A Model-Based Approach to Formal Assurance Cases

Annable, Nicholas

January 2020

The rapidly increasing complexity of safety-critical embedded systems has been the cause of difficulty in assuring the safety of safety-critical embedded systems and managing their documentation. More specifically, current approaches to safety assurance are struggling to keep up with the complex relationships be- tween the ever growing number of components and the sheer amount of code underlying safety-critical embedded systems such as road vehicles. We believe that an approach to safety assurance able to cope with this complexity must: i) have sound mathematical foundations on which safety assurance can be built; and ii) provide a formal framework with precisely defined semantics in which the assurance can be represented. In doing this, assurance can be made less ad-hoc, more precise and more repeatable. Sound mathematical foundations also facilitate the creation of tools that automate many aspects of assurance, which will be invaluable in coping with the complexity of modern-day and future embedded systems. The model-based framework that achieves this is + Workflow . This framework is rigorous, developed on proven notations from model-based methodologies, comprehensively integrates assurance within the development activities, and provides the basis for more formal assurance cases. / Thesis / Master of Applied Science (MASc)

Safety Assurance

Software Engineering

Computational intelligence for safety assurance of cooperative systems of systems

Kabir, Sohag, Papadopoulos, Y.

29 March 2021

Yes / Cooperative Systems of Systems (CSoS) including Autonomous systems (AS), such as autonomous cars and related smart traffic infrastructures form a new technological frontier for their enormous economic and societal potentials in various domains. CSoS are often safety-critical systems, therefore, they are expected to have a high level of dependability. Due to the open and adaptive nature of the CSoS, the conventional methods used to provide safety assurance for traditional systems cannot be applied directly to these systems. Potential configurations and scenarios during the evolving operation are infinite and cannot be exhaustively analysed to provide guarantees a priori. This paper presents a novel framework for dynamic safety assurance of CSoS, which integrates design time models and runtime techniques to provide continuous assurance for a CSoS and its systems during operation. / Dependability Engineering Innovation for Cyber Physical Systems (DEIS) H2020 Project under Grant 732242.

Autonomous systems

Safety assurance

Reconfigurable systems

Computational intelligence

A Security-enabled Safety Assurance Framework for IoT-based Smart Homes

Kabir, Sohag, Gope, P., Mohanty, S.P.

22 May 2022

Yes / The exponential growth of the Internet of Things (IoT) has paved the way for safety-critical cyber-physical systems to enter our everyday activities. While such systems have changed the way of our life, they brought new challenges that can adversely affect our life and the environment. Safety and security are two such challenges that can hamper the widespread adoption of new IoT applications. Due to a large number of connected devices and their ability to control critical physical assets, intended attacks on them and/or unintended failure events such as mechanical failure of devices, communication failure and unforeseen bad interactions between connected devices may cause an IoT-based system to enter into unsafe and dangerous physical states. By considering the importance of safety and security of IoT systems, in this article, we present a security-enabled safety monitoring framework for IoT-based systems. In the proposed framework, we utilise design-time system analysis to create an executable monitoring model that enables run-time safety assurance provision for a system via collecting and analysing operational data and evidence to determine the safety status of the system and then taking appropriate actions and securely communicating the safety status and recommended actions to the system users to minimise the risk of the system entering into an unsafe state.

IoT

Safety assurance

Security

Safety monitoring

Smart homes

Developing Dependable IoT Systems: Safety Perspective

Abdulhamid, Alhassan, Kabir, Sohag, Ghafir, Ibrahim, Lei, Ci

05 September 2023

Yes / The rapid proliferation of internet-connected devices in public and private spaces offers humanity numerous conveniences, including many safety benefits. However, unlocking the full potential of the Internet of Things (IoT) would require the assurance that IoT devices and applications do not pose any safety hazards to the stakeholders. While numerous efforts have been made to address security-related challenges in the IoT environment, safety issues have yet to receive similar attention. The safety attribute of IoT systems has been one of the system’s vital non-functional properties and a remarkable attribute of its dependability. IoT systems are susceptible to safety breaches due to a variety of factors, such as hardware failures, misconfigurations, conflicting interactions of devices, human error, and deliberate attacks. Maintaining safety requirements is challenging due to the complexity, autonomy, and heterogeneity of the IoT environment. This article explores safety challenges across the IoT architecture and some application domains and highlights the importance of safety attributes, requirements, and mechanisms in IoT design. By analysing these issues, we can protect people from hazards that could negatively impact their health, safety, and the environment. / The full text will be available at the end of the publisher's embargo: 11th Feb 2025

