This final version of the final Phd_dissertation_defense slides on topic "A System-Theoretic Safety Engineering
Approach for Software-Intensive Systems"
This presentation discusses applying STPA (Systems-Theoretic Process Analysis) and formal verification techniques to software verification. It provides an overview of STPA and how it can be used to derive safety requirements and identify unsafe control actions. It also discusses formal specification and model checking methods that can be used to verify software meets STPA-derived requirements. The presentation demonstrates applying STPA to a train door controller example and generating an SMV model and LTL properties to model check in NuSMV. Finally, it discusses how STPA results can be used to generate safety-based test cases for software verification.
SpecTRM is an environment for creating and analyzing state-machine based requirements models for mission-critical and safety-critical systems. It allows users to find consistency and completeness errors in requirements early when fixes are least costly. SpecTRM helps find errors early, integrates safety, ensures complete requirements, and allows easy review and simulation of specifications. An evaluation found the tool had an excellent tutorial, was simple to learn and use, though preparing simulations could be difficult and a few minor bugs were present.
This document discusses search-based testing and its applications in software testing. It outlines some key strengths of search-based software testing (SBST) such as being scalable, parallelizable, versatile, and flexible. It also discusses some limitations of search-based approaches for problems that require formal verification to establish properties for all possible usages. The document compares classical optimization approaches, which build solutions incrementally, to stochastic optimization approaches used in SBST, which sample solutions in a randomized way. It notes that while testing can find bugs, it cannot prove their absence. Finally, it discusses how SBST can be combined with other techniques like constraint solving and machine learning.
The document summarizes research conducted by the Software Verification and Validation Group at the University of Luxembourg on testing cyber physical systems via evolutionary algorithms and machine learning. The group develops techniques to generate test inputs for autonomous systems like automated driving using genetic algorithms and optimizes the search process using machine learning. This guided search aims to find test cases that could reveal violations of critical safety requirements with fewer simulation runs. The approach is demonstrated on an industrial project that tests requirements for the automated emergency braking features of autonomous vehicles.
The document discusses simulation, modeling, and testing in VLSI design. It covers various topics including logic simulation, fault simulation, and VLSI testing. Logic simulation verifies design correctness using simulation. Fault simulation measures test effectiveness by simulating faults. VLSI testing verifies manufactured chips using test generation and application. The document compares different simulation and testing techniques.
The document discusses testing and debugging software. It describes the purpose of testing as ensuring software is fit for purpose by meeting specifications and is robust and reliable. Various types of tests are described, including normal, extreme, and exceptional test data and inputs. The importance of systematic and comprehensive testing is emphasized. Debugging techniques like dry runs, trace tables, breakpoints, and watchpoints are introduced to help identify bugs in software.
Predictive Analytics based Regression Test OptimizationSTePINForum
by Raja Balusamy, Group Manager & Shivakumar Balur, Senior Chief Engineer, Samsung R&D at STeP-IN SUMMIT 2018 - 15th International Conference on Software Testing on August 30, 2018 at Taj, MG Road, Bengaluru
This presentation discusses applying STPA (Systems-Theoretic Process Analysis) and formal verification techniques to software verification. It provides an overview of STPA and how it can be used to derive safety requirements and identify unsafe control actions. It also discusses formal specification and model checking methods that can be used to verify software meets STPA-derived requirements. The presentation demonstrates applying STPA to a train door controller example and generating an SMV model and LTL properties to model check in NuSMV. Finally, it discusses how STPA results can be used to generate safety-based test cases for software verification.
SpecTRM is an environment for creating and analyzing state-machine based requirements models for mission-critical and safety-critical systems. It allows users to find consistency and completeness errors in requirements early when fixes are least costly. SpecTRM helps find errors early, integrates safety, ensures complete requirements, and allows easy review and simulation of specifications. An evaluation found the tool had an excellent tutorial, was simple to learn and use, though preparing simulations could be difficult and a few minor bugs were present.
This document discusses search-based testing and its applications in software testing. It outlines some key strengths of search-based software testing (SBST) such as being scalable, parallelizable, versatile, and flexible. It also discusses some limitations of search-based approaches for problems that require formal verification to establish properties for all possible usages. The document compares classical optimization approaches, which build solutions incrementally, to stochastic optimization approaches used in SBST, which sample solutions in a randomized way. It notes that while testing can find bugs, it cannot prove their absence. Finally, it discusses how SBST can be combined with other techniques like constraint solving and machine learning.
The document summarizes research conducted by the Software Verification and Validation Group at the University of Luxembourg on testing cyber physical systems via evolutionary algorithms and machine learning. The group develops techniques to generate test inputs for autonomous systems like automated driving using genetic algorithms and optimizes the search process using machine learning. This guided search aims to find test cases that could reveal violations of critical safety requirements with fewer simulation runs. The approach is demonstrated on an industrial project that tests requirements for the automated emergency braking features of autonomous vehicles.
The document discusses simulation, modeling, and testing in VLSI design. It covers various topics including logic simulation, fault simulation, and VLSI testing. Logic simulation verifies design correctness using simulation. Fault simulation measures test effectiveness by simulating faults. VLSI testing verifies manufactured chips using test generation and application. The document compares different simulation and testing techniques.
The document discusses testing and debugging software. It describes the purpose of testing as ensuring software is fit for purpose by meeting specifications and is robust and reliable. Various types of tests are described, including normal, extreme, and exceptional test data and inputs. The importance of systematic and comprehensive testing is emphasized. Debugging techniques like dry runs, trace tables, breakpoints, and watchpoints are introduced to help identify bugs in software.
Predictive Analytics based Regression Test OptimizationSTePINForum
by Raja Balusamy, Group Manager & Shivakumar Balur, Senior Chief Engineer, Samsung R&D at STeP-IN SUMMIT 2018 - 15th International Conference on Software Testing on August 30, 2018 at Taj, MG Road, Bengaluru
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...Lionel Briand
This document proposes a search-based testing approach to automatically detect undesired feature interactions in self-driving systems during early development stages. It defines hybrid test objectives that combine coverage-based, failure-based, and unsafe overriding criteria. A tailored many-objective search algorithm is used to generate test cases that satisfy the objectives. An empirical evaluation on two industrial case study systems found the hybrid objectives revealed significantly more feature interaction failures than baseline objectives. Domain experts validated the identified failures were previously unknown and suggested ways to improve the feature integration logic.
This document discusses test automation, including its benefits, types, skills needed, and challenges. Some key benefits of test automation include: saving time by allowing software to execute test cases faster than humans; freeing up test engineers from repetitive tasks; and enabling more reliable and immediate testing. There are three generations of test automation: record and playback, data driven, and action driven. Setting up an effective test automation framework requires skills in programming languages, framework design, and understanding the product being tested. Challenges of test automation include gaining management commitment and the initial costs and learning curve.
