Pub Date : 2021-11-01DOI: 10.1109/ladc53747.2021.9672593
Regina L. O. Moraes, Tânia Basso, Eliane Martins
A challenge in the space domain is to adapt the V&V (Verification and Validation) process to answer to the growing importance of embedded software and still comply with international standards. This work presents an analysis of the ECSS (European Cooperation for Space Standardization) standard to allow the adaptation of the well-known V-Model for Cyber-Physical System (CPS), particularly for space systems. The result is a complete model capable of representing the physical and software segments, as well as positioning ECSS revisions throughout the system development and its testing/validation tasks.
{"title":"V-Model Adaptation for Space Systems in Light of the ECSS Standard","authors":"Regina L. O. Moraes, Tânia Basso, Eliane Martins","doi":"10.1109/ladc53747.2021.9672593","DOIUrl":"https://doi.org/10.1109/ladc53747.2021.9672593","url":null,"abstract":"A challenge in the space domain is to adapt the V&V (Verification and Validation) process to answer to the growing importance of embedded software and still comply with international standards. This work presents an analysis of the ECSS (European Cooperation for Space Standardization) standard to allow the adaptation of the well-known V-Model for Cyber-Physical System (CPS), particularly for space systems. The result is a complete model capable of representing the physical and software segments, as well as positioning ECSS revisions throughout the system development and its testing/validation tasks.","PeriodicalId":376642,"journal":{"name":"2021 10th Latin-American Symposium on Dependable Computing (LADC)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121643481","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ladc53747.2021.9672594
Danilo Pallamin de Almeida, Bence Graics, R. Chagas, F. Sousa, Fátima Mattiello-Francisco
In the development of academic CubeSat-based space missions, it is common to skip or rush many practices of the Systems Engineering Process due to time and cost constraints, which may lead to issues later on in the mission and failures. Mission concept analyses are often in these practices, including the analysis of the in-orbit behavior of the satellite with respects to power consumption and data generation. With the purpose of supporting these analyses, this article introduces a workflow based on a Cyber-Physical abstraction of CubeSat mission operation scenarios, which uses architectural models based on SysML Class Diagrams and automatic model transformation to support the simulation of these operational scenarios in an open source Model-Based System Engineering (MBSE) tool. These simulations can be used in mission concept analyses in Phase-0 studies to verify initial operations requirements and drive further design implementations.
{"title":"Towards Simulation of CubeSat Operational Scenarios under a Cyber-Physical Systems View","authors":"Danilo Pallamin de Almeida, Bence Graics, R. Chagas, F. Sousa, Fátima Mattiello-Francisco","doi":"10.1109/ladc53747.2021.9672594","DOIUrl":"https://doi.org/10.1109/ladc53747.2021.9672594","url":null,"abstract":"In the development of academic CubeSat-based space missions, it is common to skip or rush many practices of the Systems Engineering Process due to time and cost constraints, which may lead to issues later on in the mission and failures. Mission concept analyses are often in these practices, including the analysis of the in-orbit behavior of the satellite with respects to power consumption and data generation. With the purpose of supporting these analyses, this article introduces a workflow based on a Cyber-Physical abstraction of CubeSat mission operation scenarios, which uses architectural models based on SysML Class Diagrams and automatic model transformation to support the simulation of these operational scenarios in an open source Model-Based System Engineering (MBSE) tool. These simulations can be used in mission concept analyses in Phase-0 studies to verify initial operations requirements and drive further design implementations.","PeriodicalId":376642,"journal":{"name":"2021 10th Latin-American Symposium on Dependable Computing (LADC)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126432970","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ladc53747.2021.9672577
F. Vidal, N. Ivaki, N. Laranjeiro
Nowadays, blockchain has been adopted by applications that are beyond cryptocurrencies. In such applications, the data generated or transactions executed are likely to be altered (revoked) due to several reasons, including business requests, legislation, or the existence of bugs. In addition, most of the data are being created by smart contracts, which, in many cases, are built by developers with non-sophisticated development tools or lacking expertise, leading to code holding residual bugs. In blockchain systems, in which immutability is one of the most critical characteristics, implementing reliable, secure, and efficient (i.e., in terms of time) revocation is a difficult challenge. This paper reviews 8 revocation mechanisms identified in current literature and discusses the applicability of each solution and associated challenges. We expect that our analysis contributes to the definition of new or improved mechanisms for transaction and data revocation in blockchain systems.
