New models of safety-critical systems are built here. In these systems, when components fail, different defect states have different effects, hence need different ways to measure. In the models, there are two kinds of...New models of safety-critical systems are built here. In these systems, when components fail, different defect states have different effects, hence need different ways to measure. In the models, there are two kinds of failure modes of the components: one could be called failed-safe, and the other may be named failed- dangerous In practice, the so-called failed-dangerous components may lead a system to peril. However, failed-safe components will not. Reliability and safety issues are analyzed using Ion-Channel modeling theory to get count of repairs and time duration before the system becomes dangerous. In the closing section a numerical example is presented to illustrate the results obtained in the paper.展开更多
Safety-critical system (SCS) has highly demand for dependability, which requires plenty of resource to ensure that the system under test (SUT) satisfies the dependability requirement. In this paper, a new SCS rapi...Safety-critical system (SCS) has highly demand for dependability, which requires plenty of resource to ensure that the system under test (SUT) satisfies the dependability requirement. In this paper, a new SCS rapid testing method is proposed to improve SCS adaptive dependability testing. The result of each test execution is saved in calculation memory unit and evaluated as an algorithm model. Then the least quantity of scenario test case for next test execution will be calculated according to the promised SUT's confidence level. The feedback data are generated to weight controller as the guideline for the further testing. Finally, a compre- hensive experiment study demonstrates that this adaptive testing method can really work in practice. This rapid testing method, testing result statistics-based adaptive control, makes the SCS dependability testing much more effective.展开更多
As Vehicle Ad Hoc Networks (VANETs) is part of the applications of the Internet of Things (IoT), and Vehicles in VANETs periodically broadcast the beacon message for status advertisement to provide public safety, the ...As Vehicle Ad Hoc Networks (VANETs) is part of the applications of the Internet of Things (IoT), and Vehicles in VANETs periodically broadcast the beacon message for status advertisement to provide public safety, the impacts of the network parameters on the reliability of broadcast messages are investigated and discussed; meanwhile, a cross-layer safety-critical broadcast service architecture is proposed to obtain an optimized set of packet loss rate and delay based on the Neural Networks (NN) and Back Propagation (BP) algorithm to dynamically adjust the transmission rate-power pairs. Simulation results illustrate that the proposed mechanism can effectively improve the reliability performance while maintaining the fairness among vehicles.展开更多
Design Patterns, which give abstract solutions to commonly recurring design problems, have been widely used in the software and hardware domain. As non-functional requirements are an important aspect in the design of ...Design Patterns, which give abstract solutions to commonly recurring design problems, have been widely used in the software and hardware domain. As non-functional requirements are an important aspect in the design of safety-critical embedded systems, this work focuses on the integration of non-functional implications in an existing design pattern concept. We propose a pattern representation for safety-critical embedded application design methods by including fields for the implications and side effects of the represented design pattern on the non-functional requirements of the overall systems. The considered requirements include safety, reliability, modifiability, cost, and execution time.展开更多
Aviation electronics (avionics) are sophisticated and distributed systems aboard an airplane. The complexity of these systems is constantly growing as an increasing amount of functionalities is realized in software. T...Aviation electronics (avionics) are sophisticated and distributed systems aboard an airplane. The complexity of these systems is constantly growing as an increasing amount of functionalities is realized in software. Thanks to the performance increase, a hardware unit must no longer be dedicated to a single system function. Multicore processors for example facilitate this trend as they are offering an increased system performance in a small power envelope. In avionics, several system functions could now be integrated on a single hardware unit, if all safety requirements are still satisfied. This approach allows for further optimizations of the system architecture and substantial reductions of the space, weight and power (SWaP) footprint, and thus increases the transportation capacity. However, the complexity found in current safety-critical systems requires an automated software deployment process in order to tap this potential for further SWaP reductions. This article used a realistic flight control system as an example to present a new model-based methodology to automate the software deployment process. This methodology is based on the correctness-by-construction principle and is implemented as part of a systems engineering toolset. Furthermore, metrics and optimization criteria are presented which further help in the automatic assessment and refinement of a generated deployment. A discussion regarding a tighter integration of this approach in the entire avionics systems engineering workflow concludes this article.展开更多