Analysis of the Behavior of Event Processing ApplicationsElla Rabinovich
This document proposes a framework for analyzing event processing applications using static analysis, dynamic analysis, and formal methods. Static analysis can discover dependencies between application components and dynamic analysis can trace events and component executions. Formal methods allow for advanced correctness checking by modeling the application as a state transition system and using model checking to verify properties. The goal is to provide techniques to help validate event processing applications and identify issues through exhaustive analysis. Future work includes exploring how formal methods can further contribute and developing quality metrics for monitoring applications.
- The document discusses the speaker's 25 years of experience applying AI techniques to software engineering projects. It covers early work in the 1990s on fault prediction and the challenges of applying machine learning at that time. It then discusses subsequent work in areas like search-based software engineering, natural language processing for requirements engineering, and using simulation and search techniques for testing autonomous vehicle systems. The speaker reflects on both the benefits and challenges of these different AI applications in software engineering.
Starting Test Automation In Your Project - Webinar by 99X Technology99X Technology
This document provides guidance on starting test automation in a project. It discusses why automation is important, how to select scenarios to automate, how to choose a testing tool, how to create a proof of concept, how to implement an automation framework, and how to stabilize automated tests. Key steps include selecting high value scenarios, analyzing testing tools, creating sample automated tests with different tools, finalizing an automation framework, integrating tests with continuous integration, and ensuring tests are stable across environments.
Evaluating SRGMs for Automotive Software ProjectRAKESH RANA
Evaluation of standard reliability growth models in the context of automotive software systems
Presented at:
PROFES conferences, the 14th International Conference of Product Focused Software Development and Process Improvement, in Paphos, Cyprus, 12-14 June 2013.
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...Erika Barron
Learn the strengths and weaknesses of .NET static analysis—and how a comprehensive development testing strategy that also includes unit testing, code review, and runtime error detection can pick up where development testing leaves off.
Machine Learning & Artificial Intelligence - Machine Controlled Data Dispensa...STePINForum
This document describes a machine learning approach to identifying sensitive data in databases. It is a 4-step process:
1. Creating a training set by extracting non-null values from database tables.
2. Creating a test set similarly from the same tables.
3. Fine-tuning the machine learning algorithm by running it iteratively on the training set until it achieves 100% accuracy.
4. Validating the algorithm by running it on the test set and comparing its predictions to the training set, storing the results.
The approach aims to reduce time and effort for identifying sensitive fields compared to manual or rule-based methods, and provides accurate and scalable sensitive data discovery.
This document discusses errors and exceptions in Java. It defines compile-time errors and run-time errors. Exceptions can be system-defined or programmer-defined, and are subclasses of the Throwable class. Exceptions can be explicitly thrown using the throw statement or implicitly raised by the system. Exception handling uses try, catch, and finally blocks to handle exceptions gracefully.
This document provides an overview of how to leverage the Xray test management application for Jira. Some key points covered include:
1. Xray allows for both scripted and exploratory testing approaches to be combined and consolidated.
2. Core concepts of Xray include organizing tests, planning test execution, and providing test coverage visibility and traceability.
3. Xray leverages existing Jira features for permissions, workflows, custom fields and screens to manage the entire testing process.
The document discusses various software failures and errors through case studies such as Disney's Lion King software issue in 1994-1995, the Intel Pentium Floating-Point Division Bug in 1994, the NASA Mars Polar Lander crash in 1999, and the Patriot Missile Defense System failure in 1991. It then covers testing definitions, principles, and the role of testing in the software development lifecycle through topics like requirements testing, ambiguity reviews, and change control tools. The goal of testing is to increase the probability that software will behave correctly under all circumstances by meeting requirements through systematic testing activities.
Enabling Automated Software Testing with Artificial IntelligenceLionel Briand
1. The document discusses using artificial intelligence techniques like machine learning and natural language processing to help automate software testing. It focuses on applying these techniques to testing advanced driver assistance systems.
2. A key challenge in software testing is scalability as the input spaces and code bases grow large and complex. Effective automation is needed to address this challenge. The document describes several industrial research projects applying AI to help automate testing of advanced driver assistance systems.
3. One project aims to develop an automated testing technique for emergency braking systems in cars using a physics-based simulation. The goal is to efficiently explore complex test scenarios and identify critical situations like failures to avoid collisions.
What is automation testing | David TzemachDavid Tzemach
What is Automation Testing?
What are the objectives of using automation tools?
What can we achieve using automation tools?
What Test Automation is not?
WHY MAY TESTING TEAMS REJECT THE IMPLEMENTATION OF AUTOMATED TESTS?
Common Types of Automated Testing Tools
Formal Method for Avionics Software VerificationAdaCore
This talk will give examples of Airbus use of Formal Methods to verify avionics software, and summarises the integration of Formal Methods in the upcoming ED-12/DO-178 issue C. Firstly, examples of verification based on theorem proving or abstract interpretation will show how Airbus has already taken advantage of the use of Formal Methods to verify avionics software. Secondly, we will show how Formal Method for verification has been introduced in the upcoming issue C of ED-12/DO-178.
System Testing of Timing Requirements based on Use Cases and Timed AutomataLionel Briand
The document describes a technique called TAUC that combines use case specifications and timed automata to automatically generate test cases for validating timing requirements of safety-critical systems. TAUC models the system functionality and environment as timed automata, identifies test inputs from use case scenarios to trigger state transitions, and employs a coverage-based and metaheuristic search approach to generate a test suite that stresses timing constraints. An evaluation on a case study shows TAUC achieves a 91% fault detection rate, significantly outperforming random and manual testing.
Analyzing Natural-Language Requirements: The Not-too-sexy and Yet Curiously D...Lionel Briand
The document discusses challenges in analyzing natural language requirements and how natural language processing (NLP) techniques can help address these challenges. It describes challenges faced by industry such as ensuring compliance with templates, handling domain knowledge, enabling traceability and change impact analysis, and configuring requirements. It then discusses approaches developed through collaborative research to help with template conformance checking, change impact analysis between requirements, and analyzing impact of changes from requirements to design. The approaches leverage NLP techniques such as text chunking, syntactic and semantic analysis. Evaluation with industrial partners found the approaches to be effective at analyzing hundreds of requirements with high accuracy and limiting unnecessary inspection effort during change.
This document discusses applying machine learning to product risk prediction at Sparebank1. It outlines the motivation, which is to exploit data collected during the software development lifecycle to build ML models that can predict product risk. The implementation involved extracting data from change management, defects, and incidents to create a labeled training dataset to train supervised ML classification and regression models. Lessons learned include the challenges of problem definition, data collection and pre-processing, and ensuring models are integrated into the current development process and allow for continuous learning. The goal is to demonstrate improved metrics for test effectiveness, mean time between incidents, and test productivity.
