Search results
(1 - 1 of 1)
- Title
- A FRAMEWORK FOR MANAGING UNSPECIFIED ASSUMPTIONS IN SAFETY-CRITICAL CYBER-PHYSICAL SYSTEMS
- Creator
- Fu, Zhicheng
- Date
- 2020
- Description
-
For a cyber-physical system, its execution behaviors are often impacted by its operating environment. However, the assumptions about a cyber...
Show moreFor a cyber-physical system, its execution behaviors are often impacted by its operating environment. However, the assumptions about a cyber-physical system’s expected environment are often informally documented, or even left unspecified during the system development process. Unfortunately, such unspecified assumptions made in cyber-physical systems, such as medical cyber-physical systems, can result in patients’ injures and loss of lives. Based on the U.S. Food and Drug Administration (FDA) data, from 2006 to 2011, there were 5,294 recalls and 1,154,451 adverse events resulting in 92,600 patient injuries and 25,800 deaths. One of the most critical reasons for these medical device recalls is the violations of unspecified assumptions. These compelling data motivated us to research unspecified assumptions issues in safety-critical cyber-physical systems, and develop approaches to reduce the failures caused by unspecified assumptions.In particular, this thesis is to study the issues of unspecified assumptions in cyber-physical system design process, and to develop an unspecified assumption management framework to (1) identify unspecified assumptions in system design models; (2) facilitate domain experts to perform impact analysis on the failures caused by violating unspecified assumptions; and (3) explicitly model unspecified assumptions in system design models for system safety validation and verification.Before starting to develop the unspecified assumption management framework, we first need to study how unspecified assumptions may be introduced into cyber- physical systems. We took cases from the FDA medical device recall database to analyze the root causes of medical device failures. By analyzing these cases, we found two important facts: (1) one of the major reasons that causes medical device recalls is violation of some unspecified assumptions; and (2) unspecified assumptions are often introduced into the system design models through syntactic carriers. Based on the two findings, we propose a framework for managing unspecified assumption in cyber- physical system development process. The framework has three components. The first component is called the Unspecified Assumption Carrier Finder (UACFinder), which is to identify unspecified assumptions in system design models through automatically extracting syntactic carriers associated with unspecified assumptions. However, as the number of unspecified assumptions identified from system design models can be large, and it may not be always feasible for domain experts to validate and address the most safety-critical assumptions at different system development phases. Therefore, the second component of the framework is a methodology that uses the Failure Mode and Effects Analysis (FMEA) based prioritization approach to facilitate domain experts to perform impact analysis on unspecified assumptions identified by the UACFinder and asses their safety-critical level. The third component of the framework describes a model architecture and corresponding algorithms to model and integrate assumptions into system design models, so that system safety associated with these unspecified assumptions can be validated and formally verified by existing tools.We also have conducted case-studies on representative system models to demonstrate how UACFinder can identify unspecified assumptions from system design mod- els, and how the FMEA based prioritizing approach can facilitate domain experts to verify the appropriateness of identified assumptions. In addition, case studies are also conducted to demonstrate how system safety properties can be improved by modeling and integrating unspecified assumptions into system models. The results of case-studies indicate that the unspecified assumption management framework can identify unspecified assumptions, facilitate domain experts to validate and verify the appropriateness of identified assumptions, and explicitly specify assumptions that would cause defects in these systems.
Show less