Josh Dehlinger

Safety analysis of software product lines using state-based modeling

The difficulty of managing variations and their potential interactions across an entire product line currently hinders safety analysis in safety-critical, software product lines. The work described here contributes to a solution by integrating product-line safety analysis with model-based development. This approach provides a structured way to construct state-based models of a product line having significant, safety-related variations and to systematically explore the relationships between behavioral variations and potential hazardous states through scenario-guided executions of the state model over the variations. The paper uses a product line of safety-critical medical devices to demonstrate and evaluate the technique and results.

PLFaultCAT: A Product-Line Software Fault Tree Analysis Tool

Industry currently employs a product line approach to software development and deployment as a means to enhance quality while reducing development cost and time. This effort has created a climate where safety-critical software product lines are being developed without the full range of accompanying safety analysis tools available to software engineers. Software Fault Tree Analysis (SFTA) is a technique that has been used successfully to investigate contributing causes to potential hazards in safety-critical applications. This paper further extends the adaptation of SFTA to product lines of systems by describing a software safety analysis tool called PLFaultCAT. PLFaultCAT is an interactive, partially-automated support tool to aid software engineers in the application of product-line software SFTA. The paper describes the integration of product-line SFTA and PLFaultCAT with the software development life cycle. The description includes the initial construction of the product-line SFTA as well as the automated derivation of software fault trees for product line members. The technique and tool are illustrated with a small case study throughout the paper.

Software fault tree analysis for product lines

The current development of high-integrity product lines threatens to outstrip existing tools for product-line verification. Software Fault Tree Analysis (SFTA) is a technique that has been used successfully to investigate contributing causes to potential hazards in safety-critical applications. This paper adapts SFTA to product lines of systems. The contribution is to define: (1) the technique to construct a product-line SFTA; and (2) the pruning technique required to reuse the SFTA for the analysis of a new system in the product line. The paper describes how product-line SFTA integrates with forward-analysis techniques such as Software Failure Modes, Effects, and Criticality Analysis (SFMECA), supports requirements evolution, and helps identify previously unforeseen constraints on the systems to be built. Applications to two small examples are used to illustrate the technique.

A product-line requirements approach to safe reuse in multi-agent systems

The dynamic nature of highly autonomous agents within distributed systems is difficult to specify with existing requirements techniques. However, capturing the possibly shifting configurations of agents in the requirements specification is essential for safe reuse of agents. The contribution of this work is an extensible agent-oriented requirements specification template for distributed systems that supports safe reuse. We make two basic claims for this idea. First, by adopting a product-line-like approach, it exploits component reuse during system evolution. Second, the template allows ready integration with an existing tool-supported, safety analysis technique sensitive to dynamic variations within the components (i.e., agents) of a system. To illustrate these claims, we apply the requirements specification template and safety analysis to a real-world context-aware, distributed satellite system.

ANALYZING DYNAMIC FAULT TREES DERIVED FROM MODEL-BASED SYSTEM ARCHITECTURES

Dependability-critical systems, such as digital instrumentation and control systems in nuclear power plants, necessitate engineering techniques and tools to provide assurances of their safety and reliability. Determining system reliability at the architectural design phase is important since it may guide design decisions and provide crucial information for trade-off analysis and estimating system cost. Despite this, reliability and system engineering remain separate disciplines and engineering processes by which the dependability analysis results may not represent the designed system. In this article we provide an overview and application of our approach to build architecture-based, dynamic system models for dependability-critical systems and then automatically generate dynamic fault trees (DFT) for comprehensive, tool-supported reliability analysis. Specifically, we use the Architectural Analysis and Design Language (AADL) to model the structural, behavioral and failure aspects of the system in a composite architecture model. From the AADL model, we seek to derive the DFT(s) and use Galileos automated reliability analyses to estimate system reliability. This approach alleviates the dependability engineering - systems engineering knowledge expertise gap, integrates the dependability and system engineering design and development processes and enables a more formal, automated and consistent DFT construction. We illustrate this work using an example based on a dynamic digital feed-water control system for a nuclear reactor.

