953 resultados para Safety-critical software
Resumo:
Users of safety-critical systems are expected to effectively control or monitor complex systems, with errors potentially leading to catastrophe. For such systems, safety is of paramount importance and must be designed into the human-machine interface. While many case studies show how inadequate design practice led to poor safety and usability, concrete guidance on good design practices is scarce. The paper argues that the pattern language paradigm, widely used in the software design community, is a suitable means of documenting appropriate design strategies. We discuss how typical usability-related properties (e.g., flexibility) need some adjustment to be used for assessing safety-critical systems, and document a pattern language, based on corresponding "safety-usability" principles
Resumo:
There has been little research in health and safety management concernmg the application of information technology to the field. This thesis attempts to stimulate interest in this area by analysing the value of proprietary health and safety software to proactive health and safety management. The thesis is based upon the detailed software evaluation of seven pieces of proprietary health and safety software. It features a discussion concerning the development of information technology and health and safety management, a review of the key issues identified during the software evaluations, an analysis of the commercial market for this type of software, and a consideration of the broader issues which surround the use of this software. It also includes practical guidance for the evaluation, selection, implementation and maintenance of all health and safety management software. This includes a comprehensive software evaluation chart. The implications of the research are considered for proprietary health and safety software, the application of information technology to health and safety management, and for future research.
Resumo:
In recent decades we have seen enormous increases in the capabilities of software intensive systems, resulting in exponential growth in their size and complexity. Software and systems engineers routinely develop systems with advanced functionalities that would not even have been conceived of 20 years ago. This observation was highlighted in the Critical Code report commissioned by the US Department of Defense in 2010, which identified a critical software engineering challenge as theability to deliver “software assurance in the presence of...architectural innovation and complexity, criticality with respect to safety, (and) overall complexity and scale”.
Resumo:
Australian construction and building workers are exposed to serious workplace risks - including injury, illness and death - and although there have been improvements in occupational health and safety (OHS) performance over the past 20 years, the injury and fatality rate in the Australian construction industry remains a matter of concern. The concept of safety culture is rapidly being adopted in the industry, including recognising the critical role that organisational leaders play in overall safety performance. This paper reviews recent research in construction safety leadership and provides some examples and applications relevant to risk reduction in the workforce. By focusing on developing safety competency in those that fulfil safety critical roles, and clearly articulating the relevant safety management tasks, leaders can positively influence the organisation’s safety culture. Finally, some promising research on Safety Effectiveness Indicators (SEIs) may be an industry-friendly solution to reducing workplace risks across the industry, by providing a credible, accurate, and timely measure of safety performance.
Resumo:
Safety culture is a concept that has long been accepted in high risk industries such as aviation, nuclear industries and mining, however, considerable research is now being undertaken within the construction sector, with varying levels of success. The current paper discusses three recent interlocked projects that have had some success in the Australian construction industry. The first project examined the development and implementation of a safety competency framework targeted at safety critical positions across first tier construction organisations. Combining qualitative and quantitative methods, the project: developed a matrix of safety critical positions (n=11) and safety managements tasks (SMTs; n=39); mapped the process steps for their acquisition and ongoing development; detailed the knowledge, skills and behaviours required for all SMTs; and outlined organisational cultural outcomes that could be anticipated in a successful implementation of the framework. The second project extended research on safety competency and leadership to develop behavioural guidelines for leaders to drive safety culture change down to second tier companies. This was designed to assist smaller construction companies to customise their own competency framework and develop implementation guidelines that match their aspirations and resources. The third interlocked project explored the use of safety effectiveness indicators (SEIs) as an industry-relevant assessment tool for reducing risk on construction sites. With direct linkages to safety competencies and safety management tasks, the SEIs are the next step towards an integrated safety cultural approach to safety and extend the concept of positive performance indicators (PPIs) by providing a valid, reliable, and user friendly measurement platform. Taken together, the results of the interlocked projects suggest that safety culture research has many potential benefits for the construction industry, particularly when research is conducted in partnership with industry stakeholders. Suggestions are made for future research, including further application and testing of the safety competency framework and aligning SEIs across construction projects of varying size, location and design.
