Oleg Lisagor

Bio: Oleg Lisagor is an academic researcher from University of York. The author has contributed to research in topics: Model checking & System safety. The author has an hindex of 6, co-authored 14 publications receiving 230 citations.

ISAAC, a framework for integrated safety analysis of functional, geometrical and human aspects

Abstract: This paper aims at presenting methods and tools that are developed in the ISAAC project (Improvement of Safety Activities on Aeronautical

Model-based safety assessment: Review of the discipline and its challenges

Abstract: Since its emergence in 1990s, Model-Based Safety Assessment (MBSA) has enjoyed significant interest from both academia and industry. The last decade has seen not only the development of a number of methods, techniques and tools, but also the gradual adoption of MBSA techniques by industry and its acceptance by regulators. However, the field of MBSA encompasses a large number of fundamentally dissimilar techniques. This paper presents a simple classification schema for MBSA techniques based on two criteria — provenance of the model and engineering semantics of component dependencies captured by the model. The classification organizes the existing techniques into a number of coherent families. Applicability, limitations and challenges of most prominent families of MBSA techniques are presented, and some of the common challenges faced by MBSA discipline are discussed.

Symbolic Model Checking and Safety Assessment of Altarica models

Abstract: Altarica is a language used to describe critical systems. In this paper we present a novel approach to the analysis of Altarica models, based on a translation into an extended version of NuSMV. This approach opens up the possibility to carry out functional verification and safety assessment with symbolic techniques. An experimental evaluation on a set of industrial case studies demonstrates the advantages of the approach over currently available tools.

Failure logic modelling : a pragmatic approach

Abstract: The research discipline of model-based system safety assessment, which has emerged in the last two decades, has attracted a significant amount of interest from academia, industry and government agencies. However, the discipline remains largely unorganised with various individual, often conceptually dissimilar, techniques being only categorised and related in an ad hoc fashion. This Thesis identifies a coherent family of model-based safety assessment methods – failure logic modelling – and unifies existing techniques through a single well-defined Metamodel. This Failure Logic Metamodel (FLMM) identifies the key safety engineering concepts captured by failure logic modelling techniques, together with their inter-relationships. Whilst maintaining independence from any individual technique, notation or specification language, the abstract Metamodel has been shown to be instantiable in a third party-specification language (AltaRica Dataflow). The Thesis demonstrates that existing failure logic modelling techniques cannot, without modification, adequately address key pragmatic challenges posed by extant characteristics of modern large-scale and complex safety-critical systems. To address such challenges two key contributions are made through extensions to the metamodel. Firstly, these extensions enable the modelling of reconfigurable systems (including those employing fault accommodation). Secondly, they enable the composition of independently defined models in a variety of settings, such as the composition of models of the same system defined from different viewpoints and composition of models of different systems with un-harmonised interfaces. In addition to these contributions, the general metamodel-based approach adopted by the thesis and proposed has helped identify some significant ‘emergent’ characteristics and limitations of failure logic modelling that, to date, have not been reported. The overall contributions of the Thesis have been evaluated through case studies, peer reviews and direct metamodelling experiments. The findings of these evaluations are presented.

Safeware: System Safety and Computers

Abstract: Will Tracz, our esteemed editor and Used-Program salesman, has written an entertaining, non-technical book dealing with the practice (and lack of) of software reuse. Its a collection of essays, mostly rehashed (reused?) and updated from various columns and papers published over the years.. Its a short (a bit over 200 pages) easy reading and enjoyable book (I read most of it in one sitting). Some of the essays discuss what was printed in the past and a discussion of the current status of the points.

