Bettina Buth

• PhD Habil
• Professor (Full) at HAW Hamburg

Thoughts about the impact of AI on critical systems - chances and risks

Smart City applications strongly rely on sensor networks for the collection of data and their subsequent analysis. In this paper we discuss whether methods from dependability engineering could be used to identify potential risk relating to safety and security of such applications. The demonstration object of this paper is a sensor network for air q...

In this paper we propose the use of techniques typically employed for safety-critical systems for the identification of weaknesses in traffic control systems, specifically in systems with dynamically changing sets of sensors. The paper introduces the basic terminology of dependability engineering as well as typical architectures for sensor networks...

This contribution reports of work done after the official end of the ProCoS project in 1995. Most of this work was done while the author was affiliated with Bremen University. The aim of this contribution is to show the effect of ProCoS on these projects, which comprises analysis of systems from two different application domains: space and aerospac...

The increasing complexity of automotive networks, their challenging timing constraints and their high bandwidth demands require new concepts for future in-car communication. Real-time Ethernet is meant to be a suitable candidate for the next-generation in-car interconnection. However, model-based testing capabilities must be available as well. Appl...

This article presents an approach for the verification of communication properties in large-scale real-world embedded systems by means of formal methods. It is illustrated by examples and results obtained during an industrial verification project performed for a fault-tolerant system designed and implemented by Daimler-Benz Aerospace for the Intern...

In recent years, computer scientists have become more and more convinced that verification is an important part of software development. We give an example for formal verification of "realistic" software: we show how to prove correctness of code generators that are developed within the compiler generating system CAT. Such code generators are large...

This paper reports on provably correct compiler implementation in the ESPRIT basic research action 3104 ProCoS (Provably Correct Systems). A sharp distinction is drawn between correctness of the specification of a compiler and correctness of the actual implementation. The first covers semantical correctness of the code to be generated, whereas the...

Mode confusion situations or more general automation surprises can arise in the context of sophisticated control systems which require the interaction with human operators as for example flight monitoring systems in airplanes. A “mode” is defined by a subset of system variables the values of which determine distinguishable forms of system behaviour...

Interpretation is applied to "lift" occam process components to CSP components reflecting the essential aspects of the process communication behavior while abstracting from details irrelevant for the verification goal, -- Generic theories increase the efficiency of analysis: process instances of a generic class inherit the class properties, which m...

. This article presents experiences gained from the verification of communication properties of a large-scale real-world embedded system by means of formal methods. This industrial verification project was performed for a fault-tolerant system designed and implemented by Daimler-Benz Aerospace for the International Space Station ISS and focused ess...

The design and development of safety-critical systems requires particular care in order to ensure the highest level of confidence in the systems. A variety of lifecycle models and development standards have evolved in various areas. Formal methods are touted to be the best approach for the development on all levels. Up to now, the lack of adequate...

Tool support is an essential requirement for the applicability of Formal Methods to realistic, large-scale systems, and the acceptance of Formal Methods in industries in general. Many examples demonstrate how useful the currently existing tools can be especially during the specification and design phase. Essential prerequisites are modularity and s...

This article summarises and evaluates the results and experiences obtained from a verification, simulation and test suite for a faulttolerant computer system designed and developed by DaimlerChrysler Aerospace for the International Space Station ISS. Verification and testing focused on various aspects of system correctness which together ensure a...

. In this article, we describe an approach for the tool-supporteddevelopment and verification of fault-tolerant systems according to theinvent&verify paradigm. Our method is based on the CSP (CommunicatingSequential Processes) specification language. It allows the desiredproperties of a system to be expressed as implicit specifications (assertionsa...

Without Abstract

this report was motivated by two aims: first -- on the technical side -- to find a way of employing PVS[3] as a prover backend for the system PAMELA, and second -- on the methodological side -- to develop a better understanding for the obstacles involved in combining tools that have been developed independently. The work is not finished yet, especi...

Zsfassung in dt. Sprache. Zugl.: Kiel, Univ., Diss. : 1995.

Die Korrektheit von Software gewinnt immer stärkere Bedeutung. Die Gründe hierfür sind vielfältig. So ist etwa der Einsatz von Programmsystemen in äußerst sicherheitskritischen Bereichen mittlerweile nur dann noch zu verantworten, wenn eine weitgehende Funktionsgarantie gegeben werden kann. Aufgrund dieser Einsicht wurde auch das Bundesamt für Sich...

In principle, program verification is the only adequate means to ensure the correctness of software with respect to precise specifications. But since realistic programs such as code generators and other parts of compilers tend to be large and complex, some mechanical support is necessary for the verification of these programs. In this paper we pres...

In principle, program verification is the only adequate means to ensure the correctness of software with respect to precise or formal specifications. But since programs applied in industry tend to be large and complex, some mechanical support is necessary for the verification of these programs. In this paper we present the ideas of the verification...