The tragic nature of safety-critical software failure’s consequences makes high quality and extreme reliability requirements in such types of software of paramount importance. Far too many accidents have been caused ...The tragic nature of safety-critical software failure’s consequences makes high quality and extreme reliability requirements in such types of software of paramount importance. Far too many accidents have been caused by software failure error or where such failure/error was part of the problem. Safety-critical software is widely applied in diverse areas, ranging from medical equipment to airborne systems. Currently, the trend in the use of safety-critical software in the aerospace industry is mostly concentrated on avionic systems. While standards for certification and development of safety-critical software have been developed by authorities and the industry, very little research has been done to address safety-critical software quality. In this paper, we study safety-critical software embedded in airborne systems. We propose a lifecycle specially modeled for the development of safety-critical software in compliance with the DO-178B standard and a software quality assurance (SQA) model based on a set of four acceptance criteria that builds quality into safety-critical software throughout its development.展开更多
Since entering the era of Industry 4.0,the concept of Healthcare 4.0 has also been put forward and explored by researchers.How to use Information Technology(IT)to better serve people’s healthcare is one of the most f...Since entering the era of Industry 4.0,the concept of Healthcare 4.0 has also been put forward and explored by researchers.How to use Information Technology(IT)to better serve people’s healthcare is one of the most featured emerging directions in the academic circle.An important field of Healthcare 4.0 research is the reliability engineering of healthcare service.Because healthcare systems often affect the health and even life of their users,developers must be very cautious in the design,development,and operation of these healthcare systems and services.The problems to be solved include the reliability of business process,system functions,and personal healthcare data.The Functional Resonance Analysis Method(FRAM)has been applied in reliability engineering for safety-critical systems in available studies,using both qualitative and quantitative approaches.However,the method has not been applied in the field of digital healthcare services development.Therefore,to narrow the gap,we present in this paper a semi-quantitative functional resonance analysis method to develop reliable healthcare services for diabetics.Moreover,this paper has tried to improve the reliability design of the service-oriented architecture(SOA)of traditional insulin pump therapy by system thinking.展开更多
As the ASIC design cost becomes affordable only for very large-scale productions, the FPGA technology is currently becoming the leading technology for those applications that require a small-scale production. FPGAs ca...As the ASIC design cost becomes affordable only for very large-scale productions, the FPGA technology is currently becoming the leading technology for those applications that require a small-scale production. FPGAs can be considered as a technology crossing between hardware and software. Only a small-number of standards for the design of safety-critical systems give guidelines and recommendations that take the peculiarities of the FPGA technology into consideration. The main contribution of this paper is an overview of the existing design standards that regulate the design and verification of FPCA-based systems in safety-critical application fields. Moreover, the paper proposes a survey of significant published research proposals and existing industrial guidelines about the topic, and collects and reports about some lessons learned from industrial and research projects involving the use of FPGA devices.展开更多
This paper presents learning-enabled barriercertified safe controllers for systems that operate in a shared environment for which multiple systems with uncertain dynamics and behaviors interact.That is,safety constrai...This paper presents learning-enabled barriercertified safe controllers for systems that operate in a shared environment for which multiple systems with uncertain dynamics and behaviors interact.That is,safety constraints are imposed by not only the ego system’s own physical limitations but also other systems operating nearby.Since the model of the external agent is required to impose control barrier functions(CBFs)as safety constraints,a safety-aware loss function is defined and minimized to learn the uncertain and unknown behavior of external agents.More specifically,the loss function is defined based on barrier function error,instead of the system model error,and is minimized for both current samples as well as past samples stored in the memory to assure a fast and generalizable learning algorithm for approximating the safe set.The proposed model learning and CBF are then integrated together to form a learning-enabled zeroing CBF(L-ZCBF),which employs the approximated trajectory information of the external agents provided by the learned model but shrinks the safety boundary in case of an imminent safety violation using instantaneous sensory observations.It is shown that the proposed L-ZCBF assures the safety guarantees during learning and even in the face of inaccurate or simplified approximation of external agents,which is crucial in safety-critical applications in highly interactive environments.The efficacy of the proposed method is examined in a simulation of safe maneuver control of a vehicle in an urban area.展开更多
