2014-05- 21 The Synopsis half- 8me report available at the ES MER14 web- page provides addi8onal details about the Dependability research The Embedded Systems research area PostDoc Patrick Graydon Dependable Systems Professor Hans Hansson Professor Kris8na Lundqvist Mer- 14 hearing, May 21, 2014 Professor Sasikumar Punnekkat School of Innovation, Design & Engineering (IDT) Mälardalen University Dependability@MDH Vision: to be a provider of scien8fically well- grounded research that increase efficiency and reuse in development and cer3fica3on of safety- relevant embedded systems 1
2014-05- 21 Dependable systems: Staff [8 Profs.+ 7 addi8onal PhDs + 18 PhD students] Full professors: PhD-students 1. JARADAT, OMAR 2. JOHNSEN, ANDREAS 3. MALEKZADEH, MAHNAZ Adjunct professors 4. 5. 6. 7. 8. Associate professor 9. Nesredin Mahmoud (new; Volvo) 10. Elena Lisova (new; TTTech) 11. Francisco Pozo (new; TTTech) 1. 2. 3. 1. 1. HANSSON, HANS A 2. LUNDQVIST, KRISTINA 3. PUNNEKKAT, SASIKUMAR Visi8ng professor 1. BATE, IAIN FORSBERG, KRISTINA THANE, HENRIK SCHMIDT, HEINRICH W 1. DOBRIN, RADU PostDocs and research fellows 1. AYSAN, HUSEYIN AYHAN 2. GALLINA, BARBARA 3. GRAYDON, PATRICK 4. HÄNNINEN, KAJ 5. LU, YUE (Ericsson) 6. RODRIGUEZ- NAVAS, GUILLERMO 7. WALLIN, PETER (Volvo) 2. SLJIVO, IRFAN KHANFAR, HUSNI THEKKILAKATTIL, ABHILASH ZHOU, JIALE Predrag Filipovikj (new; Scania) Industrial PhD-students 1. 2. 3. Mathias Ekman (Bombardier) Stephan Baumgart (Volvo CE) Stefan Björnander (Maximatecc) 4. 5. Henrik Jonsson (Etteplan) Pablo Gutiérrez Peon (new; TTTech) 6. 7. Ayhan Mehmed (new; TTTech) Marina Gutiérrez Lopez (new; TTTech) Dependable systems: Staff 2010 [Was not iden8fied as an area, although scajered ac8vi8es] [4 Profs.+ 1 addi8onal PhD + 5 PhD students] Full professors: PhD-students 1. JARADAT, OMAR 2. JOHNSEN, ANDREAS 3. MALEKZADEH, MAHNAZ Adjunct professors 4. 5. 6. 7. 8. Associate professor 9. Nesredin Mahmoud (new; Volvo) 10. Elena Lisova (new; TTTech) 11. Francisco Pozo (new; TTTech) 1. 2. 3. 1. 1. (HANSSON, HANS A) 2. LUNDQVIST, KRISTINA 3. PUNNEKKAT, SASIKUMAR Visi8ng professor 1. BATE, IAIN FORSBERG, KRISTINA THANE, HENRIK SCHMIDT, HEINRICH W 1. DOBRIN, RADU PostDocs and research fellows 1. AYSAN, HUSEYIN AYHAN 2. GALLINA, BARBARA 3. GRAYDON, PATRICK 4. HÄNNINEN, KAJ 5. (LU, YUE) 6. RODRIGUEZ- NAVAS, GUILLERMO 7. (WALLIN, PETER) 2. SLJIVO, IRFAN KHANFAR, HUSNI THEKKILAKATTIL, ABHILASH ZHOU, JIALE Predrag Filipovikj (new; Scania) Industrial PhD-students 1. 2. 3. Mathias Ekman (Bombardier) Stephan Baumgart (Volvo CE) Stefan Björnander (Maximatecc) 4. 5. Henrik Jonsson (Etteplan) Pablo Gutiérrez Peon (new; TTTech) 6. 7. Ayhan Mehmed (new; TTTech) Marina Gutiérrez Lopez (new; TTTech) 2
2014-05- 21 Dependable systems: key characteris8cs Strongest Swedish Dependability group Int l environment: staff+visitors +coopera8on Unique profile Safety+CBD +RT 2008-13: 113 public. 3 best paper awards Industrial coopera8on & background JSA ed- in- chief VR panel chair 4 edit. Boards etc. 87% external funding + in kind EU projects: SafeCer, RetNet, Euroweb Since 08: 8 Phd 8 Lic 22 MSc MSc, PhD & industrial courses Research focus (not an isolated island) Our projects Dependability VoV 3
Current main research focus: Safety cerjficajon + Component- Based Development System and Safety Requirements Environment Argumentation System Evidence Verification System and Safety Requirements Environment Argumentation System and Safety Requirements System Environment System Argumentation Evolution Verification Evidence Verification Evidence New evidence 4