Top 5 pitfalls of software test automatiionekatechserv
Automating tests is important to detect and fix defects early in the development cycle, which can be 100 times cheaper than fixing bugs after release. Automated tests allow bugs to be spotted and fixed early. While automation provides benefits like reduced costs, there are pitfalls to avoid like relying solely on automation for all testing needs, requiring extensive coding, producing false positives, and attempting to replace human testers. Key is using automation to aid, not replace, testers in executing tests efficiently.
What activates a bug? A refinement of the Laprie terminology model.Peter Tröger
The document proposes refinements to the Laprie terminology model for describing software bugs. It introduces concepts of a fault model describing faulty code, a fault condition model describing enabling system states, and an error model describing states where faults are activated and may lead to failures. A failure automaton is presented with states for disabled, dormant, and active faults, as well as detected errors and outages. Events are defined for when fault conditions are fulfilled or no longer fulfilled, faulty code is executed, and failures occur. The refinement aims to separately consider investigated software layers and their environment in order to better describe what activates bugs.
This tutorial provides step by step guide on how to install XSTAMPP tool for safety engineering for software-intensive Systems and customise its configurations.
Testing Autonomous Cars for Feature Interaction Failures using Many-Objective...Lionel Briand
This document proposes a search-based testing approach to automatically detect undesired feature interactions in self-driving systems during early development stages. It defines hybrid test objectives that combine coverage-based, failure-based, and unsafe overriding criteria. A tailored many-objective search algorithm is used to generate test cases that satisfy the objectives. An empirical evaluation on two industrial case study systems found the hybrid objectives revealed significantly more feature interaction failures than baseline objectives. Domain experts validated the identified failures were previously unknown and suggested ways to improve the feature integration logic.
This document discusses test automation, including its benefits, types, skills needed, and challenges. Some key benefits of test automation include: saving time by allowing software to execute test cases faster than humans; freeing up test engineers from repetitive tasks; and enabling more reliable and immediate testing. There are three generations of test automation: record and playback, data driven, and action driven. Setting up an effective test automation framework requires skills in programming languages, framework design, and understanding the product being tested. Challenges of test automation include gaining management commitment and the initial costs and learning curve.
Analysis of the Behavior of Event Processing ApplicationsElla Rabinovich
This document proposes a framework for analyzing event processing applications using static analysis, dynamic analysis, and formal methods. Static analysis can discover dependencies between application components and dynamic analysis can trace events and component executions. Formal methods allow for advanced correctness checking by modeling the application as a state transition system and using model checking to verify properties. The goal is to provide techniques to help validate event processing applications and identify issues through exhaustive analysis. Future work includes exploring how formal methods can further contribute and developing quality metrics for monitoring applications.
- The document discusses the speaker's 25 years of experience applying AI techniques to software engineering projects. It covers early work in the 1990s on fault prediction and the challenges of applying machine learning at that time. It then discusses subsequent work in areas like search-based software engineering, natural language processing for requirements engineering, and using simulation and search techniques for testing autonomous vehicle systems. The speaker reflects on both the benefits and challenges of these different AI applications in software engineering.
Starting Test Automation In Your Project - Webinar by 99X Technology99X Technology
This document provides guidance on starting test automation in a project. It discusses why automation is important, how to select scenarios to automate, how to choose a testing tool, how to create a proof of concept, how to implement an automation framework, and how to stabilize automated tests. Key steps include selecting high value scenarios, analyzing testing tools, creating sample automated tests with different tools, finalizing an automation framework, integrating tests with continuous integration, and ensuring tests are stable across environments.
Evaluating SRGMs for Automotive Software ProjectRAKESH RANA
Evaluation of standard reliability growth models in the context of automotive software systems
Presented at:
PROFES conferences, the 14th International Conference of Product Focused Software Development and Process Improvement, in Paphos, Cyprus, 12-14 June 2013.
Beyond Static Analysis: Integrating .NET Static Analysis with Unit Testing a...Erika Barron
Learn the strengths and weaknesses of .NET static analysis—and how a comprehensive development testing strategy that also includes unit testing, code review, and runtime error detection can pick up where development testing leaves off.
Machine Learning & Artificial Intelligence - Machine Controlled Data Dispensa...STePINForum
This document describes a machine learning approach to identifying sensitive data in databases. It is a 4-step process:
1. Creating a training set by extracting non-null values from database tables.
2. Creating a test set similarly from the same tables.
3. Fine-tuning the machine learning algorithm by running it iteratively on the training set until it achieves 100% accuracy.
4. Validating the algorithm by running it on the test set and comparing its predictions to the training set, storing the results.
The approach aims to reduce time and effort for identifying sensitive fields compared to manual or rule-based methods, and provides accurate and scalable sensitive data discovery.
This document discusses errors and exceptions in Java. It defines compile-time errors and run-time errors. Exceptions can be system-defined or programmer-defined, and are subclasses of the Throwable class. Exceptions can be explicitly thrown using the throw statement or implicitly raised by the system. Exception handling uses try, catch, and finally blocks to handle exceptions gracefully.
This document provides an overview of how to leverage the Xray test management application for Jira. Some key points covered include:
1. Xray allows for both scripted and exploratory testing approaches to be combined and consolidated.
2. Core concepts of Xray include organizing tests, planning test execution, and providing test coverage visibility and traceability.
3. Xray leverages existing Jira features for permissions, workflows, custom fields and screens to manage the entire testing process.
The document discusses various software failures and errors through case studies such as Disney's Lion King software issue in 1994-1995, the Intel Pentium Floating-Point Division Bug in 1994, the NASA Mars Polar Lander crash in 1999, and the Patriot Missile Defense System failure in 1991. It then covers testing definitions, principles, and the role of testing in the software development lifecycle through topics like requirements testing, ambiguity reviews, and change control tools. The goal of testing is to increase the probability that software will behave correctly under all circumstances by meeting requirements through systematic testing activities.
Enabling Automated Software Testing with Artificial IntelligenceLionel Briand
1. The document discusses using artificial intelligence techniques like machine learning and natural language processing to help automate software testing. It focuses on applying these techniques to testing advanced driver assistance systems.
2. A key challenge in software testing is scalability as the input spaces and code bases grow large and complex. Effective automation is needed to address this challenge. The document describes several industrial research projects applying AI to help automate testing of advanced driver assistance systems.
3. One project aims to develop an automated testing technique for emergency braking systems in cars using a physics-based simulation. The goal is to efficiently explore complex test scenarios and identify critical situations like failures to avoid collisions.
What is automation testing | David TzemachDavid Tzemach
What is Automation Testing?
What are the objectives of using automation tools?
What can we achieve using automation tools?
What Test Automation is not?
WHY MAY TESTING TEAMS REJECT THE IMPLEMENTATION OF AUTOMATED TESTS?
Common Types of Automated Testing Tools
Formal Method for Avionics Software VerificationAdaCore
This talk will give examples of Airbus use of Formal Methods to verify avionics software, and summarises the integration of Formal Methods in the upcoming ED-12/DO-178 issue C. Firstly, examples of verification based on theorem proving or abstract interpretation will show how Airbus has already taken advantage of the use of Formal Methods to verify avionics software. Secondly, we will show how Formal Method for verification has been introduced in the upcoming issue C of ED-12/DO-178.
