Peter Liggesmeyer

Improving system reliability with automatic fault tree generation

Usually, fault tree analyses are performed manually. They are based on documents that describe the system. Considerable knowledge, system insight, and overview is necessary to consider many failure modes, and dependencies between system components and their functionality at a time. Often, the behavior is too complicated to fully comprehend all possible failure consequences. Manual fault tree analysis is error-prone, costly and not necessarily complete. Formal risk analysis, an approach for automatically generating a fault tree from finite state machine-based descriptions of a system, is presented. The generated fault tree is complete with respect to all failures assumed possible. It is the basis for subsequent improvements of the system design and quantitative analysis of safety and liveness requirements in the presence of failures. A case study of formal risk analysis, the automatic generation of a fault tree for all sensor failures of a production cells elevating rotary table, is discussed.

A Safety Roadmap to Cyber-Physical Systems

In recent years, the term cyber-physical systems has emerged to characterize a new generation of embedded systems. In cyber-physical systems, embedded systems will be open in the sense that they will dynamically interconnect with other systems and will be able to dynamically adapt to changing runtime contexts. Such open adaptive systems provide a huge potential for society and for the economy. On the other hand, however, openness and adaptivity make it hard or even impossible for developers to predict a system’s dynamic structure and behavior. This impedes the assurance of important system quality properties, especially safety and reliability. Safety assurance of cyber-physical systems will therefore be both one of the most urgent and one of the most challenging research questions of the next decade. This chapter analyzes the state of the art in order to identify open gaps and suggests a runtime safety assurance framework for cyber-physical systems to structure ongoing and future research activities.

Object-Oriented and Internet-Based Technologies

The ‘traditional’ Web Service triple SOAP, WSDL and UDDI, while widely praised as the next Silver Bullet, has been heavily criticized at the same time as being just the most recent replacement technology for remote procedure calls. The main criticism lies in the syntactic nature that SOAP, WSDL and UDDI retain compared to previous solutions: Enterprise Application Integration (EAI) and Business-to-Business (B2B) Integration are possible on a syntactic level only; however, the biggest problem – the Semantic Integration – still cannot be solved by traditional Web Services at all, whatsoever. The goal of Semantic Web Services is to change exactly that. Fundamentals of Semantic Web Services are discussed as well as advanced topics that are necessary for Business Integration in the real sense.

Nationale Roadmap Embedded Systems

„Eingebettete Systeme“ sind in ihrem Softwareanteil nicht sichtbar und doch hoch relevant fur den Wirtschaftsstandort Deutschland. Ihre Bedeutung fasst die vorliegende Nationale Roadmap Embedded Systems in den folgenden 10 Thesen zusammen: These 1 Die zentralen okonomischen und gesellschaftlichen Herausforderungen in Deutschland lassen sich ohne die Querschnittstechnologie Embedded Systems nicht losen1.

Generating optimal distinguishing sequences with a model checker

This paper presents an approach for the automatic generation of shortest Distinguishing Sequences (DS) with the Uppaal model checker. The presented method is applicable to a large number of extended finite state machines and it will find an optimal result, if a DS sequence exists for the considered automaton. Our approach is situated in an integrated testing environment that is used to generate checking sequences. The generation method is based on a DS model, which is derived from the same test model that is used for generating test cover sets. The problem of generating DS is reduced to the definition of a DS model and for this reason the complexity of our approach depends mainly on the used model checking algorithm. This means, that the presented method is automatically improved, when the model checking algorithm is improved. This includes the generation of optimal DS depending on the ability of the model checker to produce optimal results.

Using communication coverage criteria and partial model generation to assist software integration testing

This paper considers the problem of integration testing the components of a timed distributed software system. We assume that communication between the components is specified using timed interface automata and use computational tree logic (CTL) to define communication-based coverage criteria that refer to send- and receive-statements and communication paths. The proposed method enables testers to focus during component integration on such parts of the specification, e.g. behaviour specifications or Markovian usage models, that are involved in the communication between components to be integrated. A more specific application area of this approach is the integration of test-models, e.g. a transmission gear can be tested based on separated models for the driver behaviour, the engine condition, and the mechanical and hydraulical transmission states. Given such a state-based specification of a distributed system and a concrete coverage goal, a model checker is used in order to determine the coverage or generate test sequences that achieve the goal. Given the generated test sequences we derive a partial test-model of the components from which the test sequences were derived. The partial model can be used to drive further testing and can also be used as the basis for producing additional partial models in incremental integration testing. While the process of deriving the test sequences could suffer from a combinatorial explosion, the effort required to generate the partial model is polynomial in the number of test sequences and their length. Thus, where it is not feasible to produce test sequences that achieve a given type of coverage it is still possible to produce a partial model on the basis of test sequences generated to achieve some other criterion. As a result, the process of generating a partial model has the potential to scale to large industrial software systems. While a particular model checker, UPPAAL, was used, it should be relatively straightforward to adapt the approach for use with other CTL based model checkers. A potential additional benefit of the approach is that it provides a visual description of the state-based testing of distributed systems, which may be beneficial in other contexts such as education and comprehension.