System and Safety Requirements Environment Argumentation System Evolution Evidence New evidence Verification Publica8ons & cita8ons 250 200 150 100 No. of publicajons 2008-2013: 13 journal ar8cles 141 conference publica8ons 28 other publica8ons May 19: Two SafeComp papers accepted i- 1000 to i- 10 for Dep [i- X = X publica8ons with at least X cita8ons] 67 112 30 20 15 10 5 0 27 25 4000 24 206 2166 19 15 H- index 13 13 10 The senior researcher s individual cita8on data 9 # of cita8ons 6 6 5 5 1063 981 4 3 551 557 620 373 257 191 53 95 50 29 1 2 3 4 5 6 7 8 9 10 11 12 13 14 H- index for the Dependability environment: 43 4500 4000 3500 3000 2500 2000 1500 1000 500 0 50 0 36 0 1 5 12 i- 1000 i- 500 i- 250 i- 100 i- 50 i- 30 i- 20 i- 10 5
2014-05- 21 Coopera8on & projects Academic Universi8es MIT (US) Sofia U. (BG) TU Vienna (AT) U. of New England (AUS) UPM (SP) U. of Virginia (US) U. of York (UK) Ins8tutes Projects Industrial Synopsis SSF Framework grant SSM (SE) Funding provided by: SafeCer EU/ARTEMIS project RetNet European Industrial Doctorate Programme in cooperation with TTTech (A) VeriSpec Vinnova FFI project in cooperation with Scania and AB Volvo AIT (AT) Sadies KKS project in cooperation SICS (SE) with Bombardier Transportation SP (SE) Virtual Vehicle (AT) SSpiia Vinnova project on Agencies Na8onal: Safety & Security in process industry Interna8onal Resilitech (IT) Thales (FR) TTTech (AT) EuroWeb EU Western Balkan scholarship program Prompt KKS educational initiative for industrial engineers Iain Bate visiting prof KKS grant ABB Arc8cus Boliden Bombardier Transporta8on Effec8ve Change Ericsson Ejeplan Maximatecc Saab Safety Integrity Scania Volvo CE Volvo Trucks Industrial PhD- students: Stephan Baumgart (Volvo CE), Henrik Jonsson (Ejeplan), Stefan Björnander (CrossControl), Mathias Ekman (Bombardier) Future research in dependability at MDH Safety in rela8on to emerging trends Internet of Things Coopera8ng autonomous vehicles System of systems Further research into Contract- based safety argumenta8on Dependable wireless communica8on Fault detec8on and fault avoidance Mul8core Wirelessly interconnected systems 6
Challenges Funding Cri8cally depending on SSF- funding for academic sustainability Limited university (co- )funding A lot of senior research 8me spent on proposals and admin Substan8al efforts spent to understand the industrial context and standards Confiden8ality of industrial data Few top- level conferences/journals specialized on safety Error modelling and reliability assurance for real- 8me systems Fault-tolerance(FT) strategies Voting on time & Value (VTV) Cascading redundancy Energy-awareness and FT Error modelling Error bursts Probabilistic models Dependability Real-Time Systems Software Engineering Fault-tolerant scheduling FT Feasibility Mixed criticality scheduling Probabilistic guarantees Reliability modelling Architecture-oriented for CBS Fuzzy reliability models Uncertainties in estimation 7
Dependability through Architecture Engineering Architecture dependence graphs (ADGs) Detect design faults + Detect implementajon faults Automated hazard analysis + Error annex Composable safety cerjficajon Automated safety- impact analysis of architectural change Efficient regression verificajon Enquiries into argument seman8cs (Graydon) Theories of confidence Iden8fied exis8ng theories and support for these Proposed experimental evalua8on Argument nota8ons Iden8fied ambiguous seman8cs in GSN Proposed precise seman8cs for context element Goal (Claim) (Argument) Strategy (Sub- )Goal (Premise/Claim) Solu8on (Evidence) Context (Sub- ) Goal Solu8on (Evidence) 8
Design for safety Component model extensions for composable safety Vision Reuse of safety- relevant informajon when a component is reused in a new context. Contracts that link claims to assumpjons under which the claims can be guaranteed to hold. Reusable argumentajon fragments capturing parts of the system safety argumenta8on. Results Component (meta) model, including contracts and argumenta8on fragments Safety- contract concept for reusable components (strong and weak contracts) (Semi- ) automa8c generajon of argument- fragments from safety contracts Component type Contract Sowware components C" C" Argument fragment Questions or comments? 9
