nach oben

Software and Systems Modeling

Erschienen in:

22.02.2014 | Regular Paper

A profile and tool for modelling safety information with design information in SysML

Erschienen in: Software and Systems Modeling | Ausgabe 1/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Communication both between development teams and between individual developers is a common source of safety-related faults in safety–critical system design. Communication between experts in different fields can be particularly challenging due to gaps in assumed knowledge, vocabulary and understanding. Faults caused by communication failures must be removed once found, which can be expensive if they are found late in the development process. Aiding communication earlier in development can reduce faults and costs. Modelling languages for design have been shown through practical experience to improve communication through better information presentation and increased information consistency. In this paper, we describe a SysML profile designed for modelling the safety-related concerns of a system. The profile models common safety concepts from safety standards and safety analysis techniques integrated with system design information. We demonstrate that the profile is capable of modelling the concepts through examples. We also show the use of supporting tools to aid the application of the profile through analysis of the model and generation of reports presenting safety information in formats appropriate to the target reader. Through increased traceability and integration, the profile allows for greater consistency between safety information and system design information and can aid in communicating that information to stakeholders.

Vorheriger Artikel Formalizing and appling compliance patterns for business process compliance

Nächster Artikel An executable formal semantics for UML-RT

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

http://ttool.telecom-paristech.fr/avatar.html.

The OMG is also responsible for the UML and SysML standards.

MARTE, like UML, is designed to be easy to extend.

A powerful open-source modelling tool is the Papyrus project, which adds modelling capabilities for UML, SysML and several other languages to the Eclipse Framework. See http://www.eclipse.org/papyrus/.

Note that the types presented here for the tagged values are an example; see Sect. 3.4 for details.

Table 1

SafeML::Hazard specification

SafeML::Hazard
Description: represents a potential hazard
Derived from: SysML::Blocks::Block

Relationship	Target and description
deriveHzd	SysML::Requirements::Requirement, SysML::Blocks::Block, UML4SysML::UseCase
deriveHzd	Indicates the source of the hazard
\(\rightarrow \)	SafeML::Harm
\(\rightarrow \)	Indicates the potential result of the hazard and the context that leads to it

Tagged value	Type	Description
–	–

Table 2

SafeML::Harm specification

SafeML::Harm
Description: represents the potential result of one or more hazards
Derived from: SysML::Blocks::Block

Relationship	Target and description
–	–

Tagged value	Type	Description
Safety score	SafeML::SafeMLTypes::SafetyScore	Quantifies the overallrisk of this harm.See Sect. 5.4

Table 3

SafeML::HarmContext specification

SafeML::HarmContext
Description: represents a context that allows a hazard to cause a specific harm
Derived from: SysML::AssociationBlock

Relationship	Target and description
deriveHC	UML::Activity, SysML::Blocks::Block, SysML::Requirements::Requirement, UML::Operation
deriveHC	Indicates the source of the context in the system

Tagged value	Type	Description
Probability of occurrence	SafeML::SafeMLTypes::Probability	Probability the context will occur
Probability of harm	SafeML::SafeMLTypes::Probability	Given the context is present, the probability harm will arise
Severity	SafeML::SafeMLTypes::Severity	The maximum possible severity of possible harm
Range	SafeML::SafeMLTypes::Range	The maximum possible range of possible harm

Table 4

SafeML::ContextDetector specification

SafeML::ContextDetector
SafeML::ContextDetector
Description: represents how a hazardous situation/event is detected
Derived from: SysML::Blocks::Block

Relationship	Target and description
detect	SafeML::HarmContext
detect	Indicates the HarmContext that is monitored for
reqDetection	SysML::Requirements::Requirement
reqDetection	Indicates the system requirement created by this detector

Tagged value	Type	Description
Probability of true positive	SafeML::SafeMLTypes::Probability	The probability of correctly detecting the presence of a context
Probability of false positive	SafeML::SafeMLTypes::Probability	The probability of incorrectly detecting the presence of a context\(^\mathrm{a}\)
Cost	SafeML::SafeMLTypes::Cost	A cost value for using the detector in the system. What this cost means will vary

