Gong Zhang,Tao Yue,Shaukat Ali,Ji Wu

2013-01-01

Abstract:The transition from requirements expressed in natural language (NL) to a structured, formalized specification is an important issue to support requirements analysis and to generate an (initial) analysis model. Use case diagrams are commonly used to capture system requirements as use cases, relationships among them and interactions with actors. Using template and restriction rules is a common feature of NL analysis for reducing imprecision and incompleteness in use case specifications. Use case diagrams, together with template and restriction rules, form a use case modeling approach, which helps achieve better understandability of use cases and improved quality of derived analysis models. In this paper, we extend a general use case approach (RUCM) for Cyber-Physical Systems (CPSs) with specific characteristics of being network-based, distributed and real-time embedded (NDRTE), which usually contains redundant/crosscutting properties. Two RUCM extensions are proposed to achieve this objective: RUCM-NDRTE and AO-RUCM (for modeling crosscutting behaviors).

Zhe Chen,Gilles Motet

DOI: https://doi.org/10.48550/arXiv.0905.2355

2009-05-14

Software Engineering

Abstract:Most recent software related accidents have been system accidents. To validate the absence of system hazards concerning dysfunctional interactions, industrials call for approaches of modeling system safety requirements and interaction constraints among components and with environments (e.g., between humans and machines). This paper proposes a framework based on input/output constraint meta-automata, which restricts system behavior at the meta level. This approach can formally model safe interactions between a system and its environment or among its components. This framework differs from the framework of the traditional model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a top-down technique for modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. The contributions of this work include formalizing system safety requirements and a way of automatically ensuring system safety.

Man Zhang,Tao Yue,Shaukat Ali,Bran Selic,Oscar Okariz,Roland Norgre,Karmele Intxausti

DOI: https://doi.org/10.1016/j.jss.2018.06.075

IF: 3.5

2018-01-01

Journal of Systems and Software

Abstract:Context Latent uncertainty in the context of software-intensive systems (e.g., Cyber-Physical Systems (CPSs)) demands explicit attention right from the start of development. Use case modeling-a commonly used method for specifying requirements in practice, should also be extended for explicitly specifying uncertainty. Objective: Since uncertainty is a common phenomenon in requirements engineering, it is best to address it explicitly by identifying, qualifying, and, where possible, quantifying uncertainty at the beginning stage. The ultimate aim, though not within the scope of this paper, was to use these use cases as the starting point to create test-ready models to support automated testing of CPSs under uncertainty. Method: We extend the Restricted Use Case Modeling (RUCM) methodology and its supporting tool to specify uncertainty as part of system requirements. Such uncertainties include those caused by insufficient domain expertise of stakeholders, disagreements among them, and known uncertainties about assumptions about the environment of the system. The extended RUCM, called U-RUCM, inherits the features of RUCM, such as automated analyses and generation of models, to mention but a few. Consequently, U-RUCM provides all the key benefits offered by RUCM (i.e., reducing ambiguities in requirements), but also, it allows specification of uncertainties with the possibilities of reasoning and refining existing ones and even uncovering unknown ones. Results: We evaluated U-RUCM with two industrial CPS case studies. After refining RUCM models (specifying initial requirements), by applying the U-RUCM methodology, we successfully identified and specified additional 306% and 512% (previously unknown) uncertainty requirements, as compared to the initial requirements specified in RUCM. This showed that, with U-RUCM, we were able to get a significantly better and more precise characterization of uncertainties in requirement engineering. Conclusion: Evaluation results show that U-RUCM is an effective methodology (with tool support) for dealing with uncertainty in requirements engineering. We present our experience, lessons learned, and future challenges, based on the two industrial case studies.