A new hierarchical software architecture is proposed to improve the safety and reliability of a safetycritical drone system from the perspective of its source code. The proposed architecture uses formal verification m...A new hierarchical software architecture is proposed to improve the safety and reliability of a safetycritical drone system from the perspective of its source code. The proposed architecture uses formal verification methods to ensure that the implementation of each module satisfies its expected design specification, so that it prevents a drone from crashing due to unexpected software failures. This study builds on top of a formally verified operating system kernel, certified kit operating system(CertiKOS). Since device drivers are considered the most important parts affecting the safety of the drone system, we focus mainly on verifying bus drivers such as the serial peripheral interface and the inter-integrated circuit drivers in a drone system using a rigorous formal verification method. Experiments have been carried out to demonstrate the improvement in reliability in case of device anomalies.展开更多
In this paper we report on a work in progress assessing the faults observed and reported in a distributed, safety-critical, largely embedded system with both electrical and mechanical components. We illustrate why sta...In this paper we report on a work in progress assessing the faults observed and reported in a distributed, safety-critical, largely embedded system with both electrical and mechanical components. We illustrate why standard software testing techniques are not sufficient and indicate some of the technical and non-technical problems encountered in examining the faults and the initial results obtained. While the application domain is elevator operation, the techniques described here are general enough to apply to many other domains. Much of the data analyzed here would be considered imprecise in the software industry if it were used in software testing or to help increase fault tolerance. The paper includes a discussion of the use of multiple views of data, assessment of missing data, and analysis of informal information to produce its conclusions about fault avoidance and fault tolerance.展开更多
The security assurance of computer-based systems that rely on safety and security</span><span style="font-family:'Minion Pro Capt','serif';"> </span><span style="fon...The security assurance of computer-based systems that rely on safety and security</span><span style="font-family:'Minion Pro Capt','serif';"> </span><span style="font-family:Verdana;">assurance, such as consistency, durability, efficiency and accessibility, require or need resources. This target</span><span style="font-family:Verdana;">s</span><span style="font-family:Verdana;"> the System-of-Systems (SoS) problems with the exception of difficulties and concerns that apply similarly to subsystem interactions on a single system and system-as-component interactions on a large information</span><span style="font-family:'Minion Pro Capt','serif';"> </span><span style="font-family:Verdana;">system. This research addresses security and information assurance for safety-critical systems, where security and safety </span><span style="font-family:Verdana;">are</span><span style="font-family:Verdana;"> addressed before going to actual implementation/development phase for component-based systems. For this purpose, require a conceptual idea or strategy that deals with the application logic security assurance issues. This may explore the vulnerability in single component or a reuse of specification in existing logic in component-based system. Keeping in view this situation, we have defined seven concepts of security assurance and security assurance design strategy for safety-critical systems.展开更多
Particularly in the early phases of a disaster,logistical decisions are needed to be made quickly and under high pressure for the decision-makers,knowing that their decisions may have direct consequences on the affect...Particularly in the early phases of a disaster,logistical decisions are needed to be made quickly and under high pressure for the decision-makers,knowing that their decisions may have direct consequences on the affected society and all future decisions.Proactive risk reduction may be helpful in providing decision-makers with optimal strategies in advance.However,disasters are characterized by severe uncertainty and complexity,limited knowledge about the causes of the disaster,and continuous change of the situation in unpredicted ways.Following these assumptions,we believe that adequate proactive risk reduction measures are not practical.We propose strengthening the focus on ad hoc decision support to capture information in almost real time and to process information efficiently to reveal uncertainties that had not been previously predicted.Therefore,we present an ad hoc decision support system that uses scenario techniques to capture uncertainty by future developments of a situation and an optimization model to compute promising decision options.By combining these aspects in a dynamic manner and integrating new information continuously,it can be ensured that a decision is always based on the best currently available and processed information.And finally,to identify a robust decision option that is provided as a decision recommendation to the decision-makers,methods of multi-attribute decision making(MADM)are applied.Our approach is illustrated for a facility location decision problem arising in humanitarian relief logistics where the objective is to identify robust locations for tent hospitals to serve injured people in the immediate aftermath of the Haiti Earthquake 2010.展开更多