Internet of Things (IoT)

Dependable systems

Safety assurance

Failure analysis

A Systematic Approach to Hazard and Operability Study (HAZOP)

Aoanan, Paul

January 2021

A system safety assurance case aims to demonstrate that a system is reasonably safe within the parameters defined according to its intended use. A system safety assurance case involves the definition of a Safety Engineering Process and its execution for the particular system. An essential element in the Safety Engineering Process is hazard analysis. An often used version of hazard analysis is HAZOP. HAZOP identifies hazards and hazardous events in the system's design. Traditionally, HAZOP is performed based on the expertise of a multi-disciplinary team. This team uses a heuristic based approach that results in documented output that often does not include adequate traceability as to how the output results were obtained. This thesis proposes a systematic approach to HAZOP that was developed after performing detailed analysis on how traditional HAZOP is performed in industry. It aims to produce documented output in which the output results are traceable to interim steps in the process. We call this systematic approach HAZOP+, because it was designed to provide sufficient detail so that it can form the basis of a HAZOP metamodel created in Workflow+ - a relatively new model driven methodology for developing assurance cases. Workflow+ has well-defined semantics, and so we refer to HAZOP+ as formalizable. HAZOP+ has a number of benefits over traditional HAZOP, and these benefits are demonstrated by comparing a traditional application of HAZOP with the application of HAZOP+, both applied to a typical Lane Keeping Assist feature. A long term objective of system safety assurance is to be able to perform incremental safety assurance, for example, by updating the system safety assurance case after a modification to the system or its environment. Since the safety assurance case for a system depends on elements of the Safety Engineering Process, as well as the outputs of that process, the ability to perform an incremental hazard analysis after a modification to the system or environment can be a real benefit. This thesis further describes how HAZOP+ can be enhanced/extended to HAZOPdelta - an incremental version of HAZOP+. / Thesis / Master of Applied Science (MASc)

HAZOP

Assurance Case

Safety Case

Incremental Safety Assurance

Safety Assurance Case

Hazard and Operability Study

Safety Engineering Process

SEP

Workflow

Workflow+

Dependability of the Internet of Things: current status and challenges

Abdulhamid, Alhassan, Kabir, Sohag, Ghafir, Ibrahim, Lei, Ci

03 February 2023

Yes / The advances in the Internet of Things (IoT) has substantially contributed to the automation of modern societies by making physical things around us more interconnected and remotely controllable over the internet. This technological progress has inevitably created an intelligent society where various mechatronic systems are becoming increasingly efficient, innovative, and convenient. Undoubtedly, the IoT paradigm will continue to impact human life by providing efficient control of the environment with minimum human intervention. However, despite the ubiquity of IoT devices in modern society, the dependability of IoT applications remains a crucial challenge. Accordingly, this paper systematically reviews the current status and challenges of IoT dependability frameworks. Based on the review, existing IoT dependability frameworks are mainly based on informal reliability models. These informal reliability models are unable to effectively evaluate the unified treatment safety faults and cyber-security threats of IoT systems. Additionally, the existing frameworks are also unable to deal with the conflicting interaction between co-located IoT devices and the dynamic features of self-adaptive, reconfigurable, and other autonomous IoT systems. To this end, this paper suggested the design of a novel model-based dependability framework for quantifying safety faults and cyber-security threats as well as interdependencies between safety and cyber-security in IoT ecosystems. Additionally, robust approaches dealing with conflicting interactions between co-located IoT systems and the dynamic behaviours of IoT systems in reconfigurable and other autonomous systems are required.