System Testing of Timing Requirements based on Use Cases and Timed AutomataLionel Briand
The document describes a technique called TAUC that combines use case specifications and timed automata to automatically generate test cases for validating timing requirements of safety-critical systems. TAUC models the system functionality and environment as timed automata, identifies test inputs from use case scenarios to trigger state transitions, and employs a coverage-based and metaheuristic search approach to generate a test suite that stresses timing constraints. An evaluation on a case study shows TAUC achieves a 91% fault detection rate, significantly outperforming random and manual testing.
Analyzing Natural-Language Requirements: The Not-too-sexy and Yet Curiously D...Lionel Briand
The document discusses challenges in analyzing natural language requirements and how natural language processing (NLP) techniques can help address these challenges. It describes challenges faced by industry such as ensuring compliance with templates, handling domain knowledge, enabling traceability and change impact analysis, and configuring requirements. It then discusses approaches developed through collaborative research to help with template conformance checking, change impact analysis between requirements, and analyzing impact of changes from requirements to design. The approaches leverage NLP techniques such as text chunking, syntactic and semantic analysis. Evaluation with industrial partners found the approaches to be effective at analyzing hundreds of requirements with high accuracy and limiting unnecessary inspection effort during change.
This document discusses applying machine learning to product risk prediction at Sparebank1. It outlines the motivation, which is to exploit data collected during the software development lifecycle to build ML models that can predict product risk. The implementation involved extracting data from change management, defects, and incidents to create a labeled training dataset to train supervised ML classification and regression models. Lessons learned include the challenges of problem definition, data collection and pre-processing, and ensuring models are integrated into the current development process and allow for continuous learning. The goal is to demonstrate improved metrics for test effectiveness, mean time between incidents, and test productivity.
Top 5 pitfalls of software test automatiionekatechserv
Automating tests is important to detect and fix defects early in the development cycle, which can be 100 times cheaper than fixing bugs after release. Automated tests allow bugs to be spotted and fixed early. While automation provides benefits like reduced costs, there are pitfalls to avoid like relying solely on automation for all testing needs, requiring extensive coding, producing false positives, and attempting to replace human testers. Key is using automation to aid, not replace, testers in executing tests efficiently.
What activates a bug? A refinement of the Laprie terminology model.Peter Tröger
The document proposes refinements to the Laprie terminology model for describing software bugs. It introduces concepts of a fault model describing faulty code, a fault condition model describing enabling system states, and an error model describing states where faults are activated and may lead to failures. A failure automaton is presented with states for disabled, dormant, and active faults, as well as detected errors and outages. Events are defined for when fault conditions are fulfilled or no longer fulfilled, faulty code is executed, and failures occur. The refinement aims to separately consider investigated software layers and their environment in order to better describe what activates bugs.
This tutorial provides step by step guide on how to install XSTAMPP tool for safety engineering for software-intensive Systems and customise its configurations.
This tutorial provides you a step-by-step guide on how to create and manage your STPA safety analysis project in XSTAMPP tool support, edit the STPA project data, export it in different formats, save and delete.
www.xstampp.de
This document outlines the dissertation of Naomi M. Mangatu titled "Beyond the Glass Ceiling: A Phenomenological Study of Women Managers in the Kenyan Banking Industry." The study explores the lived experiences of 24 women managers in Kenyan banks to understand factors contributing to or hindering their advancement to CEO positions. It uses a qualitative phenomenological research method and the van Kaam 7-step process for data analysis. The findings reveal that while women have made progress in their careers, few break through the glass ceiling to attain top leadership roles in Kenyan banks due to social pressures, cultural norms, and expectations that suppress women's advancement.
The document summarizes research being conducted on incorporating pile setup into pile design using Load and Resistance Factor Design (LRFD). The research aims to identify conditions where pile setup may be used, determine the reliability of pile setup prediction methods, and establish resistance factors. Field data on pile setup is presented from a bridge project in Louisiana. Methods for predicting pile setup are described, including empirical equations and static capacity methods using Cone Penetration Test data. Software tools for pile capacity analysis incorporating pile setup are identified.
Dissertation defense includes presenting your ideas, explaining your choices and decisions, and laying out the rationale behind your selection and research methods.
This document discusses the application of geographic information systems (GIS) techniques to exploration and production (E&P) data management and subsurface interpretation. It covers how GIS provides tools for data organization, visualization, querying, editing, spatial analysis, geoprocessing, and prediction. These capabilities allow GIS to be used across various stages of the E&P lifecycle including exploration, drilling, production, refining, transmission, and data management. The document concludes that using GIS in the oil and gas industry enables better decision making, cost savings and efficiency gains, and improved communication.
Kato Mivule - Towards Agent-based Data Privacy EngineeringKato Mivule
Kato Mivule from Bowie State University presented a paper on developing an agent-based framework called SIED for data privacy engineering. SIED consists of four phases - Specification, Implementation, Evaluation, and Dissemination. Mivule proposed that intelligent agents could autonomously implement the different phases of the data privacy engineering process. Experimental results were shown applying differential privacy as a data anonymization technique on the Iris dataset and evaluating the impact on data utility for machine learning classification. The paper concluded that more research is needed on agent-based solutions for the complex problem of data privacy engineering.
The document summarizes a Ph.D. dissertation defense about stellar variability. It discusses monitoring the variability of young stars in the Rho Ophiuchi molecular cloud over 2.5 years, identifying over 100 variable stars. It also details spatially resolving cool starspots on the surface of the star Lambda Andromedae using long baseline optical interferometry over multiple observing seasons, finding rotation periods that match photometric variability. The dissertation characterized variability timescales and mechanisms for young stars and provided direct evidence of stellar spots.
A PhD in nursing allows one to advance the field of nursing science through original research. A typical PhD nursing program takes 4-6 years and includes coursework, a research practicum, and a dissertation involving collecting or analyzing original data to answer a new research question. Obtaining a PhD allows nurses to develop the scientific foundation of the discipline, educate future nurses, and improve patient care through applying research findings to clinical practice.
The document summarizes the reserve estimation of the Titas gas field in Bangladesh using different methods. It describes the location and geology of the field and outlines the objectives to estimate gas initially in place, recoverable reserves, and recovery factor using volumetric, conventional material balance, and flowing gas material balance methods. The results show that the gas initially in place ranges from 6.2 to 11.3 trillion cubic feet depending on the method. The recoverable reserves and recovery factors are also estimated and compared for the different reservoir sands.