{"title":"Revocation Mechanisms for Blockchain Applications: A Review","authors":"F. Vidal, N. Ivaki, N. Laranjeiro","doi":"10.1109/ladc53747.2021.9672577","DOIUrl":"https://doi.org/10.1109/ladc53747.2021.9672577","url":null,"abstract":"Nowadays, blockchain has been adopted by applications that are beyond cryptocurrencies. In such applications, the data generated or transactions executed are likely to be altered (revoked) due to several reasons, including business requests, legislation, or the existence of bugs. In addition, most of the data are being created by smart contracts, which, in many cases, are built by developers with non-sophisticated development tools or lacking expertise, leading to code holding residual bugs. In blockchain systems, in which immutability is one of the most critical characteristics, implementing reliable, secure, and efficient (i.e., in terms of time) revocation is a difficult challenge. This paper reviews 8 revocation mechanisms identified in current literature and discusses the applicability of each solution and associated challenges. We expect that our analysis contributes to the definition of new or improved mechanisms for transaction and data revocation in blockchain systems.","PeriodicalId":376642,"journal":{"name":"2021 10th Latin-American Symposium on Dependable Computing (LADC)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127088065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ladc53747.2021.9672554
László Kovács, Oszkár Semeráth
Testing self-driving components in autonomous vehicles is a challenging task. Such components need to interact with a complex and continuously changing environment, making traditional software testing approaches ineffective or impractical. Scenario-based testing approaches aim to define various traffic situations to support this testing of autonomous components by providing sensor inputs for them while monitoring the output of the actuators. However, we need a formal description of traffic scenarios to measure some coverage metrics or synthesize traffic scenarios. This paper proposes mathematically precise behavior formalization to achieve this by using graph transformation rules. We show that our formalization can cover existing scenario specification implementation, such as Scenic.
{"title":"Towards the Formal Semantics of Scenario Tests for Autonomous Vehicles","authors":"László Kovács, Oszkár Semeráth","doi":"10.1109/ladc53747.2021.9672554","DOIUrl":"https://doi.org/10.1109/ladc53747.2021.9672554","url":null,"abstract":"Testing self-driving components in autonomous vehicles is a challenging task. Such components need to interact with a complex and continuously changing environment, making traditional software testing approaches ineffective or impractical. Scenario-based testing approaches aim to define various traffic situations to support this testing of autonomous components by providing sensor inputs for them while monitoring the output of the actuators. However, we need a formal description of traffic scenarios to measure some coverage metrics or synthesize traffic scenarios. This paper proposes mathematically precise behavior formalization to achieve this by using graph transformation rules. We show that our formalization can cover existing scenario specification implementation, such as Scenic.","PeriodicalId":376642,"journal":{"name":"2021 10th Latin-American Symposium on Dependable Computing (LADC)","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132703472","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ladc53747.2021.9672582
András Földvári, G. Biczók, I. Kocsis, László Gönczy, A. Pataricza
The increased cyber-attack surface in cyber-physical systems, the close coupling to vulnerable physical processes, and the potential for human casualties necessitate a careful extension of traditional safety methodologies, e.g., error propagation analysis (EPA), with cybersecurity capabilities. We propose a model-driven Information Technology/Operational Technology impact analysis method that supports identifying vulnerabilities, most critical attack strategies, and most dangerous threat actors by analyzing attack scenarios on an abstract functional model of the system. Our solution extends EPA, initially developed for dependability and safety analysis, with cybersecurity aspects to explore the safety impact of a cyber attack on a cyber-physical system. The paper presents the impact analysis workflow, the threat model, the pilot analysis tool, and a case study.
