Critical systems

This theme provides innovative research in all aspects of the specification, design, modelling, analysis, verification and run-time control of any software intensive system whose operation has an impact on human health, the environment, security or the economy. Such systems are found in the avionics industry, the automotive sector, robotics, industrial control, power generation and distribution.

To find out more about research in this area, contact Professor Alan Burns. 

To see recent publications relating to this theme, visit the York Research Database.


Theme lead: Professor Alan Burns

Dr Rob Alexander
Dr Katrina Attwood
Professor Neil Audsley
Professor Jim Austin
Dr Iain Bate
Professor Alan Burns
Dr Radu Calinescu
Professor Ana Cavalcanti
Dr Rob Davis
Dr Simos P. Gerasimou
Dr Ian Gray
Dr Ibrahim Habli
Dr Richard Hawkins
Dr Leandro Soares Indrusiak
Dr Jeremy Jacob
Professor Tim Kelly
Professor Dimitris Kolovos
Professor John McDermid
Professor Richard Paige
Dr Detlef Plump
Dr Christopher Power
Dr David Pumfrey
Dr Siamak Shahandashti
Dr Vasileios Vasilakis
Professor Jim Woodcock
Professor Andy Wellings


Selected current externally funded projects

RoboCalc: A Calculus for Software Engineering of Mobile and Autonomous Robots

Contact: Professor Ana CavalcantiProfessor Jim Woodcock

Funder: EPSRC

This project involves developing a framework for integrated modelling, simulation, and programming of mobile and autonomous robots covering the full life cycle of development. The project adopts similar notations to those already in widespread use, but enriched with facilities to specify the environment and timed and probabilistic behaviours. For simulation, a language that captures facilities of major tools will be identified. The framework ensures that models and simulations are consistent and properties established by analysis and simulation are preserved in the robotic platform. The purpose is not to change current practice but to enrich it with sound validation and verification techniques. Challenges will be sound combination of notations and techniques, automation, and scalability.


RoboTest: Systematic Model-Based Testing and Simulation of Mobile Autonomous Robots

Contact: Professor Ana CavalcantiProfessor Jim Woodcock

Funder: EPSRC

This project will see the development of novel automated test-generation techniques for mobile and autonomous robots. A RoboTest tester will construct a model of a robot using a notation already employed in the design of simulations and implementations. With the push of a button, the tester generates and executes tests for simulations, choosing from a variety of simulators, and then produces deployment tests. The RoboTest tester is in a strong position to understand the reality gap between the simulation and the real world. The RoboTest tester knows that test verdicts are correct and that tests are guaranteed to find faults of an identified class, and so can answer the difficult question: have we tested enough? RoboTest is moving the testing of mobile and autonomous robots onto a sound footing, making testing more efficient and effective and reducing longer term costs.


Mixed Criticality Cyber-Physical Systems (MCCps)

Contact: Professor Alan BurnsDr Iain BateDr Leandro Soares Indrusiak

Funder: EPSRC

This project is concerned with the next generation of cyber-physical systems that will need to support mixed-criticality systems, make use of wireless communication, and incorporate a number of fault tolerance techniques to add to the safety and resilience of such systems. A key aspect of the research is to produce resource efficient schemes that will minimise the hardware footprint and run-time operating costs.



Contact: Professor Alan Burns

Funder: EPSRC

This project is concerned with the modelling and analysis of systems that structured using layers in either the functional, temporal or power consumption domains. This project is joint with Newcastle University.



Contact: Professor John McDermidProfessor Richard PaigeProfessor Dimitris Kolovos

Funder: Aerospace Technology Institute/Innovate UK

This project is a three-year industry-wide initiative to deliver a step change improvement in the affordability and delivery of aerospace systems through tackling the problem of software cost. SECT-AIR will scope and prototype a pan-industry and academia UK software centre of excellence that will protect and develop the UK as a world leader in critical and complex systems development. This will enable development of the next generation of aerospace products.

The project will also mature innovative technical methods to:

  • reduce effort through automation
  • reduce rework costs through more precise specification, early validation and agile methods
  • increase reuse and flexibility through modularisation and openness
  • develop processing solutions to reduce the costs of obsolescence that afflict aerospace due to its long in-service timescales.

This project will embed industrially viable and certifiable solutions. It will deliver more mature tooling and processes within the UK industry to higher technology readiness levels, creating high-value jobs as a result.



