A Safety Engineering Framework for Open Adaptive Systems

In recent years it has become more and more evident that openness and adaptivity are key characteristics of next generation distributed systems. The reason for that is not least the advent of computing trends like Ubiquitous Computing, Ambient Intelligence, and Cyber Physical Systems, where systems are usually open for dynamic integration and able to react adaptively to changing situations. Despite being open and adaptive it is a common requirement for such systems to be safe. However, traditional safety assurance techniques, both state-of-the-practice and state-of-the-art, are not sufficient in this context. We recently developed some initial solution concepts based on conditional safety certificates and corresponding runtime analyses. In this paper we show how to operationalize these concepts. To this end we present in detail how to specify conditional safety certificates, how to transform them into suitable runtime models, and how these models finally support dynamic safety evaluations.

[1]  Mario Trapp,et al.  Runtime adaptation in safety-critical automotive systems , 2007 .

[2]  John A. McDermid,et al.  Hierarchically Performed Hazard Origin and Propagation Studies , 1999, SAFECOMP.

[3]  Richard Hawkins,et al.  Safety Case Composition Using Contracts - Refinements based on Feedback from an Industrial Case Study , 2007, SSS.

[4]  John M. Rushby,et al.  Runtime Certification , 2008, RV.

[5]  Mario Trapp,et al.  Runtime Safety Models in Open Systems of Systems , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[6]  Peter Liggesmeyer,et al.  A New Component Concept for Fault Trees , 2003, SCS.

[7]  R. Bell,et al.  IEC 61508: functional safety of electrical/electronic/ programme electronic safety-related systems: overview , 1999 .

[8]  Christian Peper,et al.  Component engineering for adaptive ad-hoc systems , 2008, SEAMS '08.

[9]  Daniel Schneider,et al.  On runtime service quality models in adaptive ad-hoc systems , 2009, SINTER '09.

[10]  Paola Inverardi,et al.  Towards an assume-guarantee theory for adaptable systems , 2009, 2009 ICSE Workshop on Software Engineering for Adaptive and Self-Managing Systems.

[11]  Johan J. Lukkien,et al.  Adaptive runtime fault management for service instances in component-based software applications , 2007, IET Softw..

[12]  Mario Trapp,et al.  Integrating Safety Analyses and Component-Based Design , 2008, SAFECOMP.

[13]  John M. Rushby,et al.  Just-in-Time Certification , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).

[14]  Holger Giese,et al.  Modular Verification of Safe Online-Reconfiguration for Proactive Components in Mechatronic UML , 2005, MoDELS Satellite Events.

[15]  Brice Morin,et al.  Models@ Run.time to Support Dynamic Adaptation , 2009, Computer.

[16]  Mario Trapp,et al.  Conditional safety certificates in open systems , 2010, EDCC-CARS.

[17]  Jean-Charles Fabre,et al.  An approach for improving Fault-Tolerance in Automotive Modular Embedded Software , 2009 .

[18]  D. Pumfrey,et al.  Towards a Practicable Process for Automated Safety Analysis , 2006 .

[19]  Henrik Eriksson,et al.  The DECOS Concept of Generic Safety Cases - A Step towards Modular Certification , 2009, 2009 35th Euromicro Conference on Software Engineering and Advanced Applications.

[20]  Mario Trapp,et al.  Approaching runtime trust assurance in open adaptive systems , 2011, SEAMS '11.

[21]  Sofia Cassel,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 2012 .

[22]  R. D. Hawkins Performing Hazard and Safety Analysis of Object Oriented Systems , 2002 .

[23]  Thomas Vogel,et al.  Adaptation and abstract runtime models , 2010, SEAMS '10.

[24]  Charles P. Shelton,et al.  A framework for scalable analysis and design of system-wide graceful degradation in distributed embedded systems , 2003, Proceedings of the Eighth International Workshop on Object-Oriented Real-Time Dependable Systems, 2003. (WORDS 2003)..

[25]  J. Muskens,et al.  Integrity management in component based systems , 2004 .

[26]  Sheldon B. Akers,et al.  Binary Decision Diagrams , 1978, IEEE Transactions on Computers.

[27]  Tim Kelly,et al.  The Goal Structuring Notation – A Safety Argument Notation , 2004 .

[28]  J. A. McDermid,et al.  Towards integrated safety analysis and design , 1994, SIAP.

[29]  Andrew Tokmakoff,et al.  Managing Trustworthiness in Component-based Embedded Systems , 2007, STM.

[30]  Heather Goldsby,et al.  AMOEBA-RT: Run-Time Verification of Adaptive Software , 2008, MoDELS.

[31]  Frank Eliassen,et al.  Using architecture models for runtime adaptability , 2006, IEEE Software.

[32]  Nelly Bencomo,et al.  On the use of software models during software execution , 2009, 2009 ICSE Workshop on Modeling in Software Engineering.

[33]  Randal E. Bryant Binary decision diagrams and beyond: enabling technologies for formal verification , 1995, ICCAD.