| 1. |
- Asplund, Fredrik, et al.
(författare)
-
Qualifying Software Tools, a Systems Approach
- 2012
-
Ingår i: Computer Safety, Reliability, and Security. - Berlin, Heidelberg : Springer Berlin/Heidelberg. ; , s. 340-351
-
Konferensbidrag (refereegranskat)abstract
- Modern safety standards designed to ensure safety in embedded system products often take a descriptive approach, focusing on describing appropriate requirements on management, processes, methods and environments during development. While the qualification of software tools has been included in several such standards, how to handle the safety implications of tools integrated into tool chains has been largely ignored. This problem is aggravated by an increase both in automation of tool integration and the size of development environments.In this paper we define nine safety goals for tool chains and suggest a qualification method that takes a systems approach on certifying software tools as parts of tool chains. With this method, software tools are developed and pre-qualified under the assumption that certain properties will be supported by the development environment they are to be deployed in. The proposed method is intended to (1) achieve a stronger focus on the relevant parts of tool chains in regard to safety and (2) separate the extra effort these parts imply from the effort already stipulated by safety standards.
|
|
| 2. |
- Asplund, Fredrik
(författare)
-
Risks Related to the Use of Software Tools when Developing Cyber-Physical Systems : A Critical Perspective on the Future of Developing Complex, Safety-Critical Systems
- 2014
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The increasing complexity and size of modern Cyber-Physical Systems (CPS) has led to a sharp decline in productivity among CPS designers. Requirements on safety aggravate this problem further, both by being difficult to ensure and due to their high importance to the public.Tools, or rather efforts to facilitate the automation of development processes, are a central ingredient in many of the proposed innovations to mitigate this problem. Even though the safety-related implications of introducing automation in development processes have not been extensively studied, it is known that automation has already had a large impact on operational systems. If tools are to play a part in mitigating the increase in safety-critical CPS complexity, then their actual impact on CPS development, and thereby the safety of the corresponding end products, must be sufficiently understood.An survey of relevant research fields, such as system safety, software engineering and tool integration, is provided to facilitate the discussion on safety-related implications of tool usage. Based on the identification of industrial safety standards as an important source of information and considering that the risks posed by separate tools have been given considerable attention in the transportation domain, several high-profile safety standards in this domain have been surveyed. According to the surveyed standards, automation should primarily be evaluated on its reliable execution of separate process steps independent of human operators. Automation that only supports the actions of operators during CPS development is viewed as relatively inconsequential.A conceptual model and a reference model have been created based on the surveyed research fields. The former defines the entities and relationships most relevant to safety-related risks associated with tool usage. The latter describes aspects of tool integration and how these relate to each other. By combining these models, a risk analysis could be performed and properties of tool chains which need to be ensured to mitigate risk identified. Ten such safety-related characteristics of tool chains are described.These safety-related characteristics provide a systematic way to narrow down what to look for with regard to tool usage and risk. The hypothesis that a large set of factors related to tool usage may introduce risk could thus be tested through an empirical study, which identified safety-related weaknesses in support environments tied both to high and low levels of automation. The conclusion is that a broader perspective, which includes more factors related to tool usage than those considered by the surveyed standards, will be needed.Three possible reasons to disregard such a broad perspective have been refuted, namely requirements on development processes enforced by the domain of CPS itself, certain characteristics of safety-critical CPS and the possibility to place trust in a proven, manual development process. After finding no strong reason to keep a narrow perspective on tool usage, arguments are put forward as to why the future evolution of support environments may actually increase the importance of such a broad perspective.Suggestions for how to update the mental models of the surveyed safety standards, and other standards like them, are put forward based on this identified need for a broader perspective.
|
|
| 3. |
- Asplund, Fredrik, et al.
(författare)
-
Safety-Guided Design through System-Theoretic Process Analysis, Benefits and Difficulties
- 2012
-
Ingår i: 30th International System Safety Conference Proceedings.