Contact: Professor Dimitris KolovosProfessor Richard Paige

Funder: EU H2020

Businesses are increasingly adopting open-source software applications to support their day-to-day activities. These businesses face the challenge of choosing an open-source application that fits their needs and has some likelihood of continued support. It is potentially hazardous for an organisation to adopt an open-source application that has no potential for long-term support.

The CrossMiner project focuses on supporting organisations to make better-informed decisions about the healthiness and appropriateness of open-source applications by providing online and offline monitoring of open-source projects.

The development of the CROSSMINER platform is guided by an advisory board of world-class experts and the dissemination of the project will be led by The Open Group.


Knowledge Transfer Partnership with Rolls-Royce I - ATICS

Contact: Dr Iain Bate

Funder: Innovate UK

This project will provide key components of Rolls-Royce’s overall strategy to transfer mixed-criticality scheduling (MCS) into the company. MCS is essential for enhancing the functionality of the company's systems and driving down their costs.

The three key areas are:

  1. automated test case generation for Worst-Case Execution Time analysis
  2. supporting Roll's-Royce to decide on their overall MCS strategy
  3. automated interference analysis to allow a move to preemptive scheduling and more advanced processor architectures.


Knowledge Transfer Partnership with Rolls-Royce II

Contact: Professor Dimitris KolovosProfessor Richard Paige

Funder: Innovate UK

This project, due to start in summer 2018, will develop novel model-driven engineering technology for working with large and complex heterogeneous models in the aerospace and avionics domain.


Knowledge Transfer Partnership with Smith and Nephew

Contact: Professor Dimitris KolovosProfessor Richard Paige

Funder: Innovate UK

The aim of the knowledge transfer partnership is to implement model based methods and tools that

  • enable effective working partnerships with stakeholders for developing medical devices
  • incorporate state-of-the-art risk and safety case management facilities to assure utmost quality and safety.

Smith & Nephew (S&N) is a diversified advanced medical technology company that supports healthcare professionals in more than 100 countries worldwide, employing around 16,000 people. The company develops and produces pioneering products across three main franchises: Advanced Wound Management (AWM), sports medicine and orthopaedic reconstruction. With manufacturing facilities worldwide and deep knowledge of the needs of surgeons and nurses, the company creates quality products to help restore quality of life for the patients. The Hull S&N campus focuses on the AWM part of the business, where site activities are dominated by manufacturing of absorbent and on Negative Pressure Wound Therapy (NPWT) electronic devices.

This knowledge transfer partnership will lead the transition of S&N's processes into a new design and development methodology for electronic medical devices where requirements, risks, and safety cases are captured using structured models such as SysML for requirements and GSN/SACM for safety cases, rather than Microsoft Office documents, and are shared with stakeholders using a centralised version control repository. This will allow S&N to streamline activities such as change tracking, conduct automated model analysis and automate manual processes.


Knowledge Transfer Partnership with IBM UK

Contact: Professor Dimitris KolovosProfessor Richard Paige

Funder: Innovate UK

IBM provides a financial and operational performance management (FOPM) solution known as IBM Planning Analytics. The traditional sales process for an FOPM solution has the disadvantage of being time consuming: consultants invest a lot of time working with a company to demonstrate the value of the solution and manually translate their spreadsheets. This costly process prevents most small or medium-sized companies from purchasing IBM solutions. The semi-automated solution produced by this project would lower the entry barrier, enabling smaller businesses to benefit from powerful FOPM solutions. This project will implement model-based and machine learning tools that enable transformation from FOPM spreadsheets into cognitive models. The project will also provide guidance for consultants working with spreadsheets and models in solving their clients’ problems.



Contact: Professor Dimitris KolovosProfessor Richard Paige

Funder: EU H2020

The need for levels of availability and scalability beyond those supported by relational databases has led to the emergence of a new generation of purpose-specific databases grouped under the term NoSQL. In general, NoSQL databases are designed with horizontal scalability as a primary concern and deliver increased availability and fault-tolerance at a cost of temporary inconsistency and reduced durability of data. To balance the requirements for data consistency and availability, organisations increasingly migrate towards hybrid data persistence architectures, comprising both relational and NoSQL databases. The consensus is that this trend will only become stronger in the future; critical data will continue to be stored in ACID (predominately relational) databases while non-critical data will be progressively migrated to high-availability NoSQL databases. As the volume and value of natural language content constantly grows, built-in support for sophisticated text processing in data persistence architectures is increasingly becoming essential.

