Littérature scientifique sur le sujet « Safety-critical SW components »

Failure Mode and Effects Analysis (FMEA) is a systematic technique to explore the possible failure modes of individual components or subsystems and determine their potential effects at the system level. Applications of FMEA are common in case of hardware and communication failures, but analyzing software failures (SW-FMEA) poses a number of challenges. Failures may originate in permanent software faults commonly called bugs, and their effects can be very subtle and hard to predict, due to the complex nature of programs. Therefore, a behavior-based automatic method to analyze the potential effects of different types of bugs is desirable. Such a method could be used to automatically build an FMEA report about the fault effects, or to evaluate different failure mitigation and detection techniques. This paper follows the latter direction, demonstrating the use of a model checking-based automated SW-FMEA approach to evaluate error detection and fault tolerance mechanisms, demonstrated on a case study inspired by safety-critical embedded operating systems.

Carbon capture, utilisation and storage remain critical components of a decarbonised future. The West Australian Department of Mines, Industry Regulation and Safety with research partners CSIRO, Curtin University and the University of Western Australia, have assessed the suitability of storing carbon dioxide in the deep saline aquifers of the Triassic Lesueur Formation (Southern Perth Basin) through the South West Hub Carbon Storage Project (SW Hub). The SW Hub has now concluded its acquisition of pre-competitive data and research. Extensive evaluation and multiple peer reviews by industry concluded that the site is ready for the next stage of characterisation – drilling and testing to confirm or refine the predictions for a suitable commercial-scale geological storage site, enabling acreage release for commercial exploration and appraisal leading to a storage licence. The data package includes extensive geological and dynamic modelling, providing confidence in the storage complex. Four wells have been drilled and multiple seismic data acquisition surveys (including 115 km2 3D seismic) are supported by four generations of reservoir models of increasing complexity built over the last decade of investigations. The site is unique in that there is no regional shale layer above the reservoir to provide a conventional seal for injected carbon dioxide. Results indicate that secure storage is obtained via vertical trapping across the extensive storage formation thickness; if proven, this mechanism can increase storage options around the world. This paper discusses the significance of the site, the geological setting, technical workflow, monitoring strategy and community and stakeholder management activities undertaken.

Safety-critical embedded systems may either use specialized hardware or rely on Software-Implemented Hardware Fault Tolerance (SIHFT) to meet soft error resilience requirements. SIHFT has the advantage that it can be used with low-cost, off-the-shelf components such as standard Micro-Controller Units. For this, SIHFT methods apply redundancy in software computation and special checker codes to detect transient errors, so called soft errors, that either corrupt the data flow or the control flow of the software and may lead to Silent Data Corruption (SDC). So far, this is done by applying separate SIHFT methods for the data and control flow protection, which leads to large overheads in computation time. This work in contrast presents REPAIR, a method that exploits the checks of the SIHFT data flow protection to also detect control flow errors as well, thereby, yielding higher SDC resilience with less computational overhead. For this, the data flow protection methods entail duplicating the computation with subsequent checks placed strategically throughout the program. These checks assure that the two redundant computation paths, which work on two different parts of the register file, yield the same result. By updating the pairing between the registers used in the primary computation path and the registers in the duplicated computation path using the REPAIR method, these checks also fail with high coverage when a control flow error, which leads to an illegal jumps, occurs. Extensive RTL fault injection simulations are carried out to accurately quantify soft error resilience while evaluating Mibench programs along with an embedded case-study running on an OpenRISC processor. Our method performs slightly better on average in terms of soft error resilience compared to the best state-of-the-art method but requiring significantly lower overheads. These results show that REPAIR is a valuable addition to the set of known SIHFT methods.