-
Konferensbidrag (refereegranskat)abstract
- Development environments for embedded systems are moving towards increased automation between Commercial Of The Shelf (COTS) engineering tools. While automation provides new opportunities for e.g. verification, it also to some extent decreases the possibility of identifying and acting on safety issues that arise during development. To investigate the relationship between tool integration and safety we performed a System-Theoretic Process Analysis (STPA) of a tool chain from an industrial case study. This tool chain was then reanalyzed and redesigned twice, in part motivated by identified hazards.This paper presents our experiences from applying STPA to safety-guided design in the context of integrating COTS engineering tools into tool chains. We discuss the benefits of and difficulties with applying STPA. We also suggest improvements that complement STPA with support methods and tools.The primary benefit was the support in categorizing risks and causes. The three difficulties we encountered were identifying context-specific causal factors, defining control structures across several domains (management, user, technical, etc.) and limiting the domains taken into account. The use of STPA during safety-guided design would be facilitated by the use of expert systems and simulation, especially in regard to relating different domains.
|
|
| 4. |
- Asplund, Fredrik, 1977-
(författare)
-
Tool Integration and Safety : A Foundation for Analysing the Impact of Tool Integrationon Non-functional Properties
- 2012
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The increasing complexity of embedded systems development is becoming difficult to handle with development environments based on disjoint engineering tools. Support for interactions between various engineering tools, especially through automated means, has therefore received an increased amount of attention during the last few years. The subsequent increase in the amount of tool integration is leading to an increased impact of tool integration on non-functional properties of development efforts, development environments and end products. At the same time there is a lack of methods and tools for analysing the relationship between these properties and tool integration. To establish a foundation for analysing this generic relationship, the specific relationship between tool integration and the safety of end products is analysed in this thesis.A survey was conducted to analyze the State of the Art of tool integration as related to safety. This survey specifically identified the lack of an efficient handling of tool integration by modern safety standards as an important concern. In relation to this survey, three theories were identified as of specific importance. These are the school of thought known as Systems Thinking, the Systems-Theoretic Accident Model and Processes (STAMP) causality model and the System-Theoretic Process Analysis (STPA) hazard analysis technique.Building on these theories, this thesis provides original contributions intended to (1) describe concepts and models related to tool integration and safety (the first and second contribution), (2) link tool integration to safety in a way that reduces complexity during analysis (the third contribution) and (3) propose how to interpret and make use of the implications of the presented theories and the first three contributions (the fourth and fifth contribution).• The first contribution is a new conceptual model of a development effort that emphasizes tool integration.• The second contribution is a new reference model for tool integration in highly heterogeneous environments.• The third contribution consists of nine safety-related tool chain properties, i.e. properties of tool chains that could mitigate at least part of the risks introduced by tool integration.• The fourth contribution is a proposition on how to identify safety implications due to a high level of automation of tool integration.• The fifth contribution is a proposition for a new software tool qualification process.
|
|
| 5. |
- Asplund, Fredrik, et al.
(författare)
-
Tool Integration Beyond Wasserman
- 2011
-
Ingår i: Advanced Information Systems Engineering Workshops. - Berlin : Springer-Verlag. - 9783642220555 ; , s. 270-281
-
Konferensbidrag (refereegranskat)abstract
- The typical development environment today consists of many specialized development tools, which are partially integrated, forming a complex tool landscape with partial integration. Traditional approaches for reasoning about tool integration are insufficient to measure the degree of integration and integration optimality in today’s complex tool landscape. This paper presents a reference model that introduces dependencies between, and metrics for, integration aspects to overcome this problem. This model is used to conceive a method for reasoning about tool integration and identify improvements in an industrial case study. Based on this we are able to conclude that our reference model does not detract value from the principles that it is based on, instead it highlights improvements that were not well visible earlier. We conclude the paper by discussing open issues for our reference model, namely if it is suitable to use during the creation of new systems, if the used integration aspects can be subdivided further to support the analysis of secondary issues related to integration, difficulties related to the state dependency between the data and process aspects within the context of developing embedded systems and the analysis of non-functional requirements to support tool integration.
|
|
| 6. |
- Asplund, Fredrik, et al.
