About
79
Publications
11,935
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
205
Citations
Publications
Publications (79)
Experience-based methods like reinforcement learning (RL) are often deemed less suitable for the safety field due to concerns about potential safety issues. To bridge this gap, we introduce STPA-RL, a methodology that integrates RL with System-Theoretic Process Analysis (STPA). STPA is a safety analysis technique that identifies causative factors l...
In modern software development, OSS (Open Source Software) has become a crucial element. However, if OSS have few contributors and are lacking in maintenance activities, such as bug fixes, are used, it can lead to significant costs and resource allocation due to maintenance discontinuation. Since OSS are developed by a diverse group of contributors...
GitHub serves as a platform for collaborative software development, where contributors engage, evolve projects, and shape the community. This study presents a novel approach to analyzing GitHub activity that departs from traditional methods. Using Discrete-Time Markov Chains and probabilistic Computation Tree Logic for model checking, we aim to unc...
Reinforcement learning (RL) is rapidly used in safety-centric applications. However, many studies focus on generating optimal policy that achieves maximum rewards. While maximum rewards are beneficial, safety constraints and non-functional requirements must also be considered in safety-centric applications to avoid dangerous situations. For example...
Reinforcement Learning represents a powerful paradigm in artificial intelligence, enabling agents to learn optimal behaviors through interactions with their environment. However, ensuring the safety of policies learned in non-deterministic environments, where outcomes are inherently uncertain and variable, remains a critical challenge. Safety in th...
In the context of reinforcement learning (RL), ensuring both safety and performance is crucial, especially in real-world scenarios where mistakes can lead to severe consequences. This study aims to address this challenge by integrating temporal logic constraints into RL algorithms, thereby providing a formal mechanism for safety verification. We em...
In the context of reinforcement learning (RL), ensuring both safety and performance is crucial, especially in real-world scenarios where mistakes can lead to severe consequences. This study aims to address this challenge by integrating temporal logic constraints into RL algorithms, thereby providing a formal mechanism for safety verification. We em...
As technology advances, hardware-centric systems are rapidly moving towards software-centric ones, and their complexity is rapidly increasing. In particular, systems directly related to safety require thorough verification. Model checking exhaustively explores the state space of the abstracted system to check whether properties written in a logical...
The use of open-source in modern software development has increased the convenience of software project development, but it has also created the problem of reduced maintainability due to lack of support. To alleviate this problem, we predict the survivability of open-sources used in KakaoTalk using supervised machine learning and identify open-sour...
최근 소프트웨어 개발은 빠른 개발과 배포를 추구하기 때문에 애자일 방법론을 주로 채택하여 소프트웨어 개발 프로젝트를 진행한다. 이런 애자일 기법을 교육하기 위해 교육용으로 경량화 된 스크럼 프로세스를 개발하여 2022년도 상반기에 학생들에게 배포하였지만 기대한 만큼의 결과를 도출하지는 못했다. 본 논문에서는 이런 문제의 원인에 대해 분석하고 이를 보완할 방법으로 학생 친화적인 교육용 스크럼 프레임워크를 제안한다. 학생들이 스크럼 방법론을 학습하고 나아가서는 실습환경까지 조성해 줄 수 있는 프레임워크는 크게 베이스 프로젝트, 툴 체인, 스크럼 가이드로 구성되어있다. 학생들이 스크럼 프로세스에 대해 잘 알지 못하더라도 이...
In this paper, we solve Sokoban using Q-learning algorithm. Q-learning selects random actions according to the current state of the environment to proceed with exploration or select actions that can obtain maximum rewards through the use of learning. We analyzed and compared the learning success rate by changing the values of learning rate, discoun...
IEC 61508 is to check whether the Safety Instrument System (SIS) can achieve its goal in design by obtaining the Probability of Failure on Demand (PFD) and performing Safety Integrity Level (SIL) verification. In the process of applying IEC 61508 formula to SIL verification the uncertainty figures are applied as triangular distributions based on th...
This paper surveys term project related data stored in Github with Scrum software process in a semester of third year students of our university. These data are analyzed with respect to project period, the number of commit and branch, Git branch strategy, and the number of commit log for understanding the current status of the ability of Scrum proc...
IEC 61508 is a standard for achieving the functional safety of E/E/PE and is used for the development and verification of safety systems in the process industry. To verify this safety system, IEC 61508 requires SIL (Safety Integrity Level) verification, and it provides PFD formulas for it. Among the variables in the formula, PFD can be calculated t...