The aim of TYPHON is to provide a methodology and integrated technical offering for designing, developing, querying and evolving scalable architectures for persistence, analytics and monitoring of large volumes of hybrid (relational, graph-based, document-based, natural language etc) data. TYPHON brings together research partners, industrial partners, an industrial advisory board, and a global consortium including more than 400 organisations from all sectors of IT. TYPHON’s research partners have a long track record of conducting internationally leading research on software modelling, domain-specific languages, text mining and data migration, and delivering research results in the form of robust and widely used open-source software. The industrial partners are active in the automotive, earth observation, banking, and motorway operation domains. The industrial advisory board consists of world-class experts in the fields of databases, business intelligence and analytics, and large-scale data management.


Dependability Engineering Innovation for Cyber Physical Systems (DEIS)

Contact: Professor Tim Kelly

Funder: DSTL

Cyber-physical systems (CPS) provide the potential for vast economic and societal impact in domains such as automotive, health care and home automation. The open and cooperative nature of CPS poses a significant new challenge in assuring dependability. The DEIS project addresses this important and unsolved challenge by developing technologies that enable a science of dependable system integration. Such technologies facilitate the efficient synthesis of components and systems based on their dependability information. The key innovation in the approach of the DEIS project is the concept of Digital Dependability Identity (DDI). A DDI contains all the information that uniquely describes the dependability characteristics of a CPS component. DDIs are used for the integration of components into systems during development as well as for the dynamic integration of systems into systems of systems in the field​.


Continuous Planning of Operational Processes Applied to Non-combatant Evacuation Operations (COPE)

Contact: Dr Radu CalinescuDr Suresh Manandhar

Funder: DSTL

The project develops a machine learning technology for continuous planning of operational processes carried out in uncertain, changing environments. We aim to deliver:

  • an activity planning methodology based on stochastic modelling, natural-language processing and fusion of dedicated intelligence, surveillance and reconnaissance and open-source intelligence
  • a software platform for developing continuous planning solutions using our methodology
  • a demonstrator for continuous planning of eligible-person evacuation routes for non-combatant evacuation operations.

The project addresses planning challenges common to many defence operations by leveraging recent research from DSTL and EPSRC-funded projects at the University.


Continual Analysis of Operational Process Dependability (CAOPS)

Contact: Dr Radu Calinescu

Funder: DSTL

The success of defending a naval ship group during air warfare engagements relies on the dependable execution of complex operational processes in continually changing, uncertain scenarios. Deciding when and how to modify these processes in response to changes in the environment - in mission goals and in the behaviour of process participants - represents a major challenge. This project contributes to addressing this challenge by devising rigorous techniques for the real-time stochastic modelling and analysis of the dependability attributes of safety-critical operational processes. These techniques will be applied to a Type-45 operations room (Ops Room) in order to model the activity conducted in the Ops Room and to support decision making during an air engagement.


Integrated correctness analysis & performance evaluation (ICAP)

Contact: Dr Radu Calinescu

Funder: Microsoft Research

Software model checking and software stochastic verification are respectively techniques for verifying whether software meets its functional requirements and for establishing performance properties of software. The two techniques, and the models they operate with, have traditionally been disjointed, yet software must simultaneously ensure a combination of functional and non-functional requirements. This PhD project will bring the two areas of software verification together.

To achieve this, the project will devise stochastic models, verification techniques and a model checker that will support the integrated analysis of the correctness of software, together with the evaluation of its performance. The project will contribute to one of the key research directions identified by the verification research community, addressing a major challenge in the design and verification of software systems.


Assured Reinforcement Learning for Safety-Critical Systems (ARL)

Contact: Dr Radu CalinescuDr Daniel Kudenko

Funder: ​DSTL

This project has developed an assured reinforcement learning framework comprising a theoretical foundation and practical techniques for the adoption of reinforcement learning in the safety-critical domain. The framework uses continuous formal verification to devise and operate autonomous software agents whose safety properties are guaranteed by irrefutable mathematical proofs.


Assurance of Deep-Learning AI Techniques

Contact: Dr Radu Calinescu

Funder: Lloyd’s Register Foundation

Robotics and autonomous systems increasingly use artificial intelligence (AI), and many systems learn in operation. This poses challenges for safety assessment due to the lack of visibility of what has been learnt prior to system deployment, and to potential changes in behaviour from learning in operation. Several approaches to managing these challenges have been explored, including modifying the AI systems, for example neural networks, to 'export' a model of what they have learnt, and constraining the learning to ensure safety objectives are met. The project will investigate and extend these approaches and propose methods for assuring the safety of AI, with a focus on deep learning AI techniques, which are widely adopted in industry.


