| 1. |
- Mehmed, Ayhan, 1989-
(författare)
-
Runtime Monitoring of Automated Driving Systems
- 2019
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- It is the period of the World's history, where the technological progress reached a level that enables the first steps towards the development of vehicles with automated driving capabilities. The swift response from the significant portion of the industry resulted in a race, the final line set at the introduction of vehicles with full automated driving capabilities.Vehicles with automated driving capabilities target making driving safer, more comfortable, and economically more efficient by assisting the driver or by taking responsibilities for different driving tasks. While vehicles with assistance and partial automation capabilities are already in series production, the ultimate goal is in the introduction of vehicles with full automated driving capabilities. Reaching this level of automation will require shifting all responsibilities, including the responsibility for the overall vehicle safety, from the human to the computer-based system responsible for the automated driving functionality (i.e., the Automated Driving System (ADS)). Such a shift makes the ADS highly safe-critical, requiring a safety level comparable to an aircraft system.It is paramount to understand that ensuring such a level of safety is a complex interdisciplinary challenge. Traditional approaches for ensuring safety require the use of fault-tolerance techniques that are unproven when it comes to the automated driving domain. Moreover, existing safety assurance methods (e.g., ISO 26262) suffer from requirements incompleteness in the automated driving context. The use of artificial intelligence-based components in the ADS further complicate the matter due to their non-deterministic behavior. At present, there is no single straightforward solution for these challenges. Instead, the consensus of cross-domain experts is to use a set of complementary safety methods that together are sufficient to ensure the required level of safety.In the context of that, runtime monitors that verify the safe operation of the ADS during execution, are a promising complementary approach for ensuring safety. However, to develop a runtime monitoring solution for ADS, one has to handle a wide range of challenges. On a conceptual level, the complex and opaque technology used in ADS often make researchers ask the question ``how should ADS be verified in order to judge it is operating safely?".Once the initial Runtime Verification (RV) concept is developed, researchers and practitioners have to deal with research and engineering challenges encountered during the realization of the RV approaches into an actual runtime monitoring solution for ADS. These challenges range from, estimating different safety parameters of the runtime monitors, finding solutions for different technical problems, to meeting scalability and efficiency requirements.The focus of this thesis is to propose novel runtime monitoring solutions for verifying the safe operation of ADS. This encompasses (i) defining novel RV approaches explicitly tailored for automated driving, and (ii) developing concepts, methods, and architectures for realizing the RV approaches into an actual runtime monitoring solution for ADS. Contributions to the former include defining two runtime RV approaches, namely the Computer Vision Monitor (CVM) and the Safe Driving Envelope Verification. Contributions to the latter include (i) estimating the sufficient diagnostic test interval of the runtime verification approaches (in particular the CVM), (ii) addressing the out-of-sequence measurement problem in sensor fusion-based ADS, and (iii) developing an architectural solution for improving the scalability and efficiency of the runtime monitoring solution.
|
|
| 2. |
- Causevic, Aida, 1983-
(författare)
-
A Risk and Threat Assessment Approaches Overview in Autonomous Systems of Systems
- 2017
-
Ingår i: The 26th International Conference on Information, Communication and Automation Technologies ICAT2017. - 9781538633373 ; , s. 1-6
-
Konferensbidrag (refereegranskat)abstract
- Systems of systems (SoS) have been introduced in early 1990s in air traffic control domain, defense and information technologies. Systems like this contain a set of components, being systems itself, with constituent components retaining operational independence. The definition and configuration of SoS have evolutionary nature and emergent behavior is one of the many important characteristics to be mentioned. Over the past ten years fast technological and industrial advances in the domain of autonomous and cooperating systems started to occur, which created new opportunities to use the benefits of SoS. In the near future, fully autonomous and cooperating systems are expected to become our reality and increase the production efficiency, while decreasing the human effort in harmful environments. There exist the need to make sure that critical properties of SoS, such as safety and security are guaranteed as a joint effort, since it is not sufficient anymore to address these properties independently in the development process. In this paper an overview of the most common approaches and methods used to provide reasoning about joint safety and security is provided, as well as a check of the latest updates in standards related to these properties
|
|
| 3. |
- Causevic, Aida, 1983-, et al.
