Animation prototyping of formal specifications

Hughes, Thomas S.

January 1992

At the present time one of the key issues relating to the design of real-time systems is the specification of software requirements. It is now clear that specification correctness is an essential factor for the design and implementation of high quality software. As a result considerable emphasis is placed on producing specifications which are not only correct, but provably so. This has led to the application of mathematically-based formal specification techniques in the software life-cycle model. Unfortunately, experience in safety-critical systems has shown that specification correctness is not, in itself, sufficient. Such specifications must also be comprehensible to all involved in the system development. The topic of this thesis—Animation Prototyping—is a methodology devised to make such specifications understandable and usable. Its primary objective is to demonstrate key properties of formal specifications to non-software specialists. This it does through the use of computer-animated pictures which respond to the dictates of the formal specification.

005

Specifications in software design

Synthesis of hardware systems from very high level behavioural specifications

Marshall, Richard Millar

January 1986

No description available.

621.39

Control system software design

A user interface for the online elucidation of natural language search statements

Aragon Ramirez, V.

January 1986

No description available.

005

User-friendly software design

An investigation and evaluation into the 'usibility' of human-computer interfaces using a typical CAD system

Rickett, John Desmond

January 1987

This research program covers three topics relating to the humancomputer interface namely, voice recognition, tools and techniques for evaluation, and user and interface modelling. An investigation into the implementation of voice recognition technologies examines how voice recognisers may be evaluated in commercial software. A prototype system was developed with the collaboration of FEMVIEW Ltd. (marketing a CAD package). Proposals for future research using the prototype system suggests the need for field trials to assess its usefulness in a working environment and to gain insights to end-user attitudes. A new generation of voice system is proposed based around a phoneme-based pattern matching paradigm, natural language understanding facilities and intelligent knowledgebased systems capable of building on knowledge by inference and deduction. In order to assess the 'usability' of the FEMVIEW CAD software a subject-base formal evaluation was conducted which involved: - (1) the analysis of responses to a multi-user survey of end-user attitudes; (2) collecting behavioural performance measures from students learning to use the software. (3) cognitive and affective data obtained from laboratory experimentation using experienced users of the CAD package. A theoretical approach to evaluation leads to the hypothesis that human-computer interaction is affected by personality, influencing types of dialogue, preferred methods for providing help, etc. A user model based on personality traits, or habitual behaviour patterns (HBP) is presented. Proposals are given to use the HBP model in future self-adaptive interfaces. Results from experimentation to justify the model are inconclusive. Finally, a practical framework is provided for the evaluation of human-computer interfaces. It suggests that evaluation is an integral part of design and that the iterative use of evaluation techniques throughout the conceptualisation, design, implementation and postimplementation stages will ensure systems that satisfy the needs of the users and fulfil the goal of 'usability'. The major contributions made to the knowledge of this subject can be summarised as follows: (1) the practical problems of implementing voice recognition technologies in commercial software; (2) the development of a new personalised user model which accounts for individual's idiosyncrasies; (3) methods for applying simple evaluation techniques in order to assess software 'usability'; (4) a practical framework for developing usable software.

005

User-friendly software design

Fairness, social optimality and individual rationality in agent interactions. / CUHK electronic theses & dissertations collection

January 2013

Hao, Jianye. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2013. / Includes bibliographical references (leaves 216-228). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstract also in Chinese.

Two issues in cooperative output regulation of nonlinear multi-agent systems.