Different Tools to Detect and Monitor Oil Spills Aerial Observation Tech.A.Tuğsan İşiaçık Çolak
Remote sensing techniques can be used to monitor oil pollution from ships. Aerial observation and satellite imagery are effective tools to detect and monitor oil spills. Aerial observation uses tools like side-looking airborne radar, laser fluorosensors, infrared and ultraviolet sensors to locate oil slicks and map pollution from the air. Satellite synthetic aperture radar and optical sensors can also detect and monitor oil spills from space over large ocean areas. These remote sensing methods are useful for responding to accidents and illegal pollution from ships.
Dokumen tersebut membahas konsep dan fungsi bisnis serta elemen-elemen pentingnya seperti modal, sumber daya manusia, produksi, dan distribusi. Bisnis didefinisikan sebagai kegiatan yang memproduksi barang dan jasa untuk memenuhi kebutuhan masyarakat dan mendapatkan keuntungan."
This document proposes a method for automatically detecting compound structures from multiple hierarchical segmentations of remote sensing images. Compound structures contain spatial arrangements of primitive objects like buildings, trees, and roads. The method models compound structures as probabilistic region processes and learns their appearance and spatial models from training data. Candidate regions are extracted from hierarchical segmentations, and a constrained region selection framework is used to detect compound structure instances by selecting coherent subsets of regions that satisfy constraints. Approximate inference is performed using Markov chain Monte Carlo sampling or quadratic programming under constraints.
This document discusses audience profiles and target demographics for three movies: Iron Man 3, The Lego Movie, and Love Actually. It then provides definitions and examples for theory-audience, hypodermic needle, uses and gratifications, and consumer generated content concepts related to media studies.
Automating safety engineering with model based techniquesJuha-Pekka Tolvanen
Fault Trees and Failure Models and Effects Analyses are well known methods in safety and reliability engineering. Their use, however, requires a considerable amount of work, in particular when the system evolves and grows. We describe an approach that automates parts of safety design flow. First, existing architecture models can be translated to dependability and error models. Safety engineers can then adapt the models for various safety cases and finally run analysis calling a suitable tool. We demonstrate the approach within automotive domain: System is specified with domain-specific languages and the created models are translated to analysis tools. This approach provides several benefits. It helps to ensure that safety analysis is done for the intended/designed architecture. It also makes safety analysis faster as it is partly automated, reduces error-prone routine work and makes safety analysis easier to use and accessible.
The document describes a seminar on software for embedded safety critical systems held in Toulouse, France in January 2014. The seminar included 10 sessions covering various topics related to software in safety critical domains such as aeronautics, automotive, space, etc. The sessions addressed issues like software assurance levels, standards, development processes, verification, and new technologies. Experts from companies like Airbus, Continental, and ONERA presented on topics specific to their domains. The seminar aimed to discuss challenges in developing software for critical systems and recognize best practices defined in international standards.
Risk-based design aims to reduce risks of major accidents during a project's lifecycle. It identifies safety critical elements and sets performance standards for managing them. ADEPP is a tool that facilitates this process. It uses risk analysis to identify safety critical systems. Performance standards are set online and critical tasks are assigned and tracked for managing safety critical elements throughout the different project phases. The ADEPP monitor provides secure online monitoring and communication between stakeholders.
Risk-based design aims to reduce risks of major accidents during a project's lifecycle. It identifies safety critical elements and sets performance standards for managing them. The ADEPP method uses tools like hazard analysis, consequence modeling, and an online monitoring system to systematically identify safety critical systems, determine appropriate performance standards, and track actions over a project's lifecycle to maintain risk reduction.
Software safety in embedded systems & software safety why, what, and how bdemchak
This document discusses software safety in embedded systems. It defines key terms related to system safety like accident, hazard, risk, and failure. It explains that introducing computers into safety-critical systems like nuclear power plants introduced new challenges due to software complexity. The document outlines approaches to system safety engineering including hazard analysis techniques like fault tree analysis and modeling methods like real-time logic. It discusses safety verification and validation methods and principles of designing systems to intrinsically minimize hazards.
The client is a leading security technology company that develops an anti-malware product (AMR) to protect against malware and rootkits. With over 1600 manual test cases across operating systems, regression testing was challenging. The client sought to automate testing and create a reusable framework. iFocus Systec developed a Perl-based framework using Selenium for browser tests and AutoIT for GUI tests. This automated over 70% of test cases and reduced test cycles by 55%, providing a maintainable and reusable solution.
An Application-Oriented Approach for Computer Security EducationXiao Qin
In the past few years, numerous universities have incorporated computer security courses into their
undergraduate curricula. Recent studies show that students can effectively gain their knowledge and
experience in building secure computer systems by conducting course projects. However, existing
computer security laboratory exercises are comprised of small-scale, fragmented, and isolated course projects, making it inadequate to prepare undergraduate students to implement real-world secure computing systems. Conventional wisdom in designing computer security course projects pays little
attention to train students to assemble small building blocks into a large-scale secure computing and information system. To overcome students’ lack of experience in implementing large-scale secure software, we propose a novel application-oriented approach to teaching computer security courses by constructing course projects for computer security education. In this pilot project we will develop an extensible application framework for computer security course projects. The framework will provide valuable learning materials that can enable undergraduate students to gain unique experience of building large-scale trustworthy computer systems. Course projects are implemented as plugin modules of an application-based framework. After integrating all the security modules together in the framework, undergraduate students can experiment with various ways of implementing sophisticated
secure computer and information systems.
The document discusses approaches to building secure web applications, including establishing software security processes and maturity levels. It covers security activities like threat modeling, defining security requirements, secure coding standards, security testing, and metrics. Business cases for software security focus on reducing costs of vulnerabilities, threats to web apps, and root causes being application vulnerabilities and design flaws.
This presentation talks about the focus towards building security in the software development life cycle and covers details related to Reconnaissance, Scanning and Attack based test design and execution approach.
Product Engineering teams have started to realize the importance of software security. This has resulted in the trend where teams are taking efforts to include it as part of their software development life cycle; as opposed to treating it as another item in their checklist prior to release. However, the real challenge is in trying to find the balance between agility and quality which is where many team find this an uphill task.
While there is no golden standard when it comes to implementing software security, product teams should focus on bringing about systematic and cultural practices within their teams. This should help them to bring about the required efficiency to enable software security as a market differentiator.
This slide-deck on Software Security Initiative focuses on translating a plan of action into sustainable activities as part of the secure software development life cycle that can be adopted by engineering teams. The slides will delve deep into aspects like identifying and designing security checkpoints in the SDLC alongside concepts such as Threat Modelling in Agile, AppSec Toolchain and Security Regressions.
This was presented as a we45 Webinar on April 12, 2018
A method for detecting abnormal program behavior on embedded devicesRaja Ram
The document presents a method for detecting abnormal program behavior on embedded devices using a self-organizing map (SOM) approach. It extracts features from the processor's program counter and cycles per instruction, and uses these features to train an unsupervised SOM to classify program behavior. Testing on an ARM Cortex-M3 processor showed the method can identify unknown program behaviors not in the training set with over 98.4% accuracy.