System theoretic hazard analysis is supporting to assure the safety of the system from accidents caused by unintended control of the reactive system. For this, it is important to clearly understand and model the control structure of the development system and software. If the control structure is not fully grasped, an accident may occur because uni...
Recently, education and practice using agile-based scrum process have been activated. In particular, Kyonggi University directly developed the K-FOREST process and applied it to actual undergraduate classes so that students can understand it and apply it quickly. This paper introduces the case of developing a book management system by applying the...
Modern software development projects that require rapid development use a lot of scrum processes. The scrum process divide and repeat projects at regular intervals, making it easier to develop high-quality finished products within a given time period. Reflecting the shift from traditional development methodology to agile development methodology suc...
Versioning of a project is an important activity in software development. This is because development is carried out on a team basis and the previous version should be available if necessary. However, most university undergraduates are not familiar with project version management and are improvising projects. To compensate for this problem, this wo...
최근 다양한 산업들에 소프트웨어를 접목한 시스템들이 많아지고 있는 추세이다. IEC 61508은 안전 기능을 개발해 산업 공정 시스템의 고장으로 인한 사고의 위협으로부터 안전을 지키도록 요구하고 있다. 특히 KooN 아키텍처 설계는 IEC 61508에서 안전 기능의 고장이 발생할 확률을 낮추어 주는 역할을 한다. 본 논문은 IEC 61508의 KooN 아키텍처 설계에 따른 고장률 감소량을 비교하고자 한다. 그 결과, KooN 아키텍처 설계가 시스템의 고장률을 감소시키긴 하였으나, K 및 N의 값에 따라 고장률 감소량이 선형적으로 증가하지 않는다는 것을 확인하였다.
공정 산업에선 한 번의 사고로 많은 인명피해가 발생할 수 있다. 그러한 사고를 막기 위해 IEC 61508에서는 안전 시스템을 구축, 검증하도록 요구하고 있고, 안전 시스템을 검증하기 위한 수식을 제공하고 있다. SIL 검증이 제대로 이루어지지 않으면, 안전 시스템이 구축되었어도 사고로부터 보호할 수 없을 것이다. 이를 위해서 SIL 검증에 사용되는 수식이 정확해야 한다. SIL 검증에 사용하는 수식은 미래의 다음 상태가 정해지지 않은 현실의 불확실성을 간소화한 것이기 때문에 불확실성의 반영이 부족할 수 있다. 본 논문에서는 수식의 변수 중 고장 상태 시간의 불확실성 반영을 검증하기 위해서 고장 상태 시간에 불확실성을...
최근 원자력 발전소 또는 자율항공 시스템과 같이 치명적인 인명 손실을 초래할 수 있는 고도의 신뢰성이 요구되는 제어 시스템의 경우, 안전 시스템이 필수적이며 사전에 안전성을 평가해야 한다. 이를 위해 국제 기능안전 표준인 IEC 61508은 안전기능 수행 고장확률에 대한 간소화된 수식을 제공하고 시스템 구조의 유형을 분류하고 있지만, 다중 안전 시스템에 대한 유형이 제한적이다. 본 논문에서는 IEC 61508에서 명시되지 않은 2oo4 구조 시스템의 안전성을 평가하는 사례를 소개한다. 특히, 사례로 선정한 시스템의 PFD(Probability of Failure on Demand)를 계산하여, IEC 61508 SIL을...
안전계장 시스템(SIS, Safety Instrument System)은 산업 공정 시스템의 기능 장애 및 중단으로 인해 발생하는 위험원으로부터 인명, 재산, 그리고 환경을 보호하기 위한 안전 기능을 제공하는 안전 보호 장치이다. 이러한 안전 기능은 시스템의 요청이 있을 때 그 기능을 알맞게 제공하기 위해, IEC 61508에서는 SIS의 안전 무결성 등급(SIL, Safety Integrity Level)을 검증해 시스템의 신뢰 안전성을 달성하도록 요구한다. SIL 검증에서 가장 중요한 사항은 SIS가 가지는 고장확률을 모델로 표현하고 분석하는 것이다. 만약 잘못된 확률 모델과 분석법을 적용하면 부정확한 SIL 검증으...