基金Sponsored by 211 Project of Minzu University of China(021211030312)
文摘New models of safety-critical systems are built here. In these systems, when components fail, different defect states have different effects, hence need different ways to measure. In the models, there are two kinds of failure modes of the components: one could be called failed-safe, and the other may be named failed- dangerous In practice, the so-called failed-dangerous components may lead a system to peril. However, failed-safe components will not. Reliability and safety issues are analyzed using Ion-Channel modeling theory to get count of repairs and time duration before the system becomes dangerous. In the closing section a numerical example is presented to illustrate the results obtained in the paper.
基金the National 863 Program under Grant No. 2006AA01Z173.
文摘Safety-critical system (SCS) has highly demand for dependability, which requires plenty of resource to ensure that the system under test (SUT) satisfies the dependability requirement. In this paper, a new SCS rapid testing method is proposed to improve SCS adaptive dependability testing. The result of each test execution is saved in calculation memory unit and evaluated as an algorithm model. Then the least quantity of scenario test case for next test execution will be calculated according to the promised SUT's confidence level. The feedback data are generated to weight controller as the guideline for the further testing. Finally, a compre- hensive experiment study demonstrates that this adaptive testing method can really work in practice. This rapid testing method, testing result statistics-based adaptive control, makes the SCS dependability testing much more effective.
基金supported by the 111 Project under Grant No.B08004the major project of Ministry of Industry and Information Technology of the People's Republic of China under Grant No.2010ZX03002-006China Fundamental Research Funds for the Central Universities
文摘As Vehicle Ad Hoc Networks (VANETs) is part of the applications of the Internet of Things (IoT), and Vehicles in VANETs periodically broadcast the beacon message for status advertisement to provide public safety, the impacts of the network parameters on the reliability of broadcast messages are investigated and discussed; meanwhile, a cross-layer safety-critical broadcast service architecture is proposed to obtain an optimized set of packet loss rate and delay based on the Neural Networks (NN) and Back Propagation (BP) algorithm to dynamically adjust the transmission rate-power pairs. Simulation results illustrate that the proposed mechanism can effectively improve the reliability performance while maintaining the fairness among vehicles.
文摘Design Patterns, which give abstract solutions to commonly recurring design problems, have been widely used in the software and hardware domain. As non-functional requirements are an important aspect in the design of safety-critical embedded systems, this work focuses on the integration of non-functional implications in an existing design pattern concept. We propose a pattern representation for safety-critical embedded application design methods by including fields for the implications and side effects of the represented design pattern on the non-functional requirements of the overall systems. The considered requirements include safety, reliability, modifiability, cost, and execution time.
文摘Aviation electronics (avionics) are sophisticated and distributed systems aboard an airplane. The complexity of these systems is constantly growing as an increasing amount of functionalities is realized in software. Thanks to the performance increase, a hardware unit must no longer be dedicated to a single system function. Multicore processors for example facilitate this trend as they are offering an increased system performance in a small power envelope. In avionics, several system functions could now be integrated on a single hardware unit, if all safety requirements are still satisfied. This approach allows for further optimizations of the system architecture and substantial reductions of the space, weight and power (SWaP) footprint, and thus increases the transportation capacity. However, the complexity found in current safety-critical systems requires an automated software deployment process in order to tap this potential for further SWaP reductions. This article used a realistic flight control system as an example to present a new model-based methodology to automate the software deployment process. This methodology is based on the correctness-by-construction principle and is implemented as part of a systems engineering toolset. Furthermore, metrics and optimization criteria are presented which further help in the automatic assessment and refinement of a generated deployment. A discussion regarding a tighter integration of this approach in the entire avionics systems engineering workflow concludes this article.