Resumo:
Safety culture is a concept that has long been accepted in high risk industries such as aviation, nuclear industries and mining, however, considerable research is now also being undertaken within the construction sector. This paper discusses three recent interlocked projects undertaken in the Australian construction industry. The first project examined the development and implementation of a safety competency framework targeted at safety critical positions (SCP's) across first tier construction organisations. Combining qualitative and quantitative methods, the project: developed a matrix of SCP's (n=11) and safety management tasks (SMTs; n=39); mapped the process steps for their acquisition and development; detailed the knowledge, skills and behaviours required for all SMTs; and outlined potential organisational cultural outcomes from a successful implementation of the framework. The second project extended this research to develop behavioural guidelines for leaders to drive safety culture change down to second tier companies and to assist them to customise their own competency framework and implementation guidelines to match their aspirations and resources. The third interlocked project explored the use of safety effectiveness indicators (SEIs) as an industry-relevant assessment tool for reducing risk on construction sites. With direct linkages to safety competencies and SMT's, the SEIs are the next step towards an integrated safety cultural approach to safety and extend the concept of positive performance indicators (PPIs) by providing a valid, reliable, and user friendly measurement platform. Taken together, the results of the interlocked projects suggest that industry engaged collaborative safety culture research has many potential benefits for the construction industry.
Resumo:
Modern applications comprise multiple components, such as browser plug-ins, often of unknown provenance and quality. Statistics show that failure of such components accounts for a high percentage of software faults. Enabling isolation of such fine-grained components is therefore necessary to increase the robustness and resilience of security-critical and safety-critical computer systems. In this paper, we evaluate whether such fine-grained components can be sandboxed through the use of the hardware virtualization support available in modern Intel and AMD processors. We compare the performance and functionality of such an approach to two previous software based approaches. The results demonstrate that hardware isolation minimizes the difficulties encountered with software based approaches, while also reducing the size of the trusted computing base, thus increasing confidence in the solution's correctness. We also show that our relatively simple implementation has equivalent run-time performance, with overheads of less than 34%, does not require custom tool chains and provides enhanced functionality over software-only approaches, confirming that hardware virtualization technology is a viable mechanism for fine-grained component isolation.
Resumo:
Background Medication incident reporting (MIR) is a key safety critical care process in residential aged care facilities (RACFs). Retrospective studies of medication incident reports in aged care have identified the inability of existing MIR processes to generate information that can be used to enhance residents’ safety. However, there is little existing research that investigates the limitations of the existing information exchange process that underpins MIR, despite the considerable resources that RACFs’ devote to the MIR process. The aim of this study was to undertake an in-depth exploration of the information exchange process involved in MIR and identify factors that inhibit the collection of meaningful information in RACFs. Methods The study was undertaken in three RACFs (part of a large non-profit organisation) in NSW, Australia. A total of 23 semi-structured interviews and 62 hours of observation sessions were conducted between May to July 2011. The qualitative data was iteratively analysed using a grounded theory approach. Results The findings highlight significant gaps in the design of the MIR artefacts as well as information exchange issues in MIR process execution. Study results emphasized the need to: a) design MIR artefacts that facilitate identification of the root causes of medication incidents, b) integrate the MIR process within existing information systems to overcome key gaps in information exchange execution, and c) support exchange of information that can facilitate a multi-disciplinary approach to medication incident management in RACFs. Conclusions This study highlights the advantages of viewing MIR process holistically rather than as segregated tasks, as a means to identify gaps in information exchange that need to be addressed in practice to improve safety critical processes.