Xu Gao,Rongxi Wang,Jianmin Gao,Zhiyong Gao,Wei Deng

DOI: https://doi.org/10.1002/qre.2382

2019-01-01

Quality and Reliability Engineering International

Abstract:Due to the propagation, amplification, and concatenation in a failure process, the reliabilities of repairable multistate complex mechanical systems (RMCMSs) may be affected by a significant fluctuation due to a small exception associated with a reliability indicator. Focused on the problems arising from the lack of propagation relationships among fault modes, functional components, and failure causes in conventional reliability models, a novel framework for reliability modelling is proposed to comprehensively analyse the reliabilities of RMCMSs. First, the reliability models are abstracted as weighted and directed networks with five layers. Second, an improved failure mode and effects analysis (IFMEA) method combined with the D-number method and VIKOR approach is presented to determine the importance of reliability nodes. Third, a cut set of the reliability model is generated by any exception of a reliability indicator by considering the propagation relationships, and the reliability sensibility index is defined to characterize the fluctuations in system reliability. The effectiveness of the proposed framework is demonstrated in an actual reliability modelling application. As an intuitive method, the proposed framework inherits the advantages of conventional models but overcomes the drawbacks of these existing methods. Therefore, this method can be flexibly and efficiently used in the reliability modelling of RMCMSs. Moreover, the approach provides a foundation for comprehensive and dynamic reliability analysis and the failure mechanism mining of RMCMSs, and it can be used in other engineering applications.

Yue Yu,Tiexin Wang,Tao Yue

DOI: https://doi.org/10.1109/rew53955.2021.00079

2021-01-01

Abstract:Defects in Autonomous driving systems (ADSs) might result in catastrophic losses of lives and properties. To avoid such defects, we need to first ensure high quality requirements, which highly possibly would lead to the delivery of high-quality ADSs. Specifying requirements for ADSs, a method needs to have terms/notations specific to ADSs such as complex traffic environments (e.g., pedestrians, roads). Use case modeling is commonly practiced in industry for requirements specification and modeling. In this paper, we propose a novel use case modeling methodology, named RUCM4ADS, which specializes the Restricted Use Case Modeling (RUCM). RUCM4ADS aims to specify ADS scenarios by integrating elements from both the autonomous driving domain and Operational World Model (OWM) Ontology. Accompanied with RUCM4ADS, we also develop an editor for it. To evaluate RUCM4ADS, we conducted one real-world case study with 10 use cases. We also conducted a preliminary controlled experiment, in a laboratory setting, to evaluate the applicability of RUCM4ADS. Results show that RUCM4ADS can be used for modeling ADS scenarios and has the potential to improve the overall applicability for specifying ADS scenarios as use case models.

Zhe Chen,Gilles Motet

DOI: https://doi.org/10.1109/depend.2009.18

2009-06-01

Abstract:Safety is an important element of dependability. It is defined as the absence of accidents. Most accidents involving software-intensive systems have been system accidents, which are caused by unsafe inter-system or inter-component interactions. To validate the absence of system hazards concerning dysfunctional interactions, industrials call for approaches of modeling system safety requirements and interaction constraints among components. This paper proposes such a formalism, namely interface control systems (or shortly C-Systems). An interface C-System is composed of an interface automaton and a controlling automaton, which formalizes safe interactions and restricts system behavior at the meta level. This framework differs from the framework of traditional model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a top-down technique for modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. The contributions of this work include formalizing safety requirements and a way of automatically ensuring system safety.

Weigang Ma,Xinhong Hei

DOI: https://doi.org/10.1109/ICCASM.2010.5620084

2010-01-01

Abstract:A modeling and verification methodology is presented for railway interlocking system which is regarded as a safety-critical system. The methodology utilizes UML (Unified Modeling Language) to model the function requirement and FSM (Finite State Machine) to verify the safety requirements of the specification. The device specifications of railway interlocking system are modeled with UML, and dynamic behaviors of the device and whole system are modeled with FSM, the safety specification is translated LTL (Linear Temporal Logic) and analyzed with NuSMV. We try to show the feasibility of improving the reliability and reducing revalidation efforts when designing and developing a decentralized railway signaling system.

