Specification Mining of Time-sensitive Systems for Safety and Security Applications

用于安全和安保应用的时间敏感系统的规范挖掘

• 批准号: RGPIN-2018-04454
• 负责人: Fischmeister, Sebastian
• 金额: $ 8.01万
• 依托单位: University of Waterloo
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2022
• 资助国家: 加拿大
• 起止时间: 2022-01-01 至 2023-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=751585
• 关键词: Specification; Mining; Time; sensitive; Systems

Embedded safety-critical systems are essential for Canada and Canadians. Should safety-critical systems fail to provide their required functionality, they have the potential to cause harm to people, loss of capital infrastructure, or significant damage to the environment. Canadians rely on safety-critical systems every day as they commute to work, travel in airplanes, and undergo medical treatment in hospitals. The lives of many Canadians are dependent on these systems; people rely on pacemakers, implanted insulin pumps, and neonate incubators. Businesses rely on these systems to steer supply chains, control factories, and manage finances. Finally, Canada's safety and independence relies on these systems for modern surveillance and defense technology; all of these systems are controlled by computers and software in embedded safety-critical applications.Safety-critical systems are becoming increasingly complex; the more complex, the greater the risk of safety hazards for the public. Today's control software in vehicles and aircraft counts millions of lines of code. Increase in software complexity strongly correlates with an increase in system defects. Over the last 20 years, for instance, automotive software has become the prime reason for vehicle recalls --- accounting now for over 30% of all recalls. Defects in safety-critical systems heighten the risk of failure, which can lead to accidents severely impacting human life, property, and the environment.This proposal outlines a research programme that will research and develop technology to (1) assist in understanding complex systems and (2) build a monitoring system to detect failures before they become hazards. The programme concentrates on specification mining and runtime monitoring as the core building blocks. Specification mining uses algorithms to analyze artifacts such as system traces with the goal to extract system behaviour. Extracted system behaviour can provide dynamic views on specific aspects that a developer might be interested in, and can be used as an effective tool to comprehend complex systems. Runtime monitoring provides mechanisms to observe a system and prevent it from entering undesirable, or even erroneous states. Runtime monitoring typically uses checker code synthesized from high-level specifications to check current system behaviour, and alert or steer the system in case of violations of high-level specifications. For example, an automotive transmission shall shall remain for a minimum time on a gear before switching to avoid rapid (malicious) engine wear.By automating tools for safety and security monitoring, the programme will fundamentally advance the state-of-the-art of system development for complex embedded systems. The programme will also train HQP necessary for industry to translate the results into products to build safe and secure next-generation embedded systems.

嵌入式安全关键系统对于加拿大和加拿大人来说至关重要。如果安全关键系统无法提供所需的功能，则有可能对人员造成伤害、资本基础设施损失或对环境造成重大破坏。加拿大人每天上下班、乘飞机旅行和在医院接受治疗时都依赖安全关键系统。许多加拿大人的生活依赖于这些系统；人们依赖起搏器、植入式胰岛素泵和新生儿培养箱。企业依靠这些系统来引导供应链、控制工厂和管理财务。最后，加拿大的安全和独立依赖于这些现代监视和防御技术系统；所有这些系统均由嵌入式安全关键应用中的计算机和软件控制。安全关键系统正变得越来越复杂；越复杂，对公众的安全隐患风险就越大。当今车辆和飞机中的控制软件有数百万行代码。 软件复杂性的增加与系统缺陷的增加密切相关。例如，在过去 20 年里，汽车软件已成为车辆召回的主要原因，目前占所有召回的 30% 以上。安全关键系统中的缺陷会增加故障风险，从而可能导致严重影响人类生命、财产和环境的事故。该提案概述了一项研究计划，该计划将研究和开发技术以（1）协助理解复杂系统和(2) 建立监控系统，在故障成为危险之前发现它们。该计划专注于规范挖掘和运行时监控作为核心构建块。规范挖掘使用算法来分析系统跟踪等工件，目的是提取系统行为。提取的系统行为可以提供开发人员可能感兴趣的特定方面的动态视图，并且可以用作理解复杂系统的有效工具。运行时监视提供了观察系统并防止其进入不良状态甚至错误状态的机制。运行时监控通常使用从高级规范合成的检查器代码来检查当前系统行为，并在违反高级规范的情况下警告或引导系统。例如，汽车变速器在切换之前应在档位上保持最短时间，以避免发动机快速（恶意）磨损。通过自动化安全和安保监控工具，该计划将从根本上推进最先进的技术复杂嵌入式系统的系统开发。该计划还将培训行业所需的总部人员，将结果转化为产品，以构建安全可靠的下一代嵌入式系统。