Case-Based Reasoning for the Evaluation of Safety Critical Software. Applicat...IJERDJOURNAL
ABSTRACT: The purpose of the work described in this paper is to improve the assessment of the safety analyses for railway transport systems in France. The modes of reasoning which are used in the context of safety analysis and the very nature of knowledge about safety mean that a conventional computing solution is unsuitable and the utilization of artificial intelligence techniques would seem to be more appropriate. The approach which was adopted in order to design and implement an assistance tool for safety analysis involved the following two main activities: – Extracting, formalizing and storing hazardous situations to produce a library of standard cases which covers the entire problem. This process entailed the use of knowledge acquisition techniques; – Exploiting the stored historical knowledge in order to develop safety analysis know-how which can assist experts to judge the thoroughness of the manufacturer’s suggested safety analysis. This second activity involves the use of machine learning techniques in particular the use of Case-Based Reasoning. This paper presents a mock-up of a tool for storing and assessing Software Error Effect Analysis (SEEA) for the safety of automatic devices of terrestrial guided transport system. The purpose of our work is to exploit historical SEEA, which have already been carried out on approved safety-critical software, in order to assess SEEA of new software.
This document summarizes a presentation about Leoni Wiring Systems and application security. It discusses Leoni's history and global expansion. It also covers secure software development practices, including introducing security early and conducting threat analysis. Security testing goals and methods like threat modeling are explained. Finally, it provides examples of secure computing concepts and a use case for a Sophos tool to track unmanaged machines. The overall document aims to discuss best practices for application security.
A Case Study Injecting Safety-Critical Thinking Into Graduate Software Engin...Arlene Smith
- The document describes a graduate software engineering course where student teams developed projects using drones and sensors while incorporating safety considerations.
- The projects aimed to represent "light-weight" safety applications and exposed students to basic safety practices like risk identification and mitigation.
- Student feedback indicated that the safety-critical nature of the projects added realism and forced consideration of user safety, though some aspects like programming drones could have been explained better.
Systems architecture with the functional safety/security emphasisAlan Tatourian
Systems Architecture with the Functional Safety-Security emphasis
I was asked to give a talk on the unification of Functional Safety (FuSa) and Security for which I replied that two disciplines cannot be viewed separately from Systems Engineering. Instead of talking about safety/security interop, I explained how to build complex systems and how these systems fail. Only when you understand that we do not know how to build absolutely reliable systems and that eventually anything you create fails, you can understand how to add reliability and security mechanisms to your solutions. The summary of the presentation is:
Envision how your solution will be operated
Design for maintainability
Add safety concept
Add security mechanisms
Build for failure
Information hiding based on optimization technique for Encrypted ImagesIRJET Journal
This document summarizes a research paper on reversible data hiding in encrypted images using an optimization technique. The paper proposes an algorithm that first identifies the area of interest in an encrypted image and then uses a Bat Algorithm to find noisy pixel coordinates for embedding text data. Any remaining data is embedded in the image border areas. The research aims to securely protect embedded data against attacks while maintaining efficiency. It discusses related work on separable reversible data hiding techniques and the need for reversible data hiding in encrypted images to maintain confidentiality while allowing lossless image recovery.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Similar to Asim abdulkhaleq final phd dissertation defense (20)
This presentation by OECD, OECD Secretariat, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
This presentation by Professor Giuseppe Colangelo, Jean Monnet Professor of European Innovation Policy, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by Juraj Čorba, Chair of OECD Working Party on Artificial Intelligence Governance (AIGO), was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
This presentation by Professor Alex Robson, Deputy Chair of Australia’s Productivity Commission, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
This presentation by Yong Lim, Professor of Economic Law at Seoul National University School of Law, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...Suzanne Lagerweij
This is a workshop about communication and collaboration. We will experience how we can analyze the reasons for resistance to change (exercise 1) and practice how to improve our conversation style and be more in control and effective in the way we communicate (exercise 2).
This session will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
Abstract:
Let’s talk about powerful conversations! We all know how to lead a constructive conversation, right? Then why is it so difficult to have those conversations with people at work, especially those in powerful positions that show resistance to change?
Learning to control and direct conversations takes understanding and practice.
We can combine our innate empathy with our analytical skills to gain a deeper understanding of complex situations at work. Join this session to learn how to prepare for difficult conversations and how to improve our agile conversations in order to be more influential without power. We will use Dave Gray’s Empathy Mapping, Argyris’ Ladder of Inference and The Four Rs from Agile Conversations (Squirrel and Fredrick).
In the session you will experience how preparing and reflecting on your conversation can help you be more influential at work. You will learn how to communicate more effectively with the people needed to achieve positive change. You will leave with a self-revised version of a difficult conversation and a practical model to use when you get back to work.
Come learn more on how to become a real influencer!
XP 2024 presentation: A New Look to Leadershipsamililja
Presentation slides from XP2024 conference, Bolzano IT. The slides describe a new view to leadership and combines it with anthro-complexity (aka cynefin).
This presentation by OECD, OECD Secretariat, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Carrer goals.pptx and their importance in real lifeartemacademy2
Career goals serve as a roadmap for individuals, guiding them toward achieving long-term professional aspirations and personal fulfillment. Establishing clear career goals enables professionals to focus their efforts on developing specific skills, gaining relevant experience, and making strategic decisions that align with their desired career trajectory. By setting both short-term and long-term objectives, individuals can systematically track their progress, make necessary adjustments, and stay motivated. Short-term goals often include acquiring new qualifications, mastering particular competencies, or securing a specific role, while long-term goals might encompass reaching executive positions, becoming industry experts, or launching entrepreneurial ventures.
Moreover, having well-defined career goals fosters a sense of purpose and direction, enhancing job satisfaction and overall productivity. It encourages continuous learning and adaptation, as professionals remain attuned to industry trends and evolving job market demands. Career goals also facilitate better time management and resource allocation, as individuals prioritize tasks and opportunities that advance their professional growth. In addition, articulating career goals can aid in networking and mentorship, as it allows individuals to communicate their aspirations clearly to potential mentors, colleagues, and employers, thereby opening doors to valuable guidance and support. Ultimately, career goals are integral to personal and professional development, driving individuals toward sustained success and fulfillment in their chosen fields.
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfBen Linders
Psychological safety in teams is important; team members must feel safe and able to communicate and collaborate effectively to deliver value. It’s also necessary to build long-lasting teams since things will happen and relationships will be strained.
But, how safe is a team? How can we determine if there are any factors that make the team unsafe or have an impact on the team’s culture?
In this mini-workshop, we’ll play games for psychological safety and team culture utilizing a deck of coaching cards, The Psychological Safety Cards. We will learn how to use gamification to gain a better understanding of what’s going on in teams. Individuals share what they have learned from working in teams, what has impacted the team’s safety and culture, and what has led to positive change.