O. T. Arogundade,A. T. Akinwale,Z. Jin,X. G. Yang

DOI: https://doi.org/10.4018/jisp.2011100102

2011-01-01

International Journal of Information Security and Privacy

Abstract:This paper proposes an enhanced use-misuse case model that allows both safety and security requirements to be captured during requirements elicitation. The proposed model extends the concept of misuse case by incorporating vulnerable use case and abuse case notations and relations that allows understanding and modeling different attackers and abusers behaviors during early stage of system development life cycle and finishes with a practical consistent combined model for engineering safety and security requirements.The model was successfully applied using health care information system gathered through the university of Kansas HISPC project. The authors were able to capture both security and safety requirements necessary for effective functioning of the system. In order to enhance the integration of the proposed model into risk analysis, the authors give both textual and detailed description of the model. The authors compare the proposed approach with other existing methods that identify and analyze safety and security requirements and discovered that it captures more security and safety threats.

Tao Yue,Huihui Zhang,Shaukat Ali,Chao Liu

DOI: https://doi.org/10.1007/978-3-319-35122-3_7

2016-01-01

Abstract:Use case diagrams together with use case specifications are commonly used to specify system requirements. To reduce imprecision, ambiguity, and incompleteness in use case specifications, an approach with template and restriction rules is often recommended to achieve better understandability of use cases and improves the quality of derived analysis models. However, when crosscutting concerns are modeled together with non-crosscutting concerns as use case models, resulting use case models often result in cluttered diagrams and redundant information in use case specifications. Therefore, the overall reusability of the use case models is usually low. To tackle this, we extend a general use case approach, named as RUCM, for modeling crosscutting concerns, along with a weaver to automatically weave aspect use case models into their corresponding base model to facilitate, e.g., automated requirements analysis. The extended approach has been evaluated with three real-world applications from communication, maritime and energy domains and aviation. We compared the modeling effort required to model three sets of crosscutting concerns from the real-world applications, when using and not using the extended RUCM approach. Results show that more than 80ï¾ź% of modeling effort can be saved.

Romaric Guillerm,Hamid Demmou,Nabil Sadou

DOI: https://doi.org/10.1007/978-3-642-15654-0

2012-12-18

Abstract:The aim of this paper is to propose a rigorous and complete design framework for complex system based on system engineering (SE) principles. The SE standard EIA-632 is used to guide the approach. Within this framework, two aspects are presented. The first one concerns the integration of safety requirements and management in system engineering process. The objective is to help designers and engineers in managing safety of complex systems. The second aspect concerns model driven design through the definition of an information model. This model is based on SysML (System Modeling Language) to address requirements definition and their traceability towards the solution and the Verification and Validation (V&V) elements.

Software Engineering,Performance

Zhiming Liu,Jifeng He,Xiaoshan Li,Yifeng Chen

DOI: https://doi.org/10.1007/978-3-540-39893-6_36

2003-01-01

Abstract:This paper is towards the development of a methodology for object-oriented software development. The intention is to support effective use of a formal model for specifying and reasoning during the requirements analysis and design of a software development process. The overall purpose is to enhance the application of the Unified Modelling Language (UML) with a formal semantics in the Rational Unified Software Development Process (RUP). The semantic framework defines the meaning of some UML submodels. It identifies both the static and dynamic relationships among these submodels. Thus, the focus of this paper is the development of a semantic model to consistently combine a use-case model and a conceptual class diagram to form a system specification.

Ji Wu,Tao Yue,Shaukat Ali,Huihui Zhang

DOI: https://doi.org/10.1002/spe.2281

2014-01-01

Software Practice and Experience

Abstract:SummaryEnsuring that avionics software meets safety requirements at each development stage is very important to warrant the safe operation of an avionics system. Many safety requirements are imposed by various standards and industrial regulations that must be met by avionics software. One of such standards is DO‐178B/C, which provides guidelines (e.g., development process and objectives to satisfy in development activities) for meeting safety requirements. This paper presents a modeling methodology including a UML profile for specifying safety requirements on a component‐based architecture model and a set of design guidelines on avionics software. These safety requirements were identified from both standards (mainly DO‐178B/C) and current engineering practices in the domain of avionics systems. The methodology automatically enforces these safety requirements. We have applied the methodology on an industrial autopilot system, and several previously uncaught faults were revealed. Copyright © 2014 John Wiley & Sons, Ltd.