(författare)
-
Analyzing Resource-Usage Impact on Component-Based Systems Performance and Reliability
- 2008
-
Ingår i: 2008 International Conference on Computational Intelligence for Modelling Control & Automation. - Los Alamitos, CA : IEEE Computer Society. - 9780769535142 ; , s. 302-308
-
Konferensbidrag (refereegranskat)abstract
- An early prediction of resource utilization and its impacton system performance and reliability can reduce theoverall system cost, by allowing early correction of detectedproblems, or changes in development plans with minimizedoverhead. Nowadays, researchers are using both academicand commercial models to predict such attributes, by measuringthem at earliest stages of system development. Inthis paper, we give a short overview of existing predictionmodels for performance and reliability, targeting popularcomponent-based frameworks. Next, we describe our ownapproach for tackling such predictions, through an illustrationon a small example that deals with estimations of energyconsumption.
|
|
| 4. |
|
|
| 5. |
|
|
| 6. |
- Čaušević, Aida, 1983-
(författare)
-
Formal Approaches for Behavioral Modeling and Analysis of Design-time Services and Service Negotiations
- 2014
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- During the past decade service-orientation has become a popular design paradigm, offering an approach in which services are the functional building blocks. Services are self-contained units of composition, built to be invoked, composed, and destroyed on (user) demand. Service-oriented systems (SOS) are a collection of services that are developed based on several design principles such as: (i) loose coupling between services (e.g., inter-service communication can involve either simple data passing or two or more connected services coordinating some activity) that allows services to be independent, yet highly interoperable when required; (ii) service abstraction, which emphasizes the need to hide as many implementation details as possible, yet still exposing functional and extra-functional capabilities that can be offered to service users; (iii) service reusability provided by the existing services in a rapid and flexible development process; (iv) service composability as one of the main assets of SOS that provide a design platform for services to be composed and decomposed, etc. One of the main concerns in such systems is ensuring service quality per se, but also guaranteeing the quality of newly composed services. To accomplish the above, we consider two system perspectives: the developer's and the user's view, respectively. In the former, one can be assumed to have access to the internal service representation: functionality, enabled actions, resource usage, and interactions with other services. In the second, one has information primarily on the service interface and exposed capabilities (attributes/features). Means of checking that services and service compositions meet the expected requirements, the so-called correctness issue, can enable optimization and possibility to guarantee a satisfactory level of a service composition quality. In order to accomplish exhaustive correctness checks of design-time SOS, we employ model-checking as the main formal verification technique, which eventually provides necessary information about quality-of-service (QoS), already at early stages of system development. ~As opposed to the traditional approach of software system construction, in SOS the same service may be offered at various prices, QoS, and other conditions, depending on the user needs. In such a setting, the interaction between involved parties requires the negotiation of what is possible at request time, aiming at meeting needs on demand. The service negotiation process often proceeds with timing, price, and resource constraints, under which users and providers exchange information on their respective goals, until reaching a consensus. Hence, a mathematically driven technique to analyze a priori various ways to achieve such goals is beneficial for understanding what and how can particular goals be achieved.This thesis presents the research that we have been carrying out over the past few years, which resulted in developing methods and tools for the specification, modeling, and formal analysis of services and service compositions in SOS. The contributions of the thesis consist of: (i)constructs for the formal description of services and service compositions using the resource-aware timed behavioral language called REMES; (ii) deductive and algorithmic approaches for checking correctness of services and service compositions;(iii) a model of service negotiation that includes different negotiation strategies, formally analyzed against timing and resource constraints; (iv) a tool-chain (REMES SOS IDE) that provides an editor and verification support (by integration with the UPPAAL model-checker) to REMES-based service-oriented designs;(v) a relevant case-study by which we exercise the applicability of our framework.The presented work has also been applied on other smaller examples presented in the published papers.