Internet of Things

Dependability analysis

Safety

Cyber-security

Safety assurance

Reconfigurable systems

Managing Assurance Cases in Model Based Software Systems

Kokaly, Sahar

14 June 2019

Software has emerged as a significant part of many domains, including financial service platforms, social networks, medical devices and vehicle control. In critical domains, standards organizations have responded to this by creating regulations to address issues such as safety, security and privacy. In this context, compliance of software with standards has emerged as a key issue. For companies, compliance is a complex and costly goal to achieve and is often accomplished by producing so-called assurance cases, which demonstrate that the system indeed satisfies the property imposed by a standard (e.g., safety, security, privacy) by linking evidence to support claims made about the system. However, as systems undergo evolution for a variety of reasons, including fixing bugs, adding functionality or improving system quality, maintaining assurance cases multiplies the effort. Increasingly, models and model-driven engineering are being used as a means to facilitate communication and collaboration between the stakeholders in the compliance value chain and, further, to introduce automation into regulatory compliance tasks. A complexity problem also exists with the proliferation of software models in model-based software development, and the field of Model Management has emerged to address this challenge. Model Management focuses on a high-level view in which entire models and their relationships (i.e., mappings between models) can be manipulated using specialized operators to achieve useful outcomes. In this thesis, we exploit this connection between model driven engineering and regulatory compliance, and explore how to use Model Management techniques to address software compliance management issues, focusing on assurance case change impact assessment, evolution and reuse. We support the presented approach with tooling and a case study. Although the main contributions of this thesis are not domain specific, for validation, we ground our approaches in the automotive domain and the ISO 26262 standard for functional safety of road vehicles. / Thesis / Doctor of Philosophy (PhD)

Safety Assurance

Model Based Systems

Software

Model Driven Engineering

Automotive Safety

Planning and Control of Safety-Aware Plug & Produce

Massouh, Bassam

January 2024

The Plug & Produce manufacturing system is a visionary concept that promises to facilitate the seamless integration and adaptation of manufacturing resources and production processes. The Plug & Produce control system allows for the automatic addition and removal of manufacturing resources, minimizing human intervention. However, the reconfigurability and autonomous decision-making features of Plug & Produce control systems pose challenges to safety design and control functions. In contrast to conventional manufacturing systems with fixed layouts and processes, ensuring safety in Plug & Produce systems is complicated due to the complex risk assessment process, the difficulty of implementing non-restrictive safety measures covering all possible hazards, and the challenge of designing a reliable controller for consistent safe operation. This thesis addresses these challenges through various contributions. It introduces an automatic hazard identification method, considering emergent hazards after reconfiguration. A novel domain ontology is developed, incorporating safety models specific to Plug & Produce systems. The work also proposes a generic, model-based, and automatic risk assessment method, along with a method for the safe execution of plans based on the results of the risk assessment. The results of this research offer benefits to process planners, who are responsible for coordinating the manufacturing processes with product design in the Plug & Produce system. The proposed solution provides tools for process planners to validate their plans and reduces their safety-related responsibilities. The proposed safety assurance method seamlessly integrates into the multi-agent control of Plug & Produce, providing the control system with risk scenarios associated with process plans. This enables proactive and reliable control, effectively avoiding potential risks during system operation. / Föreställ dig en automatiserad produktionsanläggning som omedelbart och automatiskt kan anpassa sig till förändringar utan att kompromissa med säkerheten för den personal som arbetar där. Denna avhandling strävar efter att uppnå just detta genom ett smartare sätt att säkerställa att produktionsanläggningar baserat på Plug & Produce kan hantera säkerhet. Dettainnebär att konceptet Plug & Produce nu närmar sig ett industriellt förverkligande. Säkerhet för automatiserade produktionsanläggningar innebär att alla maskiner ska vara utrustade med skydd för att göra arbetet säkrare. Idag är det vanligt med övervakning som skydd, dvs en dator som övervakar att allt går rätt till och stänger av om något är på väg att hända. I ett produktionsavsnitt som är baserat på Plug & Produce kan man enkelt ställa om, det vill säga, lägga till eller ta bort maskiner, ändra layouten eller ändra på produkter som produceras. Efter en sådan omställning så måste säkerheten i produktionsanläggningen ses över enligt föreskrivna lagar och regler. Traditionellt så kräver detta anlitande av en säkerhetsexpert. Detta medför att en omställning utifrån ett säkerhetsperspektiv är både kostsamt och tidskrävande. Med resultatet från denna avhandling så går det nu att ställa om utan att behöva implementera nya säkerhetsfunktioner efter varje förändring. Denna forskning har utvidgat kunskapsområdet inom produktionsteknik för att skapa en "smartarefabrik" genom att inkludera säkerhetsfunktioner.Resultatet inkluderar algoritmer som kan upptäcka potentiella faror i fabriken och automatiskt tillämpa säkerhetsåtgärder för ett övervakat system. Detta innebär mindre tidsåtgång och lägre kostnader för säkerhetsarbetet. De som drar mest nytta av detta är människorna som planerar för hur saker skall tillverkas med hjälp av Plug & Produce. Resultatet av detta arbete underlättar deras arbetsuppgifter och bevarar flexibiliteten i Plug & Produce, vilket eliminerar behovet av att välja mellan flexibilitet och säkerhet