Ruirui Chen,Yusheng Liu,Jianjun Zhao,Xiaoping Ye

DOI: https://doi.org/10.1002/sys.21470

IF: 2.034

2018-08-24

Systems Engineering

Abstract:Increasing complexity of mechatronic products leads to more challenging designs. As the most important stage, system design determines the overall product architecture. Defects in this stage are difficult to rectify in future stages, thus requiring greater model accuracy. With the development of model‐based systems engineering (MBSE), model verification can detect design defects, reduce development costs, improve development efficiency, and ensure system reliability. Currently, conventional verifications are performed only after design processes, which makes it difficult to make systematic modifications. To solve this problem, a model verification method implemented in the design stage is proposed in this study. Using this method, designers are able to detect defects earlier, thereby reducing modification costs. The proposed method is as follows: first, a language named Relation‐based Modeling for Static Properties (RMSP) is proposed to formalize the static properties of requirements; second, the representation of “Conceptual Graphs” is extended to meet the needs of model verification of mechatronic products; finally, requirements in RMSP and system design in Systems Modeling Language (SysML) are transformed into the Extension of Conceptual Graphs. In this manner, the incorrectness and inconsistencies between requirements and system design can be found through projection in the system design stage. The omitted or improperly designed requirement items would be found and redesigned to fulfill the product requirements.

engineering, industrial,operations research & management science

Huihui Zhang,Tao Yue,Shaukat Ali,Ji Wu,Chao Liu

DOI: https://doi.org/10.1109/mise.2017.9

2017-01-01

Abstract:Time-related properties are a critical type of extra-functional requirements for designing real-time systems. Modeling and validating time-related properties at the requirements specification and analysis phases is important for the successful development of real-time systems in terms of cost, quality and productivity. In the literature and practice, timing analyses (e.g., Worst Case Execution Time) are often performed to ensure that the design of a real-time system fully conforms to its time-related constraints. However, such analyses are mostly performed at the design and implementation stages, but not at the requirements level. This paper presents a restricted, natural language based, use case modeling methodology (named as RUCM4RT) to specify functional requirements of real-time systems as use case models, along with associated time-related constraints. RUCM4RT was proposed based on the UML profile for Modeling and Analysis of Real-Time and Embedded Systems (MARTE). In addition, in this paper, we also propose a metamodel-based formalization mechanism named as UCMeta4RT to automatically formalize use case models. We have conducted two real-world case studies to evaluate our solution and 40 use cases were modeled, among which 27 real-time use cases, 118 time-related constraints and 47 other extra-functional (also commonly called non-functional) constraints were specified. Results show that RUCM4RT was able to handle all the real-time related elements (e.g., time-related constraints) of the use case models.

Kai Hoefig,Andreas Joanni,Marc Zeller,Francesco Montrone,Martin Rothfelder,Rakshith Amarnath,Peter Munk,Arne Nordmann

DOI: https://doi.org/10.48550/arXiv.2105.15015

2021-05-31

Software Engineering

Abstract:The importance of mission or safety critical software systems in many application domains of embedded systems is continuously growing, and so is the effort and complexity for reliability and safety analysis. Model driven development is currently one of the key approaches to cope with increasing development complexity, in general. Applying similar concepts to reliability, availability, maintainability and safety (RAMS) analysis activities is a promising approach to extend the advantages of model driven development to safety engineering activities aiming at a reduction of development costs, a higher product quality and a shorter time-to-market. Nevertheless, many model-based safety or reliability engineering approaches aim at reducing the analysis complexity but applications or case studies are rare. Therefore we present here a large scale industrial case study which shows the benefits of the application of component fault trees when it comes to complex safety mechanisms. We compare the methodology of component fault trees against classic fault trees and summarize benefits and drawbacks of both modeling methodologies.

Zheng Wang,Chen-ge Geng,Xiang-xian Chen,Dong Wang

DOI: https://doi.org/10.1109/InfoSEEE.2014.6947759

2014-01-01

Abstract:Automatic Train Protection (ATP) system is a safety-critical system; it is widely used to ensure trains running safely. During its development lifecycle, there are many safety problems which are derived from the requirements. In order to make descriptions of the requirements accurate and consistent, we introduce requirement models in the development lifecycle. The requirement models are built based on the modified state machine with text descriptions and the introduction of SuperState. In these models, the limitations of transitions are well defined and the complexity of the models can be reduced effectively. With this approach, the requirement of train localization function of ATP system is described clearly and strictly. Besides, this requirement model is easy to understand and read for developers.

