Approaches to Certification of Reconfigurable IMA Systems Paul Hollow, John McDermid, Mark Nicholson, University of York, UK Abstract
|
|
- Christopher Parks
- 5 years ago
- Views:
Transcription
1 Approaches to Certification of Reconfigurable IMA Systems Paul Hollow, John McDermid, Mark Nicholson, University of York, UK Abstract The aerospace industry have been investigating integrated modular avionics (IMA) for some years. IMA offers the opportunity of greater flexibility in use of computing resources by reconfiguring the software to employ different processors and communications. Such reconfiguration poses difficulties for certification since current certification practice requires assessment of each configuration. The approach we have adopted is to seek ways of clearing an instance of a system that incorporates a number of equivalent configurations. This analysis enables us to define reconfiguration tables for the IMA operating system; reconfiguration using this table is still guaranteed to meet the system requirements. We have formulated the search for a set of equivalent configurations as a multi-objective optimisation problem. 1 Keywords: Integrated Modular Avionics, certification, analysis, distributed systems, reconfiguration 1. Introduction Conventional avionics systems are implemented as federated systems where each major function, or application, within the system is incorporated into a separate hardware box. These boxes may be interconnected via one or more buses at the system level. Each box is considered at a single level of criticality, which requires safety analysis and certification of each box in turn. This type of system can be seen, for instance, in the Airbus 320, which has 88 computers of 50 different types. The lifecycle costs of such systems are huge and this has led to research into an alternative approach; Integrated Modular Avionics (IMA). IMA is an integrated approach to systems architecture where multiple functions, or applications, run in a single hardware box with each function or application communicating via services provided by an operating system. IMA aims to provide a more efficient use of system resources, since resources can now be used in different configurations. Reconfiguration allows software components (processes and / or messages) to employ different processors and communications media to respond to system load, failures or battle damage. One of the perceived barriers to the introduction of such systems is safety certification. Under current certification procedures, each architectural configuration that might be employed by a given IMA would need to be analysed and certified. Effectively, it appears that the cost of the computing system has been moved from federation and maintenance into certification of system configurations. The objectives of the work being undertaken at York are to build, develop and extend both the way in which IMA architectures are modelled and the way in which reconfiguration is achieved under hardware failure conditions, within a certification framework. The framework should allow groups of "equivalent" IMA configurations to be analysed and certified. To achieve this we aim to employ off-line analysis and static reconfiguration under failure. This work should also provide pointers for certification of more advanced reconfiguration techniques. In Section 2 we consider the issues surrounding the certification of IMA systems to set the scene and scope the problem being addressed by this paper. In Section 3 we propose a process 1 The work described here is being undertaken by a Doctoral student funded through the BAe Dependable Computing Systems Centre at York 1
2 for producing and certifying a group of equivalent architectures. In Section 4 we propose a classical search based approach to determining the group and provide details on the scoring of different proposed architectures. In Section 5 we discuss the integrity requirements for the search algorithms and indicate how we envisage our work progressing. 2. Certification of Avionics Systems Standards for the development and certification of avionics systems have been produced, for example, ARP-4754 [1] and the accompanying ARP-4761 for commercial aircraft. However, these standards tend to be applicable to one system type or one stage of the development and certification process. In order for an aircraft to be certified as safe to fly, all certification agencies and government bodies require a safety case to be presented to prove that sufficient safety analysis has been performed on the aircraft and all its sub-systems. The evidence provided in current safety cases relies on two main assumptions: 1. the system can be presented as a single entity 2. the behaviour of the system is deterministic Neither, of these assumptions is likely to hold for IMA systems since one of the major gains from IMA is the ability to reconfigure the system on failure, thus producing a new system whose behaviour is not deterministic at design time. The behaviour of the system is likely to be predictable however. In fact it is even more complicated than this. Bradley et al [2] list seven areas of avionics system certification which are affected significantly by the use of IMA principles and technology: Isolation can no longer purely be provided by physically separating the system functions Scheduling will require a mechanism similar to priority based scheduling [3] Common cause failures may be introduced by means of the management units employed to provide isolation and reconfiguration Safety critical application functions will be placed on standard commercial processors Interchangeability of modules foe ease of maintenance Reconfiguration Re-use of certification evidence In this paper we assume priority based scheduling will be employed. We concentrate on the last two aspects, reconfiguration and re-use of safety evidence. Note is taken of the other aspects however. For instance, we restrict the set of possible system reconfigurations under failure to maintain physical separation to guard against common cause failure due to physical proximity and battle damage and to keep copies of functions apart for redundancy purposes. 3. Certification of Reconfiguration of IMA As we have seen the issues surrounding IMA are numerous and complex. We have focused on one particular aspect, reconfiguration, that we believe is amenable to a systematic analysis via classical search techniques. We propose that certification of a reconfigurable IMA architecture requires the following steps: 1. Model the system and allocate the software components to the given IMA hardware components to produce a "baseline" system. This "baseline" model must be shown to meet all performance requirements. 2
