMs in underground mining environments. First, we describe the purpose of the integration and define the constituent components. Second, we identify the conditions that ASAMs will likely encounter using ODD-UM, an operational design domain specification for underground mining. Third, we derive high-level requirements for individual components based on ODD-UM attributes. Such requirements are allocated into the constituent components and considered as assumptions for the safety analysis. Fourth, we perform STPA (System-Theoretic Process Analysis) to analyze safety-related control requirements for the integrated system. Our methodology could help the system integrator to systematically identify integration requirements to be enforced in constituent components and safety control systems. Index Terms-Underground Autonomous Mining, Integration Requirements, ODD-UM, STPA, Safety-guided Design.

  • 19.
    Castellanos Ardila, Julieth Patricia
    et al.
    Mälardalen University.
    Punnekkat, Sasikumar
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Fattouh, Anas
    Mälardalen University, School of Innovation, Design and Engineering, Innovation and Product Realisation.
    Hansson, Hans
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    A Context-specific Operational Design Domain for Underground Mining (ODD-UM)2022In: Systems, Software and Services Process Improvement: 29th European Conference, EuroSPI 2022, Salzburg, Austria, August 31 – September 2, 2022, Proceedings / [ed] Murat Yilmaz; Paul Clarke; Richard Messnarz; Bruno Wöran, 2022, p. 161-176Conference paper (Refereed)
    Abstract [en]

    Autonomous and Semi-autonomous Machines (ASAM) can benefit mining operations. However, demonstrating acceptable levels of safety for ASAMs through exhaustive testing is not an easy task. A promising approach is scenario-based testing, which requires the OperationalDesign Domain (ODD) definition, i.e., environmental, time-of-day, and traffic characteristics. Currently, an ODD specification exists for automated Driving Systems (ADS), but, as it is, such specification is not adequate enough for describing the mine nuances. This paper presents a context-specific ODD taxonomy called ODD-UM, which is suitable for underground mining operational conditions. For this, we consider the taxonomy provided by the British Publicly Available SpecificationPAS 1883:2020. Then, we identify attributes included in the standard ISO 17757:2019 for ASAM safety and use them to adapt the original odd to the needs of underground mining. Finally, the adapted taxonomy is presented as a checklist, and items are selected according to the data provided by the underground mining sector. Our proposed ODDUM provides a baseline that facilitates considering the actual needs for autonomy in mines by leading to focused questions.

  • 20. Castellanos Ardila, Julieth Patricia
    et al.
    Punnekkat, Sasikumar
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Hansson, Hans
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Backeman, Peter
    Mälardalen University, School of Innovation, Design and Engineering, Innovation and Product Realisation.
    Safety Argumentation for Machinery Assembly Control Software2024In: Lecture Notes in Computer Science, Vol. 14988, Springer Science and Business Media Deutschland GmbH , 2024, p. 251-266Conference paper (Refereed)
    Abstract [en]

    Assemblies of machinery commonly require control systems whose functionality is based on application software. In Europe, such software requires high safety integrity levels in accordance with the Machinery Directive (MD). However, identifying the essential regulatory requirements for the safety approval is not an easy task. To facilitate this job, this paper presents a process for Safety Argumentation for Machinery Assembly Control Software (SAMACS). We are inspired by patterns provided in the Goal Structuring Notation (GSN) and the use of contracts in safety argumentation. SAMACS contribution is aligning those methods with the MD by adopting EN ISO 13849. In particular, we define safety goals based on expected software contribution to control system safety and the standard guidance. Software safety goals are detailed into software safety requirements and expressed further as contracts, which shall be verified with prescribed techniques. We apply SAMACS to a case study from a European mining company and discuss the findings. This work aims at helping practitioners compose the safety case argumentation necessary to support machinery integration approval in Europe. 

  • 21. Castellanos Ardila, Julieth Patricia
    et al.
    Punnekkat, Sasikumar
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Hansson, Hans
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Grante, C.
    Combitech AB, Sweden.
    Arguing Operational Safety for Mixed Traffic in Underground Mining2023In: 2023 18th Annual System of Systems Engineering Conference, SoSe 2023, Institute of Electrical and Electronics Engineers Inc. , 2023Conference paper (Refereed)
    Abstract [en]

    Practitioners report improved productivity as one of the main benefits of using autonomous dump trucks in underground mining. However, manned vehicles are still needed to transport materials and personnel in the tunnels, which requires practices that may diminish autonomy benefits. Thus, both fleets shall be efficiently mixed to maximize the autonomy potential. In addition, sufficient safety shall be demonstrated for operations approval. This paper proposes a strategy to populate a GSN (Goal Structuring Notation) structure to argue for the sufficient safety of mixed traffic operations in underground mining. Our strategy considers SoS (System of Systems) concepts to describe the operations baseline and the initial argumentation line, i.e., risk reduction mitigation strategies for existing SoS components. Such a strategy is further detailed with risk reduction mitigation arguments for control systems. Mitigation strategies at both levels are derived from safety analysis supported by STPA (System-Theoretic Process Analysis), a safety analysis technique that aligns well with the SoS perspective. We also incorporate regulatory frameworks addressing machinery to align the arguments with mandatory statements of the machinery directive. Our strategy combines SoS concepts with analysis techniques and regulatory frameworks to facilitate safety case argumentation for operations approval in the European mining context. 