\(^\mathrm{a}\) This value is necessary to determine the amount of “noise” the detector may introduce into the system; a system that believes it is in danger more often than it actually is will have reduced availability

Table 5

SafeML::PassiveDefence specification

SafeML::PassiveDefence
Description: represents defence against one or more contexts that continuously defends
Derived from: SysML::Blocks::Block via SafeML::Defence

Relationship	Target and description
\(\rightarrow \)	SafeML::HarmContext
\(\rightarrow \)	Indicates a context defended against
reqDefence	SysML::Requirements::Requirement
reqDefence	Indicates the system requirement created by this defence

Tagged value	Type	Description
Probability of success	SafeML::SafeMLTypes::Probability	The probability of successfully transforming the hazardous situation/event’s characteristics, such as its probability of harm occurring
Cost	SafeML::SafeMLTypes::Cost	A cost value for using the defence in the system. What this cost means will vary

Table 6

SafeML::ActiveDefence specification

SafeML::ActiveDefence
Description: represents a defence against one or more contexts that requires activation
Derived from: SysML::Blocks::Block via SafeML::Defence

Relationship	Target and description
\(\rightarrow \)	SafeML::HarmContext
\(\rightarrow \)	Indicates a context defended against
reqDefence	SysML::Requirements::Requirement
reqDefence	Indicates the system requirement created by this defence

Tagged value	Type	Description
Probability of success	SafeML::SafeMLTypes::Probability	The probability of successfully transforming the hazardous situation/event’s characteristics, such as its probability of harm occurring
Cost	SafeML::SafeMLTypes::Cost	A cost value for using the defence in the system. What this cost means will vary

Table 7

SafeML::DefenceResult specification

SafeML::DefenceResult
Description: represents the result of defending against a context
Derived from: SysML::AssociationBlock

Relationship	Target and description
–	–

Tagged value	Type	Description
Probability of occurrence	SafeML::SafeMLTypes::Probability	New probability the context will occur
Probability of harm	SafeML::SafeMLTypes::Probability	Given the context is present, the new probability that harm will arise
Severity	SafeML::SafeMLTypes::Severity	The new maximum possible severity of possible harm
Range	SafeML::SafeMLTypes::Range	The new maximum possible range of possible harm

Defence elements should not be decomposed into further Defence elements; this has no semantic meaning in SafeML.

SafeML treats defences as independent.

It is common practice in SysML to only represent top-level requirements in Requirements diagrams, with the remainder entered in a tabular view of the model.

The ability to alter how information is presented without altering the underlying structure of the model is a benefit of describing safety information in a model.

If the kettle did not have a lid covering the water tank, we might find a context for water burns due to the ease of spilling water out of an uncovered tank while pouring.

Although it could be possible to deal with it by placing a prominent warning on the kettle about watching the boiling process constantly, we are assuming for this example that such a defence will not provide sufficient safety.

A system may have multiple defences in place in case one fails.

http://www.sparxsystems.com/products/ea/index.html.

We note that this calculation may or may not be suitable for use in real systems, whether or not it is possible to quantify the safety of a system is still debated. Our purpose in this section is merely to show that a model allows such calculations to be made automatically.

See Sect. 3.4 for a description of what a probability may be.

These are reliability concerns, not safety concerns.

Addouche, N., Antoine, C., Montmain, J.: UML models for dependability analysis of real-time systems. In: IEEE international conference on systems, man and cybernetics, 2004, vol. 6, pp. 5209–5214 (2004). doi:10.1109/ICSMC.2004.1401021

Anda, B., Hansen, K., Gullesen, I., Thorsen, H.K.: Experiences from introducing UML-based development in a large safety-critical project. Empir. Softw. Eng. 11(4), 555–581 (2006). doi:10.1007/s10664-006-9020-6 CrossRef

Basin, D., Clavel, M., Egea, M.: A decade of model-driven security. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT ’11, pp. 1–10. ACM, New York, NY (2011). doi:10.1145/1998441.1998443

