Abstract
In recent years it has become more and more evident that openness and adaptivity are key characteristics of next-generation distributed systems. The reason for this is not least due to the advent of computing trends like ubiquitous computing, ambient intelligence, and cyber-physical systems, where systems are usually open for dynamic integration and able to react adaptively to changing situations. Despite being open and adaptive, it is a common requirement for such systems to be safe. However, traditional safety assurance techniques, both state-of-the-practice and state-of-the-art ones, are not sufficient in this context. We have recently developed some initial solution concepts based on conditional safety certificates and corresponding runtime analyses. In this article we show how to operationalize these concepts. To this end, we present in detail how to specify conditional safety certificates, how to transform them into suitable runtime models, and how these models finally support dynamic safety evaluations.
- Akers, S. B. 1978. Binary decision diagrams. IEEE Trans. Comput. C-27, 6, 509--516. Google ScholarDigital Library
- Althammer, E., Schoitsch, E., Eriksson, H., and Vinter, J. 2009. The decos concept of generic safety cases - A step towards modular certification. In Proceedings of the 35th Euromicro Conference on Software Engineering and Advanced Applications. 537--545. Google ScholarDigital Library
- Avižienis, A., Laprie, J., Randell, B., and Landwehr, C. 2004. Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Depend. Secur. Comput. 1, 11--33. Google ScholarDigital Library
- Bell, M. 2008. Introduction to service-oriented modeling. In Service-Oriented Modeling: Service Analysis, Design, and Architecture, Wiley & Sons.Google Scholar
- Bencomo, N. 2009. On the use of software models during software execution. In Proceedings of the Workshop on Modeling in Software Engineering (MISE’09). Google ScholarDigital Library
- Bryant, R. E. 1986. Graph-based algorithms for boolean function manipulation. IEEE Trans. Comput. C-35, 8, 677--691. Google ScholarDigital Library
- Bryant, R. E. 1995. Binary decision diagrams and beyond: Enabeling techniques for formal verification. In Proceedings of the International Conference on Computer Automated Design. 236--243. Google ScholarDigital Library
- Continua Alliance. http://www.continuaalliance.org/index.html.Google Scholar
- DO-178C. 2012. Software considerations in airborne systems and equipment certification. Radio Technical Commision for Aeronautics (RTCA) SC-205, European Organisation for Civil Aviation Equipment (EUROCAE) WG-12.Google Scholar
- Domis, D. and Trapp, M. 2008. Integrating safety analyses and component-based design. In Proceedings of the 27th International Conference on Computer Safety, Reliability, and Security (SAFECOMP’08). M. D. Harrison and M.-A. Sujan Eds., Lecture Notes in Computer Science, vol. 5219, Springer, 58--71. Google ScholarDigital Library
- Fenelon, P. McDermid, J. A., Nicolson, M., and Pumfrey, D. J. 1994. Towards integrated safety analysis and design. ACM Appl. Comput. Rev. 2, 1, 21--32. Google ScholarDigital Library
- Fenn, J., Hawkins, R., Kelly, T. P., and Williams, P. 2007. Safety case composition using contracts -- Refinements based on feedback from an industrial case study. In Proceedings of the 15th Safety Critical Systems Symposium.Google Scholar
- Floch, J., Hallsteinsen, S., Stav, E., Eliassen, F., Lund, K., and Gjorven, E. 2006. Using architecture models for runtime adaptability. IEEE Softw. 23, 62--70. Google ScholarDigital Library
- Giese, H. and Hirsch, M. 2005. Modular verification of safe online-reconfiguration for proactive components in mechatronic uml. In Proceedings of the MoDELS Conference (Satellite Events). Google ScholarDigital Library
- Goldsby, H. J., Cheng, B. H., and Zhang, J. 2008. AMOEBA-rt: Run-time verification of adaptive software. In Proceedings of the Models in Software Engineering, Workshop and Symposia (MoDELS’07). H. Giese Ed., Lecture Notes in Computer Science, vol. 5002, Springer, 212--224. Google ScholarDigital Library
- Hawkins, R. and McDermid, J. A. 2002. Performing hazard and safety analysis of object oriented systems. In Proceedings of the International System Safety Conference (ISSC’02).Google Scholar
- IEC 61508. 1999. Functional safety of electrical/electronic/programmable electronic safety related systems. International Electrotechnical Commission. http://www.iec.ch/functionalsafety/.Google Scholar
- IEC 62304. 2006. Medical device software -- Software life cycle processes. http://www.iso.org/iso/catalogue_detail.htm?csnumber=3 8421.Google Scholar
- Inverardi, P., Pelliccione, P., and Tivoli, M. 2009. Towards an assume-guarantee theory for adaptable systems. In Proceedings of the ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS’09). 106--115. Google ScholarDigital Library
- ISO26262. 2011. Road vehicles, functional safety part 6: Product development at the software level. http://www.iso.org/iso/catalogue_detail?csnumber=51362.Google Scholar
- Kaiser, B, Liggesmeyer, P., and Mäckel, O. 2004. A new component concept for fault trees. In Proceedings of the Conferences in Research and Practice in Information Technology. Vol. 33, P. Lindsay and T. Cant Eds., Australian Computer Society, 37--46. Google ScholarDigital Library
- Kelly, T. P. 2001. Concepts and principles of compositional safety case construction. COMSA/2001/1/1, Res. rep. commissioned by QinetiQ. http://www-users.cs.york.ac.uk/tpk/CompositionalSafetyCases.pdf.Google Scholar
