Change search
Refine search result
1 - 6 of 6
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Ekman, M.
    et al.
    Bombardier Transportation Sweden AB, Västerås, Sweden.
    Thane, H.
    Safety Integrity AB, Västerås, Sweden .
    Sundmark, Daniel
    Mälardalen University, School of Innovation, Design and Engineering. Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Larsson, S.
    Effective Change AB, Västerås, Sweden .
    Tool qualification for safety related systems2014In: Ada User Journal, ISSN 1381-6551, Vol. 35, no 1, p. 47-54Article in journal (Refereed)
    Abstract [en]

    Tools used in the development of safety related software applications need to be qualified as safe. That is, the tools cannot be allowed to introduce hazardous faults into the application, e.g., a compiler shall not generate dangerous code due to failure of the compiler. In many cases laws and regulations require the product development of safety related applications to comply with industry sector specific safety standards. Examples of such standards include EN50129/50128 for railway applications, ISO/EN13849 for machines with moving parts, DO-178B/C for avionics, or IS026262 for cars. These standards require the use of a rigorous development and maintenance process. The standards are also mainly intended to be used when developing systems from scratch. However, most development and test tools are not developed from scratch according to the rigorous processes of these standards. In order to address this issue, some of the standards provide means for qualifying existing tools as a more lightweight and pragmatic alternative to a regular certification process. In this paper we analyze the concept of these qualification approaches. The result of the analysis in our contribution includes a set of approaches that can be applied individually or as a combination in order to reduce the effort needed for qualifying tools. As a running example we use one of the most flexible but at the same time dangerous, even prohibited, maintenance techniques available: dynamic instrumentation of executing code. With this example, we describe how exceptions in these standards can be utilized in order to qualify a dynamic instrumentation tool with a minimal effort, without following the process of tool certification as defined by the standards.

  • 2.
    Gallina, Barbara
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Provenzano, Luciana
    Bombardier Transportation, Västerås, Sweden.
    Deriving Reusable Process-based Arguments from Process Models in the Context of Railway Safety Standards2015In: Ada User Journal, ISSN 1381-6551, Vol. 36, no 4, p. 237-241Article in journal (Refereed)
    Abstract [en]

    In the railway domain, standards such as the EN5012x family prescribe processes to be followed for the management and certification of safety-critical systems. This results in a need to model processes and retrieve process-based arguments to prove that the system achieved the required safety level in order to reduce time and cost spent in the certification process. In this paper, we present the application of the MDSafeCer, i.e. a model-driven safety certification method, for railways. In particular, we model in SPEM 2.0 the safety requirements process according to what described in the safety plan, and we show how it is possible to extract safety evidence to prove the compliance of this process to the EN50128 standard.

  • 3.
    Haider, Zulqarnain
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gallina, Barbara
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Carlsson, A.
    OHB Sweden, Kista, Sweden.
    Mazzini, S.
    Intecs, Italy.
    Puri, S.
    Intecs, Italy.
    Concerto FLA-based multi-concern assurance for space systems2019In: Ada User Journal, ISSN 1381-6551, Vol. 40, no 1, p. 35-39Article in journal (Refereed)
    Abstract [en]

    Space systems often need to be engineered in compliance with standards such as ECSS and need to ensure a certain degree of dependability. Given the multi-faceted nature of dependability (characterized by a set of concerns), assuring dependability implies multi-concern assurance, which requires the modelling of various system characteristics and their co-assessment and co-analysis, in order to enable the management of trade-offs between them. CHESS is a systems engineering methodology and an open source toolset, which includes ConcertoFLA. ConcertoFLA allows users (system architects and dependability engineers) to decorate component-based architectural models with dependability-related information, execute Failure Logic Analysis (FLA) techniques, and get the results back-propagated onto the original model. In this paper, we present the customization of the CHESS methodology and ConcertoFLA in the context of the ECSS standards to enable architects and dependability engineers to define a system and perform dependability-centered co-analysis for assuring the required non-functional properties of the system according to ECSS requirements. The proposed customization is then applied in the context of spacecraft Attitude Control Systems engineering, which is a part of satellite on-board software. 

