Proceedings 1997 High-Assurance Engineering Workshop

11-12 Aug. 1997

Filter Results

Displaying Results 1 - 25 of 37
  • Proceedings 1997 High-Assurance Engineering Workshop

    Publication Year: 1997
    Request permission for reuse | PDF file iconPDF (252 KB)
    Freely Available from IEEE
  • On the development of dependability-evaluation workbench for high-assurance system designers

    Publication Year: 1997, Page(s):2 - 7
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (965 KB)

    High-assurance system engineering requires efficient computer-aided dependability evaluation. Although various dependability evaluation techniques and tools have been developed and studied in the last two decades, no adequate attention has been paid to allow system designers not well versed in analytic modeling to easily employ these techniques and tools. Aimed at enabling designers of high-assura... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Taming the Octopus: using formal models to integrate the Octopus object oriented analysis models

    Publication Year: 1997, Page(s):8 - 13
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (537 KB)

    The object-oriented (OO) modeling techniques of the Octopus method provide good tools for managing the complexity which is inherent in reactive embedded systems. The lack of a precise semantics for the modeling notations used diminishes the role it can play in the development of critical reactive systems. In this paper, we describe an extension to the Octopus analysis techniques that provides supp... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Do you trust your compiler? Applying formal methods to constructing high-assurance compilers

    Publication Year: 1997, Page(s):14 - 24
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1013 KB)

    Describes how automatic transformation technology can be used to construct a verified compiler for an imperative language. Our approach is to "transformationally" pass a source program through a series of canonical forms, each of which correspond to some goal or objective in the compilation process (e.g. introduction of registers, simplification of expressions, etc.). We describe a denotational se... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Enhancing system dependability with dynamically reconfigurable FPGAs

    Publication Year: 1997, Page(s):25 - 30
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (573 KB)

    Configuring computing modules for fault-tolerant or parallel computing requires the presence of certain logical functions. Unavoidable tradeoffs between hardware and software implementations of these functions have created unfavorable attributes for designs. Branching and jumps in software allow only the immediately needed function to take up processing resources, but software cannot match the spe... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Experience in capturing requirements for safety-critical medical devices in an industrial environment

    Publication Year: 1997, Page(s):32 - 36
    Cited by:  Papers (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (430 KB)

    This paper presents some of the lessons learned in developing safety-critical implantable medical devices, such as pacemakers and defibrillators, in an industrial environment. It discusses some important issues related to obtaining requirements directly from end users, and their impact on reliability and safety aspects of the system. The emphasis is on practical aspects of system and software deve... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • The quality of service model and high assurance

    Publication Year: 1997, Page(s):38 - 39
    Cited by:  Papers (8)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (182 KB)

    The quality of service (QoS) model provides a recursive model that is applicable at any level of abstraction and that encompasses the concepts of real-time systems, dependability and security. It provides metrics based on the QoS attributes of timeliness, precision and accuracy, which can be used for system specification, instrumentation and evaluation. It is hoped that this model will lead to bet... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A graphical property specification language

    Publication Year: 1997, Page(s):42 - 47
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (532 KB)

    Presents a language for the specification of high-level properties of real-time systems. The language is based on a temporal logic. Properties expressed as temporal logic formulae are known to be very obscure. In the design of the language, we tried to identify the sources of this and to make the expressions as easy to comprehend as possible. To enhance the flexibility of the language, we employ a... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analytical design of evolutionary control flow components

    Publication Year: 1997, Page(s):48 - 55
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (743 KB)

    The market demands that software systems be adaptable to changes in requirements. Software must be evolvable to solve slightly different problems over time. The transition from real-world requirements to software is a human-intensive and potentially complex process that provides limited automated support for the analysis of alternative designs with respect to their evolvability. In this paper, we ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifying communication constraints in RSML specifications

    Publication Year: 1997, Page(s):56 - 61
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (636 KB)

    Discusses a formal approach to the specification of inter-component communication in RSML (Requirements State Machine Language) specifications. The approach is based on communicating finite state machines. The formalism allows the encapsulation of communication-related properties in well-defined interface specifications. The encapsulation enables us to use the interface specifications as simple sa... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design and assurance strategy for the NRL pump

    Publication Year: 1997, Page(s):64 - 71
    Cited by:  Papers (3)  |  Patents (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (988 KB)

    Developing a trustworthy system is difficult because the developer must construct a persuasive argument that the system conforms to its critical requirements. This assurance argument, as well as the software and hardware, must be evaluated by an independent certification team. We present the external requirements and logical design of a specific trusted device, the NRL Pump, and describe our plan,... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Automated computation of decomposable synchronization conditions

    Publication Year: 1997, Page(s):72 - 77
    Cited by:  Papers (4)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (670 KB)

    High assurance systems have various types of system requirements, most notably safety, real time, reliability, security and availability. The primary goal of high assurance system designers is to integrate various functions of the system while preserving the system consistency with the requirements. We show how automated synchronization based on receptive safety rules facilitates this integration.... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A software environment for custom simulation and monitoring of real-time specifications

    Publication Year: 1997, Page(s):78 - 84
    Cited by:  Papers (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (894 KB)