January 2012

近年来，由于多智能体系统广泛应用于分布式传感器网络的协调和控制、移动机器人、自动驾驶车辆等，其控制设计一直是一个活跃的领域。在趋同、同步、聚类和蜂拥等问题上已经有了很多结果。线性多智能体系统的协作式输出调节问题在近几年也有所研究，但非线性多智能体系统的协作式输出调节问题的结果却很少。在这篇论文中，我们专注于非线性多智能体系统的协作式输出调节问题，分别考虑了局部情况和全局情况。 / 非线性系统的输出调节问题旨在实现轨迹跟踪和不确定非线性被控对象产生的干扰抑制，其中参考输入和干扰是通过一定的动态系统产生的，被称为外部系统。众所周知，有两种解决经典输出调节问题的方法：前馈设计和内模设计。前馈设计使用调节方程的解设计控制律，而内模设计包括两个步骤。首先把被控对象的鲁棒输出调节问题转化成由被控对象和叫做内模的动态补偿器组成的增广系统的鲁棒镇定问题，然后鲁棒镇定增广系统。 / 不同于经典的输出调节问题，协作式输出调节问题处理由N个子系统组成的多智能体系统的渐近跟踪和干扰抑制问题。N个子系统的连接关系用信息图描述。我们可以把外部系统看作领导者，把N个子系统看作外部系统的追随者。根据是否是领导者的邻居，把N个追随者分为知情的追随者和不知情的追随者。知情的追随者一组是外部系统的邻居并且可以使用自己的信息设计控制器，而不知情的追随者一组不是外部系统的邻居并且可以用其邻居的信息进行控制设计。 / 基于经典输出调节问题的这两种方法，我们利用前馈方法考虑的非线性多智能体系统的局部协作式输出调节，和通过内模方法考虑全局情况。论文的主要贡献归纳如下。 / 1. 本文考虑了非线性多智能体系统的局部协作式输出调节问题，即为，设计一个分布式控制器使得整个闭环系统当外部信号设置为零时是渐近稳定的，并且初始条件足够小时输出误差渐进趋于零。由于不知情的追随者的控制器得不到外部信号，其对应的子系统的输出调节问题不能使用自己的状态设计控制器解决。这样输出调节问题就不能用前馈设计一个分散控制器解决。因此，我们考虑协作式控制以解决输出调节问题。为了克服上述困难，我们设计了分布式控制器，包括状态反馈控制器和可测输出反馈控制器。 / 2. 本文通过协作式内膜设计研究了非线性下三角多智能体系统的全局鲁棒输出调节问题。全局鲁棒输出调节问题定义如下：找到一个控制器使得被控对象在任何初始状态下闭环系统的轨迹存在并且有界，并且对所有的初始条件，跟踪误差渐近趋近于零。有两种方法可以解决网络系统的全局鲁棒输出调节问题：分散式方法和协作式方法。通过分散式方法，对每个子系统设计一个内模，这样其控制器的阶数和子系统的数量成正比。现在，通过共享不同的追随者之间的信息，我们将利用协作式方法对所有的子系统设计只有一个内模的控制器，从而得到一个所谓的协作式控制器。这个协作式控制器的阶数和追随者的数量是独立的，并且这种方法远远比分散式方法更直接。 / 最后，我们将使用一些例子来说明我们的两种设计方法的有效性。 / In recent years, the control design of multi-agent systems has been an active area due to its wide applications in the coordination and control of distributed sensor networks, mobile robots, autonomous vehicles, etc. Many results have been obtained in such issues as consensus, synchronization, swarming and flocking. The cooperative output regulation problem for linear multi-agent systems has been studied in recent years, but there are few results on cooperative output regulation of nonlinear multi-agent systems. In this thesis, we concentrate on the cooperative output regulation problem of nonlinear multi-agent systems and consider the local case and the global case, respectively. / The output regulation problem of nonlinear systems aims to achieve asymptotic tracking and disturbance rejection in an uncertain nonlinear plant where the reference inputs and disturbances are generated by an autonomous system called the exosystem. It is known that there are two methods for solving the classical output regulation problem: feed forward design and internal model design. The feed forward design makes use of the solution of the regulator equations to design a control law while the internal model design consists of two steps. The first one is to convert the robust output regulation problem for the given plant into a robust stabilization problem for an augmented system composed of the given plant and a dynamic compensator called internal model, and the second step aims to robustly stabilize the augmented system. / Different from the classical output regulation problem, the cooperative output regulation problem handles the asymptotic tracking and disturbance rejection problem of a system consisting of N subsystems, which is the multi-agent system we consider. The connection of N subsystems is described by an information graph. We can view the exosystem as a leader system and the N subsystems as followers of the exosystem. Depending on whether or not a follower is a neighbor of the leader, the N followers can be classified into the informed followers and the uninformed followers. The group of the informed followers is the set of the neighbors of the exosystem and can use its own information for the control design, while the uninformed followers are not the neighbors of the exosystem and can use their neighbors’ information for the control design. / Based on the two approaches for studying the classical output regulation problem, we consider the local cooperative output regulation for the nonlinear multi-agent system by a feed forward approach, and the global case by an internal model approach. The main contributions are summarized as follows. / 1. The local cooperative output regulation problem for nonlinear multi-agent systems is considered, that is, design a distributed control law such that the overall closed-loop system is asymptotically stable when the exosystem signal is set to zero and the error output approaches zero asymptotically for all suciently small initial conditions. Since the control law of the uninformed followers cannot access to the exogenous signal, the output regulation problem of each uninformed follower subsystem cannot be solved by a control law utilizing its own state. Thus the output regulation problem cannot be solved by a decentralized control scheme using the feedforward design. Therefore, we consider a cooperative control to solve the out¬put regulation problem. To overcome the above diculties, the distributed control schemes are designed, including the state feedback controller and the measurement output feedback controller. / 2. The global robust output regulation problem of nonlinear lower triangular multi-agent system with uncertainties via a cooperative internal model design is studied. The global robust output regulation problem is dened as follows: nd a control law such that the trajectory of the closed-loop system starting from any initial state of the plant exists and is bounded, and the tracking error approaches zero asymptotically for all initial conditions. There are two methods to solve global robust output regulation problem of the networked systems: decentralized method and cooperative method. From decentralized method, an internal model is designed for each subsystem, which leads to a control law whose order is proportional to the number of the subsystems. Here, by sharing the information among dierent followers, we will use cooperative method and manage to design a control law with one single internal model for all subsystems, thus leads to a so-called cooperative control law. The order of the cooperative control law is independent of the number of the followers, and is much more straightforward than the decentralized method. / Finally, we will use some examples to illustrate the eectiveness of our two design methods. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Detailed summary in vernacular field only. / Han, Qiping. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references (leaves 66-75). / Abstracts also in Chinese. / Abstract --- p.i / Acknowledgement --- p.v / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Literature Review --- p.1 / Chapter 1.2 --- Contributions of Thesis --- p.3 / Chapter 1.3 --- Thesis Outline --- p.4 / Chapter 2 --- Preliminaries --- p.6 / Chapter 2.1 --- Review of Graph Theory --- p.6 / Chapter 2.2 --- Fundamentals of Nonlinear Systems --- p.7 / Chapter 2.2.1 --- Lyapunov Stability --- p.7 / Chapter 2.2.2 --- Input-to-State Stability --- p.10 / Chapter 2.3 --- Feedforward Design of Nonlinear Output Regulation --- p.11 / Chapter 2.4 --- Internal Model Design of Nonlinear Output Regulation --- p.14 / Chapter 3 --- Local Cooperative Output Regulation --- p.22 / Chapter 3.1 --- Problem Formulation --- p.22 / Chapter 3.2 --- State Feedback Design --- p.25 / Chapter 3.3 --- Measurement Output Feedback Design --- p.34 / Chapter 3.4 --- Conclusions --- p.41 / Chapter 4 --- Global Robust Output Regulation via a Cooperative Controller --- p.42 / Chapter 4.1 --- Problem Formulation --- p.42 / Chapter 4.2 --- Solvability of the Problem --- p.49 / Chapter 4.3 --- Example --- p.54 / Chapter 4.4 --- Conclusions --- p.64 / Chapter 5 --- Conclusions --- p.65 / Bibliography --- p.66 / Biography --- p.76