Recently, accidents caused by software errors have increased, and assuring the safety of software-intensive systems has become an essential requirement for system development. This paper introduces the safety activities required by functional safety standards in the automotive sector to prevent accidents and assure safety of ADAS AK-2 sensors, one...
최근 들어 안전 필수 시스템의 복잡도가 증가하며 소프트웨어의 비중이 증가하였다. 안전 시스 템의 제어 중심이 된 소프트웨어는 시스템을 제어하기 위해 제어 명령(Control action)을 생성하고, 발생한 피드백을 다시 입력 받는 제어의 상호 작용을 반복한다. STPA(System Theoretic Process Analysis)는 위 험원 분석 기법 중 하나로써, 제어의 상호 작용 관점에서 시스템을 분석하고 안전하지 않은 제어 명령이 제 공되는 원인을 사고 시나리오를 통해 식별하고 분석하여 안전 요구사항을 도출한다. 이번 연구에서는 안전 요구사항과 연결되는 STPA 사고 시나리오 식별 단계에서의 누락을 최소화하기 위...
Failure Mode and Effect Analysis (FMEA) is a traditional technique for systematically analyzing cause and consequence relations between component faults and potential hazards during the system life cycle. Nevertheless, in the context of complexity of modern systems, FMEA is weak for dealing with interactions of system components. System Theoretic P...
While testing reactive systems, there seems to be many difficulties due to their behavioural characteristics of performing actions through the direct interaction with the environment. Synthesis is a prominent approach to overcome this problem. It is a technique for generating a feasible system automatically with-out any extra verification work on w...
Safety is a concerned point in today’s railway control system. Historical evidence on railway control system failure makes a matter of concern on safe control system. In this paper, we present a use/misuse case based safety framework for a railway control system with integrated safety analysis. The framework comprises of two major processes i.e. us...
System theoretic process analysis (STPA) and Functional resonance analysis method are two important techniques of safety analysis in embedded systems. However, both are used for systemic hazard analysis to evaluate failure and causality of the system but often used separately. In this paper, we present an approach for integrating systemic based saf...
철도 시스템의 안전성 표준인 IEC 62278은 위험원 분석을 통해서 철도 시스템이 가질 수 있는 위험원을 예방하거나 또는 제어하도록 요구한다. 만약 위험원 분석이 충분하지 않으면 사고가 발생할 가능성이 높기 때문에, 위험원 분석을 보다 철저히 수행할 필요가 있다. 본 논문에서는 기존의 신뢰성 기반 방법과 시스템 이론적 방법을 상호 결합한 하이브리드 위험원 분석을 제안한다. 제안하는 방법은 기존 위험원 방법을 상호 보완하는 것으로서, 시스템 구성 요소의 고장으로 인한 위험원과 구성 요소들 간의 상호작용으로 인해 발생되는 제어 위험원을 함께 분석한다. 열차간의 속도를 자동 제어하는 다중 적응형 순항 제어 장치의 안전 보호...
Use case diagram is a representation of user's interaction which can recognize the impact on the use cases and involved actors. In this paper, use case and misuse cases are used to elaborate system theoretic process analysis (STPA). We generate a set of basic software safety requirements from misuse cases based STPA. This provides a pathway where s...
소프트웨어의 규모가 커지고 복잡할수록, 소프트웨어로 인한 위험원을 관리하는 안전성 분석이 더욱 중요하다. STPA(System Theoretic Process Analysis)는 시스템 이론에 기반한 안전성 분석 기법으로 소프트웨어의 안전성 분석에 널리 사용되고 있다. 비록 STPA가 기존의 신뢰성 이론 기반의 안전성 분석 방법에 비해서 소프트웨어적인 측면을 잘 다루고 있다고는 하
지만, STPA는 위험도 평가를 다루지는 않는다. 본 논문에서는 STPA에 위험도 평가를 추가하여 소프트웨어의 안전성을 분석 및 관리하고자 한다. 제안하는 방법은 사례로 선정한 모형 철도 시스템에 적용해 그 효과성을 확인한다.
The complexity of software-intensive systems is a challenge for software developers in choosing the optimal method from hundreds safety analysis methods. This paper proposed a comparison between two common safety analysis techniques: Software Failure Mode and Effect Analysis (SFMEA) and System Theoretic Process Analysis (STPA). The comparison is ba...