3 2. Produce a list of systems that would pertain under any hardware single point of failure. That is, list every hardware architecture resulting from a single module, processor or link failure. Determine which of these systems no longer meet all their performance requirements. 3. For those single point of failure systems that no longer meet their performance requirements reallocate the software components. Produce a "reconfiguration table" of allocations for each new configuration. 4. If there remain single point of failure systems for which there are no allocations that meet all performance requirements then revisit step one to produce a new baseline model. Repeat steps 1 to 4 until an acceptable set of "equivalent" systems are found or a stopping criterion is met. 5. Investigate the mode change problem for each new configuration. 6. Persuade the certification authorities to accept the set of IMA configurations 7. Repeat steps 2 to 6 for two points of hardware failure. In this circumstance it may be possible to use configurations with degraded performance. 8. Persuade the certification authorities to accept the system, its architectural components and the reconfiguration process. The approach we have taken is to produce a baseline IMA architecture and then to consider how to reconfigure this baseline architecture under different hardware failure situations. Clearly this is an iterative process. It would, for instance, be desirable to negotiate a "buy in" to the "baseline" model by the certification authorities early on in the process. However, it may be necessary to change the baseline architecture if no acceptable reconfigurations exist for some failure scenarios. 4. Approach Taken at York For the purposes of showing the basic elements that need to be considered in our approach to reconfiguration we have produced a model of a simple IMA architecture. The aim is to extend and improve this model as work progresses. The model (Figure 1) consists of one IMA cabinet containing three line replaceable modules (LRMs). One LRM contains four processors, one contains three processors and the third two. All processors are fully connected using ADPM network links within the LRM. LRMs are fully interconnected within the cabinet via ATM point-to-point network links. Each LRM has a "system" processor residing on the LRM and the network links external to each LRM. Three abstract tasks are defined to execute on the architecture. Each task is composed of a number of sub-tasks (processes). Each sub-task may generate one or more messages. The majority of the information contained within the architectural model remains constant, such as the memory capacity of processors and the requirements on the system. Some of the elements of the architecture however are amenable to change under failure conditions such as which processors are linked and the allocation of processes to processors and messages to communication media. Thus we have an allocation problem; to allocate processes to processors and messages to communication media such that all performance and safety related requirements are met. Extensions to this architecture can be easily envisaged such as multiple cabinets, heterogeneous processors within modules and restrictions on placement of software elements due to zonal issues, battle damage and failure. We maintain that the approach presented here can be adapted to incorporate such elements. 3
4 CABINET MODULE MODULE MODULE ID 44 ID 48 ID 51 0,1 6,7 10 ID 6 ID 7 ID 45 ID 19 ID 18 ID 49 ID 25 ID 24 ID 52 2, ID 8 ID 9 ID 46 ID 20 ID 21 ID 50 4 ID 15 ID 14 9 ID 22 ID 23 ID 10 ID 11 ID 47 ID 16 ID 13 ID 17 5 ID 12 Proc id 0 Proc id 1 Proc id 2 Proc id 3 Proc id 4 Proc id 5 Proc id 6 Proc id 7 Proc id 8 26 ID 30 ID 35 ID 39 ID 41 ID ID 31 ID 27 ID ID 38 ID ID 42 ID 43 ID 37 ID 36 ID 28 ID 29 ID 32 ID 33 SYSTEM PROCESSOR (Gateway) SYSTEM PROCESSOR (Gateway) SYSTEM PROCESSOR (Gateway) 12 (Copy task) 13 (Copy task) 14 (Copy task) ID 0 ID 2 ID 1 ID 3 ID 5 ID 4 Figure 1: IMA Architecture Model 4.1 Determining an "Equivalent" IMA architecture Two IMA architectures can be said to be acceptable and equivalent if they both meet all the performance and safety requirements on the system. If a reconfiguration between two such architectures is to be acceptable then the mode change problem must also be addressed. Thus we define two IMA architectures to be equivalent under configuration if they meet all their requirements and a safe mode change path exists from one configuration to the other. We can represent the notion of equivalence as a fitness value (function) which indicates how close to being equivalent two proposed configurations are. Four elements to this fitness function can be envisaged; 1. Resource usage - hardware and software constraints placed on the system 2. Timing properties - each task must be shown to meet its worst case response time (WCRT) deadlines 3. Time to Failure - each task must be shown to have an acceptable failure probability, expressed as the mean time to failure (MTTF) of the task 4. Costs of reconfiguration - cost of moving from one configuration to another must be within acceptable bounds. If two IMA architectures are equivalent we propose that the following fitness function elements should sum to zero. P(s) = k 1 net + k 2 processor + k 3 task + k 4 subtask + k 5 message where k i = net = weighting factor for the element penalty for too many messages on a communication media plus penalty for too many bytes of data plus penalty for number of messages that should not be placed on the same communication media, for fault tolerance, but have. 4
5 processor = task = subtask = message = penalty for processors with too many processes allocated plus penalty for too much memory being used by resident processes plus penalty for inappropriate placement of system processes plus penalty for number of processes that should not be placed on the same processor, for fault tolerance, but have. penalty for number of tasks that fail to meet timing deadlines plus penalty for tasks that fail to meet MTTF requirements penalty for subtasks allocated to inappropriate processor (including failed processors) plus penalty for subtasks that do not meet their deadlines penalty for messages using a dead link plus penalty for messages routed so that they cannot reach their destination process plus penalise any message that fails to meet its delivery deadline The primary reason for determining a set of equivalent architectures is to allow reconfiguration under failure. Suppose that the system is working in its baseline configuration and a processor fails. Suppose further that four processes reside on this processor. A new system configuration is required such that these processes are placed on different, working, processors. This new configuration must