Janusz Górski

Failure Mode and Effect Analysis for Safety-Critical Systems with Software Components

One of possible ways to achieve a very high level of confidence in a system is to develop its adequate model and then to analyse the properties of this model. The paper presents how object oriented modelling extended with formal specifications is used to support FMEA of software intensive systems. The paper refers to the case study of a computerised railway signalling system.

Extending Safety Analysis Techniques with Formal Semantics

Among the causes of many of the problems with safety analysis are impreciseness and ambiguity of the output data delivered by the safety analysis techniques and the resulting difficulties with interpretation of those data. An approach which can be undertaken to mitigate this problem is by providing the safety analysis techniques with more formal semantics. This paper aims to investigate this approach in more detail. First we give an overview of present practices during safety analysis. Then some problems with interpretation of the output from the presented methods are identified. This leads to the motivation to resolve ambiguities by adding more formality to the considered methods. The benefits of such approach are demonstrated by applying the formalism to some examples.

Formal Support for Fault Modelling and Analysis

The paper presents how CSP and the associated tool FDR are used to support FMEA of a software intensive system. The paper explains the basic steps of our approach (formal specification, systematic fault identification, fault injection experiments and follow-up) and gives some results related to the application of this method to the industrial case study, a railway signalling system that is presently under development.

Trust Case—A Case for Trustworthiness of IT Infrastructures

The paper presents an approach to development of trust cases intended to justify and support claims about trustworthiness of IT enabled products and services. It introduces the conceptual framework of a trust case covering its structure and contents, discusses trust case stakeholders and proposes an architecture of a tool supporting the practical application of trust cases. The present status of the tool is briefly summarized. In conclusion, some information about present applications of the approach and about further development plans is given.

Support for argument structures review and assessment

Abstract Argument structures are commonly used to develop and present cases for safety, security and for other properties of systems. Such structures tend to grow excessively, which causes problems with their review and assessment. Two issues are of particular interest: (1) systematic and explicit assessment of the compelling power of an argument, and (2) communication of the result of such an assessment to relevant recipients. The paper presents a solution to these problems. The method of Visual Assessment of Arguments (VAA), being this solution, is based on the Dempster–Shafer theory of evidence applied to the assessment of the strength of arguments, and a visual mechanism of issuing and presenting assessments, supported by the so-called opinion triangle. In the paper we explain theoretical grounding for the method and provide guidance on its application. The results of some validation experiments are also presented.

Formalising Fault Trees

The paper presents a systematic approach to formalisation of events in Fault Trees. The formal meaning of events is given in terms of the Extended CSDM model. The paper gives an algorithm which guides through the process of event formalisation together with some classification of the typical event classes. The approach is illustrated by a number of examples which present formalisation of events derived from real Fault Trees.

Deriving real-time requirements for software from safety analysis

One of the main problems in industrial applications of computer systems is software safety, i.e. question if software can contribute (often indirectly, through a long chain of intermediary events) to an accident. Adequate identification and definition of safety requirements is crucial for safety-critical software systems. The paper presents a systematic way of derivation of software safety requirements based on a formalised model of fault trees. The approach is demonstrated through a case study. The presented approach is particularly focused on timing requirements for software which result from the safety analysis performed for the whole application.

Expert Assessment of Arguments: A Method and Its Experimental Evaluation

Argument structures are commonly used to develop and present cases for safety, security and other properties. Such argument structures tend to grow excessively. To deal with this problem, appropriate methods of their assessment are required. Two objectives are of particular interest: (1) systematic and explicit assessment of the compelling power of an argument, and (2) communication of the result of such an assessment to relevant recipients. The paper gives details of a new method which deals with both problems. We explain how to issue assessments and how they can be aggregated depending on the types of inference used in arguments. The method is fully implemented in a software tool. Its application is illustrated by examples. The paper also includes the results of experiments carried out to validate and calibrate the method.

Safety of computer control systems: challenges and results in software development.

Artykul dokonuje przeglądu wybranych wynikow dotyczących poprawy bezpieczenstwa komputerowych systemow sterowania. Dyskusja pokrywa szeroki zakres aspektow dotyczących procesu wytwarzania takich systemow. W szczegolności omowiono zagadnienia dotyczące roznorodności oprogramowania, oprogramowania off-the-shelf, analizy typow awarii i ich efektow oraz formalizacji procesu wytworczego.

Untraceability of mobile agents

In the article we present two untraceability protocols for mobile agents. Comparing to other solutions, the advantage of the protocols is that they support agents autonomy in choosing the migration path.