This paper presents an integrated safety analysis methodology for safety critical systems. In first approach, known as evolutionary safety analysis, we describe system failure models through hierarchical system structure including different safety analysis techniques like Preliminary hazard analysis (PHA), Hazard and operability study (HAZOP), Faul...
In this paper, failure analysis of a railway level crossing system is studied using failure state machine. It was previously perceived that formal verification of safety critical system is possible using model checking and safety analysis technique [1]. Thus, in this study, we introduce some failure case study in previous approach [1] and failure a...
Generally, safety analysis is difficult to apply to software that has the characteristic of resulting the wrong system behavior, not as a failure. So many researches continue to relate software safety analysis. This paper presents an extended hierarchical safety analysis method for software-intensive system which combines hierarchical safety analys...
In this paper, we present the hierarchical safety analysis for eliciting traceable safety requirements. The proposed technique was used to the case study of railway system as an example. In this work, FMEA and HAZOP analysis are used as safety analysis technique in order to illustrate hierarchical safety analysis showing traceability.
본 논문에서는 소프트웨어 안전성 분석의 중요성과 안전성 분석을 소개하고, 철도 분야라는 도메인에서 소프트웨어의 안전 요구사항 추출을 위한 안전성 분석 지침을 보인다. 지침은 사례로 선정한 철도 건널목 시스템 및 제어 소프트웨어 개발에 적용해 예시를 보인다. 안전성 분석을 하기 위해서는 위험원을 식별하고, 식별된 위험원의 위험도를 분석해야 한다. 본 논문에서는 PHA와 SHA, FMEA로 안전성 분석을 수행하였다.
This paper proposes a unified approach for UML based safety oriented railway level crossing using model checking and fault tree analysis. The main goal of this research is to show the possibility to combine the concept of traditional safety analysis technique FTA and formal verification technique model checking for UML based safety oriented railway...
GR(1) synthesis generates a reactive controller automatically, if the given specification written in the fragments of Linear Temporal Logic is realizable. In order to pervade GR(1) into software engineering practice, the difficulty of writing declarative specification must be moderated. This paper conducted a case study to learn about the experienc...
본 논문에서는 만족 가능성 문제가 컴퓨터 소프트웨어에서 어떻게 활용될 수 있는지 소개하고, 숫자 퍼즐 게임을 만족 가능성 문제로 간주하여 풀어낸다. 주어진 문제를 만족 가능성 문제로 해결하기 위해서는 주어진 문제를 추상화한 후에 이를 CNF(Conjunctive Normal Form) 형식의 명제 논리식으로 표현해야 한다. 이를 CNF 인코딩이라고 부른다. 본 논문에서는 세 가지 CNF 인코딩 알고리즘으로 숫자 풀이를 풀이하였고 사용된 세 알고리즘을 변수의 수, 절의 수 및 소요시간 측면에서 비교 분석하였다.
We consider the problem of a numbers puzzle having different size based on matrices. We start formulating the problem in the structure based on the different requirements of the puzzle in order to solve it. First, we use NuSMV model checking tool for the different size of the puzzle in order to get the solutions. Secondly, we use a SAT solver for t...
본 논문에서는 소프트웨어의 검증 방법 중 하나인 모형 검사가 컴퓨터 소프트웨어에서 어떻게 활용
될 수 있는지 소개하고 테세우스와 미노타우로스 게임을 모형 검사를 활용하여 풀어낸다. 게임의 풀이
는 교대 방식 시맨틱스와 병행 방식 시맨틱스의 두 가지 방식으로 해석해 서로 비교한다. 이를 위해서
는 모형 검사를 위한 모형을 작성하는 것이 필수이다. 본 논문에서는 모형 검사를 위해 모형을 제작한
경험을 설명한다. 끝으로 각 게임 방식의 풀이 생성에 소요되는 시간을 분석한다.
In this paper, we present a research utilizing decentralized LTL specifications for ensuring a quality for interaction-centralized system. In this system, for ensuring the quality, we need to validate interactions between modules of the system and then we should check whether the system achieves the expected requirements. This task remains difficul...
In this paper, we present a technique for simulating the synthesized automata from decentralized specifications in linear temporal logic (LTL). Each automaton is synthesized from individual specifications written by generalized reactivity called GR(1) formula which is a restricted fragment of LTL. GR(1) specifications have a possibility of includin...