be equivalent in that it meets all the system requirements. Extensive changes may be required to facilitate this, such as changing priorities of processes, reallocating messages to different communication media and moving processes other than the four directly affected. In figure x we show one such reconfiguration under failure. Figure x: two equivalent IMA architectures for our example architecture plus reconfiguration tables and accompanying fitness function values here Two equivalent IMA architectures may not be equally optimal. It may be that under failure one proposed architecture requires less changes to the existing architecture than another or exhibits better reliability. Therefore, we need to look for ways of not only finding a set of equivalent architectures but choosing between them. We need to search for good equivalent IMA architectures under failure. The fitness function is extended to include the following elements P(s)' = k 6 reconfig + k 7 reliability + k 8 WCRT where reconfig = reliability = WCRT = penalty for time taken to reconfigure the system (minimise mode change time) penalty for MTTF of tasks in the system (maximise overall MTTF) penalty for gap between WCRT and deadline (maximise to indicate timing flexibility in the system) 4.2 Searching for Good "Equivalent" IMA architectures It may under some circumstances be easy to define an acceptable equivalent architecture when a system failure has occurred. However, in general this will not be the case. For certification purposes we need to show that no single point of failure can lead to the system not meeting its requirements. Thus, we have to find n+m+1 equivalent architectures, where n is the number of processors and m is the number of communication media, if we are to show that no single hardware failure can lead to the loss of the safety critical services provided by the IMA system. Only a proportion of the attributes of an IMA architecture are amenable to change under reconfiguration. These are the processor a process resides on communication media a message resides on 5
6 priority of processes and messages Setting the values of these attributes for a given IMA architecture is known as the Allocation Problem. We thus have to consider m+n+1 allocation problems. Each allocation problem can be formulated as an assignment type problem (ATP) [4]. The important features of an ATP problem, with respect to producing a solution for non-trivial sized problems, are: 1. checking whether a proposed solution is ``acceptable'' with respect to a given set of criteria can be undertaken in polynomial time. 2. finding the optimal solution, with respect to a given set of criteria, is non-polynomial (NP). That is, calculus and enumerative searches cannot in general be guaranteed to find an optimal solution in polynomial time. Ribeiro et al [5], indicate that an implicit enumerative (guided) search, or some other form of problem specific heuristic, is required in order to find good solutions for such problems within a `usable' time period. Simulated Annealing [4, 6] has been chosen to address the problem of finding a group of equivalent allocations. Simulated Annealing (SA) has been applied to a wide range of practical problems [7]. A simple sequential SA algorithm for a minimisation problem, is presented in Figure Y. Tools exist to implement this search algorithm. We use the X-Samson tool developed at the University of East Anglia [8]. The initial solution s 0, is chosen randomly from the set of admissible allocations. The value P(s) for each proposed IMA architecture is calculated using the fitness function presented in Section 3. The initial temperature, t 0, is chosen automatically by the algorithm so that virtually all proposed moves are taken. The temperature is reduced by a factor α each iteration. Each proposed solution s represents a possible IMA architecture and is coded as an integer string of three sections; one representing the allocation of processes to processors, one representing the allocation of messages to communication media and one representing the priorities allocated to processes and messages. Thus the length of the integer string is dependent on the number of defined processes and messages between these processes. Problem: minimise P(s) such that s S Select an initial Solution s 0 ; Select an initial temperature t 0 > 0; Select a temperature reduction function α Repeat Repeat Randomly select s N(s 0 ); δ=p(s)-p(s 0 ); if (δ>s 0 ) then s 0= s; else generate random x uniformly in the range (0,1); if (x < exp(- δt)) then s 0 =s; Until iteration_count = nrep; Set t = α(t); Until stopping condition = true; S 0 is the approximation to the optimal solution. SA Minimisation Algorithm 6
7 Once a baseline architecture has been produced by running this search algorithm for the scenario where all hardware items are working 2 we can investigate reconfiguration under failure. We do this by making a single hardware component unavailable. We then rerun the search algorithm to find the best equivalent architecture that does not employ the failed component. To facilitate this we restrict the set of admissible allocations so that no software component can use this piece of hardware and we employ a minimum change metric in the form of a measure of the time it takes for a reconfiguration to complete. We then repeat this procedure for each single hardware point of failure. If we find that there is no reconfiguration available for some single points of failure then a more extensive redesign may be required. However, it is also possible that we failed to employ an appropriate baseline architecture. We may wish to revisit this architecture in the light of this new evidence. It is hoped that eventually we may be able to co-evolve the baseline and configurations under failure. The results of this analysis should be a baseline architecture and a set of reconfiguration tables that can be further analysed and presented to certification authorities as a single package. 5. Integrity of the Heuristic and Future Aims The Simulated Annealing search algorithm is non-deterministic and as such cannot be guaranteed to find an optimal solution. However, it can be set up to be innately pessimistic; that is if it indicates there is a solution there is one. The trade-off for this is that it may fail to find a solution that exists. There is a safety-performance trade-off for the algorithm. However, it is possible to undertake extra analysis on the equivalent architectures and their accompanying reconfiguration tables after the algorithm has run to show their validity. We extend this work in a number of ways. For instance, we can investigate multiple failure architectures. In this case we would need to extend our approach to consider degradation scenarios. That is, situations where we remove less vital functionality from the system. Three levels of importance would appear reasonable; essential, desirable and optional. Restrictions based on hazard analyses can also be placed on the set of admissible allocations. We are looking at a number of example systems. One, the Integrated Flight Propulsion and Control System (IFPCS [9]) is an industrial test-bed that will allow us to validate our approach on an industrial scale problem. 