The automotive sector digitalization accelerates the technology convergence of perception, computing processing, connectivity, propulsion, and data fusion for electric connected autonomous and shared (ECAS) vehicles. This brings cutting-edge computing paradigms with embedded cognitive capabilities into vehicle domains and data infrastructure to provide holistic intrinsic and extrinsic intelligence for new mobility applications. Digital technologies are a significant enabler in achieving the sustainability goals of the green transformation of the mobility and transportation sectors. Innovation occurs predominantly in ECAS vehicles’ architecture, operations, intelligent functions, and automotive digital infrastructure. The traditional ownership model is moving toward multimodal and shared mobility services. The ECAS vehicle’s technology allows for the development of virtual automotive functions that run on shared hardware platforms with data unlocking value, and for introducing new, shared computing-based automotive features. Facilitating vehicle automation, vehicle electrification, vehicle-to-everything (V2X) communication is accomplished by the convergence of artificial intelligence (AI), cellular/wireless connectivity, edge computing, the Internet of things (IoT), the Internet of intelligent things (IoIT), digital twins (DTs), virtual/augmented reality (VR/AR) and distributed ledger technologies (DLTs). Vehicles become more intelligent, connected, functioning as edge micro servers on wheels, powered by sensors/actuators, hardware (HW), software (SW) and smart virtual functions that are integrated into the digital infrastructure. Electrification, automation, connectivity, digitalization, decarbonization, decentralization, and standardization are the main drivers that unlock intelligent vehicles' potential for sustainable green mobility applications. ECAS vehicles act as autonomous agents using swarm intelligence to communicate and exchange information, either directly or indirectly, with each other and the infrastructure, accessing independent services such as energy, high-definition maps, routes, infrastructure information, traffic lights, tolls, parking (micropayments), and finding emergent/intelligent solutions. The article gives an overview of the advances in AI technologies and applications to realize intelligent functions and optimize vehicle performance, control, and decision-making for future ECAS vehicles to support the acceleration of deployment in various mobility scenarios. ECAS vehicles, systems, sub-systems, and components are subjected to stringent regulatory frameworks, which set rigorous requirements for autonomous vehicles. An in-depth assessment of existing standards, regulations, and laws, including a thorough gap analysis, is required. Global guidelines must be provided on how to fulfill the requirements. ECAS vehicle technology trustworthiness, including AI-based HW/SW and algorithms, is necessary for developing ECAS systems across the entire automotive ecosystem. The safety and transparency of AI-based technology and the explainability of the purpose, use, benefits, and limitations of AI systems are critical for fulfilling trustworthiness requirements. The article presents ECAS vehicles’ evolution toward domain controller, zonal vehicle, and federated vehicle/edge/cloud-centric based on distributed intelligence in the vehicle and infrastructure level architectures and the role of AI techniques and methods to implement the different autonomous driving and optimization functions for sustainable green mobility.

Preemptive Time Petri Nets (pTPNs) support modeling and analysis of concurrent timed software components running under fixed priority preemptive scheduling. The model is supported by a well established theory based on symbolic state-space analysis through Difference Bounds Matrix (DBM), with specific contributions on compositional modularization, trace analysis, and efficient over-approximation and clean-up in the management of suspension deriving from preemptive behavior. The aim of this dissertation is to devise and implement a framework that brings the theory to application. To this end, the theory is cast into an organic tailoring of design, coding, and testing activities within a V-Model software life cycle in respect of the principles of regulatory standards applied to the construction of safety-critical software components. To implement the toolchain subtended by the overall approach into a Model Driven Development (MDD) framework, the theory of state-space analysis is complemented with methods and techniques supporting semi-formal specification and automated compilation into pTPN models and real-time code, measurement-based Execution Time estimation, test-case selection and sensitization, coverage evaluation.

Nowadays cyber security assurance is one of the key challenges of safety critical software based NPP I&C (Nuclear Power Plants Instrumentation and Control) systems requirements profiling, development and operation. Any I&C system consists of a set of standard software (SW), hardware (HW) and FPGA components. These components can be selected and combined in different ways to address the particular control and safety assurance related tasks. Some of them are proprietary software (PS) and commercial off-the-shelf (COTS) components developed previously. Application of such components reduces the level of safety and cyber security, because they can contain vulnerabilities that were created intentionally. In this case, targeted attacks can lead to a system failure. National Vulnerability Database (NVD) and other open databases contain information about vulnerabilities which can be attacked by insiders or other intruders and decrease cyber security of NPP I&C systems. In this paper, we propose a safety assessment technique of NPP I&C systems, which consists of the following procedures: 1. Analysis of I&C architecture to assess influence of OTS component failures on dependability (reliability and safety) of the system. For that purpose, FMEDA or similar techniques can be applied. As a result, three-dimension criticality matrixes (CM) (with metrics of detection, probability and severity) are developed for different components (SWFCM and HW/FPGAFCM). 2. The IMECA-based assessment of OTS components and their configuration. In this case, CMs (SWICM and HW/FPGAICM) describe the degree of failure component influence on cyber security. 3. Joining of criticality matrixes (SWFCM and HW/FPGAFCM, SWICM and HW/FPGAICM), impact analysis of components depending on degree of influence on cyber security and safety as a whole. 4. Developing of Security Assurance Case and selecting of countermeasures according to safety (cyber security)/costs criteria. The developed tool supports creation of criticality matrixes for each analyzed component of the system and I&C as a whole. Joining of criticality matrixes allows creating common matrix for system cyber security and functional safety. The tool supports decision making to optimize choice of countermeasures according to criterion of safety and security/cost criterion.