Resumo:
As digital technologies become widely used in designing buildings and infrastructure, questions arise about their impacts on construction safety. This review explores relationships between construction safety and digital design practices with the aim of fostering and directing further research. It surveys state-of-the-art research on databases, virtual reality, geographic information systems, 4D CAD, building information modeling and sensing technologies, finding various digital tools for addressing safety issues in the construction phase, but few tools to support design for construction safety. It also considers a literature on safety critical, digital and design practices that raises a general concern about ‘mindlessness’ in the use of technologies, and has implications for the emerging research agenda around construction safety and digital design. Bringing these strands of literature together suggests new kinds of interventions, such as the development of tools and processes for using digital models to promote mindfulness through multi-party collaboration on safety
Resumo:
Sistemas computacionais de tempo-real são tipicamente construídos a partir de primitivas de sincronização que fornecem uma noção do tempo no objetivo de coordenar a execução múltiplos fluxos de instruções em um processador. Quando o processamento é centralizado, a base de tempo destas primitivas é extraída do oscilador local da plataforma, permitindo que as ações do sistema sejam devidamente ordenadas, respeitando restrições de tempo e causalidade. No entanto, em sistemas distribuídos o problema não pode ser resolvido desta forma em decorrência de imperfeições nos dispositivos físicos. Diferenças mínimas na freqüência de osciladores fazem com que as bases de tempo dos componentes divirjam cada vez mais ao longo do tempo, dificultando ou até mesmo impossibilitando um ordenamento consistente de eventos. Por esta razão, sincronização de relógios é um serviço de fundamental importância, sobretudo em aplicações críticas, onde os níveis de confiabilidade exigidos são mais elevados. O presente trabalho consiste na proposta e implementação de uma plataforma de comunicação otimizada para sistemas de controle distribuídos, caracterizados por uma alta regularidade no comportamento da comunicação. O objetivo é propor uma solução em baixo nível com suporte para o projeto de sistemas distribuídos no domínio de aplicações críticas. A plataforma proposta, à qual foi atribuído o nome CASCA, sigla para “Communication Architecture for Safety- Critical Applications”, é de fato uma extensão time-triggered do protocolo CAN. Acima da camada de enlace do protocolo original foram projetados mecanismos sincronização de relógios e criação inicial da base de tempo, implementados na forma de uma combinação de hardware e software. Principais características da plataforma são jitter mínimo, uma base de tempo global essencialmente distribuída e particionamento temporal. Diferentes alternativas de projeto foram consideradas, observando com maior atenção a viabilidade de prototipação em dispositivos FPGA para fins de validação e aplicação imediata em plataformas reconfiguráveis. Como forma de validação da plataforma, um sistema elementar formado por três nodos foi sintetizado com sucesso em bancada obtendo-se como resultado uma base de tempo essencialmente distribuída com precisão menor do que um micro-segundo.
Resumo:
Il sistema ferroviario ha sempre ricoperto un ruolo rilevante nel nostro Paese sia per il trasporto di persone, sia per il trasporto di merci: risulta, quindi, essenziale per il commercio e per il turismo. A differenza della strada in cui i veicoli circolano “a vista”, una ferrovia richiede che i sistemi di distanziamento dei treni siano indipendenti dalla visibilità dei veicoli, poiché gli spazi di frenatura sono solitamente molto maggiori della distanza di visibilità stessa. Per questo motivo i sistemi di segnalamento e sicurezza ricoprono un ruolo di primo piano. Nel tempo sono stati effettuati ingenti investimenti che hanno portato all'impiego di nuove tecnologie le quali hanno permesso la progettazione di sistemi safety critical contenenti componenti informatici hardware e software. La caratteristica principale di tali sistemi è la proprietà di non arrecare danno alla vita umana o all'ambiente: tale proprietà viene comunemente associata al termine anglosassone safety per distinguerla dall’accezione di "protezione da violazioni all'integrità del sistema" che il termine "sicurezza" usualmente assume. Lo sviluppo economico e tecnologico a cui abbiamo assistito nell’ultimo ventennio ha inevitabilmente reso tali sistemi ancora più sofisticati e di conseguenza complessi, richiedendo allo stesso tempo requisiti e garanzie di buon funzionamento sempre più marcati ed articolati. È proprio a questi motivi che si devono gli studi su quella che viene definita la dependability dei sistemi di computazione, verso cui si concentrano e convogliano buona parte degli sforzi e delle risorse in fase di ricerca e progettazione. Il lavoro di tesi che segue è stato svolto in collaborazione con due grandi imprese del territorio nazionale: RFI (Reti Ferroviarie Italiane) e Sirti. Inizialmente abbiamo interagito con RFI per entrare nell’ambiente ferroviario ed assimilarne il lessico e i bisogni. All’interno di RFI è stato effettuato un tirocinio nel quale ci siamo occupati del “processo off-line” riguardante la gestione in sicurezza di una stazione; tale attività deve essere effettuata da RFI prima della messa in esercizio di una nuova stazione. Per far questo abbiamo dovuto utilizzare i programmi di preparazione dei dati messi a disposizione da Sirti. In un secondo momento abbiamo approfondito l’argomentazione della safety interfacciandoci con Sirti, una delle società che forniscono sistemi safety critical computerizzati per il controllo delle stazioni. In collaborazione con essa ci siamo addentrati nel loro sistema scoprendo le loro scelte implementative e come hanno raggiunto i loro obiettivi di safety. Infine, ci siamo occupati dell'inserimento nel sistema di una nuova funzionalità, per aumentarne l’affidabilità e la sicurezza, e delle problematiche relative all'impiego del componente che la realizza.
