Automatic verification of finite-state concurrent systems using temporal logic specifications
ACM Transactions on Programming Languages and Systems (TOPLAS)
Software safety: why, what, and how
ACM Computing Surveys (CSUR)
Safety analysis of timing properties in real-time systems
IEEE Transactions on Software Engineering - Special issue on reliability and safety in real-time process control
Tentative steps toward a development method for interfering programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
On the synthesis of a reactive module
POPL '89 Proceedings of the 16th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The phenotype of erroneous actions
International Journal of Man-Machine Studies
Model checking and modular verification
ACM Transactions on Programming Languages and Systems (TOPLAS)
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
Task Analysis for Human-Computer Interaction
Task Analysis for Human-Computer Interaction
Modelling erroneous operator behaviours for an air-traffic control task
AUIC '02 Proceedings of the Third Australasian conference on User interfaces - Volume 7
PROPEL: an approach supporting property elucidation
Proceedings of the 24th International Conference on Software Engineering
Alternating-time temporal logic
Journal of the ACM (JACM)
CONCUR '99 Proceedings of the 10th International Conference on Concurrency Theory
UML Activity Diagrams as a Workflow Specification Language
«UML» '01 Proceedings of the 4th International Conference on The Unified Modeling Language, Modeling Languages, Concepts, and Tools
ICATPN '97 Proceedings of the 18th International Conference on Application and Theory of Petri Nets
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
YAWL: yet another workflow language
Information Systems
Using software engineering technology to improve the quality of medical processes
Companion of the 30th international conference on Software engineering
The temporal logic of programs
SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Spin model checker, the: primer and reference manual
Spin model checker, the: primer and reference manual
A Formal Model of Human Workflow
ICWS '08 Proceedings of the 2008 IEEE International Conference on Web Services
Enhanced operator function model: a generic human task behavior modeling language
SMC'09 Proceedings of the 2009 IEEE international conference on Systems, Man and Cybernetics
Learning component interfaces with may and must abstractions
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Formal model of human material-handling tasks for control of manufacturing systems
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Aviation safety: modeling and analyzing complex interactions between humans and automated systems
Proceedings of the 3rd International Conference on Application and Theory of Automation in Command and Control Systems
Hi-index | 0.00 |
Aberrant behavior of human operators in safety critical systems can lead to severe or even fatal consequences. Human operators are unique in their decision making capability, judgment and nondeterminism. There is a need for a generalized framework that can allow capturing, modeling and analyzing the interactions between computer systems and human operators where the operators are allowed to deviate from their prescribed behaviors for executing a task. This will provide a formal understanding of the robustness of a computer system against possible aberrant behaviors by its human operators. We provide a framework for (i) modeling the human operators and the computer systems; (ii) formulating tolerable human operator action variations(protection envelope); (iii) determining whether the computer system can maintain its guarantees if the human operators operate within their protection envelopes; and finally, (iv) determining robustness of the computer system under weakening of the protection envelopes. We present Tutela, a tool that assists in accomplishing the first and second step, automates the third step and modestly assists in accomplishing the fourth step.