Dynamic Risk Assessment

Contact: Dr Ibrahim Habli

Funder: Lloyd's Register Foundation

Robotics and autonomous systems, particularly those that learn and adapt, bring both safety benefits and risks. We will establish new risk models and analyses that continually assess and dynamically evolve the safety argument and evidence for these systems. This will help ensure that our confidence in the safety of robotics and autonomous systems is consistent with the way in which the systems are actually learning and behaving, which is hard to predict prior to deployment. The research is highly collaborative, involving industrial partners such as NHS Digital and Bosch, international researchers including NASA Ames, and interdisciplinary collaborators such as ethicists, economists and psychologists.


The Wearable Clinic: Connecting Health, Self and Care

Contact: Dr Ibrahim Habli

Funder: EPSRC

A collaboration between the Universities of Manchester and York, the EPSRC-funded Wearable Clinic is aiming to develop algorithms, statistical models, and software that integrate electronic healthcare records with data collected from wearable wrist sensors and smartphone technologies. Being able to monitor symptoms in daily life will help predict adverse events. We will be focussing on two clinical exemplars of long-term conditions: schizophrenia and chronic kidney disease.


Reducing Medication Errors through Proactive and Dynamic Safety Reasoning

Contact: Dr Ibrahim Habli

Funder: NIHR Patient Safety Translational Research Centre

This project builds on the Safety Modelling, Assurance and Report Toolset (SMART) that is currently being developed and evaluated by the University of York and NHS Digital. The research will extend SMART through new dynamic risk models and uncertainty assessment algorithms for proactively computing the confidence in, and updating the reasoning about, the safety of the medication services based on real-time data.

This will be combined with a set of update rules triggering actions in response to changes in the services, clinical settings, the safety argument or the confidence in that argument, prompting action on leading indicators/precursors before they potentially develop into errors and patient harm. Usability and user acceptance is a primary requirement. Data and risk communication interfaces will be adapted to suit the different needs and concerns of various stakeholders, eg patients, clinicians, managers, researchers and engineers.


Future factories in the Cloud

Contact: Dr Ibrahim HabliDr Richard HawkinsProfessor Tim Kelly

Funder: Swedish Foundation for Strategic Research

Moving a large part of the production complexity in factories to the Cloud has benefits in cost, energy efficiency, sharing of resources, increased flexibility, adaptability and evolvability, and generally providing a strong basis for innovation. However, there are associated challenges, including providing efficient, predictable, safe and secure computation and communication, and coping with the huge amounts of data needed to provide the envisioned intelligence. These challenges are particularly demanding in safety-relevant systems, such as transportation and manufacturing.

The project will provide generic solutions for future factories in the Cloud in the form of an integrated set of techniques and generic tools for future smart products and production systems, including architectural templates for Cloud-based production; algorithms and tools for safe and secure communication and computation, specifically handling big data; and techniques for efficient and predictable sharing of computation and communication resources. The research will be based on real usage scenarios and results demonstrated and evaluated in industrial contexts.

Safety Argument Pattern Catalogue for Distributed Vehicle Architectures

Contact: Professor Tim KellyDr Ibrahim Habli

Funder: Jaguar Land Rover

The project will develop an engineering framework for assuring the safety of distributed vehicle architectures. The framework will comprise hazard and risk analysis guidelines and a safety argument pattern catalogue for developing a whole vehicle safety case, with a particular focus on the networks architecture and the distribution of critical functionalities.


SAFIRE - Cloud-based Situational Analysis for Factories providing Real-Time Reconfiguration Services

Contact: Dr Leandro Soares Indrusiak

Funder: EU H2020

The primary objective of the SAFIRE project is to develop cloud-based analytics and reconfiguration capabilities that provide both reactive and predictive reconfiguration for both production systems and smart products. It will enable flexible runtime reconfiguration decisions during production, rather than pre-planned at production planning time, with the aim of advising on reconfiguration decisions for optimisation of performance and real-time production and product functions. The project targets two related technology challenges for smart factories that present new opportunities for improving production, products and services: Interconnected Systems of Production Systems (SoPS) and Connected Product Networks (CPNs).


PHANTOM - Multi-Objective Programming for Parallel Computing Systems

Contact: Professor Neil Audsley

Funder: EU H2020

The overall objective of the PHANTOM project is to deliver an integrated cross-layer (hardware and system software/programming environment), multi-objective and cross-application approach that will enable next generation heterogeneous, parallel and low-power computing systems, while hiding the complexity of computing hardware from the programmer, as a result fostering productivity in programming.