Resumo:
In order to satisfy the safety-critical requirements, the train control system (TCS) often employs a layered safety communication protocol to provide reliable services. However, both description and verification of the safety protocols may be formidable due to the system complexity. In this paper, interface automata (IA) are used to describe the safety service interface behaviors of safety communication protocol. A formal verification method is proposed to describe the safety communication protocols using IA and translate IA model into PROMELA model so that the protocols can be verified by the model checker SPIN. A case study of using this method to describe and verify a safety communication protocol is included. The verification results illustrate that the proposed method is effective to describe the safety protocols and verify deadlocks, livelocks and several mandatory consistency properties. A prototype of safety protocols is also developed based on the presented formally verifying method.
Resumo:
Los sistemas empotrados son cada día más comunes y complejos, de modo que encontrar procesos seguros, eficaces y baratos de desarrollo software dirigidos específicamente a esta clase de sistemas es más necesario que nunca. A diferencia de lo que ocurría hasta hace poco, en la actualidad los avances tecnológicos en el campo de los microprocesadores de los últimos tiempos permiten el desarrollo de equipos con prestaciones más que suficientes para ejecutar varios sistemas software en una única máquina. Además, hay sistemas empotrados con requisitos de seguridad (safety) de cuyo correcto funcionamiento depende la vida de muchas personas y/o grandes inversiones económicas. Estos sistemas software se diseñan e implementan de acuerdo con unos estándares de desarrollo software muy estrictos y exigentes. En algunos casos puede ser necesaria también la certificación del software. Para estos casos, los sistemas con criticidades mixtas pueden ser una alternativa muy valiosa. En esta clase de sistemas, aplicaciones con diferentes niveles de criticidad se ejecutan en el mismo computador. Sin embargo, a menudo es necesario certificar el sistema entero con el nivel de criticidad de la aplicación más crítica, lo que hace que los costes se disparen. La virtualización se ha postulado como una tecnología muy interesante para contener esos costes. Esta tecnología permite que un conjunto de máquinas virtuales o particiones ejecuten las aplicaciones con unos niveles de aislamiento tanto temporal como espacial muy altos. Esto, a su vez, permite que cada partición pueda ser certificada independientemente. Para el desarrollo de sistemas particionados con criticidades mixtas se necesita actualizar los modelos de desarrollo software tradicionales, pues estos no cubren ni las nuevas actividades ni los nuevos roles que se requieren en el desarrollo de estos sistemas. Por ejemplo, el integrador del sistema debe definir las particiones o el desarrollador de aplicaciones debe tener en cuenta las características de la partición donde su aplicación va a ejecutar. Tradicionalmente, en el desarrollo de sistemas empotrados, el modelo en V ha tenido una especial relevancia. Por ello, este modelo ha sido adaptado para tener en cuenta escenarios tales como el desarrollo en paralelo de aplicaciones o la incorporación de una nueva partición a un sistema ya existente. El objetivo de esta tesis doctoral es mejorar la tecnología actual de desarrollo de sistemas particionados con criticidades mixtas. Para ello, se ha diseñado e implementado un entorno dirigido específicamente a facilitar y mejorar los procesos de desarrollo de esta clase de sistemas. En concreto, se ha creado un algoritmo que genera el particionado del sistema automáticamente. En el entorno de desarrollo propuesto, se han integrado todas las actividades necesarias para desarrollo de un sistema particionado, incluidos los nuevos roles y actividades mencionados anteriormente. Además, el diseño del entorno de desarrollo se ha basado en la ingeniería guiada por modelos (Model-Driven Engineering), la cual promueve el uso de los modelos como elementos fundamentales en el proceso de desarrollo. Así pues, se proporcionan las herramientas necesarias para modelar y particionar el sistema, así como para validar los resultados y generar los artefactos necesarios para el compilado, construcción y despliegue del mismo. Además, en el diseño del entorno de desarrollo, la extensión e integración del mismo con herramientas de validación ha sido un factor clave. En concreto, se pueden incorporar al entorno de desarrollo nuevos requisitos no-funcionales, la generación de nuevos artefactos tales como documentación o diferentes lenguajes de programación, etc. Una parte clave del entorno de desarrollo es el algoritmo de particionado. Este algoritmo se ha diseñado para ser independiente de los requisitos de las aplicaciones así como para permitir al integrador del sistema implementar nuevos requisitos del sistema. Para lograr esta independencia, se han definido las restricciones al particionado. El algoritmo garantiza que dichas restricciones se cumplirán en el sistema particionado que resulte de su ejecución. Las restricciones al particionado se han diseñado con una capacidad expresiva suficiente para que, con un pequeño grupo de ellas, se puedan expresar la mayor parte de los requisitos no-funcionales más comunes. Las restricciones pueden ser definidas manualmente por el integrador del sistema o bien pueden ser generadas automáticamente por una herramienta a partir de los