Basin, D., Doser, J., Lodderstedt, T.: Model driven security. In: Broy, M., Grnbauer, J., Harel, D., Hoare, T. (eds.) Engineering Theories of Software Intensive Systems, NATO Science Series, vol. 195, pp. 353–398. Springer, Netherlands (2005). doi:10.1007/1-4020-3532-2_12 CrossRef

Bernardi, S., Merseguer, J., Petriu, D.: A dependability profile within MARTE. Softw. Syst. Model. 10, 313–336 (2011). doi:10.1007/s10270-009-0128-1 CrossRef

Biffl, S., Mordinyi, R., Schatten, A.: A model-driven architecture approach using explicit stakeholder quality requirement models for building dependable information systems. In: Fifth International Workshop on Software Quality, 2007. WoSq’07: ICSE Workshops 2007, p. 6 (2007). doi:10.1109/WOSq.2007.1

Bondavalli, A., Dal, Cin M.: Dependability analysis in the early phases of UML based system design. J. Comput. Syst. Sci. Eng. 16(5), 265–275 (2001)

Douglass, B.P.: Doing Hard Time: Developing Real-Time Systems with UML, Objects, Frameworks and Patterns, Chap. 4. Addison-Wesley, Reading, MA (1999)

Douglass, B.P.: Analyze System Safety Using UML within the IBM Rational Rhapsody Environment. Technical report, Rational Software, IBM Software Group (2009)

10.

Feiler, P.H., Gluch, D.P., Hudak, J.J.: The Architecture Analysis & Design Language (AADL): An Introduction. Technical report, Software Engineering Institute, Carnegie-Mellon University, Pittsburgh (2006)

11.

Fernndez Briones, J., Miguel, M., Silva, J., Alonso, A.: Application of safety analyses in model driven development. In: Obermaisser, R., Nah, Y., Puschner, P., Rammig, F. (eds.) Software Technologies for Embedded and Ubiquitous Systems. Lecture Notes in Computer Science, vol. 4761, pp. 93–104. Springer, Berlin (2007). doi:10.1007/978-3-540-75664-4_10

12.

Friedenthal, S., Moore, A., Steiner, R.: A Practical Guide to SysML: The Systems Modeling Language. Morgan Kaufmann, Los Altos, CA (2009)

13.

Frlund, S., Koistinen, J.: Quality-of-service specification in distributed object systems. Distrib. Syst. Eng. 5(4), 179 (1998). http://stacks.iop.org/0967-1846/5/i=4/a=005

14.

Hatebur, D., Heisel, M., Jrjens, J., Schmidt, H.: Systematic development of UMLsec design models based on security requirements. In: Giannakopoulou, D., Orejas, F. (eds.) Fundamental Approaches to Software Engineering. Lecture Notes in Computer Science, vol. 6603, pp. 232–246. Springer, Berlin (2011). doi:10.1007/978-3-642-19811-3_17 CrossRef

15.

Hause, M., Thom, F.: An integrated safety strategy to model driven development with SysML. In: Second Institution of Engineering and Technology International Conference on System Safety, 2007, pp. 124–129 (2007)

16.

Hayhurst, K., Holloway, C.: Challenges in software aspects of aerospace systems. In: Proceedings of the 26th Annual NASA Goddard on Software Engineering Workshop, 2001, pp. 7–13 (2001). doi:10.1109/SEW.2001.992649

17.

Hill, J., Dabholkar, A., Kavimandan, A., Balasubramanian, J., Abdelwahed, S.: A platform independent component QoS modeling language for distributed real-time and embedded systems. Technical report, Vanderbilt University (2007)

18.

Huhn, M., Hungar, H.: UML for software safety and certification: Model-based development of safety-critical software-intensive systems. In: Proceedings of the 2007 International Dagstuhl Conference on Model-Based Engineering Of Embedded Real-Time Systems, MBEERTS’07, pp. 201–237. Springer, Berlin (2010). http://dl.acm.org/citation.cfm?id=1927558.1927569

19.

