Gihwon Kwon

Rewrite rules and operational semantics for model checking UML statecharts

Model checking of UML statecharts is the main concern of this paper. To model check it, however, its description has to be translated into the input language of the model checker SMV. For the purpose of translating UML statecharts as closely as possible into SMV, we use rewrite rules and its operational semantics.

Verification of UML-Based security policy model

Since the security policy model plays an important role in any secure information system, its specification has been studied extensively. In particular, UML-based specification has widely used because of its visual characteristics. Although visual specifications are good to write, they are difficult to verify whether some desired properties are hold in a given specification. This paper shows our techniques to verify UML-based specification with a running example.

A Case Study of Hierarchical Safety Analysis for Eliciting Traceable Safety Requirements

In this paper, we present the hierarchical safety analysis for eliciting traceable safety requirements. The proposed technique was used to the case study of railway system as an example. In this work, FMEA and HAZOP analysis are used as safety analysis technique in order to illustrate hierarchical safety analysis showing traceability.

Formal Verification for Inter-Partitions Communication of RTOS Supporting IMA

The IMA (Integrated Modular Avionics) architecture is widely used to support multi avionics applications and execute those applications independently. It is important to ensure the fault containment and ease of verification and certification in IMA. However during the inter-partitions communication, because it is performed by copying a message between kernel memory areas, it is possible to break the wall to prevent any partitioned function from causing a failure in another partitioned function. In this paper, we show the possibility of the error propagation in the IMA and verify the properties in the inter-partition communication module of Qplus-653 kernel.

Formalization of f FSM model and its verification

PeaCE(Ptolemy extension as a Codesign Environment) was developed for the hardware and software codesign framework which allows us to express both data flow and control flow. The fFSM is a model for describing the control flow aspects in PeaCE, but it has difficulties in verifying their specifications due to lack of their formality. Thus we propose the formal semantics of the model based on its execution steps. To verify an fFSM model, it is translated into SMV input language with properties to be checked, automatically. As a result, some important bugs such as race condition, ambiguous transition, and circular transition can be formally detected in the model.

Abstraction of Models with State Projections In Model Checking

Although model checking has gained its popularity as one of the most effective approaches to the formal verification, it has to deal with the state explosion problem to be widely used in industry. In order to mitigate the problem, this paper proposes an ion technique to obtain a reduced model M′ from a given original model M. Our technique Identifies the set of necessary variables for model checking and projects the state space onto them. The model M′ is smaller in both size and behavior than the original model M, written M′≤M. Since the result of reachability analysis with M′ is preserved in M, we can do reachability analysis with model checking using M′ instead of M. The abstraction technique is applied to Push Push games, and two model checkers - Cadence SMV and NuSMV - are used to solve the games. As a result, most of unsolved games with the usual model checking are solved with the ion technique. In addition, ion shows that there is much of time and space improvement. With Cadence SMV, there is 87% time improvement and 79% space one. And there is 83% time improvement and 56% space one with NuSMV

Reliability and Control Theory: An Integration Approach for Safety Analysis

This paper presents an integrated safety analysis methodology for safety critical systems. In first approach, known as evolutionary safety analysis, we describe system failure models through hierarchical system structure including different safety analysis techniques like Preliminary hazard analysis (PHA), Hazard and operability study (HAZOP), Fault tree analysis (FTA) and Failure mode and effect analysis (FMEA). In second approach, known as revolutionary safety analysis, we combine the results from the first approach for a systematic analysis of scenario based safety control. So far, these two-methodologies seen as two different competing paradigms and have been used separately one for the reliability theory and another for the system and control theory. In this paper, we describe their interrelations and how they can be bridged together for high level of safety. We exemplify our integrated methodology to the development of Green Line Metro System and evaluated the automation via formal verification techniques.

Comparing the Effectiveness of SFMEA and STPA in Software-Intensive Railway Level Crossing System

The complexity of software-intensive systems is a challenge for software developers in choosing the optimal method from hundreds safety analysis methods. This paper proposed a comparison between two common safety analysis techniques: Software Failure Mode and Effect Analysis (SFMEA) and System Theoretic Process Analysis (STPA). The comparison is based on the results of both methods applied in one case study: Level Crossing system. The comparison results are useful for safety analysts in choosing appropriate techniques.

Failure Analysis in Safety Critical Systems Using Failure State Machine

In this paper, failure analysis of a railway level crossing system is studied using failure state machine. It was previously perceived that formal verification of safety critical system is possible using model checking and safety analysis technique [1]. Thus, in this study, we introduce some failure case study in previous approach [1] and failure analysis is accessed using the model checking counterexample. From the counterexample, we have proposed failure state machine for the failure analysis. From the findings, the need for design improvement is recommended.

An Extended Hierarchical Safety Analysis for Software-Intensive System

Generally, safety analysis is difficult to apply to software that has the characteristic of resulting the wrong system behavior, not as a failure. So many researches continue to relate software safety analysis. This paper presents an extended hierarchical safety analysis method for software-intensive system which combines hierarchical safety analysis and software safety analysis. Failure mode and effect analysis (FMEA), Hazard and operability study (HAZOP) along with Software FMEA (SWFMEA) were applied to perform the safety analysis of model railway system.