Different game formats will be played in groups in parallel. Examples are an ice-breaker to get people talking about psychological safety, a constellation where people take positions about aspects of psychological safety in their team or organization, and collaborative card games where people work together to create an environment that fosters psychological safety.
This presentation by Nathaniel Lane, Associate Professor in Economics at Oxford University, was made during the discussion “Pro-competitive Industrial Policy” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/pcip.
This presentation was uploaded with the author’s consent.
3. Agenda
v Motivation
v Introduction
Ø Problem Statement
Ø Research Objectives
Ø Contributions
v Background
Ø Safety Analysis Techniques
Ø Software Verification
v Proposed Approach
v Illustrative Example: Adaptive Cruise Control System with Stop-and-Go function
v Conclusion & Future Work
Agenda
3/30
6. Research Objectives
📌 To develop a safety engineering approach based on STPA which offers
seamless safety analysis and software verification activities to help
software and safety engineers in:
Ø deriving the appropriate software safety requirements
Ø formally verifying them, and
Ø generating safety-based test cases to recognize the associated software risks.
📌 To develop an open-source tool to support the proposed approach
Research
Objectives
6/30
8. Why STPA (System-Theoretic Process Analysis)?
v Limitations:
❌ They assume that accidents are caused by component failures (Reliability Theory).
❌ They are not adequate to address new accidents caused by component
interactions, software and human errors [Leveson 2011].
❌ Some of them do not provide any kind of system model.
1940
1950 1960 1970 1980 1990
FMEA FTA
HAZOP
ETA
[Leveson 2016]
v There are over 100 different hazard analysis approaches.
Traditional
Techniques
8/30
9. STPA Safety Analysis Approach
v STPA (System-Theoretic Process Analysis)
Ø Developed by Prof. Leveson at MIT, USA, 2004
Ø Built on STAMP (System-Theoretic Accident Model and Processes) model based on system
and control theory rather than reliability.
Ø Treats safety as dynamic control problem rather than component failure problem
Human/Automated
Controller
Actuators Sensors
Controlled Process
Control Actions
Measured
Variables
Process OutputsProcess Inputs
Disturbances
Feedback
Variables
Controlled
Variables
A generic control loop (Leveson 2011)
Monitored
Variables
Process
Model
Automated Controller
Control
Algorithm
Feedback
Variables Starting
Point
STPA/STAMP
9/30
10. STPA Approach Process
Safety Analysis
Report
Causal Scenarios
System specification
and design models
Input
Start
Develop Control
Structure
Diagram
Hierarchical Control
Structure Diagram
STPA Step 1:
Identify unsafe
control actions
STPA Step 2:
Identify how each
unsafe control
action could occur
Hierarchical Control Structure
with process model
System-Level Accidents,
related hazards, design
and safety constraints
Unsafe Control
Actions
Corresponding Safety
Constraints
Fundamentals
New/Refined Safety Constraints
ResultsSTPA Process
(Causal Factors)
STPA
Define Analysis
Scope
STPA Process
10/30
13. build
A System-Theoretic Safety Engineering Approach
The proposed approach can be applied during the development of a
new safe software or on an existing software in safety-critical system
Apply to software
at the system level
Safety Control
Structure Diagram
STPA Safety Analysis
Unsafe Software
Scenarios
Software Safety
Requirements
System Requirement
Specifications
System Design
Models
Software Implementation
(code)
Build Safe Software
Behavioral Model
Formal Verification
(model checker)
Testing Approach
State flow model
(Simulink)
Safety-based Test
Case Generation
Generate and
Execute Test-scripts
generate
generate test suites
formalize
generate
TraceabilityExecute
*Extract the verification
model directly from the
software code
STPA results
Software Safety Verification
1
23
4
Safety Verification
Report
Formal
Specifications
Abdulkhaleq, A., Wagner, S., Leveson, N. (2015) A Comprehensive Safety
Engineering Approach for Software-Intensive Systems Based on STPA, Procedia
Engineering, Volume 128, 2015, Pages 2-11, ISSN 1877-7058.
Proposed
Approach
13/30
14. u System-Level Hazards:
H-1: ACC software does not maintain safe
distance from front vehicle [AC-1].
u System-Level Accidents:
AC-1: ACC vehicle collides with target
vehicle.
ACC Software Simulator
We develop a software simulator of ACC
How to derive the safety requirements of ACC
software controller at the system level and
generate the safety-based test cases?
Adaptive Cruise Control System (ACC): is a well-known automotive system which has
strong safety requirements. ACC adapts the vehicle’s speed to traffic environment based
on a long range forward-radar sensor which is attached to the front of a vehicle.
ACC Vehicle Target Vehicle
14/30
Illustrative
Example
16. Unsafe Control Actions
Providing or not Providing a control action causes a hazard
Control
Actions
Not Providing causes
hazards
Providing causes hazards Wrong timing or order
causes hazards
Stopped too
soon or applied
too long
Accelerate The ACC software does
not accelerate the
speed when the robot
vehicle ahead is so far in
the lane.
[Not hazardous]
UCA1.1: The ACC software
accelerates the speed of the
robotic vehicle when the
robotic vehicle ahead is too
close [H-1] [H-2]
UCA1.2. The ACC
software accelerates
the speed before the
robot vehicle ahead
starts to move again
[H-1] [H-2].
N/A
Corresponding safety constraints:
SC1.1: The ACC software must not provide the acceleration signal when the
robotic vehicle ahead is too close.
Translate each hazardous item
ACC Stop-and-Go Function
Software Controller
Accelerate
Decelerate
FullyStop
Motor 1 Motor 2
Actuators
Unsafe Control
Actions Table
16/30
17. Process Model & Variables
A model required to determine the environmental & system variables that
affect the safety of the control actions.
Operator
Actuators
Speed sensor
Accelerate
Decelerate
FullyStop
currentspeed
frontdistance
desiredspeed
Ultrasonic
sensor
speed
Motor 1 Motor 2
Controlled Process
Process OutputsProcess Inputs
Motor forces
ACC Stop-and-Go Function Software Controller
safedistanceOn/Off
Disturbances
currentspeed
= 0
> minSpeed
== desiredspeed
> desiredspeed
< desiredspeed
Process Model
ACCMode
Standby
Resume
Cruise
Follow
Stop
timeGap
= 0
<= (deltaX +safetyTimeGap)
> (deltaX + safetyTimeGap)
> safetyTimeGap
< safetyTimeGap
frontdistance
<= 0
> 0
Power
ACCOff
ACCOn
17/30
Process Model
18. UCA 1.1: The ACC software accelerates the speed of the robotic
vehicle when the robotic vehicle ahead is too close [H-1] [H-2]
Generating the Unsafe Control Actions (UCA)
Extended Approach to STPA: Identify unsafe control actions in the STPA Step 1
based on the combination of process model variables (Dr. John Thomas, MIT).
Control Actions Process Model Variables Hazardous?