|
|
| 7. |
- Čaušević, Aida, 1983-
(författare)
-
Formal Approaches to Service-oriented Design : From Behavioral Modeling to Service Analysis
- 2011
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Service-oriented systems (SOS) have recently emerged as context-independent component-based systems. In contrast to components, services can be created, invoked, composed and destroyed at run-time. Services are assumed to be platform independent and available for use within heterogeneous applications. One of the main assets in SOS is service composability. It allows the development of composite services with the main goal of reusable functionality provided by existing services in a low cost and rapid development process at run-time. However, in such distributed systems it becomes difficult to guarantee the quality of services (QoS), both in isolation, as well as of the newly created service compositions. Means of checking correctness of service composition can enable optimization w.r.t. the function and resource-usage of composed services, as well as provide a higher degree of QoS assurance of a service composition. To accomplish such goals, we employ model-checking technique for both single and composed services. The verification eventually provides necessaryinformation about QoS, already at early development stage.This thesis presents the research that we have been carrying out, on developing of methods and tools for specification, modeling, and formal analysis of services and service compositions in SOS. In this work, we first show how to formally check QoS in terms of performance and reliability for formallyspecified component-based systems (CBS). Next, we outline the commonalities and differences between SOS and CBS. Third, we develop constructs for the formal description of services using the resource-aware timed behavioral language called REMES, including development of language to support service compositions. At last, we show how to check service and service composition(functional, timing and resource-wise) correctness by employing the strongest post condition semantics. For less complex services and service compositions we choose to prove correctness using Hoare triples and the guarded command language. In case of complex services described as priced timed automata(PTA), we prove correctness via algorithmic computation of strongest post-condition of PTA.
|
|
| 8. |
- Causevic, Aida, 1983-, et al.
(författare)
-
On incorporating security parameters in service level agreements
- 2019
-
Ingår i: CLOSER 2019 - Proceedings of the 9th International Conference on Cloud Computing and Services Science. - : SciTePress. - 9789897583650 ; , s. 48-57
-
Konferensbidrag (refereegranskat)abstract
- With development of cloud computing new ways for easy, on-demand, Internet-based access to computing resources have emerged. In such context a Service Level Agreement (SLA) enables contractual agreements between service providers and users. Given an SLA, service users are able to establish trust in that the service outcome corresponds to what they have demanded during the service negotiation process. However, an SLA provides a limited support outside of basic Quality of Service (QoS) parameters, especially when it comes to security. We find security as an important factor to be included in adjusting an SLA according to user defined objectives. Incorporating it in an SLA is challenging due to difficulty to provide complete and quantifiable metrics, thus we propose to focus on a systematic way of addressing security using the security process. In this paper we investigate ways in which security might be incorporated already in the service negotiation process and captured in an SLA. We propose a corresponding process to develop and maintain an SLA that considers both design-, and run-time. To demonstrate the approach we built upon the existing SLAC language and extend its syntax to support security. An example of a service being provided with security guarantees illustrates the concept.
|
|
| 9. |
|
|
| 10. |
- El Hachem, J., et al.
(författare)
-
Securing system-of-systems through a game theory approach
- 2021
-
Ingår i: Proceedings of the ACM Symposium on Applied Computing. - New York, NY, USA : Association for Computing Machinery. - 9781450381048 ; , s. 1443-1446
-
Konferensbidrag (refereegranskat)abstract
- Enabling System-of-Systems (SoS) security is an important activity when engineering SoS solutions like autonomous vehicles, provided that they are also highly safety-critical. An early analysis of such solutions caters for proper security architecture decisions, preventing potential high impact attacks and ensuring people's safety. However, SoS characteristics such as emergent behavior, makes security decision-making at the architectural level a challenging task. To tackle this challenge, it is essential to first address known vulnerabilities related to each CS, that an adversary may exploit to realize his attacks within the unknown SoS environment. In this paper we investigate how to use Game Theory (GT) approaches to guide the architect in choosing an appropriate security solution. We formulate a game with three players and their corresponding strategies and payoffs. The proposal is illustrated on an autonomous quarry example showing its usefulness in supporting a security architect to choose the the most suitable security strategy.
|
|