6. Conclusions The work outlined in this paper presents a new and novel approach to the problem of safety analysis and certification of dynamically reconfigurable IMA systems. By modelling and analysing the system off-line a static and deterministic table of legal reconfigurations in the presence of specific failures can be generated. Since these reconfigurations are known before runtime, each can be verified and certified. The usefulness of this technique depends on the detail of the system model used and the criteria employed within the value (fitness) function used to score the model under analysis. External verification can be employed on the results to provide evidence for their validity. If the model detail and the fitness function criteria are sufficient, then we believe that this technique will provide a partial solution to a very difficult problem in the safety analysis and certification of the next generation of avionics systems. Work continues to show that this is in fact the case. 2 Note in this run the minimum change metric is not employed. 7
8 References [1] SAE, ARP 4754: Certification Considerations for Highly-integrated or Complex Aircraft Systems, : SAE, [2] J. Bradley, M. Fletcher, P. Miller, P. Moxon, and A. Wake, Integrated Modular Avionics & Certification - An IMA Design Team's View, presented at IEE Seminar: Certification of Ground/Air Systems, Savoy Place, London, WC2R 0BL, [3] A. Burns, A Preemptive Priority-Based Scheduling: An Appropriate Engineering Approach, in Advances in Real-Time Systems: Prentice-Hall, 1995, pp [4] Chern, On the Computational Complexity of Reliability Redundancy Allocation in a Series System, Operations Research Letters, vol. 11, pp , [5] C. Ribeiro, P. Treleavan, and C. Alippi, Genetic Algorithm Programming Environments, Computer, vol. 27, pp , [6] S. Kirkpatrick, C. D. Gelatt, and M. P. Vecchi, Optimisation by Simulated Annealing, Science, vol. 220, pp , [7] K. Dowsland, Variants of Simulated Annealing for Practical Problem Solving, presented at Adaptive Computing & Information Processing, [8] J. Mann, SAmson v1.6 User Manual,. School of Information Systems, University of East Anglia, [9] A. M. Cox, IFPCS Infrastructure Concept Document, British Aerospace Defence Ltd, Military Aircraft
An Information Model for High-Integrity Real Time Systems
An Information Model for High-Integrity Real Time Systems Alek Radjenovic, Richard Paige, Philippa Conmy, Malcolm Wallace, and John McDermid High-Integrity Systems Group, Department of Computer Science,
More informationAn Approach to Task Attribute Assignment for Uniprocessor Systems
An Approach to ttribute Assignment for Uniprocessor Systems I. Bate and A. Burns Real-Time Systems Research Group Department of Computer Science University of York York, United Kingdom e-mail: fijb,burnsg@cs.york.ac.uk
More informationModel Based Systems Engineering at DARP. Alek Radjenovic (Malcolm Wallace, Philippa Conmy, John McDermid, Richard Paige)
Model Based Systems Engineering at DARP Alek Radjenovic (Malcolm Wallace, Philippa Conmy, John McDermid, Richard Paige) Outline Background to HIRTS DARP Architectural Descriptions and Modelling Contracts
More informationAirTight: A Resilient Wireless Communication Protocol for Mixed- Criticality Systems
AirTight: A Resilient Wireless Communication Protocol for Mixed- Criticality Systems Alan Burns, James Harbin, Leandro Indrusiak, Iain Bate, Robert Davis and David Griffin Real-Time Systems Research Group
More informationSafety Case Composition Using Contracts - Refinements based on Feedback from an Industrial Case Study
Safety Case Composition Using Contracts - Refinements based on Feedback from an Industrial Case Study Jane Fenn and Richard Hawkins BAE SYSTEMS, Brough, UK Phil Williams General Dynamics (United Kingdom)
More informationPattern-Based Analysis of an Embedded Real-Time System Architecture
Pattern-Based Analysis of an Embedded Real-Time System Architecture Peter Feiler Software Engineering Institute phf@sei.cmu.edu 412-268-7790 Outline Introduction to SAE AADL Standard The case study Towards
More informationImplementing a High-Integrity Executive using Ravenscar
Implementing a High-Integrity Executive using Ravenscar Neil Audsley, Alan Burns and Andy Wellings Real-Time Systems Research Group Department of Computer Science, University of York, UK Abstract This
More informationFour Methods for Maintenance Scheduling
Four Methods for Maintenance Scheduling Edmund K. Burke, University of Nottingham, ekb@cs.nott.ac.uk John A. Clark, University of York, jac@minster.york.ac.uk Alistair J. Smith, University of Nottingham,
More informationOptimization Techniques for Design Space Exploration
0-0-7 Optimization Techniques for Design Space Exploration Zebo Peng Embedded Systems Laboratory (ESLAB) Linköping University Outline Optimization problems in ERT system design Heuristic techniques Simulated
More informationScheduling with Bus Access Optimization for Distributed Embedded Systems
472 IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, VOL. 8, NO. 5, OCTOBER 2000 Scheduling with Bus Access Optimization for Distributed Embedded Systems Petru Eles, Member, IEEE, Alex
More informationTask Allocation for Minimizing Programs Completion Time in Multicomputer Systems
Task Allocation for Minimizing Programs Completion Time in Multicomputer Systems Gamal Attiya and Yskandar Hamam Groupe ESIEE Paris, Lab. A 2 SI Cité Descartes, BP 99, 93162 Noisy-Le-Grand, FRANCE {attiyag,hamamy}@esiee.fr
More informationManaging Jurisdictional Risks for Public Cloud Services
Managing Jurisdictional Risks for Public Cloud Services Version 1.0 July 2017 1 Contents Executive summary 3 Definitions 4 Assessing jurisdictional risk 5 Commonly-used jurisdictions 8 2 Executive summary
More informationEnhancing Cloud Resource Utilisation using Statistical Analysis
Institute of Advanced Engineering and Science International Journal of Cloud Computing and Services Science (IJ-CLOSER) Vol.3, No.1, February 2014, pp. 1~25 ISSN: 2089-3337 1 Enhancing Cloud Resource Utilisation
More informationTime Series Reduction
Scaling Data Visualisation By Dr. Tim Butters Data Assimilation & Numerical Analysis Specialist tim.butters@sabisu.co www.sabisu.co Contents 1 Introduction 2 2 Challenge 2 2.1 The Data Explosion........................
