Safety assurance of a complex system cannot be completely ensured at design/development time since most uncertainties and unknowns are revealed when the system is deployed in a real environment. Safety assurance at runtime can be addressed by using models formalizing those safety assertions the system has to guarantee during operation, and specifying enforcement strategies aimed at preserving or eventually restoring safety. This paper presents an approach to runtime safety enforcement of software systems based on the MAPE-K control loop architecture for system monitoring and control, and on the State Machine as runtime model to specify safety assertions and enforcement strategies for steering the correct system behavior. The enforcer software is designed to act as a proxy system which wraps around the software system to realize safety enforcement, both as black-box enforcement on unsafe I/O events and as gray-box enforcement on unsafe internal system changes. The proposed approach is supported by a component framework called RSE (Runtime Safety Enforcement) that is here illustrated by means of two real case studies in the health-care domain.
A component framework for the runtime enforcement of safety properties / S. Bonfanti, E. Riccobene, P. Scandurra. - In: THE JOURNAL OF SYSTEMS AND SOFTWARE. - ISSN 0164-1212. - 198:(2023), pp. 111605.1-111605.17. [10.1016/j.jss.2022.111605]
A component framework for the runtime enforcement of safety properties
E. RiccobeneSecondo
;
2023
Abstract
Safety assurance of a complex system cannot be completely ensured at design/development time since most uncertainties and unknowns are revealed when the system is deployed in a real environment. Safety assurance at runtime can be addressed by using models formalizing those safety assertions the system has to guarantee during operation, and specifying enforcement strategies aimed at preserving or eventually restoring safety. This paper presents an approach to runtime safety enforcement of software systems based on the MAPE-K control loop architecture for system monitoring and control, and on the State Machine as runtime model to specify safety assertions and enforcement strategies for steering the correct system behavior. The enforcer software is designed to act as a proxy system which wraps around the software system to realize safety enforcement, both as black-box enforcement on unsafe I/O events and as gray-box enforcement on unsafe internal system changes. The proposed approach is supported by a component framework called RSE (Runtime Safety Enforcement) that is here illustrated by means of two real case studies in the health-care domain.
| File | Dimensione | Formato | |
|---|---|---|---|
|
JSS23.pdf
accesso aperto
Tipologia:
Pre-print (manoscritto inviato all'editore)
Dimensione
1.27 MB
Formato
Adobe PDF
|
1.27 MB | Adobe PDF | Visualizza/Apri |
|
1-s2.0-S0164121222002813-main.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
1.18 MB
Formato
Adobe PDF
|
1.18 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