    The testing and validation of formal specifications of high assurance real time systems requires an extensible simulation environment with support for users to generate events, customize displays, and monitor event traces. The paper describes MTSim, a customizable simulation platform for the Modechart Toolset (MT). MTSim provides support for "plugging in" user defined viewers as well as user parti... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Analytical modelling and evaluation of phased-mission systems for space applications

    Publication Year: 1997, Page(s):85 - 91
    Cited by:  Papers (11)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (726 KB)

    The paper deals with the modelling and evaluation of mission phased systems devoted to space applications. We propose a two level hierarchical method that allows us to model such systems and to master the complexity of the analysis. Our approach considers a separate modelling and resolution of the phases, and of the dependencies among phases caused by the usage of the same system components in the... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifying fault-tolerant behavior of state machines

    Publication Year: 1997, Page(s):94 - 99
    Cited by:  Papers (3)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (554 KB)

    Fault tolerant behavior is an important non functional requirement for systems that involve high criticality. We present a framework which allows the analysis of fault tolerant behavior to be undertaken. This framework is based on the notion of state machines and tolerance relations. Results concerning fault tolerant behavior of finite state machines are presented and an illustrative example is di... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Scalable and reliable synchronous collaboration environment on CORBA using WWW

    Publication Year: 1997, Page(s):100 - 103
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (367 KB)

    Currently, object-oriented technology is being widely adopted in multimedia development environments which provide integrated real-time services. Since various user demands cannot be satisfied with the conventional structured development technology, this trend is accelerating. This paper describes an object-oriented approach in constructing a reliable synchronous collaboration environment providin... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • An automated tool for efficiently generating a massive number of random test cases

    Publication Year: 1997, Page(s):104 - 107
    Cited by:  Papers (6)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (345 KB)

    Certain software systems, such as process control and avionics systems, require an extremely large amount of testing to measure their reliability according to the ultra-high reliability requirements imposed on them. Therefore, it is essential to speed up the test generation process to reduce the certification time. We develop techniques to enhance the effectiveness of an automated program for gene... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Evaluation and improvement of software products and processes based on measurement

    Publication Year: 1997, Page(s):108 - 111
    Cited by:  Patents (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (521 KB)

    A methodology including the essential steps for any software measurement activity is described. Based on previous and original works, this methodology allows one to specify, verify and validate metrics. Related to a defined goal, metrics are specified using a formal notation and then verified. Validating predictive metrics is a crucial task for any goal aiming at improving software processes or pr... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Framework of a software reliability engineering tool

    Publication Year: 1997, Page(s):114 - 119
    Cited by:  Papers (9)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (668 KB)

    The usage of commercial off-the-shelf (COTS) software modules in a large, complex software development project has well-known advantages (e.g. reduced development time and reduced cost). However, many such designs remain ill-understood in terms of end-to-end, overall reliability and assurance of the software system. Since the COTS components may not have been designed with assurance attributes in ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Design of a portable control-flow checking technique

    Publication Year: 1997, Page(s):120 - 123
    Cited by:  Papers (4)  |  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (359 KB)

    A software-based method for concurrent detection of hardware faults via control-flow checking is presented. The method is capable of detecting all single control flow errors and almost all multiple control flow errors, regardless of the type of fault that caused the error. It is implemented by means of adding assertions to the entry and exit points of each branch-free interval of the high-level so... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A recovery model for extended real-time transactions

    Publication Year: 1997, Page(s):124 - 127
    Cited by:  Patents (1)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (408 KB)

    A central problem in the design of fault-tolerant real-time systems is that desirable fault tolerance properties are usually realized by mechanisms that counteract real-time guarantees. A prominent example is the all-or-nothing property (also known as failure atomicity), known from transactions. This property normally is realized by the means of isolation and roll-back recovery. However, isolation... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Software complexity analysis on department of defense real-time systems

    Publication Year: 1997, Page(s):130 - 131
    Request permission for reuse | PDF file iconPDF (128 KB)
    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Hierarchical specification of system behavior

    Publication Year: 1997, Page(s):134 - 140
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (711 KB)

    Complex systems are commonly broken up into a hierarchy of composed components. This methodology reduces the complexity of the system os a whole and allows teams of designers to attack the problem of definition. We present and propose a hierarchical methodology for the specification of the behaviors of complex designs. We introduce a single BY operator, such that A BY B means "A is true because of... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • High-coverage fault tolerance in real-time systems based on point-to-point communication

    Publication Year: 1997, Page(s):141 - 148
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (944 KB)

    The distributed recovery block (DRB) scheme is a widely applicable approach for realizing both hardware and software fault tolerance in real-time distributed and parallel computer systems. One of the most important extensions of the DRB scheme which has been outlined in recent years (but not developed fully) is the integration of the DRB scheme and a network surveillance (NS) scheme. We have devel... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • ReSoFT: a reusable testbed for development and evaluation of software fault-tolerant systems

    Publication Year: 1997, Page(s):149 - 154
    Cited by:  Papers (2)
    Request permission for reuse | Click to expandAbstract | PDF file iconPDF (1392 KB)

    The Reusable Software Fault-tolerance Testbed (ReSoFT) has been developed to facilitate the development and evaluation of high-assurance systems that require tolerance of both hardware and software faults. Central to ReSoFT is a library of reusable software components from which a wide variety of software fault tolerance (SWFT) techniques can be utilized to construct highly dependable systems. The... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.