Saad Zafar

Experience with fault injection experiments for FMEA

Failure Modes and Effects Analysis (FMEA) is a widely used system and software safety analysis technique that systematically identifies failure modes of system components and explores whether these failure modes might lead to potential hazards. In practice, FMEA is typically a labor‐intensive team‐based exercise, with little tool support. This article presents our experience with automating parts of the FMEA process, using a model checker to automate the search for system‐level consequences of component failures. The idea is to inject runtime faults into a model based on the system specification and check if the resulting model violates safety requirements, specified as temporal logical formulas. This enables the safety engineer to identify if a component failure, or combination of multiple failures, can lead to a specified hazard condition. If so, the model checker produces an example of the events leading up to the hazard occurrence which the analyst can use to identify the relevant failure propagation pathways and co‐effectors. The process is applied on three medium‐sized case studies modeled with Behavior Trees. Performance metrics for SAL model checking are presented. Copyright

Integrating safety and security requirements into design of an embedded system

Most modern embedded systems are now required to satisfy seemingly divergent critical properties like safety and security. It is therefore becoming increasingly important that any systems development methodology employed should support modeling of system requirements in a manner that it facilitates validation and verification of such critical properties. In the paper we present the result of applying the genetic software engineering (GSE) method to design an ambulatory infusion pump (AIP) which must satisfy a number of safety and security properties. The safety and security requirements are integrated with the rest of the systems requirements in the form of integrated behavior tree (IBT), which is systematically refined into a design behavior tree (DBT). The integrated behavioral view of the requirements provides a platform for requirements conflict resolution, defect detection and requirements validation. The formal semantics of the behavior tree (BT) notation, used to specify the requirements, makes formal verification of critical properties in the final design possible.

Evaluation of use of e-Learning in undergraduate radiology education: a review.

PURPOSE The aim of this review is to investigate the evaluative outcomes present in the literature according to Kirkpatricks learning model and to examine the nature and characteristics of the e-Learning interventions in radiology education at undergraduate level. MATERIALS AND METHODS Four databases (PubMed, MEDLINE, Embase, Eric) are searched for publications related to the application of e-Learning in undergraduate radiology education. The search strategy is a combination of e-Learning and Mesh and non Mesh radiology and undergraduate related terms. These search strategies are established in relation to experts of respective domains. The full text of thirty pertinent articles is reviewed. Authors country and study location data is extracted to identify the most active regions and years are extracted to know the existing trend. Data regarding radiology subfields and undergraduate year of radiology education is extracted along with e-Learning technologies to identify the most prevalent or suitable technologies or tools with respect to radiology contents. Kirkpatricks learning evaluation model is used to categorize the evaluative outcomes reported in the identified studies. RESULTS The results of this analysis reveal emergence of highly interactive games, audience response systems and designing of wide range of customized tools according to learner needs assessment in radiology education at undergraduate level. All these initiatives are leading toward highly interactive self directed learning environments to support the idea of life-long independent learners. Moreover, majority of the studies in literature regarding e-Learning in radiology at undergraduate level are based on participant satisfaction followed by participant results or outcomes either before or after an intervention or both. There was no research particularly demonstrating performance change in clinical practice or patient outcome as they may be difficult to measure in medical education. Thus clinical competences and performances are highly affected by pretentious learning environments.

Formal verification of the IEEE 802.11i WLAN security protocol

With the increased usage of wireless LANs (WLANs), businesses and educational institutions are becoming more concerned about wireless network security. The latest WLAN security protocol, the IEEE 802.11i assures rigid security for wireless networks with the support of IEEE 802.1X protocol for authentication, authorization and key distribution. In this study we investigate the integrity of the security model developed by us based on 802.11i robust security mechanism (RSN), strengthening our desire towards establishing a secure wireless network environment. We have used the symbolic analysis laboratory (SAL) tools to formally verify the behavior tree models. This paper presents the several linear temporal logic (LTL) formulas established to prove the credibility of our model. We also discuss probable software issues that could arise during implementation. By examining all possible execution traces of the security protocol we have proved our implementation model to be complete and consistent.

Slicing Behavior Tree Models for Verification

Program slicing is a reduction technique that removes irrelevant parts of a program automatically, based on dependencies. It is used in the context of documentation to improve the user’s understanding as well as for reducing the size of a program when analysing. In this paper we describe an approach for slicing not program code but models of software or systems written in the graphical Behavior Tree language. Our focus is to utilise this reduction technique when model checking Behavior Tree models. Model checking as a fully automated analysis technique is restricted in the size of the model and slicing provides one means to improve on the inherent limitations. We present a Health Information System as a case study. The full model of the system could not be verified due to memory limits. However, our slicing algorithm renders the model to a size for which the model checker terminates. The results nicely demonstrate and quantify the benefits of our approach.