More informationSample Exam. Certified Tester Foundation Level
Sample Exam Certified Tester Foundation Level Answer Table ASTQB Created - 2018 American Stware Testing Qualifications Board Copyright Notice This document may be copied in its entirety, or extracts made,
More informationICB Industry Consultation Body
ICB Industry Consultation Body Evolution of network management 17/11/2016 Issue Position Paper Long-term evolution of Network Management This position paper is intended to form the basis of advice to the
More informationA Data-Centric Approach for Modular Assurance Abstract. Keywords: 1 Introduction
A Data-Centric Approach for Modular Assurance Gabriela F. Ciocarlie, Heidi Schubert and Rose Wahlin Real-Time Innovations, Inc. {gabriela, heidi, rose}@rti.com Abstract. A mixed-criticality system is one
More informationTest and Evaluation of Autonomous Systems in a Model Based Engineering Context
Test and Evaluation of Autonomous Systems in a Model Based Engineering Context Raytheon Michael Nolan USAF AFRL Aaron Fifarek Jonathan Hoffman 3 March 2016 Copyright 2016. Unpublished Work. Raytheon Company.
More informationReaching for the sky with certified and safe solutions for the aerospace market
www.tttech.com/aerospace Reaching for the sky with certified and safe solutions for the aerospace market More about our certified and safe products inside Advancing safe technologies, improving human lives
More informationA Randomized Algorithm for Minimizing User Disturbance Due to Changes in Cellular Technology
A Randomized Algorithm for Minimizing User Disturbance Due to Changes in Cellular Technology Carlos A. S. OLIVEIRA CAO Lab, Dept. of ISE, University of Florida Gainesville, FL 32611, USA David PAOLINI
More information1993 Paper 3 Question 6
993 Paper 3 Question 6 Describe the functionality you would expect to find in the file system directory service of a multi-user operating system. [0 marks] Describe two ways in which multiple names for
More informationThe ITIL v.3. Foundation Examination
The ITIL v.3. Foundation Examination ITIL v. 3 Foundation Examination: Sample Paper 4, version 3.0 Multiple Choice Instructions 1. All 40 questions should be attempted. 2. There are no trick questions.
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationWhat are Embedded Systems? Lecture 1 Introduction to Embedded Systems & Software
What are Embedded Systems? 1 Lecture 1 Introduction to Embedded Systems & Software Roopa Rangaswami October 9, 2002 Embedded systems are computer systems that monitor, respond to, or control an external
More informationA. Burns M. Nicholson K. Tindell N. Zhang Department of Computer Science, University of York, UK
ALLOCATING AND SCHEDULING HARD REAL-TIME TASKS ON A PARALLEL PROCESSING PLATFORM A. Burns M. Nicholson K. Tindell N. Zhang Department of Computer Science, University of York, UK email: burns@minster.york.ac.uk
More informationOptimization Approach for Detecting the Critical Data on a Database
Optimization Approach for Detecting the Critical Data on a Database Prashanth Alluvada Department of Electrical Engineering University of Arkansas, Fayetteville Email: palluvad@uark.edu Abstract Through
More informationPRIOR LEARNING ASSESSMENT AND RECOGNITION (PLAR)
PRIOR LEARNING ASSESSMENT AND RECOGNITION (PLAR) 1. INTRODUCTION 1.1 Purpose of the Guidelines These guidelines have been developed by TVETA to guide TVET Providers on how to: (i) Prepare, plan, and implement
More informationAlexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar
Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar Current status MC model gradually gaining in sophistication Current status MC model gradually gaining in sophistication Issue Safety-related
More informationStatic Analysis of Embedded Systems
Static Analysis of Embedded Systems Xavier RIVAL rival@di.ens.fr Outline Case study Certification of embedded softwares Demo Static Analysisof Embedded Systems p.2/12 Ariane 5 Flight 501 Ariane 5: sattelite
More informationNIS Directive : Call for Proposals
National Cyber Security Centre, in Collaboration with the Research Institute in Trustworthy Inter-connected Cyber-physical Systems (RITICS) Summary NIS Directive : Call for Proposals Closing date: Friday
More informationDarshan Institute of Engineering & Technology Unit : 9
1) Explain software testing strategy for conventional software architecture. Draw the spiral diagram showing testing strategies with phases of software development. Software Testing: Once source code has
More informationWELCOME TO ITIL FOUNDATIONS PREP CLASS AUBREY KAIGLER
WELCOME TO ITIL FOUNDATIONS PREP CLASS AUBREY KAIGLER 2 Demand Management Demand management: The process used to make investmentrelated decisions across the enterprise. Pattern Pattern of of Business Activity
More informationCommissioning Electrical Installations in Building Services Engineering
Unit 42: Commissioning Electrical Installations in Building Services Engineering NQF Level 3: Guided learning hours: 60 BTEC National Unit abstract By law, in accordance with the Electricity at Work Regulations
More informationUKAS Guidance for Bodies Offering Certification of Anti-Bribery Management Systems
CIS 14 Edition 1 September 2018 UKAS Guidance for Bodies Offering Certification of Anti-Bribery Management Systems CIS 14 Edition 1 Page 1 of 10 Contents 1. Introduction 3 2. UKAS Assessment Approach 3
More informationSmart Systems and Heat
Smart Systems and Heat 02 03 Why? Our Smart Systems and Heat programme is focused on creating future-proof and economic local heating solutions for the UK Heat accounts for over 40% of the UK s demand
More informationSoftware Quality. Chapter What is Quality?
