Formalizing Safety Requirements Using Controlling Automata

Safety is an important element of dependability. It is defined as the absence of accidents. Most accidents involving software-intensive systems have been system accidents, which are caused by unsafe inter-system or inter-component interactions. To validate the absence of system hazards concerning dysfunctional interactions, industrials call for approaches of modeling system safety requirements and interaction constraints among components. This paper proposes such a formalism, namely interface control systems (or shortly C-Systems). An interface C-System is composed of an interface automaton and a controlling automaton, which formalizes safe interactions and restricts system behavior at the meta level. This framework differs from the framework of traditional model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a top-down technique for modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. The contributions of this work include formalizing safety requirements and a way of automatically ensuring system safety.

[1]  Nancy G. Leveson,et al.  Applying systems thinking to analyze and learn from events , 2010 .

[2]  Nancy G. Leveson,et al.  A new accident model for engineering safer systems , 2004 .

[3]  Mark Ryan,et al.  Logic in Computer Science: Modelling and Reasoning about Systems , 2000 .

[4]  Gilles Motet,et al.  Risks of faults intrinsic to software languages: Trade-off between design performance and application safety , 2009 .

[5]  Trevor Kletz,et al.  Human problems with computer control , 1982 .

[6]  Tim Kelly,et al.  Deriving safety requirements using scenarios , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[7]  Donald Firesmith,et al.  Engineering Safety Requirements, Safety Constraints, and Safety-Critical Requirements , 2004, J. Object Technol..

[8]  Friedemann Bitsch,et al.  Safety Patterns - The Key to Formal Specification of Safety Requirements , 2001, SAFECOMP.

[9]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[10]  Stephan Merz,et al.  Model Checking , 2000 .

[11]  D. L. Simms,et al.  Normal Accidents: Living with High-Risk Technologies , 1986 .

[12]  Jean-Claude Geffroy,et al.  Design of Dependable Computing Systems , 2002, Springer Netherlands.

[13]  M. W. Shields An Introduction to Automata Theory , 1988 .

[14]  Zhe Chen,et al.  Modeling System Safety Requirements Using Input/Output Constraint Meta-automata , 2009, 2009 Fourth International Conference on Systems.

[15]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[16]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[17]  Nancy G. Leveson,et al.  Evaluating Accident Models Using Recent Aerospace Accidents, Part 1: Event-Based Models , 2001 .

[18]  Nancy A. Lynch,et al.  An introduction to input/output automata , 1989 .

[19]  Valentin Goranko,et al.  Logic in Computer Science: Modelling and Reasoning About Systems , 2007, J. Log. Lang. Inf..

[20]  Peter Neumann,et al.  Safeware: System Safety and Computers , 1995, SOEN.

[21]  T. Kohda,et al.  Accident cause analysis of complex systems based on safety control functions , 2006, RAMS '06. Annual Reliability and Maintainability Symposium, 2006..

[22]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.