Early Validation and Verification of a Distributed Role-Based Access Control Model

To ensure correct implementation of complex access control requirements, it is important that the validated and verified requirements are effectively integrated with the rest of the system. It is also important that the system can be validated and verified early in the development process. In this paper we present an integrated, role-based access control model. The model is based on the graphical behavior tree notation, and can be validated by simulation, as well as verified using a model checker. Using this model, access control requirements can be integrated with the rest of the system from the outset, because: a single notation is used to express both access control and functional requirements; a systematic and incremental approach to constructing a formal behavior tree specification can be adopted; and the specification can be simulated and model checked. The effectiveness of the model is evaluated using a case study with distributed access control requirements.

Security quality model: an extension of Dromey's model

The quantity of sensitive data that is stored, processed and transmitted has increased many folds in recent years. With this dramatic increase, comes the need to ensure that the data remain trustworthy, confidential and available at all times. Nonetheless, the recent spate of high-profile security incidents shows that software-based systems remain vulnerable due to the presence of serious security defects. Therefore, there is a clear need to improve the current state of software development to guide the development of more secure software. To this end, we propose a security quality model that provides a framework to identify known security defects, their fixes, the underlying low-level software components along with the properties that positively influence the overall security of the product. The proposed model is based on Dromey’s quality model that addresses the core issue of quality by providing explicit guidelines on how to build quality into a product. Furthermore, to incorporate security, we have introduced several new model components and model construction guidelines as Dromey’s model does not address security explicitly and the model construction guidelines are not specific enough. We use well-known defects and security controls to construct the model as a proof of concept. The constructed model can be used by the programmers during development and can also be used by the quality engineers for audit purposes. We also propose an automated environment in which the model can be used in practice.

Requirements simulation for early validation using Behavior Trees and Datalog

ContextThe role of formal specification in requirements validation and analysis is generally considered to be limited because considerable expertise is required in developing and understanding the mathematical proofs. However, formal semantics of a language can provide a basis for step-by-step execution of requirements specification by building an easy to use simulator to assist in requirements elicitation, validation and analysis. ObjectiveThe objective of this paper is to illustrate the usefulness of a simulator that executes requirements and captures system states as rules and facts in a database. The database can then be queried to carry out analysis after all the requirements have been executed a given number of times MethodBehavior Trees (BTs)1BTs - Behavior Trees.1 are automatically translated into Datalog facts and rules through a simulator called SimTree. The translation process involves model-to-model (M2M) transformation and model-to-text (M2T) transformation which automatically generates the code for a simulator called SimTree. SimTree on execution produces Datalog code. The effectiveness of the simulator is evaluated using the specifications of a published case study - Ambulatory Infusion Pump (AIP)2AIP - Ambulatory Infusion Pump.2. ResultsThe BT specification of the AIP was transformed into SimTree code for execution. The simulator produced a complete state-space for a predetermined number of runs in the form of Datalog facts and rules, which were then analyzed for various properties of interest like safety and liveness. ConclusionQueries of the resultant Datalog code were found to be helpful in identifying defects in the specification. However, probability values had to be manually assigned to all the events to ensure reachability to all leaf nodes of the tree and timely completion of all the runs. We identify optimization of execution paths to reduce execution time as our future work.

Online behaviour of students in a new blended learning course: An experience report

Social Network Analysis, COLLES and ATTLS surveys were applied to study students behaviour in a new blended learning course. We have carried out a correlation analysis between the students actual behaviour in the online discussion forums of a new blended learning course and students responses to survey questionnaires. Based on these methods we were able to investigate the online interactions of professional students who do not get enough time to collaborate with each other on campus. Results of these methods demonstrated that participants were active in both the imposed and non-imposed discussion forums but they took non-imposed more seriously at the end. Additionally, a negative correlation was found between the COLLES tutor support section and SNA out-degree results of students. This experience report is part of an ongoing study of online behaviour of students in a blended learning environment.

A Light-Weight Formal Approach for Modeling, Verifying and Integrating Role-Based Access Control Requirements

As the complexity of access control requirements is increasing to protect valuable organizational data the value of correct specification and integration of access rights into the system specification has also increased. Role-based access control (RBAC) facilitates specification of access control requirements in a flexible manner. However, various available models do not always support effective integration of the requirements into rest of the system specification. Furthermore, automated verification of RBAC model poses the challenge of state-explosion. In this paper we propose a light-weight formal method for model-checking of RBAC specification. We use BT-RBAC model to specify access control requirements. The model is based on a graphical notation with formal semantics and supports a requirements translation process, strong traceability of requirements, and uses a single notation to support effective integration of the model. The automated translation into SAL specification input language is used to formally verify the correctness of the model.