  • 22.
    Gallina, Barbara
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Castellanos Ardila, Julieth Patricia
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Nyberg, Mattias
    Scania.
    Towards Shaping ISO 26262-compliant Resources for OSLC-based Safety Case Creation2016In: 4th International Workshop on Critical Automotive Applications: Robustness & Safety CARS-2016, Göteborg, Sweden, 2016Conference paper (Refereed)
    Abstract [en]

    Traceable documentation management represents a mandatory activity according to ISO 26262. This activity is also essential for the creation of an ISO 26262-compliant safety case, which is defined as a compilation of work products. OSLC represents a promising integration framework for enabling tool interoperability and thus seamless traceability and documentation management, including safety case creation and management. In this paper, we present a step related to our work aimed at offering an OSLC-based infrastructure enabling the automatic generation of safety case fragments. Our step consists of the identification, representation and shaping of resources needed to create the safety case. Finally, conclusion and perspectives for future work are also drawn.ISO 26262,

  • 23.
    Gallina, Barbara
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Pulla, Aleksandër
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Bregu, Antonela
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Castellanos Ardila, Julieth Patricia
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Process Compliance Re-Certification Efficiency Enabled by EPF-C ° BVR-T: A Case Study2020In: Quality of Information and Communications Technology, QUATIC 2020, Springer, 2020, p. 211-219Conference paper (Refereed)
    Abstract [en]

    With today’s ever increasing demands on process (re)certification, enabling (re)certification efficiency is paramount. Within the EU AMASS project, we delivered a tool-chain, called, in this paper, EPF-C ° BVR-T, obtained by the integration of EPF Composer (EPF-C) and BVR Tool (BVR-T). This tool-chain supports process engineers in the engineering and compliance demonstration activities as well as variability and change management. The compliance recertification efficiency enabled by the tool-chain has not been evaluated for changes triggered by different jurisdictions, which impose the release of new standards. Thus, to fill this gap, in this case study paper, we focus on the medical domain, precisely on the evolution of the ISO 14971 process for risk analysis and evaluation for medical devices. Based on a set of efficiency-related criteria, we evaluate the recertification efficiency enabled by the change management strategy implemented in the tool-chain.

  • 24.
    Gallina, Barbara
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    UL Muram, Faiz
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Castellanos Ardila, Julieth Patricia
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Compliance of agilized (Software) development processes with safety standards: A vision2018In: ACM International Conference Proceeding Series, Association for Computing Machinery , 2018, article id Article number a14Conference paper (Refereed)
    Abstract [en]

    Hybrid software development, meant as a combination of traditional and agile methods/practices, has become a reality in safety-critical systems engineering. The spreading of hybrid software development stems from the impossibility to face the manyfold challenges via the definition of a process by the book. In this context, compliance management becomes challenging and the role of existing means for compliance should be clarified/rethought. In this position paper, we discuss the challenges and we propose our compliance management vision, which is being implemented in the context of the EU ECSEL AMASS project.

  • 25.
    Govardhan Rao, S. B.
    et al.
    ALSTOM, Västerås, Sweden.
    Castellanos Ardila, Julieth Patricia
    Punnekkat, Sasikumar
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    A Systematic Review of β-factor Models in the Quantification of Common Cause Failures2023In: Proc. - Euromicro Conf. Softw. Eng. Adv. Appl., SEAA, Institute of Electrical and Electronics Engineers Inc. , 2023, p. 262-269Conference paper (Refereed)
    Abstract [en]

    Safety systems, i.e., systems whose malfunction can result in catastrophic consequences, are usually designed with redundancy in mind to reach high levels of reliability. However, Common Cause Failures (CCF), i.e., single failure events affecting multiple components or functions in a system, can threaten the desired reliability. To solve this problem, practitioners must use proven methods, such as those recommended by standards, to support CCF quantification. In particular, the β-factor model has become the de-facto model since the safety standard IEC 61508 considers it. As such standard applies to all industries, practitioners must figure out the industrial-specific implementation procedures. In this paper, we conducted a systematic literature review to understand how the β-factor model has been used in practice. As a result, we found 20 different models, which are industry/project-specific extensions of the first β-factor model proposed for the nuclear sector. We further classified those models by considering how the β-factor is estimated, and the level of redundancy support. Tool support for the models and their industrial use are also outlined. Finally, we present a discussion that covers the implication of our findings. Our study targets practitioners and researchers interested in using current β-factor models or evolving new ones for specific project needs.

  • 26.
    Govardhan Rao, Sirisha Bai
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. Alstom, Västerås, Sweden.
    Castellanos Ardila, Julieth Patricia
    Punnekkat, Sasikumar
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    A Proposal for Enhancing IEC 61508 Methodology for the β-Factor Estimation2024In: Communications in Computer and Information Science, vol. 2179, Springer Science and Business Media Deutschland GmbH , 2024, p. 300-314Conference paper (Refereed)
    Abstract [en]

    The standard IEC 61508 provides a methodology to calculate β, a factor used to estimate the probability of common cause failures (CCF), i.e., failures that result from a single cause. This methodology consists of answering 37 checklist questions, each one providing a scored value that is accumulated in the final β-factor. Those questions cover 8 different defense measures, i.e., practices done to mitigate the CCF against system dependencies. Since the inception of the standard in 2010, there has been evolution regarding both new technologies with an impact on the system dependency factors, as well as new knowledge on how to address them. Hence, it is important to capture these aspects and update the methodology that can be used to reason about CCF’s causes. In this paper, we present an enhanced methodology for estimating the β-factor, which builds upon the core methodology provided by IEC 61508. In particular, we add 33 new questions and provide an estimation method for scoring the β-factor. We also illustrate our methodology by applying it to a realistic system and discuss the findings. Our proposed methodology permits the consideration of aspects not included in the core methodology, such as the level of defense support and safety culture. It also allows practitioners to consider more dependencies, leading to CCF reduction. The rationale is that the more defenses are addressed, the more protection can be achieved against CCF. 

1 - 26 of 26
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf