Browsing by Author "Ruiz, Alejandra"
Now showing 1 - 16 of 16
Results Per Page
Sort Options
Item AMASS: A Large-Scale European Project to Improve the Assurance and Certification of Cyber-Physical Systems: A Large-Scale European Project to Improve the Assurance and Certification of Cyber-Physical Systems(Springer Nature, 2019) de la Vara, Jose Luis; Parra, Eugenio; Ruiz, Alejandra; Gallina, Barbara; Franch, Xavier; Männistö, Tomi; Martínez-Fernández, Silverio; QuantumMost safety-critical systems must undergo assurance and certification processes. The associated activities can be complex and labour-intensive, thus practitioners need suitable means to execute them. The activities are further becoming more challenging as a result of the evolution of the systems towards cyber-physical ones, as these systems have new assurance and certification needs. The AMASS project (Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems) tackled these issues by creating and consolidating the de-facto European-wide open tool platform, ecosystem, and self-sustainable community for assurance and certification of cyber-physical systems. The project defined a novel holistic approach for architecture-driven assurance, multi-concern assurance, seamless interoperability, and cross- and intra-domain reuse of assurance assets. AMASS results were applied in 11 industrial case studies to demonstrate the reduction of effort in assurance and certification, the reduction of (re)certification cost, the reduction of assurance and certification risks, and the increase in technology harmonisation and interoperability.Item ANALISIS DE RIESGOS DE CIBERSEGURIDAD EN ARQUITECTURA DE VEHICULOS AUTOMATIZADOS(2018) González, Leonardo; Vaca, Myriam; Lattarulo, Ray A.; Calvo, Isidro; Perez, Joshue; Ruiz, AlejandraLos vehiculos conectados y automatizados han sido recientemente concebidos como entes ci- berf sicos, estrechamente relacionados con la red del Internet de las cosas (IoT). Este hecho supone un incremento en la super cie de ataque del veh culo, que junto a la creciente tendencia hacia veh culos automatizados, hacen que estos riesgos de ciberseguridad puedan tener conse- cuencias catastr o cas en seguridad vial. En el presente trabajo se expone un an alisis de riesgos de ciberseguridad en el marco de una arquitectura de veh culos automatizados. Este an alisis previo se realiza en el contexto de dos escenarios de estudio en maniobras cooperativas. Inicialmente se presenta un estado del arte de la ciberseguridad en automoci on, as como tambi en su repercusi on en entornos automatizados, haciendo especialenfasis en las comunicaciones entre veh culos y con infraestructura. Adem as, se analizan dos maniobras cooperativas, y se ilustran una serie de posibles ataques en la plataforma.Item Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems.(Springer International Publishing, 2016-09-01) Ruiz, Alejandra; Gallina, Barbara; de la Vara, Jose Luis; Mazzini, Silvia; Espinoza, Huascar; Guiochet, Jérémie; Schoitsch, Erwin; Bitsch, Friedemann; Skavhaug, Amund; Quantum; Tecnalia Research & InnovationUnlike practices in electrical and mechanical equipment engineering, Cyber-Physical Systems (CPS) do not have a set of standardized and harmonized practices for assurance and certification that ensures safe, secure and reliable operation with typical software and hardware architectures. This paper presents a recent initiative called AMASS (Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems) to promote harmonization, reuse and automation of labour-intensive certification-oriented activities via using model-based approaches and incremental techniques. AMASS will develop an integrated and holistic approach, a supporting tool ecosystem and a self-sustainable community for assurance and certification of CPS. The approach will be driven by architectural decisions (fully compatible with standards, e.g. AUTOSAR and IMA), including multiple assurance concerns such as safety, security and reliability. AMASS will support seamless interoperability between assurance/certification and engineering activities along with third-party activities (external assessments, supplier assurance). The ultimate aim is to lower certification costs in face of rapidly changing product features and market needs.Item A Harmonized Compositional Assurance Approach for Safety-Critical Systems(Universidad de Deusto, 2015-12-16) Ruiz, Alejandra; Espinoza, Huascar; Kelly, TimSafety-critical systems, those whose failure could end up in loss or injuries to people or the environment, are required to go through laborious and expensive certification processes. These systems have also increased their complexity and as it has already been done in other domains, they have applied component-based system developments to deal with complexity. However, components are difficult to assess as certification is done at system level and not at component level. Compositional certification approach proposes to get incremental credit by accepting that a specific component complies with specific standard’s requirements and it is correctly integrated. The objective is to support integration of new components while the previously integrated components do not need to work for re-acceptance. We propose (1) the use of assurance modelling techniques to provide us the mechanism to understand the common basis of standards shared by different domains such as the avionics, automotive and the medical devices design. We propose (2) an assurance decomposition methodology offering guidance and modelling mechanisms to decompose the responsibilities associated with the life-cycle of safety-critical components. This methodology ensures a hierarchy of assurance and certification projects where the responsibilities and project tasks can be specified and its accomplishment can be assessed to determine the compliance of functional safety standards. Assurance decomposition supports the reuse of components as it guides us not just for standards compliance but specifically on the understanding and tailoring of those standards for component assurance and support when those components are integrated into the final system. We propose (3) a contract-based approach to support the integration of reused components and at the same time, the proposal supports the identification of assumptions, a very laborious and time consuming task. Assurance Contracts are defined to ensure incremental compliance once the components are integrated. The objective of this assurance contracts is to ensure the overall compliance of the system with the selected standards and reference documents such as guidelines or advisory circulars. The defined approach to assurance contracts specification attempts to balance the need for unambiguity on the composition while maintaining the heterogeneity of the information managed. The claims classification offers an easy method to support the assessment of contract completeness and the structured expressions provide a semi-formal language to specify the assumptions and guarantees of a component. This work has been mainly framed in a European collaborative research projects such as OPENCOSS a Large-scale integrating project (IP) with 17 partners from 9 countries to develop a platform for safety assurance and certification of safety-critical systems (compliance with standards, robust argumentation, evidence management, process transparency), SAFEADAPT an FP7 project with 9 partners and RECOMP an ARTEMIS project.. The results of this work have been presented to the standardization group of the Object Management Group responsible for the SACM (Structured Assurance Case Metamodel) standard specification, which currently discusses its inclusion in future versions. The (4) tools presented and used in this work have been included in the results of an open tool platform developed within the OPENCOSS project that is being released in PolarSys. PolarSys is an Eclipse Industry Working Group created by large industry players and by tools providers to collaborate on the creation and support of Open Source tools for the development of embedded systems.Item Information technologies exposing children to privacy risks: Domains and children-specific technical controls: Domains and children-specific technical controls(2022-08) Crepax, Tommaso; Muntés-Mulero, Victor; Martinez, Jabier; Ruiz, Alejandra; SWT; QuantumEU data protection law requires that digital service providers and system developers put in place technical measures that are adequate to protect children’s informational privacy. The stringent legal obligations of implementing principles of data protection by design into digital systems intensified the engineers’ need to create processes and technological solutions to enhance children’s privacy in digital services. However, in several cases, generic controls have proven to have limited effects on the protection of children’s privacy, raising questions about the need to further develop children- specific technical controls. This paper contributes to address the need for privacy controls by providing (a) a summary of real-world applications of information technologies domains that expose children to privacy risks, and (b) a list that represents the state-of-the-art of the technical controls designed specifically to protect children’s privacy. We identify 24 technical controls that we manually classify with NIST Security and Privacy control categories and Hoepman’s Privacy design strategies. We find that most controls relate to identification and authentication, many of which in the form of techniques for age verification. In general, the vast majority of controls belong to minimization strategies. Our findings show that the field of technical controls specifically designed for children is yet to be developed.Item Model-based specification of safety compliance needs for critical systems: A holistic generic metamodel: A holistic generic metamodel(2016-04-01) de la Vara, Jose Luis; Ruiz, Alejandra; Attwood, Katrina; Espinoza, Huascar; Panesar-Walawege, Rajwinder Kaur; López, Ángel; del Río, Idoya; Kelly, Tim; Quantum; Tecnalia Research & Innovation; CIBERSEC&DLT; ADV_INTER_PLATContext: Many critical systems must comply with safety standards as a way of providing assurance that they do not pose undue risks to people, property, or the environment. Safety compliance is a very demanding activity, as the standards can consist of hundreds of pages and practitioners typically have to show the fulfilment of thousands of safety-related criteria. Furthermore, the text of the standards can be ambiguous, inconsistent, and hard to understand, making it difficult to determine how to effectively structure and manage safety compliance information. These issues become even more challenging when a system is intended to be reused in another application domain with different applicable standards. Objective: This paper aims to resolve these issues by providing a metamodel for the specification of safety compliance needs for critical systems. Method: The metamodel is holistic and generic, and abstracts common concepts for demonstrating safety compliance from different standards and application domains. Its application results in the specification of “reference assurance frameworks” for safety-critical systems, which correspond to a model of the safety criteria of a given standard. For validating the metamodel with safety standards, parts of several standards have been modelled by both academic and industry personnel, and other standards have been analysed. We further augment this with feedback from practitioners, including feedback during a workshop. Results: The results from the validation show that the metamodel can be used to specify safety compliance needs for aerospace, automotive, avionics, defence, healthcare, machinery, maritime, oil and gas, process industry, railway, and robotics. Practitioners consider that the metamodel can meet their needs and find benefits in its use. Conclusion: The metamodel supports the specification of safety compliance needs for most critical computer-based and software-intensive systems. The resulting models can provide an effective means of structuring and managing safety compliance information.Item Modelling the Component-based Architecture and Safety Contracts of ArmAssist in Papyrus for Robotics(Institute of Electrical and Electronics Engineers Inc., 2021-06) Martinez, Jabier; Ruiz, Alejandra; Garzo, Ainara; Keller, Thierry; Radermacher, Ansgar; Tonetta, Stefano; Tecnalia Research & Innovation; SWT; Quantum; Medical TechnologiesHealthcare robots are increasingly being used and the way they are engineered they still have several challenges regarding reference models and validation. In this experience report we focus on the ArmAssist robotic system and how it can be modelled including safety considerations for validation in early design phases. ArmAssist is an upper-limb robotic system for stroke rehabilitation based on serious games. The open-source tool Papyrus for Robotics was used for modelling the robotic system in close collaboration with neurorehabilitation domain experts. Papyrus for Robotics includes new functionalities that we contributed for contract-based design at component and system level, allowing to make explicit and validate the safety considerations using formal languages. In our case, the assertions are expressed in OCL and Othello. We present the resulting model and a discussion from domain experts.Item Recent Advances towards the Industrial Application of Model-Driven Engineering for Assurance of Safety-Critical Systems(SciTePress, 2018-01) de la Vara, Jose Luis; Ruiz, Alejandra; Espinoza, Huascar; Hammoudi, Slimane; Pires, Luis Ferreira; Selic, Bran; Quantum; Tecnalia Research & InnovationSafety-critical systems are typically subject to assurance processes as way to ensure that they do not pose undue risks to people, property, or the environment, usually in compliance with assurance standards. The planning, execution, and management of assurance processes can be a complex activity in practice because of issues in the application of the standards, the large amount of information to handle, and the need for providing convincing justifications of assurance adequacy, among other difficulties. As a solution, many authors have argued that the use of Model-Driven Engineering principles and techniques can facilitate and improve assurance of safety-critical systems. This paper presents some of the latest advances that have been and are being made towards the use of these principles and techniques in industry. Although models have been used for assurance of safety-critical systems for many years, e.g. to specify safety cases, it has only been recently when the full potential of Model-Driven Engineering has started to be more widely exploited. This includes aspects such as the specification of metamodels and domain specific languages for assurance, the extension and application of UML, and the use of model transformations.Item Reuse of safety certification artefacts across standards and domains: A systematic approach: A systematic approach(2017-02-01) Ruiz, Alejandra; Juez Uriagereka, Garazi; Espinoza, Huascar; de la Vara, Jose Luis; Larrucea, Xabier; Tecnalia Research & Innovation; QuantumReuse of systems and subsystem is a common practice in safety-critical systems engineering. Reuse can improve system development and assurance, and there are recommendations on reuse for some domains. Cross-domain reuse, in which a previously certified product typically needs to be assessed against different safety standards, has however received little attention. No guidance exists for this reuse scenario despite its relevance in industry, thus practitioners need new means to tackle it. This paper aims to fill this gap by presenting a systematic approach for reuse of safety certification artefacts across standards and domains. The approach is based on the analysis of the similarities and on the specification of maps between standards. These maps are used to determine the safety certification artefacts that can be reused from one domain to another and reuse consequences. The approach has been validated with practitioners in a case study on the reuse of an execution platform from railway to avionics. The results show that the approach can be effectively applied and that it can reduce the cost of safety certification across standards and domains. Therefore, the approach is a promising way of making cross-domain reuse more cost-effective in industry.Item Safety and Security Interference Analysis in the Design Stage(Springer, 2020-09-15) Martinez, Jabier; Godot, Jean; Ruiz, Alejandra; Balbis, Abel; Ruiz Nolasco, RicardoSafety and security engineering have been traditionally separated disciplines (e.g., different required knowledge and skills, terminology, standards and life-cycles) and operated in quasi-silos of knowledge and practices. However, the co-engineering of these two critical qualities of a system is being largely investigated as it promises the removal of redundant work and the detection of trade-offs in early stages of the product development life-cycle. In this work, we enrich an existing safety-security co-analysis method in the design stage providing capabilities for interference analysis. Reports on interference analyses are crucial to trigger co-engineering meetings leading to the trade-offs analyses and system refinements. We detail our automatic approach for this interference analysis, performed through fault trees generated from safety and security local analyses. We evaluate and discuss our approach from the perspective of two industrial case studies on the space and medical domains.Item Safety assessment of automated vehicle functions by simulation-based fault injection(IEEE, 2017-07-27) Juez, Garazi; Amparan, Estibaliz; Lattarulo, Ray; Rastelli, Joshue Perez; Ruiz, Alejandra; Espinoza, Huascar; Tecnalia Research & Innovation; CIBERSEC&DLT; CCAM; QuantumAs automated driving vehicles become more sophisticated and pervasive, it is increasingly important to assure its safety even in the presence of faults. This paper presents a simulation-based fault injection approach (Sabotage) aimed at assessing the safety of automated vehicle functions. In particular, we focus on a case study to forecast fault effects during the model-based design of a lateral control function. The goal is to determine the acceptable fault detection interval for permanent faults based on the maximum lateral error and steering saturation. In this work, we performed fault injection simulations to derive the most appropriate safety goals, safety requirements, and fault handling strategies at an early concept phase of an ISO 26262-compliant safety assessment process.Item Safety Case Driven Development for Medical Devices(SPRINGER INT PUBLISHING AG, GEWERBESTRASSE 11, CHAM, CH-6330, SWITZERLAND, 2015-11-25) Ruiz, Alejandra; Barbosa, Paulo; Medeiros, Yang; Espinoza, Huascar; Koornneef, Floor; van Gulijk, Coen; Quantum; Tecnalia Research & InnovationMedical devices are safety-critical systems that must comply with standards during their development process because of their intrinsic potential of producing harms. Although the existing trend of an increasing complexity of medical hardware and software components, very little has been done in order to apply more mature safety practices already present on other industrial scenarios. This paper proposes a methodology to enhance the Model-Based System Engineering (MBSE) state-of-art practices from the safety perspective, encouraging the use of safety cases and providing guidance on how to show the correspondent traceability for the development artifacts. We illustrate our methodology and its usage in the context of an industrial Automated External Defibrillator (AED). We suggest that medical device industry could learn from other domains and adapt its development to take into account the hazards and risks along the development, providing more sophisticated justification, as, for example, the impact of design decisions.Item Security Debt: Characteristics, Product Life-Cycle Integration and Items(Institute of Electrical and Electronics Engineers Inc., 2021) Martinez, Jabier; Quintano, Nuria; Ruiz, Alejandra; Santamaria, Izaskun; de Soria, Iker Martinez; Arias, JoseIndustries from very diverse domains are realising that security should not be treated in a reactive way (e.g., once the cyberattack has happened). This way, security-related requirements and risks need to be continuously managed, and the need of integrating technical measures should be continuously assessed. In some cases, some decisions led, intentionally or unintentionally, to debt related to security aspects. This security debt is thus incurred when limited approaches or solutions are applied to reach the expected security levels of the system in operation. Identifying and making explicit security debt items is a challenge for companies. In this work, we analyse the literature on security debt to provide initial insights on the topic. Concretely, we discuss its definition, identify its most salient characteristics, present approaches for integrating its management in the product life-cycle, and to present categories and examples of security debt items.Item Smart Grid Challenges Through the Lens of the European General Data Protection Regulation(Springer, 2020) Martinez, Jabier; Ruiz, Alejandra; Puelles, Javier; Arechalde, Ibon; Miadzvetskaya, Yuliya; Siarheyeva, Alena; Barry, Chris; Lang, Michael; Linger, Henry; Schneider, Christoph; SWT; Quantum; DIG_LIF_SKI; Tecnalia Research & InnovationThe General Data Protection Regulation (GDPR) was conceived to remove the obstacles to the free movement of personal data while ensuring the protection of natural persons with regard to the processing of such data. The Smart Grid has similar features as any privacy-critical system but, in comparison to the engineering of other architectures, has the peculiarity of being the source of energy consumption data. Electricity consumption constitutes an indirect means to infer personal information. This work looks at the Smart Grid from the perspective of the GDPR, which is especially relevant now given the current growth and diversification of the Smart Grid ecosystem. We provide a review of existing works highlighting the importance of energy consumption as valuable personal data as well as an analysis of the established Smart Grid Architecture Model and its main challenges from a legal viewpoint, in particular the challenge of sharing data with third parties.Item Towards Risk Estimation in Automated Vehicles Using Fuzzy Logic(Springer Verlag, 2018) González, Leonardo; Martí, Enrique; Calvo, Isidro; Ruiz, Alejandra; Pérez, Joshue; Bitsch, Friedemann; Skavhaug, Amund; Gallina, Barbara; Schoitsch, Erwin; CCAM; Tecnalia Research & Innovation; QuantumAs vehicles get increasingly automated, they need to properly evaluate different situations and assess threats at run-time. In this scenario automated vehicles should be able to evaluate risks regarding a dynamic environment in order to take proper decisions and modulate their driving behavior accordingly. In order to avoid collisions, in this work we propose a risk estimator based on fuzzy logic which accounts for risk indicators regarding (1) the state of the driver, (2) the behavior of other vehicles and (3) the weather conditions. A scenario with two vehicles in a car-following situation was analyzed, where the main concern is to avoid rear-end collisions. The goal of the presented approach is to effectively estimate critical states and properly assess risk, based on the indicators chosen.Item Will safety-security co-engineering pay off? A quality and cost perspective in two case studies(Institute of Electrical and Electronics Engineers Inc., 2021) Urretavizcaya, Imanol; Martinez, Jabier; Satriani, Giuseppe; Ruiz, Alejandra; Nolasco, Ricardo Ruiz; Gonzalez, Antonio; Moreno, Isaac; Balbis, AbelSafety and Security concerns are usually interlinked while building critical software-intensive systems of systems. Several efforts try to approach both domains of expertise to increase the overall reliability of the systems and reduce costs by an earlier detection of issues and trade-offs. Despite the growing number of co-engineering practices at different life-cycle stages, there is a lack on business justifications such as economic costs of their adoption. We report on using a cost model to evaluate the convenience (or not) of adopting co-engineering practices in two industrial case studies (space and medical devices). Simulation results with the collected data suggest an improvement in quality if any of the selected co-engineering practices are integrated while cost increases in one case but reduces in the other. We discuss the results but, as they cannot be generalized, the main contribution is on proposing the cost model for answering the title’s question.