Bingfeng XU,Zhiqiu HUANG,Jun HU,Xiaofeng YU

DOI: https://doi.org/CNKI:11-1929/V.20120201.0941.002

2012-01-01

Abstract:Current research of airborne software focuses on providing airworthiness certification evidence in software development process. As modern complex airborne software architecture is component-based and distributed, this paper considers the issue of checking the safety dependence relationship of software components against objectives that the airworthiness certification standard stipulates, which is one of the key problems of airborne software development in the design phase. Firstly, the static structure of a system is specified by a systems modeling language (SysML) block definition diagram with the description of safety properties. Secondly, the SysML block definition diagram is transformed to a block dependence graph for precise formal description. Thirdly, a method for checking the consistency between the safety dependence relationship in the static system structure and objectives of the airworthiness certification standard is proposed. Finally, an example of an aircraft navigation system is provided to illustrate how to use the method in the airborne software development process. The integrated safety level of a system is promoted by applying this method, and it can be used to provide airworthiness certification evidence.

Lian-chuan Ma,Dongmei Huang,Jian-cheng Mu,Yuan Cao

DOI: https://doi.org/10.2991/AIEA-16.2016.61

2016-11-12

Abstract:Commercial off-the-shelf (COTS) software and hardware components are widely used in the design of train control system. In order to satisfy the application requirements of the safety computer in train control system, it is necessary to analyze its safety properties. In this paper, a method of safety analysis for the safety computer is proposed. The safety properties of the safety computer in train control system are verified by establishing the system model of safety mechanism, and establishing a safety base in safety computer management units (SCMU), and measuring the safety of each part of the system step by step, and then establishing a safety chain. Finally, tests are carried out through a designed software fault injection tool to demonstrate the effectiveness of the proposed method.

Computer Science,Engineering

Xing Wu,Jin Chen,Ruqiang Li,Weixiang Sun,Guicai Zhang,Fucai Li

DOI: https://doi.org/10.1007/s10844-006-0731-3

2006-01-01

Journal of Intelligent Information Systems

Abstract:As the Machinery Condition Monitoring and Fault Diagnosis Systems ( MCMFDSs) are more and more complex, the design and development of these systems are becoming a challenge. The best way to manage the complexity and risk is to abstract and model them. This paper presents a new method of modeling Web-based Remote Monitoring and Fault Diagnosis Systems (WRMFDSs) with Unified Modeling Language (UML). A component framework model is put forward. A highly maintainable WRMFDS with three reusable component packages was developed using component-based programming. This paper, which studies a reusable WRMFDS model, aims at making such advanced information technologies be used widely in the condition monitoring and fault diagnosis domain, it can give developers a paradigm to accomplish the similar systems.

Tao Yue,Huihui Zhang,Shaukat Ali,Chao Liu

2015-01-01

Abstract:Use case diagrams together with use case specifications are commonly used to specify system requirements. To reduce imprecision, ambiguity, and in- completeness in use case specifications, an approach with template and re- striction rules is often recommended to achieve better understandability of use cases and improves the quality of derived analysis models. However, when cross- cutting concerns are modeled together with non-crosscutting concerns as use case models, resulting use case models often result in cluttered diagrams and redun- dant information in use case specifications. Therefore, the overall reusability of the use case models is usually low. To cope with these, we extend a general use case approach, named as RUCM, for modeling crosscutting concerns, along with a weaver to automatically weave aspect use case models into their corresponding base model to facilitate, e.g., automated requirements analysis. The extended RUCM approach has been evaluated with three industrial applications from com- munication, maritime and energy domains and aviation. We also compared the modeling effort required to model three sets of crosscutting concerns from the industrial applications, when using and not using the extended RUCM approach. Results show that more than 80% of modeling effort can be saved.