Artificial intelligence

Making Trade-offs among Security and Other Requirements during System Design

Elahi, Golnaz

21 August 2012

Employing a design solution can satisfy some requirements while having negative side-effects on some other software requirements and project objectives. Ultimately, selecting a design solution among multiple options involves making trade-offs among competing requirements. These trade-offs, especially at the early stages of software development, are often hard to identify or quantify, and can be subjective. Security is one critical requirement among many, which can cause critical trade-offs and severe costs. Damages from security attacks can be overwhelming and the costs increase every year. The threat of vulnerabilities and their exploitation by potential adversaries calls for careful analysis of security risks and trade-offs that security solutions impose, from the viewpoints of both defenders and attackers. Since software developers and analysts are usually not security experts, detecting potential threats within software systems can be problematic. Even when threats are known, the risk factors, either the probability of a successful attack or the resulting damage of a successful attack, are not always known or numerically measurable. In this situation, selecting proper security solutions can be challenging, when mitigating impacts and side-effects of solutions are often not quantifiable. This thesis addresses such challenges in identifying and making trade-offs among security and other system requirements and stakeholders' goals. This work introduces a framework for identifying and modeling security risks and requirements trade-offs. The central idea in this thesis is analyzing security requirements on the basis of predicting software vulnerabilities, weaknesses or flaws that can be exploited to break into the system. Vulnerabilities and exploitation scenarios are specified within goal-oriented requirements models of the system. This approach enables analysis of vulnerability exploitations and their impacts on the running system. The structure of goal-oriented security requirements models enables tracing the ultimate impacts of the exploitations on high-level goals of stakeholders and design objectives. In order to evaluate the risk of vulnerabilities, this framework intertwines the Common Vulnerability Scoring System (CVSS) with security requirements risk assessment. The proposed framework provides a decision aid method that takes into the account risks, competing requirements, security solutions, their impacts on risks, and their side-effects on other requirements, to aid decision makers to select a solution among alternative security solutions. The proposed decision analysis method helps analysts to make requirements trade-offs systematically, in the absence of quantitative data, or when a mixture of both quantitative and qualitative data are available.