- Kelly, T. P. and Weaver, R. 2004. The goal structuring notation -- A safety argument notation. In Proceedings of the DSN Workshop on Assurance Cases: Best Practices, Possible Outcomes, and Future Opportunities.Google Scholar
- Lenzini, G., Tokmakoff, A., and Muskens, J. 2007. Managing trustworthiness in component-based embedded systems. Electron. Notes Theor. Comput. Sci. 179, 143--155. Google ScholarDigital Library
- Lisagor, O., McDermid, J. A., and Pumfrey, D. J. 2006. Towards a practicable process for automated safety analysis. In Proceedings of the 24th International System Safety Conference. 596--607.Google Scholar
- Maenad. 2013. Is an FP7 project funded by the European Commission. http://www.maenad.eu.Google Scholar
- MagicDraw. 2013. Homepage: http://www.magicdraw.com/.Google Scholar
- Morin, B., Barais, O., Jezequel, J.-M., Fleurey, F., and Solberg, A. 2009. Models@Run. Time to support dynamic adaptation. IEEE Comput. 42, 10, 44--51. Google ScholarDigital Library
- Muskens, J. and Chaudron, M. 2004. Integrity management in component based systems. In Proceedings of the 30th EUROMICRO Conference (EUROMICRO’04). 611--619. Google ScholarDigital Library
- Papadopoulos, Y. and McDermid, J. 1999. Hierarchically performed hazard origin and propagation studies. In Proceedings of the 18th International Conference on Computer Safety, Reliability and Security. Lecture Notes in Computer Science, vol. 1608, Springer. 139--152. Google ScholarDigital Library
- Peper, C. and Schneider, D. 2008. Component engineering for adaptive ad-hoc systems. In Proceedings of the 30th International Conference on Software Engineering (ICSE’08). SEAMS Workshop. Google ScholarDigital Library
- Rushby, J. 2002. Modular certification. NASA contractor rep. CR-2002-212130, NASA Langley Research Center.Google Scholar
- Rushby J. 2007. Just-in-time certification. In Proceedings of the 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS’07). 15--24. Google ScholarDigital Library
- Rushby, J. 2008. Runtime certification. In Proceedings of the 8th Workshop on Runtime Verification (RV’08). Lecture Notes in Computer Science, vol. 5289, Springer, 21--35. Google ScholarDigital Library
- SAE ARP 4761. 1996. Guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment. Society of Automotive Engineers. http://standards.sae.org/arp4761/.Google Scholar
- Schneider, D. and Trapp, M. 2009. Runtime safety models in open systems of systems. In Proceedings of the 8th IEEE International Conference on Dependable, Autonomic and Secure Computing. 455--460. Google ScholarDigital Library
- Schneider, D. and Trapp, M. 2010. Conditional safety certificates in open systems. In Proceedings of the 1st Workshop on Critical Automotive Applications: Robustness and Safety (CARS’10). ACM Press, New York, 57--60. Google ScholarDigital Library
- Schneider, D. and Trapp, M. 2011. A safety engineering framework for open adaptive systems. In Proceedings of the 5th IEEE International Conference on Self-Adaptive and Self-Organizing Systems. Google ScholarDigital Library
- Schneider, D., Becker, M., and Trapp, M. 2011. Approaching runtime trust assurance in open adaptive systems. In Proceedings of the 6th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS’11). Google ScholarDigital Library
- Shelton, C. P., Koopman, P., and Nace, W. 2003. A framework for scalable analysis and design of system-wide graceful degradation in distributed embedded systems. In Proceedings of the Workshop on Reliability in Embedded Systems.Google Scholar
- Su, R., Chaudron, M. R. V., and Lukkien, J. J. 2007. Adaptive runtime fault management for service instances in component-based software applications. IET Softw. 1, 1, 18--28.Google ScholarCross Ref
- Trapp, M. Adler, R. Förster, M., and Junger, J. 2007. Runtime adaptation in safety-critical automotive systems. In Proceedings of the IASTED International Conference on Software Engineering (SE’07). Google ScholarDigital Library
- Vogel, T. and Giese, H. 2010. Adaptation and abstract runtime models. In Proceedings of the ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS’10). ACM Press, New York, 39--48. Google ScholarDigital Library
Index Terms
- Conditional Safety Certification of Open Adaptive Systems
Recommendations
Conditional safety certificates in open systems
CARS '10: Proceedings of the 1st Workshop on Critical Automotive applications: Robustness & SafetyIn the wake of current computing trends like Ubiquitous Computing, Ambient Intelligence and Cyber Physical Systems, new application domains like Car2Car emerged. One key characteristic of these new application domains is their openness with respect to ...
Approaching runtime trust assurance in open adaptive systems
SEAMS '11: Proceedings of the 6th International Symposium on Software Engineering for Adaptive and Self-Managing SystemsIn recent years it has become more and more evident that the ability of systems to adapt themselves is an increasingly important requirement. This is not least driven by emerging computing trends like Ubiquitous Computing, Ambient Intelligence, and ...
A Safety Engineering Framework for Open Adaptive Systems
SASO '11: Proceedings of the 2011 IEEE Fifth International Conference on Self-Adaptive and Self-Organizing SystemsIn recent years it has become more and more evident that openness and adaptivity are key characteristics of next generation distributed systems. The reason for that is not least the advent of computing trends like Ubiquitous Computing, Ambient ...
Comments