(författare)
-
Tool Integration, from Tool to Tool Chain with ISO 26262
- 2012
-
Ingår i: SAE Technical Paper Series. - 400 Commonwealth Drive, Warrendale, PA, United States : SAE International. - 0148-7191.
-
Konferensbidrag (refereegranskat)abstract
- The use of innovative power sources in future cars has long-ranging implications on vehicle safety. We studied these implications in the context of the guidance on software tool qualification in the then current ISO 26262 draft, when building an urban concept vehicle to participate in the 2011 Shell Eco-Marathon. While the guidance on tool qualification is detailed, the guidance in regard to tools integrated into tool chains is limited. It only points out that the environment that tools execute in needs to be taken into consideration.In this paper we clarify the implications of tool chains on tool qualification in the context of ISO 26262 by focusing on answering two questions; first, are there parts of the development environment related to tool integration that are likely to fall outside of tool qualification efforts as currently defined by ISO 26262; secondly, can we define if, and -if so- how, tool integration is affected by ensuring functional safety.We conclude by identifying two areas related to tool integration that are likely to fall outside the tool qualification efforts (data integrity and process logic) and describing how different constraints imposed by ISO 26262 in relation to tool qualification conflict when tool integration is improved (improvements aimed at supporting completeness, consistency and the safety lifecycle vs. tool qualification cost).We are able to make additional conclusions in relation to the State of the Art discussion on software tool qualification according to ISO 26262. First, reference tool chains and guidelines on which characteristics tool qualification should ensure for tool chains are needed to complement ISO 26262. Secondly, guidance on tool integration can be found in the completeness characteristic, the consistency characteristic and the ISO 26262 safety lifecycle process. Finally, qualification efforts should ideally target tool chains rather than individual tools.
|
|
| 7. |
- Bagai, Akshay, et al.
(författare)
-
Duration of ischemia and treatment effects of pre- versus in-hospital ticagrelor in patients with ST-segment elevation myocardial infarction: Insights from the ATLANTIC study
- 2018
-
Ingår i: American Heart Journal. - : MOSBY-ELSEVIER. - 0002-8703 .- 1097-6744. ; 196, s. 56-64
-
Tidskriftsartikel (refereegranskat)abstract
- Background Among patients with STEMI in the ATLANTIC study, pre-hospital administration of ticagrelor improved post-PCI ST-segment resolution and 30-day stent thrombosis. We investigated whether this clinical benefit with pre-hospital ticagrelor differs by ischemic duration. Methods In a post hoc analysis we compared absence of ST-segment resolution post-PCI and stent thrombosis at 30 days between randomized treatment groups (pre-versus in-hospital ticagrelor) stratified by symptom onset to first medical contact (FMC) duration [amp;lt;= 1 hour (n = 773), amp;gt;1 to amp;lt;= 3 hours (n = 772), and amp;gt;3 hours (n = 311)], examining the interaction between randomized treatment strategy and duration of symptom onset to FMC for each outcome. Results Patients presenting later after symptom onset were older, more likely to be female, and have higher baseline risk. Patients with symptom onset to FMC amp;gt;3 hours had the greatest improvement in post-PCI ST-segment elevation resolution with pre-versus in-hospital ticagrelor (absolute risk difference: amp;lt;= 1 hour, 2.9% vs. amp;gt;1 to amp;lt;= 3 hours, 3.6% vs. amp;gt;3 hours, 12.2%; adjusted p for interaction = 0.13), while patients with shorter duration of ischemia had greater improvement in stent thrombosis at 30 days with pre-versus in-hospital ticagrelor (absolute risk difference: amp;lt;= 1 hour, 1.3% vs. amp;gt;1 hour to amp;lt;= 3hours, 0.7% vs. amp;gt;3 hours, 0.4%; adjusted p for interaction = 0.55). Symptom onset to active ticagrelor administration was independently associated with stent thrombosis at 30 days (adjusted OR 1.89 per 100 minute delay, 95% CI 1.20-2.97, P amp;lt; .01), but not post-PCI ST-segment resolution (P = .41). Conclusions The effect of pre-hospital ticagrelor to reduce stent thrombosis was most evident when given early within 3 hours after symptom onset, with delay in ticagrelor administration after symptom onset associated with higher rate of stent thrombosis. These findings re-emphasize the need for early ticagrelor administration in primary PCI treated STEMI patients.
|
|
| 8. |
- Berezovskyi, Andrii, 1991-, et al.
