Papers by Yiannis Papadopoulos
HAL (Le Centre pour la Communication Scientifique Directe), Sep 24, 2013
With today's highly complex embedded systems, it is becoming increasingly difficult to find desig... more With today's highly complex embedded systems, it is becoming increasingly difficult to find design solutions that meet all functional and nonfunctional requirements, such as performance, dependability and cost. In addition, there is often not a single optimal solution but a conflict of goals between requirements leads to a set of so-called Pareto optima. Such a multi-objective optimisation has received increasing attention in research and practice over the past few years. This paper presents current research in progress on developing a comprehensive optimisation approach that incorporates a flexible number of objectives together with the corresponding external analyses for evaluating them and uses only a single system model as information repository for all objectives and analyses. This central model is defined using the modelling language EAST-ADL, an architecture description language for the automotive domain.
Ensuring safety and explainability of machine learning (ML) is a topic of increasing relevance as... more Ensuring safety and explainability of machine learning (ML) is a topic of increasing relevance as data-driven applications venture into safety-critical application domains, traditionally committed to high safety standards that are not satisfied with an exclusive testing approach of otherwise inaccessible black-box systems. Especially the interaction between safety and security is a central challenge, as security violations can lead to compromised safety. The contribution of this paper to addressing both safety and security within a single concept of protection applicable during the operation of ML systems is active monitoring of the behavior and the operational context of the data-driven system based on distance measures of the Empirical Cumulative Distribution Function (ECDF). We investigate abstract datasets (XOR, Spiral, Circle) and current security-specific datasets for intrusion detection (CICIDS2017) of simulated network traffic, using statistical distance measures including the Kolmogorov-Smirnov, Kuiper, Anderson-Darling, Wasserstein and mixed Wasserstein-Anderson-Darling measures. Our preliminary findings indicate that there is a meaningful correlation between ML decisions and the ECDF-based distances measures of the input features. Thus, they can provide a confidence level that can be used for a) analyzing the applicability of the ML system in a given field (safety/security) and b) analyzing if the field data was maliciously manipulated 1 .
Journal of Systems and Software, May 1, 2019
This is a PDF file of an unedited manuscript that has been accepted for publication. As a service... more This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. Highlights • Model transformation method for automated dependability analysis of AADL models. • Allows non-AADL-based method and mature tool, HiP-HOPS, to analyse AADL models. • Allows the synthesis of multiple failure mode (FMEA) fault tree analysis. • The transformation captures temporal dependencies allowing temporal safety analysis.
IFAC-PapersOnLine, 2016
Abstract: Safety standards guide the development of systems whose operation raises concerns about... more Abstract: Safety standards guide the development of systems whose operation raises concerns about safety. We focus our attention on the automotive and aerospace standards, ISO 26262 and ARP4754-A respectively. Both standards advocate a process for controlled allocation of safety integrity requirements that starts early in the design and continues as the system architecture is being refined. This procedure may generate a plethora of feasible design variants, all satisfying system safety requirement, but each having different allocations of integrity to components and different costs. In this paper, we describe a model-based safety analysis method for automating this allocation process in a way that cost-optimal design variants are selected. We show that the proposed method is generic and can satisfy both the automotive and aerospace safety standards with application to both industries. We apply the method using both standards on a common case study and discuss the differences in the results obtained, reflecting on the commonalities and differences between the two standards.
arXiv (Cornell University), Nov 23, 2022
The offshore wind energy is increasingly becoming an attractive source of energy due to having lo... more The offshore wind energy is increasingly becoming an attractive source of energy due to having lower environmental impact. Effective operation and maintenance that ensures the maximum availability of the energy generation process using offshore facilities and minimal production cost are two key factors to improve the competitiveness of this energy source over other traditional sources of energy. Condition monitoring systems are widely used for health management of offshore wind farms to have improved operation and maintenance. Reliability of the wind farms are increasingly being evaluated to aid in the maintenance process and thereby to improve the availability of the farms. However, much of the reliability analysis is performed offline based on statistical data. In this article, we propose a drone-assisted monitoring based method for online reliability evaluation of wind turbines. A blade system of a wind turbine is used as an illustrative example to demonstrate the proposed approach.