Plug & Produce

safety assurance

process planning

reconfigurable manufacturing

Bearbetnings-, yt- och fogningsteknik

Toward Improving Confidence in Autonomous Vehicle Software: A Study on Traffic Sign Recognition Systems

Aslansefat, K., Kabir, Sohag, Abdullatif, Amr R.A., Vasudevan, Vinod, Papadopoulos, Y.

10 August 2021

Yes / This article proposes an approach named SafeML II, which applies empirical cumulative distribution function-based statistical distance measures in a designed human-in-the loop procedure to ensure the safety of machine learning-based classifiers in autonomous vehicle software. The application of artificial intelligence (AI) and data-driven decision-making systems in autonomous vehicles is growing rapidly. As autonomous vehicles operate in dynamic environments, the risk that they can face an unknown observation is relatively high due to insufficient training data, distributional shift, or cyber-security attack. Thus, AI-based algorithms should make dependable decisions to improve their interpretation of the environment, lower the risk of autonomous driving, and avoid catastrophic accidents. This paper proposes an approach named SafeML II, which applies empirical cumulative distribution function (ECDF)-based statistical distance measures in a designed human-in-the-loop procedure to ensure the safety of machine learning-based classifiers in autonomous vehicle software. The approach is model-agnostic and it can cover various machine learning and deep learning classifiers. The German Traffic Sign Recognition Benchmark (GTSRB) is used to illustrate the capabilities of the proposed approach. / This work was supported by the Secure and Safe MultiRobot Systems (SESAME) H2020 Project under Grant Agreement 101017258.

Autonomous systems

Safety assurance

AI safety

Statistical distance measure

SafeML

Safe machine learning

Adaptation of Model Transformation for Safety Analysis of IoT-based Applications

Abdulhamid, Alhassan, Kabir, Sohag, Ghafir, Ibrahim, Lei, Ci

05 September 2023

Yes / The Internet of Things (IoT) paradigm has continued to provide valuable services across various domains. However, guaranteeing the safety assurance of the IoT system is increasingly becoming a concern. While the growing complexity of IoT design has brought additional safety requirements, developing safe systems remains a critical design objective. In earlier studies, a limited number of approaches have been proposed to evaluate the safety requirements of IoT systems through the generation of static safety artefacts based on manual processes. This paper proposes a model-based approach to the safety analysis of the IoT system. The proposed framework explores the expressiveness of UML/SysML graphical modelling languages to develop a dynamic fault tree (DFT) as an analysis artefact of the IoT system. The framework was validated using a hypothetical IoT-enabled Smart Fire Detection and Prevention System (SFDS). The novel framework can capture dynamic failure behaviour, often ignored in most model-based approaches. This effort complements the inherent limitations of existing manual static failure analysis of the IoT systems and, consequently, facilitates a viable safety analysis that increases public assurance in the IoT systems. / The full text of this accepted manuscript will be available at the end of the publisher's embargo: 11th Feb 2025

Internet of Things (IoT)

Smart home

Safety assurance

Failure analysis

Model-based system engineering

Dynamic fault tree