Security

Trade-off

Requirements

Software Design

0984

Making Trade-offs among Security and Other Requirements during System Design

Elahi, Golnaz

21 August 2012

Employing a design solution can satisfy some requirements while having negative side-effects on some other software requirements and project objectives. Ultimately, selecting a design solution among multiple options involves making trade-offs among competing requirements. These trade-offs, especially at the early stages of software development, are often hard to identify or quantify, and can be subjective. Security is one critical requirement among many, which can cause critical trade-offs and severe costs. Damages from security attacks can be overwhelming and the costs increase every year. The threat of vulnerabilities and their exploitation by potential adversaries calls for careful analysis of security risks and trade-offs that security solutions impose, from the viewpoints of both defenders and attackers. Since software developers and analysts are usually not security experts, detecting potential threats within software systems can be problematic. Even when threats are known, the risk factors, either the probability of a successful attack or the resulting damage of a successful attack, are not always known or numerically measurable. In this situation, selecting proper security solutions can be challenging, when mitigating impacts and side-effects of solutions are often not quantifiable. This thesis addresses such challenges in identifying and making trade-offs among security and other system requirements and stakeholders' goals. This work introduces a framework for identifying and modeling security risks and requirements trade-offs. The central idea in this thesis is analyzing security requirements on the basis of predicting software vulnerabilities, weaknesses or flaws that can be exploited to break into the system. Vulnerabilities and exploitation scenarios are specified within goal-oriented requirements models of the system. This approach enables analysis of vulnerability exploitations and their impacts on the running system. The structure of goal-oriented security requirements models enables tracing the ultimate impacts of the exploitations on high-level goals of stakeholders and design objectives. In order to evaluate the risk of vulnerabilities, this framework intertwines the Common Vulnerability Scoring System (CVSS) with security requirements risk assessment. The proposed framework provides a decision aid method that takes into the account risks, competing requirements, security solutions, their impacts on risks, and their side-effects on other requirements, to aid decision makers to select a solution among alternative security solutions. The proposed decision analysis method helps analysts to make requirements trade-offs systematically, in the absence of quantitative data, or when a mixture of both quantitative and qualitative data are available.

Security

Trade-off

Requirements

Software Design

0984

Exploration games for UML software design

Tenzer, Jennifer

January 2006

The Unified Modeling Language (UML) has become the standard language for the design of object-oriented software systems over the past decade. Even though there exist various tools which claim to support design with UML, their functionality is usually focused on drawing UML diagrams and generating code from the UML model. The task of choosing a suitable design which fulfils the requirements still has to be accomplished by the human designer alone. The aim of this thesis is to develop concepts for UML design tools which assist the modeller in improving the system design and requirements incrementally. For this approach a variant of formal games called exploration games is introduced as underlying technique. Exploration games can be defined on the basis of incomplete and imprecise UML models as they occur frequently in practice. The designer repeatedly plays an exploration game to detect flaws or incompleteness in the design and its specification, which are both incorporated in the game definition. At any time the game definition can be incremented by the modeller which allows him to react to the discoveries made during a play and experiment with new design solutions. Exploration games can be applied to UML in different variants. For each variant must be specified how the UML diagrams are used to set up the game and how the semantic variation points of UML should be interpreted. Furthermore some parts of the game definition may not be contained in the UML model and have to be provided separately. The emphasis of this thesis is on game variants which make use of UML diagrams for modelling system behaviour, especially state machines and activity diagrams. A prototypical implementation demonstrates how the concepts developed in this thesis can be put into practice. The tool supports the user in defining, playing and incrementing a game. Moreover it can compute winning strategies for the players and may act as opponent of the modeller. As example a game variant based on UML state machines has been implemented. The architecture that has been chosen for the tool leaves room for extension by additional game variants and alternative algorithms.

005.1

Designing Software from Formal Specifications

MacDonald , Anthony John

Unknown Date

This thesis investigates the process of designing software from formal specifications, in particular, specifications expressed in the Z notation. The initial phases of software design have significant impact on software quality and the transition from formal specification to design is not clearly understood. There is often no visible or obvious connection between the specification and the finished design. It is possible to add traceability with either verification or refinement, but I wish to understand and guide the design process. Investigating the design of software from formal specifications highlighted possible relationships between parts of the specification and parts of the design. A design strategy is introduced, that combines software architectural styles and formal specifications to influence the generated design. The design process is architecturally-specific, but a template for instantiating the design process to a chosen architectural style is presented. Specializations of the template are presented for the ADT-based architectural style and the event-based architectural style. These specializations of the template produce an architecturally-constrained, specification-influenced design process. Providing an architecturally-constrained, specification-influenced design process enables the software designer to produce better quality software. The constrained design process allows the designer to focus on the difficult aspects of design: understanding the problem, choosing the best abstractions, and finding a suitable solution.

Software Design

Formal Specifications

Software Architecture

Patterns