Julien Delange scite author profile

Safety-Critical systems, as used in the automotive, avionics, or aerospace domains, are becoming increasingly software-reliant to the extent that the system cannot function without the software. On one hand the software system provides an integrated set of functionality to operate the system and manage failure and unsafe conditions. Current best safety engineering practices, such as DO178B/C or SAE ARP4761, are labor intensive and are only performed as part of the system engineering process. At the same time increased interaction complexity of the embedded software with the hardware platform and mechanical system has resulted in the software to be a major source of defects with potentially fatal consequences.To address these issues, the SAE Architecture Analysis & Design Language (AADL) standard has been extended with an Error Model Annex to support architecture fault modeling and automated safety analysis. In this paper we introduce the concepts of the revised Error Model (EMV2) Annex and a fault propagation ontology to support such architecture fault models at three levels of abstraction focusing on fault propagation, failure behavior of individual components, and composite failure behavior of a system in terms of its components. Such specifications reflect fault tolerance strategies assumptions made by fault impact, fault tree and reliability analysis about the safety system component. We illustrate their use on a dual redundant flight guidance system and discuss the automation of different safety analysis methods in use by the SAE ARP4761, emphasizing on automation benefits.

show abstract

Validate, simulate, and implement ARINC653 systems using the AADL

Delange

Pautet

Plantec

et al. 2009

View full text Add to dashboard Cite

Safety-critical systems are widely used in different domains and lead to an increasing complexity. Such systems rely on specific services such space and time isolation as in the ARINC653 avionics standard. Their criticality requires a carefully driven design based on an appropriate development process and dedicated tools to detect and avoid problems as early as possible.Model Driven Engineering (MDE) approaches are now considered as valuable approach for building safety-critical systems. The Architecture Analysis and Design Language (AADL) proposes a component-based language suitable to operate MDE that fits with safety-critical systems needs. This paper presents an approach for the modeling, verification and implementation of ARINC653 systems using AADL. It details a modeling approach exploiting the new features of AADL version 2 for the design of ARINC653 architectures. It also proposes modeling patterns to represent other safety mechanisms such as the use of Ravenscar for critical applications. This approach is fully backed by tools with Ocarina (AADL toolsuite), POK (AADL/AR-INC653 runtime) and Cheddar (scheduling verification). Thus, it assists system engineers to simulate and validate non functional requirements such as scheduling or resources dimensioning.

show abstract

TASTE: A Real-Time Software Engineering Tool-Chain Overview, Status, and Future

Perrotin

Conquet

Delange

et al. 2011

View full text Add to dashboard Cite

Validating Safety and Security Requirements for Partitioned Architectures

Delange

Pautet

Feiler

2009

View full text Add to dashboard Cite

Automated Fault Tree Analysis from AADL Models

Feiler

Delange

2017

Ada Lett.

View full text Add to dashboard Cite

Cyber-physical systems, used in domains such as avionics or medical devices, perform critical functions where a fault might have catastrophic consequences (mission failure, severe injuries, etc.). Their development is guided by rigorous practice standards that prescribe safety analysis methods in order to verify that failure have been correctly evaluated and/or mitigated. This laborintensive practice typically focuses system safety analysis on system engineering activities. As reliance on software for system operation grows, embedded software systems have become a major source of hazard contributors. Studies show that late discovery of errors in embedded software system have resulted in costly rework, making up as much as 50% of the total software system cost. Automation of the safety analysis process is key to extending safety analysis to the software system and to accommodate system evolution. In this paper we discuss three elements that are key to safety analysis automation in the context of fault tree analysis (FTA). First, generation of fault trees from annotated architecture models consistently reflects architecture changes in safety analysis results. Second, use of a taxonomy of failure effects ensures coverage of potential hazard contributors is achieved. Third, common cause failures are identified based on architecture information and reflected appropriately in probabilistic fault tree analysis. The approach utilizes the SAE Architecture Analysis & Design Language (AADL) standard and the recently published revised Error Model Annex V2 (EMV2) standard to represent annotated architecture models of systems and embedded software systems. The approach takes into account error sources specified with an EMV2 error propagation type taxonomy and occurrence probabilities as well as direct and indirect propagation paths between system components identified in the architecture model to generate a fault graph and apply transformations into a fault tree representation to support common mode analysis, cut set determination and probabilistic analysis.

show abstract

An MDE-Based Process for the Design, Implementation and Validation of Safety-Critical Systems

Delange

Pautet

Hugues

et al. 2010

View full text Add to dashboard Cite

Distributed Real-Time Embedded (DRE) systems have critical requirements that need to be verified. They are either related to functional (e.g. stability of a furnace controller) or non-functional (e.g. meeting deadlines) aspects.Model-Driven Engineering (MDE) tools have emerged to ease DRE systems design. These tools are also capable of generating code. However, these tools either focus on the functional aspects or on the runtime architecture. Hence, the development cycle is partitioned into pieces with heterogeneous modeling notations and poor coordination.In this paper, we propose a MDE-based process to create DRE systems without manual coding. We show how to integrate functional and architecture concerns in a unified process. We use industry-proven modeling languages to design functional elements of the system, and automatically integrate them using our AADL toolchain.

show abstract

AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment

Delange¹,

Feiler²,

Gluch³

et al. 2014

View full text Add to dashboard Cite

show abstract

Design, implementation and verification of MILS systems

2012

View full text Add to dashboard Cite

SUMMARY Safety‐critical systems are used in many domains (military, avionics, aerospace, etc.) and handle critical data in hostile environments. To prevent data access by unauthorized subjects, they must protect and isolate information so that only allowed entities can read or write information. However, because of their increased number of functionalities, safety‐critical systems design becomes more complex; this increases difficulties in the design and the verification of security functions and potential error in their implementation. The multiple independent levels of security (MILS) approach introduces rules and guidelines for the design of secure systems. It isolates data according to their security levels, reducing system complexity to ease development. However, there is no approach addressing the whole development of MILS systems from high‐level specification (application components with their security levels) to the final implementation (code that executes application functions and provide security mechanisms). This paper presents a complete development approach for the design, verification and implementation of MILS architectures. It aims at providing a complete framework to build secure applications based on MILS guidelines. We describe security concerns using a modeling language, verify security requirements and automatically implement the system code generation techniques and a MILS‐compliant operating system that provides security functions. Copyright © 2012 John Wiley & Sons, Ltd.

show abstract

12 3 4

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Julien Delange

Architecture Fault Modeling with the AADL Error-Model Annex

Validate, simulate, and implement ARINC653 systems using the AADL

TASTE: A Real-Time Software Engineering Tool-Chain Overview, Status, and Future

Validating Safety and Security Requirements for Partitioned Architectures

Automated Fault Tree Analysis from AADL Models

An MDE-Based Process for the Design, Implementation and Validation of Safety-Critical Systems

AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment

Design, implementation and verification of MILS systems

Contact Info

Product

Resources

About