(any time, too
early, too late)Accelerate currentspeed timeGap ACCMode
>mindspeed <△ TimeGap + safeTimeGap follow No
<=desiredspeed TimeGap=0 follow Yes (H1, H2)
Refined UCA 1.1 : The ACC software controller provided an acceleration signal when
the current speed is less or equal to the desired speed, time gap is equal to 0 and the
ACC system in follow mode.
Refined Safety Constraint RSC1.1 : The ACC software controller must not provide an
acceleration signal when the current speed is less or equal to the desired speed, time
gap is equal to 0 and the ACC system in follow mode.
Automatically generate corresponding safety constraints
Automatically generate unsafe control actions
Context Table
18/30
19. Causal Factors & Scenarios
How each unsafe control action could occurs in the system
UCA 1.1: The ACC software accelerates the speed of the robotic
vehicle when the robotic vehicle ahead is too close [H-1] [H-2]
Actuators
Speed sensor
Accelerate
Decelerate
FullyStop
currentspeed
frontdistance
desiredspeed
Ultrasonic
sensor
speed
Motor 1 Motor 2
Controlled Process
Process OutputsProcess Inputs
Motor forces
ACC Stop-and-Go Function Software Controller
safedistanceOn/Off
Disturbances
currentspeed
= 0
> minSpeed
== desiredspeed
> desiredspeed
< desiredspeed
Process Model
ACCMode
Standby
Resume
Cruise
Follow
Stop
timeGap
= 0
<= (deltaX +safetyTimeGap)
> (deltaX + safetyTimeGap)
> safetyTimeGap
< safetyTimeGap
frontdistance
<= 0
> 0
Power
ACCOff
ACCOn
1. Unsafe Inputs
from Higher Levels
2. Unsafe Algorithm
3. Incorrect Process
Implementation
4. Incorrect -
Process Models
5. Feedback
Wrong or Missing
STPA Step 2
19/30
20. Fundamentals
Analysis
Accident: AC-1 : ACC vehicle collides with front vehicle while ACC status is active.
Hazards: H-1: ACC software does not maintain safe distance from front vehicle.
H-2: An unintended acceleration when the vehicle in front is too close.
STPA Step 1 Unsafe Control Action UCA 1.1: The ACC software accelerates the speed of the
robotic vehicle when the robotic vehicle ahead is too close [H-1, H-2]
Refined Unsafe Control Action RUCA 1.1: The ACC software provided an
acceleration signal when the current speed is less or equal to the desired speed,
time gap is equal to 0 and the ACC system in follow mode.
STPA Step 2
(wrong feedback
/input)
Causal Scenarios Safety Constraints
S.1. The speed sensor provides a false
value to ACC software while the
vehicle ahead is too close.
SC1.1. The ACC software shall be able to
recognize the false values which are
received from the speed sensor.
S.2. The radar sensor provides an
incorrect (out of range) front distance
value to the ACC software that allows
the vehicle to get too close to the
vehicle ahead.
SC1.2. The ACC software shall be able to
recognize the out of range values of the
front distance.
Causal Factors & Scenarios Table
How each unsafe control action could occurs in the system?
Causal Factors
Table
20/30
22. Formalisation of STPA Results
Linear Temporal Logic (LTL) is a popular formalism for the
specification and verification of concurrent and reactive systems.
Ø Rule 1: When CS occur in the execution path, the software must not (!) provide CA.
Then, LTL formula can be expressed as: LTL = G ( CS → ! CA).
Providing or not providing a control action (CA) is based on the occurrence of the set of
values of process model variables and higher inputs (CS).
Abdulkhaleq, A., Wagner, S. (2015) Integrated Safety Analysis Using Systems-Theoretic Process Analysis and Software Model Checking. In
Computer Safety, Reliability, and Security (Safecomp conference), Lecture Notes in Computer Science, 2015
E.g. The ACC software must not provide an acceleration signal when
the current speed is less or equal to the desired speed, time gap is
equal to 0 and the ACC system in follow mode.
LTL= G (((currentspeed <= desiredspeed) & (timeGap=0) & (ACCMode=follow)) →
! (CA=Accelerate))
Informal
Formal
LTL Formulae
22/30
24. build
Generating Safety-based Test Cases
Apply to software
at the system level
Safety Control
Structure Diagram
STPA Safety Analysis
Unsafe Software
Scenarios
Software Safety
Requirements
System Requirement
Specifications
System Design
Models
Software Implementation
(code)
Build Safe Software
Behavioral Model
Formal Verification
(model checker)
Testing Approach
State flow model
(Simulink)
Safety-based Test
Case Generation
Generate and
Execute Test-scripts
generate
generate test suites
formalize
generate
TraceabilityExecute
*Extract the verification
model directly from the
software code
STPA results
Software Safety Verification
1
23
4
Safety Verification
Report
Formal
Specifications
Abdulkhaleq, A., Wagner, S., Leveson, N. (2015) A Comprehensive Safety
Engineering Approach for Software-Intensive Systems Based on STPA, Procedia
Engineering, Volume 128, 2015, Pages 2-11, ISSN 1877-7058.
Proposed
Approach
24/30
25. Safety-based Test Case Generation Algorithm
We develop an algorithm on how to generate test cases from the STPA results:
Algorithm:
Abdulkhaleq, A., Wagner, S. (2016) A Systematic and Semi-Automatic Safety-based Test Case Generation Approach Based
on Systems-Theoretic Process Analysis. Submitted to ACM Transactions on Software Engineering and Methodology Journal.
Safe Behavioral
Model
Verify
?
Safety-based Test
Cases
traverse
not satisfied
satisfied
modify
export
LTL formulae STPA
Results
Traceability
matrix
transform
check
SMV Model
Safe Test Model
model
Generating Safety-based Test Cases
1 Modelling STPA Results
2 Transforming into a Formal Model
3 Checking Correctness with Model Checker
4 Generating Runnable Safe Test Model
5
Test case sheet
transform
Safety-based
Test Cases
25/30
26. SC1.2: The ACC software must provide an acceleration signal when the
current speed is less than the desired speed, front distance is greater
than safe distance and the ACC system in resume mode.
Safety-based Test Cases
Apply search-based test case generation algorithm to generate safety-
based test cases from the safe test model
Test Suite ID 2
Test Case ID 2
Related STPA SCs SC1.1, SC1.2
Preconditions desiredspeed=45.0
frontdistance=120.32
currentspeed=44.0
timeGap=1.65
ACCMode=Resume
Control Action Accelerate
Post conditions
(Expected Results)
currentspeed=45.0
ACCMode=Cruise
Safety-based
Test Cases
26/30
27. SC1.2: The ACC software must provide an acceleration signal when the
current speed is less than the desired speed, front distance is greater
than safe distance and the ACC system in resume mode.
Safety-based Test Cases
Apply search-based test case generation algorithm to generate safety-
based test cases from the safe test model
Safety-based
Test Cases
26/30