Elsevier eBooks, 2016
Over the past two decades, the study of model-based dependability analysis has gathered significa... more Over the past two decades, the study of model-based dependability analysis has gathered significant research interest. Different approaches have been developed to automate and address various limitations of classical dependability techniques to contend with the increasing complexity and challenges of modern safety-critical system. Two leading paradigms have emerged, one which constructs predictive system failure models from component failure models compositionally using the topology of the system. The other utilizes design models-typically state automata-to explore system behaviour through fault injection. This paper reviews a number of prominent techniques under these two paradigms, and provides an insight into their working mechanism, applicability, strengths and challenges, as well as recent developments within these fields. We also discuss the emerging trends on integrated approaches and advanced analysis capabilities. Lastly, we outline the future outlook for model-based dependability analysis.
IFAC-PapersOnLine, 2016
The 'safety case' documents the safety argument developers of safety-critical systems employ to c... more The 'safety case' documents the safety argument developers of safety-critical systems employ to convince of their systems' safety, in compliance with safety standard regulation and advice. Despite the considerable body of knowledge that has evolved, constructing and maintaining a safety case remains a significant challenge. Especially for contemporary systems, due to their scale and complexity, safety cases can grow to require hundreds of pages of documentation. In this paper, we propose a method which aims to address these concerns. In numerous safety standards, such as the aerospace ARP4754-A, the concept of Development Assurance Levels (DALs) is used to control the safety assessment process and influence the safety case. Our method is based on automatically constructing a safety argument from an annotated system architecture model. To perform this construction, we employ previous work towards automatically allocating DALs to such a model and combining it with an appropriate safety argument pattern. The method is enabled through the state-of-the-art model-based dependability tool, HiP-HOPS. The advantage of this approach is that when the design changes, the impact of changes can be automatically reflected in the structure of a re-synthesised safety argument for the system.
Springer eBooks, 2020
Ensuring safety and explainability of machine learning (ML) is a topic of increasing relevance as... more Ensuring safety and explainability of machine learning (ML) is a topic of increasing relevance as data-driven applications venture into safety-critical application domains, traditionally committed to high safety standards that are not satisfied with an exclusive testing approach of otherwise inaccessible black-box systems. Especially the interaction between safety and security is a central challenge, as security violations can lead to compromised safety. The contribution of this paper to addressing both safety and security within a single concept of protection applicable during the operation of ML systems is active monitoring of the behavior and the operational context of the data-driven system based on distance measures of the Empirical Cumulative Distribution Function (ECDF). We investigate abstract datasets (XOR, Spiral, Circle) and current security-specific datasets for intrusion detection (CICIDS2017) of simulated network traffic, using statistical distance measures including the Kolmogorov-Smirnov, Kuiper, Anderson-Darling, Wasserstein and mixed Wasserstein-Anderson-Darling measures. Our preliminary findings indicate that there is a meaningful correlation between ML decisions and the ECDF-based distances measures of the input features. Thus, they can provide a confidence level that can be used for a) analyzing the applicability of the ML system in a given field (safety/security) and b) analyzing if the field data was maliciously manipulated 1 .
Abstract There is increasing agreement that, to achieve high dependability in complex systems, de... more Abstract There is increasing agreement that, to achieve high dependability in complex systems, design processes should move in a direction where dependability and other quality attributes are controlled from the early stages rather than left to emerge (or not) at the end. This is clearly a very desirable goal that would greatly benefit several industries, and it is enshrined in contemporary standards like the aerospace ARP4754-A and the automotive ISO 26262 safety standards. These documents prescribe processes in which dependability requirements, captured early through system level hazard analysis and risk assessment, are rationally allocated to progressively more refined subsystem elements of the architecture—with respect to software—in the form of Development Assurance Levels (DALs), Safety Integrity Levels, or other similar concepts. A study of the problem shows that the manual processes described in the standards for software requirements allocation become complex when applied to large networked architectures which deliver multiple functions; such systems lead to huge numbers of potential allocation solutions and exploring these manually is often infeasible. Current standards do not advise on how this type of allocation can be done effectively, optimally, and efficiently, for example, with the support