文摘The tragic nature of safety-critical software failure’s consequences makes high quality and extreme reliability requirements in such types of software of paramount importance. Far too many accidents have been caused by software failure error or where such failure/error was part of the problem. Safety-critical software is widely applied in diverse areas, ranging from medical equipment to airborne systems. Currently, the trend in the use of safety-critical software in the aerospace industry is mostly concentrated on avionic systems. While standards for certification and development of safety-critical software have been developed by authorities and the industry, very little research has been done to address safety-critical software quality. In this paper, we study safety-critical software embedded in airborne systems. We propose a lifecycle specially modeled for the development of safety-critical software in compliance with the DO-178B standard and a software quality assurance (SQA) model based on a set of four acceptance criteria that builds quality into safety-critical software throughout its development.
文摘Since entering the era of Industry 4.0,the concept of Healthcare 4.0 has also been put forward and explored by researchers.How to use Information Technology(IT)to better serve people’s healthcare is one of the most featured emerging directions in the academic circle.An important field of Healthcare 4.0 research is the reliability engineering of healthcare service.Because healthcare systems often affect the health and even life of their users,developers must be very cautious in the design,development,and operation of these healthcare systems and services.The problems to be solved include the reliability of business process,system functions,and personal healthcare data.The Functional Resonance Analysis Method(FRAM)has been applied in reliability engineering for safety-critical systems in available studies,using both qualitative and quantitative approaches.However,the method has not been applied in the field of digital healthcare services development.Therefore,to narrow the gap,we present in this paper a semi-quantitative functional resonance analysis method to develop reliable healthcare services for diabetics.Moreover,this paper has tried to improve the reliability design of the service-oriented architecture(SOA)of traditional insulin pump therapy by system thinking.
文摘As the ASIC design cost becomes affordable only for very large-scale productions, the FPGA technology is currently becoming the leading technology for those applications that require a small-scale production. FPGAs can be considered as a technology crossing between hardware and software. Only a small-number of standards for the design of safety-critical systems give guidelines and recommendations that take the peculiarities of the FPGA technology into consideration. The main contribution of this paper is an overview of the existing design standards that regulate the design and verification of FPCA-based systems in safety-critical application fields. Moreover, the paper proposes a survey of significant published research proposals and existing industrial guidelines about the topic, and collects and reports about some lessons learned from industrial and research projects involving the use of FPGA devices.
文摘This paper presents learning-enabled barriercertified safe controllers for systems that operate in a shared environment for which multiple systems with uncertain dynamics and behaviors interact.That is,safety constraints are imposed by not only the ego system’s own physical limitations but also other systems operating nearby.Since the model of the external agent is required to impose control barrier functions(CBFs)as safety constraints,a safety-aware loss function is defined and minimized to learn the uncertain and unknown behavior of external agents.More specifically,the loss function is defined based on barrier function error,instead of the system model error,and is minimized for both current samples as well as past samples stored in the memory to assure a fast and generalizable learning algorithm for approximating the safe set.The proposed model learning and CBF are then integrated together to form a learning-enabled zeroing CBF(L-ZCBF),which employs the approximated trajectory information of the external agents provided by the learned model but shrinks the safety boundary in case of an imminent safety violation using instantaneous sensory observations.It is shown that the proposed L-ZCBF assures the safety guarantees during learning and even in the face of inaccurate or simplified approximation of external agents,which is crucial in safety-critical applications in highly interactive environments.The efficacy of the proposed method is examined in a simulation of safe maneuver control of a vehicle in an urban area.