{"title":"Impact Assessment of IT Security Breaches in Cyber-Physical Systems: Short paper","authors":"András Földvári, G. Biczók, I. Kocsis, László Gönczy, A. Pataricza","doi":"10.1109/ladc53747.2021.9672582","DOIUrl":"https://doi.org/10.1109/ladc53747.2021.9672582","url":null,"abstract":"The increased cyber-attack surface in cyber-physical systems, the close coupling to vulnerable physical processes, and the potential for human casualties necessitate a careful extension of traditional safety methodologies, e.g., error propagation analysis (EPA), with cybersecurity capabilities. We propose a model-driven Information Technology/Operational Technology impact analysis method that supports identifying vulnerabilities, most critical attack strategies, and most dangerous threat actors by analyzing attack scenarios on an abstract functional model of the system. Our solution extends EPA, initially developed for dependability and safety analysis, with cybersecurity aspects to explore the safety impact of a cyber attack on a cyber-physical system. The paper presents the impact analysis workflow, the threat model, the pilot analysis tool, and a case study.","PeriodicalId":376642,"journal":{"name":"2021 10th Latin-American Symposium on Dependable Computing (LADC)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122567658","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ladc53747.2021.9672584
David Paiva, José Marcelo Duarte, R. Lima, Manoel Carvalho, Fátima Mattiello-Francisco, H. Madeira
CubeSats and very small satellites represent an emergent trend in the space industry. These satellites use commercial off-the-shelf (COTS) components to reduce cost and take advantage of the performance/power consumption ratio of COTS, which is an order of magnitude better than the equivalent radiation hardened space grade components. Unfortunately, COTS components are susceptible to Single Event Upsets (SEU), which are transient errors caused by space radiation. This makes the study of the impact of faults caused by space radiation a mandatory step in the development of CubSats, in order to carefully evaluate weak points that must be strengthened through the use of specific software fault tolerance techniques. The fact that the impact of faults is strongly dependent on the software running on the COTS hardware indicates that the study of the impact of radiation faults must be carried out every time the CubeSat software has a major change, or even a minor update. This paper proposes CubeSatFI, a fault injection platform for CubeSats meant to facilitate the incorporation of this extra step in the Verification and Validation of CubeSats software. CubeSatFI allows the easy definition of fault injection campaigns that emulate the effects of space radiation. SEU are emulated realistically through bit-flip faults injected in the processor registers and in other locations of the CubeSat boards that can be reached by boundary-scan, which is available in CubeSat boards through JTAG Test Access Port. The execution of the fault injection campaigns is controlled by the CubeSatFI platform in a fully automated mode. The paper describes the architecture of the CubeSatFI platform, the fault models, and the general fault injection process. Additionally, the use of the CubeSatFI platform is demonstrated with a fault injection campaign for the EDC (Environment Data Collection), a payload system that will be used in a constellation of satellite from the Brazilian National Institute for Space Research (Instituto Nacional de Pesquisas Espaciais - INPE), providing a first realistic insight on the impact of faults in the EDC software.
{"title":"Fault injection platform for affordable verification and validation of CubeSats software","authors":"David Paiva, José Marcelo Duarte, R. Lima, Manoel Carvalho, Fátima Mattiello-Francisco, H. Madeira","doi":"10.1109/ladc53747.2021.9672584","DOIUrl":"https://doi.org/10.1109/ladc53747.2021.9672584","url":null,"abstract":"CubeSats and very small satellites represent an emergent trend in the space industry. These satellites use commercial off-the-shelf (COTS) components to reduce cost and take advantage of the performance/power consumption ratio of COTS, which is an order of magnitude better than the equivalent radiation hardened space grade components. Unfortunately, COTS components are susceptible to Single Event Upsets (SEU), which are transient errors caused by space radiation. This makes the study of the impact of faults caused by space radiation a mandatory step in the development of CubSats, in order to carefully evaluate weak points that must be strengthened through the use of specific software fault tolerance techniques. The fact that the impact of faults is strongly dependent on the software running on the COTS hardware indicates that the study of the impact of radiation faults must be carried out every time the CubeSat software has a major change, or even a minor update. This paper proposes CubeSatFI, a fault injection platform for CubeSats meant to facilitate the incorporation of this extra step in the Verification and Validation of CubeSats software. CubeSatFI