The IMA (Integrated Modular Avionics) architecture is widely used to support multi avionics applications and execute those applications independently. It is important to ensure the fault containment and ease of verification and certification in IMA. However during the inter-partitions communication, because it is performed by copying a message betw...
Synthesis is to construct a controller automatically satisfying the given specification. In this paper, we are interested in synthesizing a controller for multi robots and simulating it. Thus, we extend the LTLMoP [3] simulator to show the interaction among multi robots and describe it with a case study.
Get-Me-Out puzzle can be regarded as one player reachability game. And one player reachability game can also be regarded as model checking problem. Using this transitive relation, the puzzle can be solved with state-of-the-art model checking tool. This paper presents the problem formulation of the puzzle as a transition system and then transforms t...
To alleviate the complexity and changeability of development of large scale embedded system, the Model Driven Development is accepted by various fields of industries and their standards. In this approach, design models with vast configuration data are translated into executives automatically. However it's difficult to detect incorrect values from t...
Model checking complex systems always suffers from the state explosion problem. Over the last 10 years there has been lots of researches on how to mitigate the state explosion problem. As a result, many techniques have been emerged such as absiraction, compositional reasoning, and exploiting symmetry. In line with these efforts, this paper proposes...
BOGOR model checking framework is developed for Object-Oriented software verification. It represents system as BIR (Bandera Intermediate Language). To model checking BIR, the BOGOR represents state as a node and transition as edge. First, BOGOR generates node and edge. Second, Model checking is performed in graph structure. However, this approach i...
Multi-threaded Java programming such as an internet server program is difficult, because it is hard to detect subtle errors within multi-threading. LTSA is a tool for modeling and analyzing for catching some kinds of thread bugs, but still there remains scalability problem to deal with bigger applications. In this paper, we introduce a SAT based ve...
State explosion problem is a major huddle in model checking area. The model described in the temporal model checking is mainly
control flow model. The fFSM is a model for describing the control flow aspects in PeaCE(Ptolemy extension as a Codesign Environment), which is a hardware/
software codesign environment to support complex embedded systems....
Nowadays, there are some subtle errors in a software system. So verification technique is very important. The one of important
verification technique is model checking technique. Model checking is a technique to verify behavior of system with desired
property. There are many researches about software model checking. As a result, predicate abstracti...
Since many desirable properties about finite-state model are expressed as a reachability problem, reachability algorithms have been extensively studied in model checking. On the other hand, reachability algorithms play an important role in game solving since reachability games are often described as a finite state model. In this sense, reachability...
A Sudoku puzzle can be regarded as a propositional SAT problem. Various encodings are known for encoding Sudoku as a Con-junctive Normal Form(CNF) formula. Using these encodings for large Sudoku puzzles, however, generates too many clauses, which impede the performance of state-of-the-art SAT solvers. This paper presents an op-timized CNF encoding...
PeaCE(Ptolemy extension as a Codesign Environment) was developed for the hardware and software codesign framework which allows
us to express both data flow and control flow. The fFSM is a model for describing the control flow aspects in PeaCE, but it has difficulties in verifying their specifications
due to lack of their formality. Thus we propose...
Since the security policy model plays an important role in any secure information system, its specification has been studied
extensively. In particular, UML-based specification has widely used because of its visual characteristics. Although visual
specifications are good to write, they are difficult to verify whether some desired properties are hol...
Box-pushing games are a challenging problem for both man and machine since it is not easy to find out a minimal solution for the games. This paper describes a formal framework for solving the games via symbolic model checking techniques. Since our method is automatic and sound, it gives a minimal solution if model checking succeeds. However, this f...
In this paper, we automatically solve Push-Push game with model checking techniques which exhaustively explores all search
space. Although model checking finds out the best solution for the game, it always suffers from the state explosion problem.
To overcome this well-known problem, we use clever methods such as abstraction and pruning. In additio...
Model checking of UML statecharts is the main concern of this paper. To model check it, however, its description has to be
translated into the input language of the model checker SMV. For the purpose of translating UML statecharts as closely as
possible into SMV, we use rewrite rules and its operational semantics.
In many boolean-satisfiability problems, one must encode the constraint that at most one of n propositional variables is true. With a naïve encoding, this requires O(n 2) CNF clauses. We present a flexible alternative encoding that only requires O(n) clauses, at the expense of O(n) extra variables. The proposed encoding technique also allows effici...