Bonus slides Strengths Mission: The MDH Dependable systems team wants to be a key academic player that provides research results and competence to support Swedish companies meet the future challenges of effecjve, efficient and predictable development of safety- relevant so`ware- intensive products. Excellent mix of complementary competences safety cer8fica8on, safety argumenta8on, component- based development, fault- tolerance, real- 8me systems, data communica8on, formal modeling and analysis, Interna8onal research environment MDH staff + visitors and coopera8on External funding Na8onal (VR, SSF, Vinnova, KKS) & Interna8onal (EU) Industrial rela8ons and coopera8on ABB, AVL, Boliden, Bombardier, Scania, Thales, TTTech, Volvo + several SMEs 10
Relevant groups Na8onal KTH (Mar8n Törngren) Linköping (Simin Nadjm- Tehrani), Chalmers (Johan Karlsson) Int l York (Tim Kelly/John McDermid), Newcastle (John Fitzgerald/Alexander Romanovski), INRIA (Liliana Cucu- Grosjean), Erlangen- Nurenburg (Francesca Sagliey), LAAS- CNRS (David Powell), Florence (Andrea Bondavalli), Virginia (John Knight), and MIT (Nancy Leveson). Process for composable safety Vision Co- cer8fica8on: Cost- efficient reuse of components across products and domains Results Safety process lines & process modeling VROOM requirement traceability management è reuse of argument fragments Agile prac8ces in safety- engineering Component Develop- ment/cerjficajon System Develop- ment/cerjficajon 11
Evidences for argumenta8on ArgumentaJon & evidence Vision Reasoning about system safety from reusable component- centric evidence Traceability from hazard mi8ga8on claims to evidence Iden8fy claims that novel forms of evidence must support Results Basic structure for composable safety argumenta8on Strategies for reasoning about 8ming claims System% opera:ng% context% Component% 1%safety%arg.% module% New%safety% evidence%(e.g.% test%results)% Assessment of metrics for confidence (absolute metric important for reuse) Parametric Worst- case execu8on- 8me (WCET) analysis Virtualiza8on framework for fault containment Tes8ng- based approach to determine when to stop tes8ng (ALARP) Extension of fault- tolerant approach: Vo8ng on Time and Value Main% safety% arg.% module% System% design% Hazard%anal.% &%Risk%asses.% Argument%contracts%.%.%.% Component% n%safety%arg.% module% Reused%safety% evidence%(e.g.%test% coverage%analysis)% Demonstra8on We have been looking into several applicajon examples: Inverted pendulum, Fuel- level display, Bajery- control, Liwing arm, Train display, ABS braking Vision To consider real industrial challenges in our research To evaluate industrial applicability of research To integrate and demonstrate research results Plans We will con8nue to use industrial examples and cases to guide our research (fuel- level, bajery- control, liwing- arm) We plan to add a post- SafeCer iterajon from mid 2015 for the VCE li`ing arm to integrate further Synopsis results 12
Considered applica8on examples Scania Fuel Level EsJmaJon System Used in architectural level modeling, contracts, and model- based verifica8on Safety Element out of Context candidate Inverted pendulum (academic example) Used in detailed evalua8on of fault tolerant design Angle sensor" Potentiometer" Variant 1: Trucks with liquid fuel engine Motor" Position sensor" Maximatecc train display system Proprietary study with argumenta8on focus AnJ- lock braking system (ABS) Used in formal modeling and verifica8on study Volvo Liwing Arm Focus: safety- cer8fica8on for product- lines A mechanical, hydraulic, electrical, electronic, and sowware system used in construc8on equipment Abstracted from current produc8on equipment Meant to conform to ISO 26262 safety standard Used (in different configura8ons) on a wide range of equipment (for liwing, digging, cuyng, ) 13