Timed Hazard Analysis of Self-healing Systems

Priesterjahn, Claudia; Steenken, Dominik; Tichy, Matthias

doi:10.1007/978-3-642-36249-1_5

Cited by 10 publications

(5 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Further refinement of the proposed identification approach could focus on formalizing engineering knowledge or exploring multi‐physics based modelling formalisms Verification of heterogeneous redundancies: include architecture‐specific requirements such as timeliness constraints or memory and processing capacity. Quality degradation caused by the use of heterogeneous redundancies: analyse other properties than the failure probability. Repair and maintenance strategies: the train operates through different phases, and it is possible to schedule repair and maintenance actions accordingly. For instance, if an asset is not critical, it can be left in the failed state until reaching a railway depot and repair altogether.…”

Section: Discussionmentioning

confidence: 99%

On Cost‐effective Reuse of Components in the Design of Complex Reconfigurable Systems

Aizpurua

Papadopoulos

Muxika

et al. 2017

Quality & Reliability Eng

View full text Add to dashboard Cite

Design strategies that benefit from the reuse of system components can reduce costs while maintaining or increasing dependability-we use the term dependability to tie together reliability and availability. D3H2 (aDaptive Dependable Design for systems with Homogeneous and Heterogeneous redundancies) is a methodology that supports the design of complex systems with a focus on reconfiguration and component reuse. D3H2 systematizes the identification of heterogeneous redundancies and optimizes the design of fault detection and reconfiguration mechanisms, by enabling the analysis of design alternatives with respect to dependability and cost. In this paper, we extend D3H2 for application to repairable systems. The method is extended with analysis capabilities allowing dependability assessment of complex reconfigurable systems. Analysed scenarios include time-dependencies between failure events and the corresponding reconfiguration actions. We demonstrate how D3H2 can support decisions about fault detection and reconfiguration that seek to improve dependability while reducing costs via application to a realistic railway case study.A high-level function consists of a set of Main Functions (MF), for example, train operating properly = {traction system OK, signalling system OK, braking system OK, air conditioning control OK, . . . }. Main functions are performed in possibly different Physical Locations (PLs), for example, a single air conditioning control implementation may span a whole train car, or each car compartment in a train car may have its own air conditioning control. A main function consists of a set of subfunctions (SF), for example, input, control and output subfunctions. A subfunction may have multiple implementations (#) to carry out the subfunction, and these are ordered with respect to their priority.

show abstract

Section: Discussionmentioning

confidence: 99%

On Cost‐effective Reuse of Components in the Design of Complex Reconfigurable Systems

Aizpurua

Papadopoulos

Muxika

et al. 2017

Quality & Reliability Eng

View full text Add to dashboard Cite

show abstract

“…The approach presented by Priesterjahn et al [20] analyzes the time needed to finish a system adaptation before a hazard occurs. The authors introduce min-max execution time intervals for each component in order to analyze the propagation time of a failure through the system, but they do not take security aspects into account.…”

Section: Related Workmentioning

confidence: 99%

“…Already, events in ATs and FTs are often annotated with timing or probability information. By enriching the Dataflow Graph with additional timing information, representing the delay and frequency of messages or the processing time of these messages in components, timing constraints on adaptations can be derived in the analysis, similar to [20]. For example, an adaptation to avoid the spread of an error across multiple components must be faster than the spreading of the error.…”

Section: Analysis Approachmentioning

confidence: 99%

Towards model co-evolution across self-adaptation steps for combined safety and security analysis

Witte¹,

Groner²,

Raschke³

et al. 2022

Proceedings of the 17th Symposium on Software Engineering for Adaptive and Self-Managing Systems

Self Cite

View full text Add to dashboard Cite

Self-adaptive systems offer several attack surfaces due to the communication via different channels and the different sensors required to observe the environment. Often, attacks cause safety to be compromised as well, making it necessary to consider these two aspects together. Furthermore, the approaches currently used for safety and security analysis do not sufficient take into account the intermediate steps of an adaptation. Current work in this area ignores the fact that a self-adaptive system also reveals possible vulnerabilities (even if only temporarily) during the adaptation. To address this issue, we propose a modeling approach that takes into account the different relevant aspects of a system, its adaptation process, as well as safety hazards and security attacks. We present several models that describe different aspects of a self-adaptive system and we outline our idea of how these models can then be combined into an Attack-Fault Tree. This allows modeling aspects of the system on different levels of abstraction and co-evolve the models using transformations according to the adaptation of the system. Finally, analyses can then be performed as usual on the resulting Attack-Fault Tree. CCS CONCEPTS• Software and its engineering → System description languages; Fault tree analysis; • Computer systems organization → Embedded and cyber-physical systems; Dependable and faulttolerant systems and networks.

show abstract

“…Our solution is an analysis of self-healing operations [122,123] that considers in particular the timing characteristics of failure propagation and the effect of a selfhealing operation on the propagation of failures.…”

Section: Claudia Priesterjahnmentioning

confidence: 99%

“…Our analysis of self-healing operations as published in [122,123] checks for each MCS of the hazard, whether the MCSs can still cause the said hazard after the selfhealing operation has been completed. MCSs that still cause the hazard after selfhealing are called critical MCSs.…”

Section: Analysis Of Self-healing Operationsmentioning

confidence: 99%

Methods of Improving the Dependability of Self-optimizing Systems

Dorociak

Gausemeier

2014

Lecture Notes in Mechanical Engineering

View full text Add to dashboard Cite

Abstract. Various methods have been developed in the Collaborative ResearchCenter 614 which can be used to improve the dependability of self-optimizing systems. These methods are presented in this chapter. They are sorted into two categories with regard to the development process of self-optimizing systems. On one hand, there are methods which can be applied during the Conceptual Design Phase. On the other hand, there are methods that are applicable during Design and Development.There are domain-spanning methods as well as methods that have been specifically developed for particular domains, e.g., software engineering or control engineering. The methods address different attributes of dependability, such as reliability, availability or safety.Each section is prefaced with a short overview of the classification of the described method regarding the corresponding domain(s), as well as its dependability attributes, to provide the reader with a brief outline of the methods' areas of application. Information about independently applicable methods or existing relationships and interactions with other methods or third-party literature is also provided.The development process for self-optimizing mechatronic systems which was introduced in Chap. 2 consists of two main phases: Conceptual Design and Design and Development. The main result of the Conceptual Design is the Principle Solution, which includes all information required for the concrete development during the second phase. Conceptual Design PhaseEven as early as during the specification of the Principle Solution, the dependability of self-optimizing mechatronic systems can be evaluated and improved by employing appropriate methods. The result is an improved Principle Solution, as such methods take the whole system into account before splitting it up into domain-specific tasks for the following development phase.

show abstract

Timed Hazard Analysis of Self-healing Systems

Cited by 10 publications

References 30 publications

On Cost‐effective Reuse of Components in the Design of Complex Reconfigurable Systems

On Cost‐effective Reuse of Components in the Design of Complex Reconfigurable Systems

Towards model co-evolution across self-adaptation steps for combined safety and security analysis

Methods of Improving the Dependability of Self-optimizing Systems

Contact Info

Product

Resources

About