Chapter 1 Software Quality 1.1 What is Quality? The purpose of software quality analysis, or software quality engineering, is to produce acceptable products at acceptable cost, where cost includes calendar
More informationProbabilistic Worst-Case Response-Time Analysis for the Controller Area Network
Probabilistic Worst-Case Response-Time Analysis for the Controller Area Network Thomas Nolte, Hans Hansson, and Christer Norström Mälardalen Real-Time Research Centre Department of Computer Engineering
More informationAPF!submission!!draft!Mandatory!data!breach!notification! in!the!ehealth!record!system!guide.!
enquiries@privacy.org.au http://www.privacy.org.au/ 28September2012 APFsubmission draftmandatorydatabreachnotification intheehealthrecordsystemguide. The Australian Privacy Foundation (APF) is the country's
More informationARMA Professional Qualifications. Marie Garnett Head of Professional Development
ARMA Professional Qualifications Marie Garnett Head of Professional Development Professional Recognition ARMA has long harboured ambitions to provide UK professional recognition for members: To help raise
More informationTabu search and genetic algorithms: a comparative study between pure and hybrid agents in an A-teams approach
Tabu search and genetic algorithms: a comparative study between pure and hybrid agents in an A-teams approach Carlos A. S. Passos (CenPRA) carlos.passos@cenpra.gov.br Daniel M. Aquino (UNICAMP, PIBIC/CNPq)
More informationInvestigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models
Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models Peter Feiler Software Engineering Institute phf@sei.cmu.edu 412-268-7790 2004 by Carnegie Mellon University
More informationPlacement Algorithm for FPGA Circuits
Placement Algorithm for FPGA Circuits ZOLTAN BARUCH, OCTAVIAN CREŢ, KALMAN PUSZTAI Computer Science Department, Technical University of Cluj-Napoca, 26, Bariţiu St., 3400 Cluj-Napoca, Romania {Zoltan.Baruch,
More informationHarmonization of usability measurements in ISO9126 software engineering standards
Harmonization of usability measurements in ISO9126 software engineering standards Laila Cheikhi, Alain Abran and Witold Suryn École de Technologie Supérieure, 1100 Notre-Dame Ouest, Montréal, Canada laila.cheikhi.1@ens.etsmtl.ca,
More informationSTATE BROADBAND ACTION PLAN MAY 2015 Nevada Economic Development Conference PREPARED BY CONNECT NEVADA AND THE NEVADA BROADBAND TASK FORCE
STATE BROADBAND ACTION PLAN MAY 2015 Nevada Economic Development Conference PREPARED BY CONNECT NEVADA AND THE NEVADA BROADBAND TASK FORCE PLAN STRUCTURE I INTRODUCTION Background History of the Project
More informationSmart Systems and Heat
Smart Systems and Heat 02 03 Energy Technologies Institute www.eti.co.uk Why? Our Smart Systems and Heat programme is focused on creating future-proof and economic local heating solutions for the UK Heat
More informationOrganic Self-organizing Bus-based Communication Systems
Organic Self-organizing Bus-based Communication Systems, Stefan Wildermann, Jürgen Teich Hardware-Software-Co-Design Universität Erlangen-Nürnberg tobias.ziermann@informatik.uni-erlangen.de 15.09.2011
More informationModel Curriculum Aerospace Software Testing Engineer
Model Curriculum Aerospace Software Testing Engineer SECTOR: AEROSPACE AND AVIATION SUB-SECTOR: DESIGN AND DEVELOPMENT OCCUPATION: AEROSPACE TESTING, VERIFICATION AND VALIDATION REF ID: AAS/Q3207, V1.0
More informationTowards an industrial use of FLUCTUAT on safety-critical avionics software
Towards an industrial use of FLUCTUAT on safety-critical avionics software David Delmas 1, Eric Goubault 2, Sylvie Putot 2, Jean Souyris 1, Karim Tekkal 3 and Franck Védrine 2 1. Airbus Operations S.A.S.,
More informationCan We Reliably Benchmark HTA Organizations? Michael Drummond Centre for Health Economics University of York
Can We Reliably Benchmark HTA Organizations? Michael Drummond Centre for Health Economics University of York Outline of Presentation Some background Methods Results Discussion Some Background In recent
More informationFiscal 2015 Activities Review and Plan for Fiscal 2016
Fiscal 2015 Activities Review and 1. The Ricoh Group s Information Security Activities In response to changes emerging in the social environment, the Ricoh Group is promoting its PDCA management system
More informationHigher National Unit specification: general information. Graded Unit 2
Higher National Unit specification: general information This Graded Unit has been validated as part of the HND Computing: Software Development. Centres are required to develop the assessment instrument
More informationIn examining performance Interested in several things Exact times if computable Bounded times if exact not computable Can be measured
System Performance Analysis Introduction Performance Means many things to many people Important in any design Critical in real time systems 1 ns can mean the difference between system Doing job expected
More informationITERATIVE MULTI-LEVEL MODELLING - A METHODOLOGY FOR COMPUTER SYSTEM DESIGN. F. W. Zurcher B. Randell
ITERATIVE MULTI-LEVEL MODELLING - A METHODOLOGY FOR COMPUTER SYSTEM DESIGN F. W. Zurcher B. Randell Thomas J. Watson Research Center Yorktown Heights, New York Abstract: The paper presents a method of
More informationUNIFORM STANDARDS FOR PLT COURSES AND PROVIDERS
UNIFORM STANDARDS FOR PLT COURSES AND PROVIDERS July 2015 212001734.08 Contents 1. CORE STANDARDS FOR PLT COURSES 1 1.1 Fundamental requirement 1 1.2 Course objectives 1 1.3 Course content 1 1.4 Teaching
More informationSMR Deployment Enablers
SMR Deployment Enablers Kris MacCrory Decision Analysis Services 2017 Energy Technologies Institute LLP - Subject to notes on page 1 Small Modular Reactor (SMR) Deployment Enablers Project Kris MacCrory
More informationDeriving safety requirements according to ISO for complex systems: How to avoid getting lost?