An overview of fault tree analysis and its application in model based dependability analysis

Abstract: I provide an overview of the Fault Tree Analysis method.I review different extensions of fault trees.A number of model-based dependability analysis approaches are reviewed.I outline the future outlook for model-based dependability analysis. Fault Tree Analysis (FTA) is a well-established and well-understood technique, widely used for dependability evaluation of a wide range of systems. Although many extensions of fault trees have been proposed, they suffer from a variety of shortcomings. In particular, even where software tool support exists, these analyses require a lot of manual effort. Over the past two decades, research has focused on simplifying dependability analysis by looking at how we can synthesise dependability information from system models automatically. This has led to the field of model-based dependability analysis (MBDA). Different tools and techniques have been developed as part of MBDA to automate the generation of dependability analysis artefacts such as fault trees. Firstly, this paper reviews the standard fault tree with its limitations. Secondly, different extensions of standard fault trees are reviewed. Thirdly, this paper reviews a number of prominent MBDA techniques where fault trees are used as a means for system dependability analysis and provides an insight into their working mechanism, applicability, strengths and challenges. Finally, the future outlook for MBDA is outlined, which includes the prospect of developing expert and intelligent systems for dependability analysis of complex open systems under the conditions of uncertainty.

The FSAP/NuSMV-SA Safety Analysis Platform

Abstract: Safety-critical systems are becoming more complex, both in the type of functionality they provide and in the way they are demanded to interact with the environment. Such a growing complexity requires an adequate increase in the capability of safety engineers to assess system safety, including analyzing the behavior of a system in degraded situations. Formal verification techniques, like symbolic model checking, have the potential of dealing with such a complexity and are now being used more often. However, existing techniques have little tool support and therefore their use for safety analysis remains limited. In this paper, we present FSAP/NuSMV-SA, a platform which aims to improve the development cycle of complex systems by providing a uniform environment that can be used both at design time and for safety assessment. The platform makes the modeling and safety assessment of complex systems easier by providing a facility for automatically augmenting a system model with failure modes, whose definitions are retrieved from a predefined library. In this way, it is possible to assess the system safety both in nominal conditions and in user-specified degraded situations, i.e., in the presence of faults. Furthermore, the platform provides a pattern-based definition of temporal logic formulas, which simplifies the definition of safety requirements. The platform consists of a graphical user interface (FSAP) and an engine (NuSMV-SA) which is based on the NuSMV model checker. The model checking engine provides a support for system simulation and standard model checking capabilities, like property verification and the generation of counterexamples. Furthermore, algorithms have been implemented to automate the generation of artifacts that are typical of reliability analysis, e.g., fault trees. The platform can derive fault trees automatically (for both monotonic and non-monotonic systems) from the definition of the system model and of the possible faults. The interface of the platform has been designed to improve usability for people who are not expert in formal verification. The platform has been evaluated in collaboration with an industrial partner and tested on some industrial case studies.

A Framework for Qualitative and Quantitative Formal Model-Based Safety Analysis

Abstract: In model-based safety analysis both qualitative aspects i.e. what must go wrong for a system failure) and quantitative aspects (i.e. how probable is a system failure) are very important. For both aspects methods and tools are available. However, until now for each aspect new and independent models must be built for analysis. This paper proposes the SAML framework as a formal foundation for both qualitative and quantitative formal model-based safety analysis. The main advantage of SAML is the combination of qualitative and quantitative formal semantics which allows different analyses on the same model. This increases the confidence in the analysis results, simplifies modeling and is less error-prone. The SAML framework is tool-independent. As proof-of-concept, we present sound transformation of the formalism into two state of the art model-checking notations. Prototypical tool support for the sound transformation of SAML into PRISM and MRMC for probabilistic analysis as well as different variants of the SMV model checker for qualitative analysis is currently being developed.

Symbolic fault tree analysis for reactive systems

Abstract: Fault tree analysis is a traditional and well-established technique for analyzing system design and robustness. Its purpose is to identify sets of basic events, called cut sets, which can cause a given top level event, e.g. a system malfunction, to occur. Generating fault trees is particularly critical in the case of reactive systems, as hazards can be the result of complex interactions involving the dynamics of the system and of the faults. Recently, there has been a growing interest in model-based fault tree analysis using formal methods, and in particular symbolic model checking techniques. In this paper we present a broad range of algorithmic strategies for efficient fault tree analysis, based on binary decision diagrams (BDDs). We describe different algorithms encompassing different directions (forward or backward) for reachability analysis, using dynamic cone of influence techniques to optimize the use of the finite state machine of the system, and dynamically pruning of the frontier states. We evaluate the relative performance of the different algorithms on a set of industrial-size test cases.