IEC 60812 Analysis techniques for system reliability—Procedure for failure mode and effects analysis (FMEA) (2006)

20.

IEC 61205 Fault tree analysis (FTA) (2006)

21.

IEC 61508 Functional safety of electrical/electronic/program mable electronic safety-related systems (2010)

22.

IEC 61508 Functional safety of electrical/electronic/program mable electronic safety-related systems—part 4: definitions and abbreviations (2010)

23.

ISO 12100 Safety of machinery—General principles for design—Risk assessment and risk reduction (2010)

24.

ISO 13849 Safety of machinery—Safety-related parts of control systems—Part 1: general principles for design (2006)

25.

ISO 26262 Road vehicles—Functional safety (2011)

26.

Iwu, F., Galloway, A., McDermid, J., Toyn, I.: Integrating safety and formal analyses using UML and PFS. Reliab. Eng. Syst. Saf. 92(2):156–170 (2007). doi:10.1016/j.ress.2005.11.060. http://www.sciencedirect.com/science/article/pii/S095183200500270X

27.

Johnson, C.W.: The hidden human factors in unmanned aerial vehicles. In: Proceedings of the 2007 International Systems Safety Society Conference. Baltimore (2007)

28.

Jürjens, J.: Towards development of secure systems using UMLsec. In: Hussmann, H. (ed.) Fundamental Approaches to Software Engineering. Lecture Notes in Computer Science, vol. 2029, pp. 187–200. Springer, Berlin (2001). doi:10.1007/3-540-45314-8_14

29.

Jürjens, J.: Sound methods and effective tools for model-based security engineering with UML. In: Proceedings of the 27th International Conference on Software Engineering, 2005. ICSE 2005, pp. 322–331 (2005). doi:10.1109/ICSE.2005.1553575

30.

Jürjens, J., Schreck, J., Bartmann, P.: Model-based security analysis for mobile communications. In: ACM/IEEE 30th International Conference on Software Engineering, 2008. ICSE ’08, pp. 683–692 (2008). doi:10.1145/1368088.1368186

31.

Kelly, T., Weaver, R.: The goal structuring notation—A safety argument notation. In: Proceedings of the Dependable Systems and Networks 2004 Workshop on Assurance Cases (2004)

32.

Leveson, N.G.: Safeware: System Safety and Computers. ACM, New York, NY (1995)

33.

Leveson, N.G.: Safeware: System Safety and Computers, Chap. 13. ACM, New York, NY (1995)

34.

Leveson, N.G.: Safeware: System Safety and Computers, Chap. 14. ACM, New York, NY (1995)

35.

Leveson, N.G.: Engineering a Safer World, Chap. 2. The MIT Press, Cambridge, MA (2011)

36.

Leveson, N.G.: Engineering a Safer World, Chap. 3. The MIT Press, Cambridge, MA (2011)

37.

Lipaczewski, M., Struck, S., Ortmeier, F.: Using tool-supported model based safety analysis—Progress and experiences in SAML development. In: IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), 2012, pp. 159–166 (2012). doi:10.1109/HASE.2012.34

38.

Lutz, R.: Analyzing software requirements errors in safety-critical, embedded systems. In: Proceedings of IEEE International Symposium on Requirements Engineering, 1993, pp. 126–133 (1993). doi:10.1109/ISRE.1993.324825

39.

de Miguel, M., Briones, J., Silva, J., Alonso, A.: Integration of safety analysis in model-driven software development. IET Softw. 2(3), 260–280 (2008). doi:10.1049/iet-sen:20070050

40.

Montecchi, L., Lollini, P., Bondavalli, A.: Dependability concerns in model-driven engineering. In: Fourteenth IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW), 2011, pp. 254–263 (2011). doi:10.1109/ISORCW.2011.32

41.

Montecchi, L., Lollini, P., Bondavalli, A.: An intermediate dependability model for state-based dependability analysis. Technical report rcl101115 v2.1, University of Florence, Dipartimento di Sistemi e Informatica, RCL group (2011). http://dcl.isti.cnr.it/Documentation/Papers/Techreports.html

42.