Deriving safety requirements according to ISO 26262 for complex systems: How to avoid getting lost? Thomas Frese, Ford-Werke GmbH, Köln; Denis Hatebur, ITESYS GmbH, Dortmund; Hans-Jörg Aryus, SystemA GmbH,
More informationOvercoming the Challenges of Server Virtualisation
Overcoming the Challenges of Server Virtualisation Maximise the benefits by optimising power & cooling in the server room Server rooms are unknowingly missing a great portion of their benefit entitlement
More informationConfiguration Management for Component-based Systems
Configuration Management for Component-based Systems Magnus Larsson Ivica Crnkovic Development and Research Department of Computer Science ABB Automation Products AB Mälardalen University 721 59 Västerås,
More informationStatistical Testing of Software Based on a Usage Model
SOFTWARE PRACTICE AND EXPERIENCE, VOL. 25(1), 97 108 (JANUARY 1995) Statistical Testing of Software Based on a Usage Model gwendolyn h. walton, j. h. poore and carmen j. trammell Department of Computer
More informationE-Business. Level 6 L Module Descriptor
The Further Education and Training Awards Council (FETAC) was set up as a statutory body on 11 June 2001 by the Minister for Education and Science. Under the Qualifications (Education & Training) Act,
More informationModelling & Simulation of Complex Socio-Cyber- Physical Systems and Large Scale Systems of Systems
Modelling & Simulation of Complex Socio-Cyber- Physical Systems and Large Scale Systems of Systems Along their Lifetime, a System Owner Standpoint CSDM 2016 December 13-14, 2016 N. Thuy - EDF R&D General
More informationModel-Based Safety Approach for Early Validation of Integrated and Modular Avionics Architectures
Model-Based Safety Approach for Early Validation of Integrated and Modular Avionics Architectures Marion Morel THALES AVIONICS S.A.S., 31036 Toulouse, France marion.morel@fr.thalesgroup.com Abstract. Increasing
More informationOptimizing Clustering Algorithm in Mobile Ad hoc Networks Using Simulated Annealing
Optimizing Clustering Algorithm in Mobile Ad hoc Networks Using Simulated Annealing Damla Turgut Begumhan Turgut, Ramez Elmasri and Than V. Le School of EECS Dept of Computer Science & Engineering University
More informationPractical Case Studies in Teaching Concurrency. A. J. Cowling
Practical Case Studies in Teaching Concurrency A. J. Cowling Department of Computer Science, University of Sheffield, Sheffield, S10 2TN, UK. Telephone: +44 114 222 1823; Fax: +44 114 222 1810; Email:
More informationDesign For High Performance Flexray Protocol For Fpga Based System
IOSR Journal of VLSI and Signal Processing (IOSR-JVSP) e-issn: 2319 4200, p-issn No. : 2319 4197 PP 83-88 www.iosrjournals.org Design For High Performance Flexray Protocol For Fpga Based System E. Singaravelan
More informationACO and other (meta)heuristics for CO
ACO and other (meta)heuristics for CO 32 33 Outline Notes on combinatorial optimization and algorithmic complexity Construction and modification metaheuristics: two complementary ways of searching a solution
More informationHigher National Unit specification: general information
Higher National Unit specification: general information Unit code: FR22 35 Superclass: CB Publication date: August 2011 Source: Scottish Qualifications Authority Version: 01 Unit purpose This purpose of
More informationA Unified Model of the Electrical Power Network
A Unified Model of the Electrical Power Network K C P Wong, H M Ryan, J Tindle University of Sunderland, UK ABSTRACT Traditionally, the different infrastructure layers, technologies and management activities
More informationA robust optimization based approach to the general solution of mp-milp problems
21 st European Symposium on Computer Aided Process Engineering ESCAPE 21 E.N. Pistikopoulos, M.C. Georgiadis and A. Kokossis (Editors) 2011 Elsevier B.V. All rights reserved. A robust optimization based
More informationPart 3c Regulations for D level or level 8 modules in programmes and for Professional Doctorates (and associated awards)
Part 3c Regulations for D level or level 8 modules in programmes and for Professional Doctorates (and associated awards) These regulations apply to all Professional Doctorates unless Academic Board has
More informationSolving Large Aircraft Landing Problems on Multiple Runways by Applying a Constraint Programming Approach
Solving Large Aircraft Landing Problems on Multiple Runways by Applying a Constraint Programming Approach Amir Salehipour School of Mathematical and Physical Sciences, The University of Newcastle, Australia
More informationSAE AS5643 and IEEE1394 Deliver Flexible Deterministic Solution for Aerospace and Defense Applications
SAE AS5643 and IEEE1394 Deliver Flexible Deterministic Solution for Aerospace and Defense Applications Richard Mourn, Dap USA Inc. AS5643 coupled with IEEE-1394 Asynchronous Stream capability provides
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationQualification Specification
BCS Level 1 Award in e-safety March 2018 This is a United Kingdom government regulated qualification which is administered and approved by one or more of the following: Ofqual, Qualification in Wales,
More informationResponse to the Validation Panel for the DIT Foundation Programmes
Response to the Validation Panel for the DIT Foundation Programmes Condition: The programme should be presented as two separate programmes with separate programme documentation, including programme aims,
More informationSQA Advanced Unit specification: general information
SQA Advanced Unit specification: general information Unit title: Routing Technology Unit code: HP1J 48 Superclass: CB Publication date: August 2017 Source: Scottish Qualifications Authority Version: 01
More informationCertification Requirements for High Assurance Systems
for High Assurance Systems Gordon M. Uchenick Senior Mentor/Principal Engineer Objective Interface Systems, Inc. and W. Mark Vanfleet Senior Cryptologic Mathematician/ Senior INFOSEC Analyst National Security
More informationReducing Graphic Conflict In Scale Reduced Maps Using A Genetic Algorithm
Reducing Graphic Conflict In Scale Reduced Maps Using A Genetic Algorithm Dr. Ian D. Wilson School of Technology, University of Glamorgan, Pontypridd CF37 1DL, UK Dr. J. Mark Ware School of Computing,
More informationHigher National Unit specification: general information. Troubleshooting a Desktop Operating System
Higher National Unit specification: general information Unit code: FK8A 34 Superclass: CA Publication date: April 2011 Source: Scottish Qualifications Authority Version: 01 Unit purpose This Unit is designed
More informationSafety-Critical Software Development
Safety-Critical Software Development Prof. Chris Johnson, School of Computing Science, University of Glasgow. johnson@dcs.gla.ac.uk http://www.dcs.gla.ac.uk/~johnson Introduction Why is software different?