基金Project supported by the National Natural Science Foundation of China(No.91648012)Shenzhen Science,Technology,and Innovation Comission,China(No.JCYJ20160401100022706)
文摘A new hierarchical software architecture is proposed to improve the safety and reliability of a safetycritical drone system from the perspective of its source code. The proposed architecture uses formal verification methods to ensure that the implementation of each module satisfies its expected design specification, so that it prevents a drone from crashing due to unexpected software failures. This study builds on top of a formally verified operating system kernel, certified kit operating system(CertiKOS). Since device drivers are considered the most important parts affecting the safety of the drone system, we focus mainly on verifying bus drivers such as the serial peripheral interface and the inter-integrated circuit drivers in a drone system using a rigorous formal verification method. Experiments have been carried out to demonstrate the improvement in reliability in case of device anomalies.
文摘In this paper we report on a work in progress assessing the faults observed and reported in a distributed, safety-critical, largely embedded system with both electrical and mechanical components. We illustrate why standard software testing techniques are not sufficient and indicate some of the technical and non-technical problems encountered in examining the faults and the initial results obtained. While the application domain is elevator operation, the techniques described here are general enough to apply to many other domains. Much of the data analyzed here would be considered imprecise in the software industry if it were used in software testing or to help increase fault tolerance. The paper includes a discussion of the use of multiple views of data, assessment of missing data, and analysis of informal information to produce its conclusions about fault avoidance and fault tolerance.
文摘The security assurance of computer-based systems that rely on safety and security</span><span style="font-family:'Minion Pro Capt','serif';"> </span><span style="font-family:Verdana;">assurance, such as consistency, durability, efficiency and accessibility, require or need resources. This target</span><span style="font-family:Verdana;">s</span><span style="font-family:Verdana;"> the System-of-Systems (SoS) problems with the exception of difficulties and concerns that apply similarly to subsystem interactions on a single system and system-as-component interactions on a large information</span><span style="font-family:'Minion Pro Capt','serif';"> </span><span style="font-family:Verdana;">system. This research addresses security and information assurance for safety-critical systems, where security and safety </span><span style="font-family:Verdana;">are</span><span style="font-family:Verdana;"> addressed before going to actual implementation/development phase for component-based systems. For this purpose, require a conceptual idea or strategy that deals with the application logic security assurance issues. This may explore the vulnerability in single component or a reuse of specification in existing logic in component-based system. Keeping in view this situation, we have defined seven concepts of security assurance and security assurance design strategy for safety-critical systems.
基金We would like to thank the German Federal Ministry ofEducation and Research (BMBF) for financial supportfor this work within the project SEAK.
文摘Particularly in the early phases of a disaster,logistical decisions are needed to be made quickly and under high pressure for the decision-makers,knowing that their decisions may have direct consequences on the affected society and all future decisions.Proactive risk reduction may be helpful in providing decision-makers with optimal strategies in advance.However,disasters are characterized by severe uncertainty and complexity,limited knowledge about the causes of the disaster,and continuous change of the situation in unpredicted ways.Following these assumptions,we believe that adequate proactive risk reduction measures are not practical.We propose strengthening the focus on ad hoc decision support to capture information in almost real time and to process information efficiently to reveal uncertainties that had not been previously predicted.Therefore,we present an ad hoc decision support system that uses scenario techniques to capture uncertainty by future developments of a situation and an optimization model to compute promising decision options.By combining these aspects in a dynamic manner and integrating new information continuously,it can be ensured that a decision is always based on the best currently available and processed information.And finally,to identify a robust decision option that is provided as a decision recommendation to the decision-makers,methods of multi-attribute decision making(MADM)are applied.Our approach is illustrated for a facility location decision problem arising in humanitarian relief logistics where the objective is to identify robust locations for tent hospitals to serve injured people in the immediate aftermath of the Haiti Earthquake 2010.