of automated algorithms and tools. This is an area where research opportunities arise to address important questions: for instance, which architectural proposals will fulfill dependability requirements better in the context of design refinement, and, given a proposed architecture, how can integrity requirements be optimally allocated to its elements? or how can design refinements be achieved with minimal design iterations whilst preserving the desired system properties throughout, from early stages to the end of a project? We address these questions by proposing a method for controlled refinement and allocation of system requirements that is applicable from the early stages of design. In this chapter we use the aerospace industry as an application domain, where dependability requirements for the system are typically translated to integrity requirements expressed in the form of DALs. DALs are a concept introduced in major standards for the aerospace industry, namely the RTCA DO-178C/EUROCAE ED-12C and the SAE ARP4754-A. Their purpose is to signify and summarize the effort required to develop a function or an element of the aircraft to a certain level of integrity that is consistent with the aircraft’s overall safety requirements. Allocating the DALs to an architectural design typically requires assigning a DAL to a high-level function, then decomposing it and allocating lower DALs to its supporting elements in such a way that DALs of supporting elements together satisfy the higher level function DAL. The refinement and decomposition of DALs is a top–down iterative process that proceeds alongside the refinement of the design. The process is based on rules defined in the standard and is applied with an aim to reduce the overall cost of the system, as DALs that signify high integrity typically involve disproportionally higher development and production costs in their associated elements. Applying this process manually to large and complex systems can be a challenging task. Furthermore, finding the optimal allocation, with regards to the overall cost and integrity of the architecture, is a hard combinatorial problem that cannot be solved efficiently with exhaustive methods. To solve this problem, we propose a method that uses state-of-the-art model-based dependability analysis and meta-heuristics to automatically find the optimal allocation of DALs on a given architectural design proposal. We demonstrate the effectiveness of this technique on an aircraft wheel braking system. The method has direct applicability to the aerospace industry but the concepts are easily transferable to complex software and system design in the automotive and other domains.
2022 International Conference on Computing, Electronics & Communications Engineering (iCCECE)
2021 Design, Automation & Test in Europe Conference & Exhibition (DATE)
Digital transformation fundamentally changes established practices in public and private sector. ... more Digital transformation fundamentally changes established practices in public and private sector. Hence, it represents an opportunity to improve the value creation processes (e.g., “industry 4.0”) and to rethink how to address customers' needs such as “data-driven business models” and “Mobility-as-a-Service”. Dependable, collaborative and autonomous systems are playing a central role in this transformation process. Furthermore, the emergence of data-driven approaches combined with autonomous systems will lead to new business models and market dynamics. Innovative approaches to reorganise the value creation ecosystem, to enable distributed engineering of dependable systems and to answer urgent questions such as liability will be required. Consequently, digital transformation requires a comprehensive multi-stakeholder approach which properly balances technology, ecosystem and business innovation. Targets of this paper are (a) to introduce digital transformation and the role of / opportunities provided by autonomous systems, (b) to introduce Digital Depednability Identities (DDI) - a technology for dependability engineering of collaborative, autonomous CPS, and (c) to propose an appropriate agile approach for innovation management based on business model innovation and co-entrepreneurship.
Model-Based Safety and Assessment, 2019
Reliability evaluation for ensuring the uninterrupted system operation is an integral part of dep... more Reliability evaluation for ensuring the uninterrupted system operation is an integral part of dependable system development. Model-based safety analysis (MBSA) techniques such as Hierarchically Performed Hazard Origin and Propagation Studies (HiP-HOPS) have made the reliability analysis process less expensive in terms of effort and time required. HiP-HOPS uses an analytical modelling approach for Fault tree analysis to automate the reliability analysis process, where each system component is associated with its failure rate or failure probability. However, such non-state-space analysis models are not capable of modelling more complex failure behaviour of component like failure/repair dependencies, e.g., spares, shared repair, imperfect coverage, etc. State-space based paradigms like Markov chain can model complex failure behaviour, but their use can lead to state-space explosion, thus undermining the overall analysis capacity. Therefore, to maintain the benefits of MBSA while not compromising on modelling capability, in this paper, we propose a conceptual framework to incorporate complex basic events in HiP-HOPS. The idea is demonstrated via an illustrative example.