Montella, A.: Safety reviews of existing roads: quantitative safety assessment methodology. Transp. Res. Rec. J. Transp. Res. Board 1922, 62–72 (2005). doi:10.3141/1922-09. http://trb.metapress.com/content/RT7RU54215302751

43.

Mustafiz, S., Sun, X., Kienzle, J., Vangheluwe, H.: Model-driven assessment of system dependability. Softw. Syst. Model. 7, 487–502 (2008). doi:10.1007/s10270-008-0084-1 CrossRef

44.

Omg, UML Profile for MARTE: Modeling and Analysis of Real-Time Embedded Systems (2011). http://www.omg.org/spec/MARTE/1.1/

45.

Omg, UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms (QFTP) (2011). http://www.omg.org/spec/QFTP/1.1/

46.

OMG Systems Modeling Language (OMG SysML) (2012). http://www.omg.org/spec/SysML/1.3/

47.

Pai, G., Dugan, J.: Automatic synthesis of dynamic fault trees from UML system models. In: Proceedings of the 13th International Symposium on Software Reliability Engineering, 2002. ISSRE 2003, pp. 243–254 (2002). doi:10.1109/ISSRE.2002.1173261

48.

Panesar-Walawege, R., Sabetzadeh, M., Briand, L.: A model-driven engineering approach to support the verification of compliance to safety standards. In: IEEE 22nd International Symposium on Software Reliability Engineering (ISSRE), 2011, pp. 30–39 (2011). doi:10.1109/ISSRE.2011.11

49.

Panesar-Walawege, R., Sabetzadeh, M., Briand, L.: Using UML profiles for sector-specific tailoring of safety evidence information. In: Jeusfeld, M., Delcambre, L., Ling, T.W. (eds.) Conceptual Modeling ER 2011. Lecture Notes in Computer Science, vol. 6998, pp. 362–378. Springer, Berlin (2011). doi:10.1007/978-3-642-24606-7_27 CrossRef

50.

Ritter, T., Born, M., Unterschiitz, T., Weis, T.: A QoS metamodel and its realization in a CORBA component. In: Proceedings of the 36th Annual Hawaii International Conference on System Sciences, 2003, p. 10. (2003). doi:10.1109/HICSS.2003.1174879

51.

Tambe, S., Balasubramanian, J., Gokhale, A., Damiano, T.: MDDPro: model-driven dependability provisioning in enterprise distributed real-time and embedded systems. In: Malek M., Reitenspie M., Moorsel A. (eds.) Service Availability. Lecture Notes in Computer Science, vol. 4526, pp. 127–144. Springer, Berlin (2007). doi:10.1007/978-3-540-72736-1_11

52.

Wilson, S.P., McDermid, J.A.: Integrated analysis of complex safety critical systems. Comput. J. 38(10), 765–776 (1995). doi:10.1093/comjnl/38.10.765 CrossRef

53.

Zoughbi, G., Briand, L., Labiche, Y.: Modeling safety and airworthiness (RTCA DO-178B) information: conceptual model and UML profile. Softw. Syst. Model. 10, 337–367 (2011). doi:10.1007/s10270-010-0164-x CrossRef

Titel: A profile and tool for modelling safety information with design information in SysML
Publikationsdatum: 22.02.2014
Erschienen in: Software and Systems Modeling / Ausgabe 1/2016
Print ISSN: 1619-1366
Elektronische ISSN: 1619-1374
DOI: https://doi.org/10.1007/s10270-014-0400-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 1/2016

Cyber-physical systems challenges: a needs analysis for collaborating embedded software systems

Industry 4.0 as a Cyber-Physical System study

An executable formal semantics for UML-RT

Goal-oriented modeling and verification of feature-oriented product lines

Synthesizing object life cycles from business process models

Systematic literature review of the objectives, techniques, kinds, and architectures of models at runtime

Premium Partner