The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Railway systems are also dependable systems and, considering their importance, it is vital to assure the application of adequate design techniques. So, this work presents a RAMS (Reliability, Availability, Maintainability and Safety) extension for CMMI SE-SW version 1.1 "Capability Maturity Model® Integration" developed by SEI (Software Engineering Institute), based on CENELEC 50126, 50128...
Emergency/Process ShutDown systems (ESD/PSD) involve large numbers of signals, span many process units and have strict compliance requirements. These factors increase the burden of engineering, operation and reporting, and drive the search for techniques such as Cause & Effect Matrix (CEM). By showing input signals as matrix rows and outputs as columns, CEM provides an intuitive view of shutdown...
In the paper, we present a methodology developed in order to verify probabilistic temporal properties related to dependability of real-time systems. The methodology is made of three essential steps. The first one is a UML profile called DAMRTS (Dependability Analysis Models for Real-Time Systems) designed using GME tool. The aim is to model a real-time system with qualitative and quantitative information...
A ‘system of systems’ (SoS) comprises many other systems operating collectively with a shared purpose. Individual system autonomy can give rise to unpredictable, and potentially undesirable, emergent behaviour. A policy is a set of rules that bounds the behaviours of entities. Policy can be expressed at various levels of abstraction. By building on existing goal-based decomposition approaches this...
Event trees are a popular technique for modelling accidents in system safety analyses. Bayesian networks are a probabilistic modelling technique representing influences between uncertain variables. Although popular in expert systems, Bayesian networks are not used widely for safety. Using a train derailment case study, we show how an event tree can be viewed as a Bayesian network, making it clearer...
As programmable logic controllers(PLCs) have been used in safety-critical applications, testing of PLC applications has become important. The previous PLC-based software testing technique generates intermediate code, such as C, from function block diagram(FBD) networks and uses the intermediate code for testing purposes. In this paper, we propose a direct testing technique on FBD without generating...
Systematic validation and verification of safety-critical software is of crucial importance. A key precaution is intensive testing at several levels, from the entire system down to individual functional elements, the latter often carried out as unit testing. This paper presents results from a unit test performed on a C++ package from a testbed of a safety critical application at the ARC Seibersdorf...
We show how the Murϕmodel checker can be used to automatically carry out safety analysis of a quite complex hybrid system tele-controlling vehicles traffic inside a safety critical transport infrastructure such as a long bridge or a tunnel. We present the Murϕ model we developed towards this end as well as the experimental results we obtained by running the Murϕ verifier on our model. Our experimental...
We present a formal method based on graph rewriting systems for the specifications and the proofs of fault-tolerant distributed algorithms. Our method deals with crash failures. In a crash failure system the process can fail by crashing, i.e. by permanently halting. The faulty processes are the processes contaminated by the crashes. The methodology is formalized in two phases. In the first phase,...
Safety analysis techniques have traditionally been performed manually by the safety engineers. Since these analyses are based on an informal model of the system, it is unlikely that these analyses will be complete, consistent, and error-free. Using precise formal models of the system as the basis of the analysis may help reduce errors and provide a more thorough analysis. Further, these models allow...
‘Safety Critical Artificial Neural Networks’ (SCANNs) have been previously defined to perform nonlinear function approximation and learning. SCANN exploits safety constraints to ensure identified failure modes are mitigated for highly-dependable roles. It represents both qualitative and quantitative knowledge using fuzzy rules and is described as a ‘hybrid’ neural network. The ‘Safety Lifecycle for...
Run-time checks are often assumed to be a cost-effective way of improving the dependability of software components, by checking required properties of their outputs and flagging an output as incorrect if it fails the check. However, evaluating how effective they are going to be in a future application is difficult, since the effectiveness of a check depends on the unknown faults of the program to...
This paper investigates the feasibility of emulating source code software faults directly in Java byte code. Experimental results show that software defects introduced in source code can be emulated in Java byte code with a high level of confidence. This makes it possible to validate the dependability of Java programs with respect to realistic software defects embedded within the COTS components used...
This paper looks into some aspects of using Bayesian hypothesis testing to find upper bounds for software failure probabilities, which consider prior information regarding the software component in addition to testing. The paper shows how different choices of prior probability distributions for a software component’s failure probability influence the number of tests required to obtain adequate confidence...
This paper describes the results of a research study sponsored by the UK nuclear industry into methods of justifying smart sensors. Smart sensors are increasingly being used in the nuclear industry; they have potential benefits such as greater accuracy and better noise filtering, and in many cases their analogue counterparts are no longer manufactured. However, smart sensors (as it is the case for...
In order realistically and cost-effectively to realize the ATM (Air Traffic Management) 2000+ Strategy, systems from different suppliers will be interconnected to form a complete functional and operational environment, covering ground segments and aerospace. Industry will be involved as early as possible in the lifecycle of ATM projects. EUROCONTROL manages the processes that involve the definition...
When the safety community designs their systems to also maintain security properties, it is likely that public-key encryption will be among the tools that are applied. The security guarantees of this technology are based on a particular model of computation. We present the properties of this model that are relevant in the setting of distributed systems. Of particular importance is that the...
The verification of end-to-end response time for distributed hard real-time systems is quite necessary for safety-critical applications. Although current time analysis techniques can precisely analyze the response time, the performance is not quite satisfying, especially for large size distributed systems. This paper presents a novel end-to-end worst-case response time analysis approach for hard real-time...
This paper addresses the problems appearing in component-based development of safety-critical systems. We aim at efficient reasoning about safety at system level while adding or replacing components. For safety-related reasoning it does not suffice to consider functioning components in their ”intended” environments but also the behaviour of components in presence of single or multiple faults. ...
The architectural concept of a safety-related programmable electronic system featuring task-oriented real-time execution is presented. Its most essential characteristics are task execution without the use of asynchronous interrupts, scheduling in direct reference to Universal Time Co-ordinated, and an integrative hardware approach to detection and processing of failures, forward recovery and non-intrusive...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.