A product-line approach to promote asset reuse in multi-agent systems

Software reuse technologies have been a driving force in significantly reducing both the time and cost of software specification, development, maintenance and evolution. However, the dynamic nature of highly autonomous agents in distributed systems is difficult to specify with existing requirements analysis and specification techniques. This paper offers an approach for open, agent-based distributed software systems to capture requirements specifications in such a way that they can be easily reused during the initial requirements phase as well as later if the software needs to be updated. The contribution of this paper is to provide a reusable requirements specification pattern to capture the dynamically changing design configurations of agents and reuse them for future similar systems. This is achieved by adopting a product-line approach for agent-based software engineering. We motivate and illustrate this work through a specific application, a phased deployment of an agent-based, distributed microsatellite constellation.

State-Based Modeling to Support the Evolution and Maintenance of Safety-Critical Software Product Lines

Changes to safety-critical product lines can jeopardize the safety properties that they must ensure. Thus, evolving software product lines must consider the impact that changes to requirements may have on the existing systems and their safety. The contribution of this work is a systematic, tool-supported technique to support safe evolution of product-line requirements using a model-based approach. We show how the potential feature interactions that need to be modeled are scoped and identified with the aid of product-line software fault tree analysis. Further, we show how reuse of the state-based models is effectively exploited in the evolution phase of product-line engineering. To illustrate this approach, we apply our technique to the evolution of a safety-critical cardiac pacemaker product line

DECIMAL and PLFaultCAT: From Product-Line Requirements to Product-Line Member Software Fault Trees

PLFaultCAT is a tool for software fault tree analysis (SFTA) during product-line engineering. When linked with DECIMAL, a product-line requirements verification tool, the enhanced version of PLFaultCAT provides traceability between product- line requirements and SFTA hazards as well as semi-automated derivation of the SFTA for each new product-line system previously verified by DECIMAL. The combined tool reduces the effort needed to safely reuse requirements and customize the product-line SFTA as each new system is constructed.

SSVChecker: unifying static security vulnerability detection tools in an Eclipse plug-in

The increasing complexity of secure software applications has given rise to static analysis security tools to alert developers to potential security flaws within source code. However, these static security vulnerability detection tools tend to be difficult to use and are not integrated with common software development environments. The contribution of this work is SSVChecker, an Eclipse plug-in that unifies existing static security vulnerability detection tools into a powerful, intuitive tool. We make three fundamental claims for SSVChecker. First, it contains functionality not found in other static security vulnerability detection tools (e.g., union and intersection of multiple tool results). Second, the tool can adapt to the results of user-performed analysis to prevent repeatedly reporting user-dismissed security vulnerabilities. Lastly, it operates on a user-friendly, generic framework allowing for the inclusion of future static security vulnerability detection tools. To illustrate these claims, we use SSVChecker on a security-sensitive networking package. Results show the benefits of the tool in identifying potential security vulnerabilities.

Supporting requirements reuse in multi-agent system product line design and evolution

A principal goal of agent-oriented software engineering (AOSE) is to provide the mechanisms for reusing, maintaining and allowing the evolution of agent-based software systems. Our AOSE methodology, Gaia-PL, enables the design and development of multi-agent system product lines (MAS-PL)1 by providing the software engineering processes to define and reuse requirements specifications and design artifacts. In this paper we extend our Gaia-PL methodology with automated tool support to enable the reuse and verification of MAS-PL requirements to better facilitate specification reuse during both initial system development and evolution. Specifically, we show how use of our product-line requirements management and verification tool along with feature modeling can support correct variation point selection, reuse and MAS-PL evolution. We illustrate and evaluate this work through an application to a proposed NASA agent-based pico-spacecraft swarm.