More informationPreliminary Design of Future Reconfigurable IMA Platforms
Preliminary Design of Future Reconfigurable IMA Platforms Pierre Bieber Thierry Planche Airbus, Toulouse, France Eric Noulard François Vialard Airbus, Toulouse, France Claire Pagetti ABSTRACT The next
More informationThe Affinity Effects of Parallelized Libraries in Concurrent Environments. Abstract
The Affinity Effects of Parallelized Libraries in Concurrent Environments FABIO LICHT, BRUNO SCHULZE, LUIS E. BONA, AND ANTONIO R. MURY 1 Federal University of Parana (UFPR) licht@lncc.br Abstract The
More informationHigher National Unit specification: general information
Higher National Unit specification: general information Unit code: FR23 35 Superclass: CB Publication date: August 2011 Source: Scottish Qualifications Authority Version: 01 Unit purpose The purpose of
More informationHigher National Unit specification: general information
Higher National Unit specification: general information Unit code: H17A 34 Superclass: CB Publication date: March 2012 Source: Scottish Qualifications Authority Version: 01 Unit purpose This Unit is designed
More informationSAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC
More informationGENETIC ALGORITHM with Hands-On exercise
GENETIC ALGORITHM with Hands-On exercise Adopted From Lecture by Michael Negnevitsky, Electrical Engineering & Computer Science University of Tasmania 1 Objective To understand the processes ie. GAs Basic
More informationVerification and Profiling tools
Verification and Profiling tools Dissemination Event September 2014 Nick Lay Dave George Rapita Systems Ltd. Introduction to Rapita Systems www.rapitasystems.com Rapita Systems Ltd. Founded in January
More informationThe Design and Performance Analysis of QoS-Aware Edge-Router for High-Speed IP Optical Networks
The Design and Performance Analysis of QoS-Aware Edge-Router for High-Speed IP Optical Networks E. Kozlovski, M. Düser, R. I. Killey, and P. Bayvel Department of and Electrical Engineering, University
More informationSeven Roadblocks to 100% Structural Coverage (and how to avoid them)
Seven Roadblocks to 100% Structural Coverage (and how to avoid them) White Paper Structural coverage analysis (SCA also referred to as code coverage) is an important component of critical systems development.
More informationKeywords: Product architecture, Component DSM, constraint, computational synthesis
10 TH INTERNATIONAL DESIGN STRUCTURE MATRIX CONFERENCE, DSM 08 11 12 NOVEMBER 2008, STOCKHOLM, SWEDEN SYNTHESIS OF PRODUCT ARCHITECTURES USING A DSM/DMM-BASED APPROACH David Wyatt, David Wynn and John
More informationA Study of Shape Penalties in Vehicle Routing
A Study of Shape Penalties in Vehicle Routing Charles Gretton and Phil Kilby 10 June 2013 NICTA Funding and Supporting Members and Partners 1/37 Capacitated Vehicle Routing Problem with Time Windows Service
More informationHigher National group award Graded Unit Specification
Higher National group award Graded Unit Specification General Information for Centres This group award Graded Unit has been validated as part of the HNC and HND Electronics awards. Centres are required
More informationInstructions for the Conduct of the Examination and Coursework (ICE) Physical Education. Entry Level Certificate (ELC) 8930
8930 Instructions for the Conduct of the Examination and Coursework (ICE) Physical Education Entry Level Certificate (ELC) 8930 Summer 2006 Please pass one copy of this booklet to the teacher responsible
More informationFor presentation at the Fourth Software Engineering Institute (SEI) Software Architecture Technology User Network (SATURN) Workshop.
For presentation at the Fourth Software Engineering Institute (SEI) Software Architecture Technology User Network (SATURN) Workshop. The authors can be reached at cb@mitre.org or ioannis @Mitre.org. In
More informationQoS-Aware IPTV Routing Algorithms
QoS-Aware IPTV Routing Algorithms Patrick McDonagh, Philip Perry, Liam Murphy. School of Computer Science and Informatics, University College Dublin, Belfield, Dublin 4. {patrick.mcdonagh, philip.perry,
More informationRisk-Aware Rapid Data Evacuation for Large- Scale Disasters in Optical Cloud Networks
Risk-Aware Rapid Data Evacuation for Large- Scale Disasters in Optical Cloud Networks Presenter: Yongcheng (Jeremy) Li PhD student, School of Electronic and Information Engineering, Soochow University,
More informationAboriginal Affairs and Northern Development Canada. Internal Audit Report Summary. Audit of Information Technology Security.
Aboriginal Affairs and Northern Development Canada Internal Audit Report Summary Audit of Information Technology Security Prepared by: Audit and Assurance Services Branch April 2015 NCR#7367040 - NCR#7358318
More informationSafety-critical embedded systems, fault-tolerant control systems, fault detection, fault localization and isolation
Fault detection in safety-critical embedded systems nomen VERBER i, MA TJAl COLNARIC i, AND WOLFGANG A. HALANG 2 JUniversity of Maribor, Faculty of Electrical Engineering and Computer Science, 2000 Maribor,
More informationIntroduction to Real-time Systems. Advanced Operating Systems (M) Lecture 2
Introduction to Real-time Systems Advanced Operating Systems (M) Lecture 2 Introduction to Real-time Systems Real-time systems deliver services while meeting some timing constraints Not necessarily fast,
More information