Qualitätssicherung Software-basierter technischer Systeme – Problembereiche und Lösungsansätze

Zusammenfassung  Die Qualitätssicherung Software-basierter technischer Systeme erfordert ganzheitliche Betrachtungsweisen und Techniken, die auf unterschiedlich realisierte Systemkomponenten - z.B. Software, elektronische Komponenten, technische Prozesse - gleichermaßen anzuwenden sind. Eine ökonomisch und technisch sinnvolle Qualitätssicherung fordert die Verwendung angepaßter Lösungen. Im folgenden werden Problembereiche umrissen und exemplarische Lösungsansätze diskutiert. Es werden Techniken vorgestellt, die von formal vollständigen Sicherheitsnachweisen über statistisch abgesicherte Analysen von Maßen (z.B. Zuverlässigkeitsmaßen) bis zu informalen, aber systematischen Prüftechniken reichen.Summary  Quality assurance of software-based systems requires a comprehensive approach and techniques that can be applied to different components, e.g., software, electronic components, technical processes. To satisfy economical and technical requirements demands adequate solutions. In the following several problem areas and approaches are discussed. The techniques include formally complete safety proofs, statistical analysis of measures, e.g., reliability measures, and informal, but systematic test techniques.

Variability management of safety and reliability models: an intermediate model towards systematic reuse of component fault trees

Reuse of fault trees helps in reducing costs and effort when conducting Fault Tree Analyses (FTAs) for a set of similar systems. Some approaches have been proposed for the systematic reuse of fault trees along with the development of a product line of systems. Nevertheless, these approaches are not longer effective when FTAs are performed after systems have been put into operation. This is mainly due to the lack of product line information required to make fault trees reusable. The model proposed in this paper is a step towards systematically reusing fault trees in the aforementioned context. It acts as an intermediate model between the specification of a system and its corresponding Component Fault Tree (CFT). In particular, it abstracts from the implementation details of a CFT, allowing the integration of variability inherent of product line systems as well as the one obtained from performing fault tree analyses incrementally over time. The model is part of a systematic reuse approach.

Visualization and Evolution of Software Architectures

Software systems are an integral component of our everyday life as we find them in tools and embedded in equipment all around us. In order to ensure smooth, predictable, and accurate operation of these systems, it is crucial to produce and maintain systems that are highly reliable. A well-designed and well-maintained architecture goes a long way in achieving this goal. However, due to the intangible and often complex nature of software architecture, this task can be quite complicated. The field of software architecture visualization aims to ease this task by providing tools and techniques to examine the hierarchy, relationship, evolution, and quality of architecture components. In this paper, we present a discourse on the state of the art of software architecture visualization techniques. Further, we highlight the importance of developing solutions tailored to meet the needs and requirements of the stakeholders involved in the analysis process.

Identification of Security-Safety Requirements for the Outdoor Robot RAVON Using Safety Analysis Techniques

This paper presents a case study for identifying security-safety requirements by using safety analysis techniques. In order to construct distributed software-intensive safety-critical systems, it is crucial to identify not only the safety requirements, but also the security requirements simultaneously, due to the fact that security attacks on the communication channels could cause safety consequences, such as damage to properties or even loss of human lives. Security-safety requirements are proposed for addressing the requirement that describes the safety, security requirements and the influence of the security attacks on safety requirements. Although many safety and security analyses techniques are available for deriving the security-safety requirements separately, no effective approach exists that uses an identical model for identifying integrated security and safety requirements. In this paper, the procedures and lessons learned for deriving integrated security-safety requirements using one identical model that is established by safety analysis techniques are presented. The results from this case study show that the safety analysis techniques are applicable for determining integrated requirements for describing the behavior of an outdoor robot.