(författare)
-
Efficient state update exchange in a CPS environment for linked data-based digital twins
- 2019
-
Ingår i: IEEE International Conference on Industrial Informatics (INDIN). - : Institute of Electrical and Electronics Engineers Inc.. - 9781728129273 ; , s. 983-989
-
Konferensbidrag (refereegranskat)abstract
- This paper addresses the problem of reducing the number of messages needed to exchange state updates between the Cyber-Physical System (CPS) components that integrate with the rest of the CPS through Digital Twins in order to maintain uniform communication interface and carry out their tasks correctly and safely. The main contribution is a proposed architecture and the discussion of its suitability to support correct execution of complex tasks across the CPS. A new State Event Filtering component is presented to provide event-based communication among Digital Twins that are based on the Linked Data principles while keeping the fan-out limited to ensure the scalability of the architecture.
|
|
| 9. |
- Berezovskyi, Andrii, 1991-, et al.
(författare)
-
Improving lifecycle query in integrated toolchains using linked data and MQTT-based data warehousing
- 2017
-
Konferensbidrag (refereegranskat)abstract
- The development of increasingly complex IoT systems requires large engineering environments. These environments generally consist of tools from different vendors and are not necessarily integrated well with each other. In order to automate various analyses, queries across resources from multiple tools have to be executed in parallel to the engineering activities. In this paper, we identify the necessary requirements on such a query capability and evaluate different architectures according to these requirements. We propose an improved lifecycle query architecture, which builds upon the existing Tracked Resource Set (TRS) protocol, and complements it with the MQTT messaging protocol in order to allow the data in the warehouse to be kept updated in real-time. As part of the case study focusing on the development of an IoT automated warehouse, this architecture was implemented for a toolchain integrated using RESTful microservices and linked data.
|
|
| 10. |
- Berezovskyi, Andrii, 1991-, et al.
(författare)
-
Integrating systems of systems with a federation of rule engines
- 2024
-
Ingår i: Journal of Industrial Information Integration. - : Elsevier BV. - 2467-964X .- 2452-414X. ; 38
-
Tidskriftsartikel (refereegranskat)abstract
- Systems of Systems (SoSs) integrate many critical systems our society relies on. In designing individual systems, stakeholders use bespoke protocols, custom information models, and proprietary components with limited computational resources from various vendors. We present a reference architecture that allows multiple stakeholders to carry out a flexible integration without giving up control to a single entity in the presence of the aforementioned limitations. Our architecture relies on rule engines and graph data model to integrated systems flexibly even when black-box components are used. At the same time, a federation of the rule engines allows each stakeholder to retain control over the rules that reflect their policies. We also rely on a common information model based on ontologies to account for the information model mismatch and reduce the duplication of integration efforts. Moving rule execution to the standalone rule engines allows deployment in resource-constrained and proprietary environments. A uniform application programming interface (API) is used to integrate rule engines across systems as well as components within each system with a respective rule engine. We also present a novel algorithm to determine dependencies across rules deployed in different rule engines within the federation. This allows domain experts to develop rules as usual without having to deal with the distributed aspect of the system. We also present a proof of the sufficient condition to ensure all necessary notifications will be sent to ensure correct rule activation across different rule engines. Compared to other systems involving distributed rules, the proposed architecture is well-suited for the integration of transactional workloads commonly found in enterprises. The qualitative evaluation based on the Architecture Tradeoff Analysis Method (ATAM), applied to a telecommunications use case, shows that the architecture possesses the “interoperability”, “modifiability”, and the “functional completeness” quality attributes with a trade-off around rule expressiveness. The quantitative evaluation demonstrates speedup over the single-node setup in most scenarios except in case of highly optimized rules and a poor network performance simultaneously (tr<10ms, tn=100ms).
|
|