Abstract: Classical Fault Tree Analysis (FTA) can determine the effects of combinations of failur... more Abstract: Classical Fault Tree Analysis (FTA) can determine the effects of combinations of failure events on a system but cannot capture the potentially critical significance of the temporal ordering of events. In this paper, we propose a temporal extension based on the use of Priority-AND gates to allow relative temporal ordering and temporal analysis in FTA. The classical notion of minimal cut-sets is replaced with the notion of minimal cutsequences and a methodology is proposed for qualitative analysis. The approach is demonstrated on a generic two stage standby recovery system. The paper tentatively concludes that this type of temporal FTA can provide a more precise and ultimately more correct insight into the failure behaviour of a system. Copyright © 2006 IFAC
Computer, 2020
Cooperative Systems of Systems (CSoS) including Autonomous systems (AS), such as autonomous cars ... more Cooperative Systems of Systems (CSoS) including Autonomous systems (AS), such as autonomous cars and related smart traffic infrastructures form a new technological frontier for their enormous economic and societal potentials in various domains. CSoS are often safety-critical systems, therefore, they are expected to have a high level of dependability. Due to the open and adaptive nature of the CSoS, the conventional methods used to provide safety assurance for traditional systems cannot be applied directly to these systems. Potential configurations and scenarios during the evolving operation are infinite and cannot be exhaustively analysed to provide guarantees a priori. This paper presents a novel framework for dynamic safety assurance of CSoS, which integrates design time models and runtime techniques to provide continuous assurance for a CSoS and its systems during operation.
Reliability Management and Engineering, 2020
IEEE Access, 2020
Over the years, several approaches have been developed for the quantitative analysis of dynamic f... more Over the years, several approaches have been developed for the quantitative analysis of dynamic fault trees (DFTs). These approaches have strong theoretical and mathematical foundations; however, they appear to suffer from the state-space explosion and high computational requirements, compromising their efficacy. Modularisation techniques have been developed to address these issues by identifying and quantifying static and dynamic modules of the fault tree separately by using binary decision diagrams and Markov models. Although these approaches appear effective in reducing computational effort and avoiding state-space explosion, the reliance of the Markov chain on exponentially distributed data of system components can limit their widespread industrial applications. In this paper, we propose a hybrid modularisation scheme where independent sub-trees of a DFT are identified and quantified in a hierarchical order. A hybrid framework with the combination of algebraic solution, Petri Nets, and Monte Carlo simulation is used to increase the efficiency of the solution. The proposed approach uses the advantages of each existing approach in the right place (independent module). We have experimented the proposed approach on five independent hypothetical and industrial examples in which the experiments show the capabilities of the proposed approach facing repeated basic events and non-exponential failure distributions. The proposed approach could provide an approximate solution to DFTs without unacceptable loss of accuracy. Moreover, the use of modularised or hierarchical Petri nets makes this approach more generally applicable by allowing quantitative evaluation of DFTs with a wide range of failure rate distributions for basic events of the tree. INDEX TERMS Reliability analysis, fault tree analysis, dynamic fault trees, modularisation, petri nets.
Lecture Notes in Computer Science, 2018
Safety-critical systems developed upon SPLE approach have to address safety standards, which esta... more Safety-critical systems developed upon SPLE approach have to address safety standards, which establish guidance for analyzing and demonstrating dependability properties of the system at different levels of abstraction. However, the adoption of an SPLE approach for developing safety-critical systems demands the integration of safety engineering into SPLE processes. Thus, variability management in both system design and dependability analysis should be considered through SPLE life-cycle. Variation in design and context may impact on dependability properties during Hazard Analysis and Risk Assessment (HARA), allocation of functional and non-functional safety requirements, and component fault analysis. This paper presents DEPendable-SPLE, a modelbased approach that extends traditional SPLE methods, to support variability modeling/management in dependability analysis. The approach is illustrated in a case study from the aerospace domain. As a result, the approach enabled efficient management of the impact of design and context variations on HARA and component fault modeling.
Model-Based Safety and Assessment, 2019
As Cyber-Physical Systems (CPS) grow increasingly complex and interact with external CPS, system ... more As Cyber-Physical Systems (CPS) grow increasingly complex and interact with external CPS, system security remains a nontrivial challenge that continues to scale accordingly, with potentially devastating consequences if left unchecked. While there is a significant body of work on system security found in industry practice, manual diagnosis of security vulnerabilities is still widely applied. Such approaches are typically resource-intensive, scale poorly and introduce additional risk due to human error. In this paper, a model-based approach for Security Attack Tree analysis using the HiP-HOPS dependability analysis tool is presented. The approach is demonstrated within the context of a simple web-based medical application to automatically generate attack trees, encapsulated as Digital Dependability Identities (DDIs), for offline security analysis. The paper goes on to present how the produced DDIs can be used to approach security maintenance, identifying security capabilities and controls to counter diagnosed vulnerabilities.
Uploads
Papers by Yiannis Papadopoulos