Engineering of Runtime Safety Monitors for Cyber-Physical Systems with Digital Dependability Identities

Reich, Jan; Schneider, Daniel; Sorokos, Ioannis; Papadopoulos, Yiannis; Kelly, Tim; Wei, Ran; Armengaud, Eric; Kaypmaz, Cem

doi:10.1007/978-3-030-54549-9_1

Cited by 15 publications

(8 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…safety case) to provide justified belief in the safety of the system (e.g. [29]). Close to the latter, we instead refer to providing sufficient and appropriate evidence to support the safety claims of the system.…”

Section: Adsmentioning

confidence: 99%

“…As such, ConSerts provides a potential way of managing system degradations (related to challenge (C5)). Further, Digital Dependability Identities (DDIs) [27] have been proposed to formalise the information exchange within a systems of systems setup, and to support run-time certification in the context of systems of systems [28,29]. DDIs or ConSerts could, in practise, be used as a means to facilitate safety supervision, given formalisable properties of the system, while also accommodating for configurability and systems of systems facets.…”

Section: B Run-time Certificationmentioning

confidence: 99%

“…to cope with changes in the operational environment of autonomous systems and as a means to reduce the residual risk of operating the system through monitoring; • shifting portions of the assurance task from designtime to run-time, addressing (ii) and coping with (a) as well as (b), has been proposed as an effective means to maintain assurance of the system while allowing for improved performance. Supportive concepts including ConSerts [25,26], and Digital Dependability Identities (DDIs) [27,28,29]; and • Dynamic Safety Management (DSM) and Dynamic Risk Assessment (DRA), allowing the system to dynamically address (a) -(c) and support solving (i) and (ii), have been suggested as a means to allow the tactical decisions of the ADS to be made using appropriate runtime measures of risk [26,30,31].…”

mentioning

confidence: 99%

See 2 more Smart Citations

Holistic Perspectives on Safety of Automated Driving Systems - Methods for Provision of Evidence

Gyllenhammar¹,

Campos²,

Törngren³

2022

Preprint

View full text Add to dashboard Cite

<p>In recent years, the enormous investments in Automated Driving Systems (ADSs) have distinctly advanced ADS technologies. Despite promises made by several high profile auto-makers, it has however become clear that the challenges involved for deploying ADS have been drastically underestimated. This paper focuses on the challenge of providing sufficient evidence to support the safety claims of ADSs. The provisioning of such evidence clearly relates both to technical maturity of ADS systems (including actual experiences from deploying such systems), and on the development of methodologies for reasoning about ADS safety claims. Contrary to previous generations of automotive systems, common design, development, verification and validation methods for safety critical systems do not suffice to cope with the increased complexity and operational uncertainties of an ADS. Therefore, the aim of this paper is to provide an understanding of existing methods focusing on the development of a safe ADS and, most importantly, identifying the associated challenges and gaps. </p> <p>We present eight challenges, collectively distinguishing ADSs from safety critical systems in general, and discuss the existing methods in the light of these eight challenges. Based on this discussion, a set of research gaps are identified.</p>

show abstract

Section: Adsmentioning

confidence: 99%

Section: B Run-time Certificationmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Holistic Perspectives on Safety of Automated Driving Systems - Methods for Provision of Evidence

Gyllenhammar¹,

Campos²,

Törngren³

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…For the integration of individual DDIs into a System of System (SoS) in a semi-to full-automated way, the interfaces of the DDIs for different IP Protection Levels levels (White-, Grey, Black-Box) have to be formalized for this purpose, where in the fully automated Black-Box and Runtime-Case Conditional Safety Certificatess (Consertss) are used. These have a large overlap with the contract-based approach presented here, as they are based on a service-based system architecture model and assumption-guarantee approach [16].…”

Section: Related Workmentioning

confidence: 99%

Continuous Contract Based Verification of Updates in Maritime Shipboard Equipment

Hake

Hohl

Hahn

2021

JMSE

View full text Add to dashboard Cite

Modern control systems in the maritime domain are increasingly controlled by software systems and become subject to updates and configuration changes during operation. Moreover, with the shift to autonomous vessels and cars, these software-based systems are taking on more and more safety-critical tasks, so the risks associated with system failures are increasing. Unlike before, it becomes necessary to verify the continuously adapting modules of a vehicle not only before deployment, but to establish continuous verification capabilities during all phases of the product lifecycle, from the design to the system in operation. Hence, in case of an update, deviations from the expected behavior can be automatically detected and relevant measures can be initiated. In this work, a contract-based verification framework is presented that includes automatable and formally analyzable behavioral descriptors in form of assumption-guarantee contracts for all phases of the software lifecycle to provide static and dynamic verification capabilities alongside a dynamically changing system composition. By utilizing contractually defined behavior descriptions, classic test procedures, such as simulations, are supplemented by a formally testable level that is applied to all phases of the update process. A conceptual-deductive methodology was chosen, building on the identified requirements to develop an overarching update framework that adds contractual descriptions to the traditional development case. Based on the presented framework, the verifiable modification of a safety-critical software system is demonstrated. The approach is evaluated using a maritime collision-avoidance system and the verification steps are evaluated along the update process. The framework offers a novel approach to complement existing test procedures by enabling formal impact analysis and incremental verification of updates.

show abstract

“…Service-oriented component fault trees are used for property derivation for runtime monitors with safety in mind [18]. Runtime monitors focus on the faulttolerant qualities [11] over emphasizing property generation, whereas property generation is our primary focus.…”

Section: Introductionmentioning

confidence: 99%

STPA-driven Multilevel Runtime Monitoring for In-time Hazard Detection

Gautham¹,

Bakirtzis²,

Will³

et al. 2022

Preprint

View full text Add to dashboard Cite

Runtime verification or runtime monitoring equips safetycritical cyber-physical systems to augment design assurance measures and ensure operational safety and security. Cyber-physical systems have interaction failures, attack surfaces, and attack vectors resulting in unanticipated hazards and loss scenarios. These interaction failures pose challenges to runtime verification regarding monitoring specifications and monitoring placements for in-time detection of hazards. We develop a well-formed workflow model that connects system theoretic process analysis, commonly referred to as STPA, hazard causation information to lower-level runtime monitoring to detect hazards at the operational phase. Specifically, our model follows the DepDevOps paradigm to provide evidence and insights to runtime monitoring on what to monitor, where to monitor, and the monitoring context. We demonstrate and evaluate the value of multilevel monitors by injecting hazards on an autonomous emergency braking system model.

show abstract

Engineering of Runtime Safety Monitors for Cyber-Physical Systems with Digital Dependability Identities

Cited by 15 publications

References 10 publications

Holistic Perspectives on Safety of Automated Driving Systems - Methods for Provision of Evidence

Holistic Perspectives on Safety of Automated Driving Systems - Methods for Provision of Evidence

Continuous Contract Based Verification of Updates in Maritime Shipboard Equipment

STPA-driven Multilevel Runtime Monitoring for In-time Hazard Detection

Contact Info

Product

Resources

About