requisitos funcionales y no-funcionales de una aplicación. El algoritmo de particionado toma como entradas los modelos y las restricciones al particionado del sistema. Tras la ejecución y como resultado, se genera un modelo de despliegue en el que se definen las particiones que son necesarias para el particionado del sistema. A su vez, cada partición define qué aplicaciones deben ejecutar en ella así como los recursos que necesita la partición para ejecutar correctamente. El problema del particionado y las restricciones al particionado se modelan matemáticamente a través de grafos coloreados. En dichos grafos, un coloreado propio de los vértices representa un particionado del sistema correcto. El algoritmo se ha diseñado también para que, si es necesario, sea posible obtener particionados alternativos al inicialmente propuesto. El entorno de desarrollo, incluyendo el algoritmo de particionado, se ha probado con éxito en dos casos de uso industriales: el satélite UPMSat-2 y un demostrador del sistema de control de una turbina eólica. Además, el algoritmo se ha validado mediante la ejecución de numerosos escenarios sintéticos, incluyendo algunos muy complejos, de más de 500 aplicaciones. ABSTRACT The importance of embedded software is growing as it is required for a large number of systems. Devising cheap, efficient and reliable development processes for embedded systems is thus a notable challenge nowadays. Computer processing power is continuously increasing, and as a result, it is currently possible to integrate complex systems in a single processor, which was not feasible a few years ago.Embedded systems may have safety critical requirements. Its failure may result in personal or substantial economical loss. The development of these systems requires stringent development processes that are usually defined by suitable standards. In some cases their certification is also necessary. This scenario fosters the use of mixed-criticality systems in which applications of different criticality levels must coexist in a single system. In these cases, it is usually necessary to certify the whole system, including non-critical applications, which is costly. Virtualization emerges as an enabling technology used for dealing with this problem. The system is structured as a set of partitions, or virtual machines, that can be executed with temporal and spatial isolation. In this way, applications can be developed and certified independently. The development of MCPS (Mixed-Criticality Partitioned Systems) requires additional roles and activities that traditional systems do not require. The system integrator has to define system partitions. Application development has to consider the characteristics of the partition to which it is allocated. In addition, traditional software process models have to be adapted to this scenario. The V-model is commonly used in embedded systems development. It can be adapted to the development of MCPS by enabling the parallel development of applications or adding an additional partition to an existing system. The objective of this PhD is to improve the available technology for MCPS development by providing a framework tailored to the development of this type of system and by defining a flexible and efficient algorithm for automatically generating system partitionings. The goal of the framework is to integrate all the activities required for developing MCPS and to support the different roles involved in this process. The framework is based on MDE (Model-Driven Engineering), which emphasizes the use of models in the development process. The framework provides basic means for modeling the system, generating system partitions, validating the system and generating final artifacts. The framework has been designed to facilitate its extension and the integration of external validation tools. In particular, it can be extended by adding support for additional non-functional requirements and support for final artifacts, such as new programming languages or additional documentation. The framework includes a novel partitioning algorithm. It has been designed to be independent of the types of applications requirements and also to enable the system integrator to tailor the partitioning to the specific requirements of a system. This independence is achieved by defining partitioning constraints that must be met by the resulting partitioning. They have sufficient expressive capacity to state the most common constraints and can be defined manually by the system integrator or generated automatically based on functional and non-functional requirements of the applications. The partitioning algorithm uses system models and partitioning constraints as its inputs. It generates a deployment model that is composed by a set of partitions. Each partition is in turn composed of a set of allocated applications and assigned resources. The partitioning problem, including applications and constraints, is modeled as a colored graph. A valid partitioning is a proper vertex coloring. A specially designed algorithm generates this coloring and is able to provide alternative partitions if required. The framework, including the partitioning algorithm, has been successfully used in the development of two industrial use cases: the UPMSat-2 satellite and the control system of a wind-power turbine. The partitioning algorithm has been successfully validated by using a large number of synthetic loads, including complex scenarios with more that 500 applications.
Resumo:
Thesis (Master's)--University of Washington, 2016-06