  • 4.
    Lindgren, Per
    et al.
    Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Embedded Internet Systems Lab.
    Eriksson, Johan
    Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Embedded Internet Systems Lab.
    Lindner, Marcus
    Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Embedded Internet Systems Lab.
    Pereira, David J.
    ISEP, Instituto Superior de Engenharia do Porto.
    Pinho, Luis Miguel
    ISEP, Instituto Superior de Engenharia do Porto.
    RTFM-lang static semantics for systems with mixed criticality2014In: Ada User Journal, ISSN 1381-6551, Vol. 35, no 2, p. 128-132Article in journal (Refereed)
    Abstract [en]

    In an embedded system, functions often operate under different requirements. In the extreme, a failing safety critical function may cause collateral damage (and hence consider to be a system failure) while non critical functions affect only the quality of service. Approaches by partitioning the system's functions into sandboxes require virtualization mechanisms by the underlying platform and thus prohibit deployment to the bulk of microcontroller based systems. In this paper we discuss an alternative approach based on static semantic analysis performed directly on the system specification expressed in the form of an object oriented (00) model in the experimental language RTFM-lang. This would allow to (at compile time) to discriminate in between critical and non-critical functions, and assign these (by means of statically checkable typing rules) appropriate access rights. In particular, one can imagine dynamic memory allocations to be allowed only in non-critical functions, while on the other hand, direct interaction with the environment may be restricted to the critical parts. With respect to scheduling, a static task and resource configuration allows e.g. Stack Resource Policy (SRP) based approaches to be deployed. In this paper we discuss how this can be achieved in a mixed critical setting.

  • 5.
    Lindner, Marcus
    et al.
    Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science.
    Aparicio, Jorge
    Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science.
    Lindgren, Per
    Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Computer Science.
    Concurrent Reactive Objects in Rust Secure by Construction2019In: Ada User Journal, ISSN 1381-6551, Vol. 40, no 1Article in journal (Refereed)
    Abstract [en]

    Embedded systems of the IoT era face the software developer with requirements on a mix of resource efficiency, real-time, safety, and security properties. As of today, C/C++ programming dominates the mainstream of embedded development, which leaves ensuring system wide properties mainly at the hands of the programmer. We adopt a programming model and accompanying framework implementation that leverages on the memory model, type system, and zero-cost abstractions of the Rust language. Based on the outset of reactivity, a software developer models a system in terms of Concurrent Reactive Objects (CROs) hierarchically grouped into Concurrent Reactive Components (CRCs) with communication captured in terms of time constrained synchronous and asynchronous messages. The developer declaratively defines the system, from which a static system instance can be derived and analyzed. A system designed in the proposed CRC framework has the outstanding properties of efficient, memory safe, race-, and deadlock-free preemptive (single-core) execution with predictable real-time properties. In this paper, we further explore the Rust memory model and the CRC framework towards systems being secure by construction. In particular, we show that permissions granted can be freely delegated without any risk of leakage outside the intended set of components. Moreover, the model guarantees permissions to be authentic, i.e., neither manipulated nor faked. Finally, the model guarantees permissions to be temporal, i.e., never to outlive the granted authority. We believe and argue that these properties offer the fundamental primitives for building secure by construction applications and demonstrate its feasibility on a small case study, a wireless autonomous system based on an ARM Cortex M3 target.

  • 6.
    Parseh, Masoumeh
    et al.
    KTH, School of Industrial Engineering and Management (ITM), Machine Design (Dept.), Mechatronics.
    Asplund, Fredrik
    KTH, School of Industrial Engineering and Management (ITM), Machine Design (Dept.), Mechatronics.
    Törngren, Martin
    KTH, School of Industrial Engineering and Management (ITM), Machine Design (Dept.), Mechatronics.
    Industrial safety-related considerations to introducing full autonomy in the automotive domain2017In: Ada User Journal, ISSN 1381-6551, Vol. 38, no 4, p. 218-221Article in journal (Refereed)
    Abstract [en]

    Organizations in the automotive domain, which aim to transition into developing fully autonomous vehicles face many challenges. These range from organizational issues to engineering concerns. This paper builds on structured interviews with professionals from industry and academia to provide a deeper understanding of existing problems. Standards, safety analysis, legacy assumptions related to having a human driver, and increased complexity and complexity handling were raised as important concerns. The analysis of these concern leads us to consider the current relationship between academia and industry as too disconnected. There is a risk that new techniques developed by academia end up irrelevant to industry. This underlying problem, and others relevant to autonomy, might be solved by collaborative research between different automotive companies. However, there are experts that challenge the underlying need for such collaboration. Therefore, externally to automotive companies, new expert arenas might be required in order to facilitate an exchange of ideas that lead to new collaboration efforts. Internally to automotive companies, the changes brought on by autonomy will lead to organizational changes and the creation of new roles. These organizational changes will have to be managed, or otherwise unnecessary conflict might occur between new and old roles.

1 - 6 of 6
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf