Using Hazard Analysis STAMP/STPA in Developing Model-Oriented Formal Specification toward Reliable Cloud Service

Hata, Akinori; Araki, Keijiro; Kusakabe, Shigeru; Omori, Yoichi; Lin, Hsin-Hung

doi:10.1109/platcon.2015.14

Cited by 7 publications

(4 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For verification, a behaviour model corresponding to the controller's behaviour and constrained by the STPA requirements is constructed, which can be verified against the formalised STPA requirements using model checking. Hata et al [27] formally model the critical constraints derived from STPA as pre and post conditions in VDM++. Thomas and Leveson [28] have also defined a formal syntax for hazardous control actions derived from STPA.…”

Section: Combining Formal Methods With Stpamentioning

confidence: 99%

Systematic Hierarchical Analysis of Requirements for Critical Systems

Fathabadi,

Snook,

Dghaym

et al. 2023

Preprint

View full text Add to dashboard Cite

Safety and security are key considerations in the design of critical systems. Requirements analysis methods rely on the expertise and experience of human intervention to make critical judgements. While human judgement is essential to an analysis method, it is also important to ensure a degree of formality so that we \textit{reason about} safety and security at early stages of analysis and design, rather than detect problems later. In this paper we present a hierarchical and incremental analysis process that aims to justify the design and flow-down of derived critical requirements arising from safety hazards and security vulnerabilities identified at the system level. The safety and security analysis at each level uses STPA-style action analysis to identify hazards and vulnerabilities. At each level, we verify that the design achieves the safety or security requirements by backing the analysis with formal modelling and proof using Event-B refinement. The formal model helps to identify hazards/vulnerabilities arising from the design and how they relate to the safety accidents/security losses being considered at this level. We then re-apply the same process to each component of the design in a hierarchical manner. Thus we use hazard and vulnerability analysis, together with refinement based formal modelling and verification, to drive the design, replacing the system level requirements with component requirements. In doing so, we decompose critical system-level requirements down to component-level requirements, transforming them from abstract system level requirements, towards concrete solutions that we can implement correctly so that the hazards/vulnerabilities are mitigated.

show abstract

Section: Combining Formal Methods With Stpamentioning

confidence: 99%

Systematic Hierarchical Analysis of Requirements for Critical Systems

Fathabadi,

Snook,

Dghaym

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…The STPA-derived safety requirements can be formalised and expressed using temporal logic. Hata et al [7] formally model the critical constraints derived from STPA as pre and post conditions in VDM++. Thomas and Leveson [16] have also defined a formal syntax for hazardous control actions derived from STPA.…”

Section: Related Workmentioning

confidence: 99%

Designing Critical Systems Using Hierarchical STPA and Event-B

Fathabadi

Snook

Dghaym

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In the design of critical systems, it is important to ensure a degree of formality so that we reason about safety and security at early stages of analysis and design, rather than detect problems later. Influenced by ideas from STPA we present a hierarchical analysis process that aims to justify the design and flow-down of derived critical requirements arising from safety hazards and security vulnerabilities identified at the system level. At each level, we verify that the design achieves the safety/security requirements by backing the analysis with formal modelling and proof using Event-B refinement. The formal model helps to identify hazards/vulnerabilities arising from the design and how they relate to the safety accidents/security losses being considered at this level. We then re-apply the same process to each component of the design in a hierarchical manner. Thus we use ideas from STPA, backed by Event-B models, to drive the design, replacing the system level requirements with component requirements. In doing so, we decompose critical requirements down to components, transforming them from abstract system level requirements, towards concrete solutions that we can implement correctly so that the hazards/vulnerabilities are eliminated.

show abstract

“…Moreover, STPA has also been used with other formal methods. Hata et al [22] formally modelled the constraints/requirements obtained from STPA as pre and post conditions in VDM++. Thomas and Leveson [23] described a formal syntax for unsafe control actions, which are recognised as a result of applying STPA.…”

Section: Conclusion and Related Workmentioning

confidence: 99%

A Rigorous Iterative Analysis Approach for Capturing the Safety Requirements of Self-Driving Vehicle Systems

Alotaibi

Hoang

Butler

2023

2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC)

View full text Add to dashboard Cite

This paper presents a methodology called Rigorous Analysis Template Process (RATP) for analysing the behaviours and interactions of multiple components in a Self-Driving Vehicle (SDV) to ensure its system safety, especially when a human driver is involved as a fallback option for handling hazardous events. RATP uses Systems-Theoretic Processes Analysis (STPA) and Event-B formal method to gradually identify safety requirements and build their rigours models. The output of RATP is a set of safety requirements that guide the development of a rigorous model to maintain the system safety against identified hazardous states at different levels of abstraction. The main advantage of RATP is to allow the behaviours of a system to be analysed from a high-abstraction layer to a more detailed concrete layer.

show abstract

Using Hazard Analysis STAMP/STPA in Developing Model-Oriented Formal Specification toward Reliable Cloud Service

Cited by 7 publications

References 1 publication

Systematic Hierarchical Analysis of Requirements for Critical Systems

Systematic Hierarchical Analysis of Requirements for Critical Systems

Designing Critical Systems Using Hierarchical STPA and Event-B

A Rigorous Iterative Analysis Approach for Capturing the Safety Requirements of Self-Driving Vehicle Systems

Contact Info

Product

Resources

About