allows the easy definition of fault injection campaigns that emulate the effects of space radiation. SEU are emulated realistically through bit-flip faults injected in the processor registers and in other locations of the CubeSat boards that can be reached by boundary-scan, which is available in CubeSat boards through JTAG Test Access Port. The execution of the fault injection campaigns is controlled by the CubeSatFI platform in a fully automated mode. The paper describes the architecture of the CubeSatFI platform, the fault models, and the general fault injection process. Additionally, the use of the CubeSatFI platform is demonstrated with a fault injection campaign for the EDC (Environment Data Collection), a payload system that will be used in a constellation of satellite from the Brazilian National Institute for Space Research (Instituto Nacional de Pesquisas Espaciais - INPE), providing a first realistic insight on the impact of faults in the EDC software.","PeriodicalId":376642,"journal":{"name":"2021 10th Latin-American Symposium on Dependable Computing (LADC)","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128037587","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ladc53747.2021.9672564
C. Silva, Claudio Medrado Filho, Alexandre Magno Pinto
This paper explores supportability of an aircraft system aiming to proactively incorporate it in concept definition in the Systems Engineering Processes. System-Theoretic Accident Model and Process (STAMP) approach provided the foundation for the analysis conducted herein, strengthening the perspective on how to avoid value losses related to support activities. Results bring important life cycle concerns into consideration for a “design-in” perspective for an aircraft system in conceptual studies.
{"title":"A Systemic Approach to Aircraft System Supportability","authors":"C. Silva, Claudio Medrado Filho, Alexandre Magno Pinto","doi":"10.1109/ladc53747.2021.9672564","DOIUrl":"https://doi.org/10.1109/ladc53747.2021.9672564","url":null,"abstract":"This paper explores supportability of an aircraft system aiming to proactively incorporate it in concept definition in the Systems Engineering Processes. System-Theoretic Accident Model and Process (STAMP) approach provided the foundation for the analysis conducted herein, strengthening the perspective on how to avoid value losses related to support activities. Results bring important life cycle concerns into consideration for a “design-in” perspective for an aircraft system in conceptual studies.","PeriodicalId":376642,"journal":{"name":"2021 10th Latin-American Symposium on Dependable Computing (LADC)","volume":"97 8","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131672949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-01DOI: 10.1109/ladc53747.2021.9672570
Márton Elekes, Zoltán Micskei
In model-based engineering approaches, models are executable artefacts used for simulation, generation and verification. The Executable UML specifications enriched the well-known UML language with precisely defined semantics. The Precise Semantics of UML State Machines (PSSM) specification defined an operational semantics for state machines. Moreover, the specification contains a detailed test suite that illustrates the semantics and can be used to check the conformance of model execution tools. However, as the test suite itself is a complex engineering effort, it could contain errors. To the best of our knowledge, this is the first paper to test and verify the PSSM test suite. We report on typical errors and issues found by reviewing the specification and executing it in one of the supporting tools. Finally, we collect recommendations for such test suites that could enhance future modelling language specifications.
{"title":"Towards Testing the UML PSSM Test Suite","authors":"Márton Elekes, Zoltán Micskei","doi":"10.1109/ladc53747.2021.9672570","DOIUrl":"https://doi.org/10.1109/ladc53747.2021.9672570","url":null,"abstract":"In model-based engineering approaches, models are executable artefacts used for simulation, generation and verification. The Executable UML specifications enriched the well-known UML language with precisely defined semantics. The Precise Semantics of UML State Machines (PSSM) specification defined an operational semantics for state machines. Moreover, the specification contains a detailed test suite that illustrates the semantics and can be used to check the conformance of model execution tools. However, as the test suite itself is a complex engineering effort, it could contain errors. To the best of our knowledge, this is the first paper to test and verify the PSSM test suite. We report on typical errors and issues found by reviewing the specification and executing it in one of the supporting tools. Finally, we collect recommendations for such test suites that could enhance future modelling language specifications.","PeriodicalId":376642,"journal":{"name":"2021 10th Latin-American Symposium on Dependable Computing (LADC)","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132110152","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: