- What's New?
in last-first order, our publications in the last ten years.
Arranged by category:
Back to Contents
Other Venues
blogs at The Abnormal Distribution
at the URL
Publications of the
tech-transfer company Causalis Limited
may be found on the
Causalis Limited Publications Page.
Significant recent published work
In last-to-first order:
Assurance Points in Software Development
Peter Bernard Ladkin
21 May 2018
The slideset to accompany PBL's Keynote talk at the 6th Scandinavian Conference on Software and
System Safety in Stockholm. The slideset to accompany the talk was not intended as read-alone. This
set has been extended with a Prolegomenon giving the main argument.
[ PDF ]
Digital System Safety - Mostly Qualitative Aspects
Peter Bernard Ladkin
[ Table of contents ] RVS-Bk-17-02, 11 December 2017
A Critical-System Assurance Manifesto: Issues Arising from IEC 61508
Peter Bernard Ladkin
A number of issues in critical-system assurance have arisen during discussions about the next
edition of the digital-system functional safety standard IEC 61508. This book discusses statistical
evaluation, some key concepts with suggestions for redefinition where appropriate, and issues
concerning safety and and the increasing importance of effective cybersecurity. The chapters will be
individually updated as the conversation progresses.
[ Table of contents ] RVS-Bk-17-01, 10 December 2017
Power cuts - a view from the affected area
Roger Kemp
On 5th December, 2015, the centre of the city of Lancaster in North-West England was flooded by the river, including a central electricity substation in Caton Road near the river. All of central Lancaster suffered a power cut, which persisted over a day and days until electricity was reliably restored. Professor Kemp lives there, and wrote this short piece about what happened. PBL thinks that it is one of the most important papers about resilience he has ever read.
Roger Kemp is a Professorial Fellow of Lancaster University and a Fellow of the Royal Academy of Engineering. He joined the University in 2003, after 30 years in industry, most recently with Alstom Transport. RVS is very grateful to Professor Kemp for agreeing to publication of his note.
24 January 2016 (written December 2015)
Practical Statistical Evaluation of Critical Software
Peter Bernard Ladkin and Bev Littlewood
Paper presented at the 24th annual Safety-Critical Systems Symposium, Brighton, UK, 2-4 February, 2016
In 2010, Rolf Spiker approached one of us with a query from a client concerning advisory material in IEC 61508 on the statistical evaluation of software. We realised that there is a dearth of practical guidance for those who wish to evaluate critical software statistically. We believe statistical evaluation of software is an increasingly important assurance technique. We commence with a brief introduction to some of the simpler statistics and then consider discursively the issues which arise during evaluation.
3 February 2016
Resilience is an Emergent System Property: A Partial Argument
Peter Bernard Ladkin and Bernd Sieker
Paper presented at the 24th annual Safety-Critical Systems Symposium, Brighton, UK, 2-4 February, 2016
Systems are collections of objects exhibiting joint behaviour. Some- times this behaviour is anticipated, sometimes not. We have studied a number of types of complex systems and their failures, including electricity supply grids, mo- torways, the financial system, and air traffic control. We argue that the resilience properties of such systems are largely emergent. We illustrate the thesis through analysis of three electricity blackout events. We consider one event in detail and two others summarily.
3 February 2016
Some Practical Issues in Statistically Evaluating Critical Software
Peter Bernard Ladkin
Presented at the IET System Safety and Cyber Security Conference 2015, 20-22 October, Bristol UK
In 2010, the author was approached with a query from industry concerning the application of IEC 61508-7:2010 Annex D, on the statistical evaluation of software. We realised that Annex D is not a helpful guide for a number of reasons. We discuss some common assessment scenarios and their quandaries and requirements for the application of statistical methods based on Bernoulli/Poisson mathematics.
21 October 2015
Causal Analysis of the 1991 Patriot Missile System Failure
Peter Bernard Ladkin
In 1991, a Patriot anti-missile system engaged but failed to shoot down a hostile Scud missile, which subsequently exploded at a US base in Saudi Arabia, killing some troops. There was "drift" in the value of a parameter used in the tracking algorithms which significantly reduced the chances of a successful engagement. Some discussion on the System Safety List suggests there were two software-engineering anomalies involved. One was the use of data-type-incorrect calculation (through type coercion); another was the choice of clock-time parameter. Martyn Thomas raised a question about the relative significance of the anomalies. I show that this question cannot be answered through purely-causal analysis.
12 May 2015
Practical Statistical Evaluation of Critical Software
Peter Bernard Ladkin and Bev Littlewood
In 2010, Rolf Spiker approached one of us with a query concerning the application of IEC 61508-7:2010 Annex D, on the statistical evaluation of software, which derived from a client. We relaised that Annex D gives sparse and sometimes misleading information to those who wish to evaluate critical software statistically, and embarked on a project to substitute Annex D with more helpful material. We have both encountered common assessment scenarios and their quandaries. We discuss them and the application of statistical methods, and conclude with a list of prerequisites to the application of Bernoulli/Poisson mathematics.
This paper has been submitted for publication.
01 March 2015
Software, the Urn Model, and Failure
Peter Bernard Ladkin
IEC 61508-7:2010 Annex D explicates some features of the statistical evaluation of software through its operational history. But it raises many questions. One is: how does the traditional urn model apply, if at all, to software? A second is: to what kinds of software does the reasoning in Annex D apply? A third is: do the confidence-interval numbers apply to all distributions of inputs? Recently, I have experienced reliability-engineering experts giving wrong answers to the second and third questions. It seemed worthwhile to explain correct answers in terms understandable also by non-professionals. This paper attempts to do so.
25 February 2015
Risks People Take and Games People Play
Peter Bernard Ladkin
in Parsons, M. and Anderson,
T., Engineering Systems for Safety, Proceedings of the Twenty-Third Safety Critical Systems
Symposium, SSS 2015, Bristol, UK, 3-5 February 2015, ISBN 978-1505689082, SCSC on Amazon. Paper to accompany a Keynote talk. It concerns the case of the shootdown of Malaysian Airlines Flight 17 over East Ukraine in 2014, and how one might assess the risk of such a commercial-aircraft shootdown. I suggest that the risk assessment is fundamentally different from that used in safety standards such as IEC 61508 or even in commercial-aircraft certification procedures. I suggest that, first, the values of certain quasi-Boolean parameters critical to the situation must be assessed, that these then determine a game in the sense of Thomas Schelling, who adapted game theory to political-scientific analysis, and that on the basis of the chosen game a straightforward risk analysis may then be performed. I discuss various special cases.
04 Febuary 2015
Risks People Take and Games People Play: Talk
Peter Bernard Ladkin
The slides from the Keynote talk at the Safety-Critical Systems Symposium 2015 in Bristol on 4 February 2015. It extends the paper, by showing how factors in the Causal Fault Graph can be assigned quasi-Boolean values, and that these values propagate through the CFG by virtue of the semantics of "necesary causal factor". A CFG can thus be pruned to represent the actual case to hand determined by the quasi-Booleans, and a risk assessment can be performed using the pruned CFG. This is an improvement over choosing games, because it is a uniform approach which does not rely on guessing a game.
Please note this file is large (about 57MB) and may take some time to download.
04 February 2015
A Real Paradox?
Peter Bernard Ladkin
I am interested in everyday logical reasoning. It seems to me it does not always adhere to the principles of "classical" logic, I would suggest for good reason. Mike Holloway asserted something in an e-mail discussion which may seem reasonable, and contradicts principles of classical logic along with maybe some of what are often taken to be properties of belief. That gave me the opportunity to construct what might be a classical-logic paradox. I lay it out here, but do not give the game away. The paper and its style is intended to interest curious teenagers rather than academics.
29 January 2015
Example of a Safety-Critical Element With Deliberately Unreliable Function
Peter Bernard Ladkin
Rainer Faller introduced the example of a SW element (entity in a system) which has a function which does not necessarily fulfil its safety requirements specification, which is triggered by a specific input known to the SW developer but not necessarily to an application developer who wishes to use the SW "out of the box". The question arises if and how such SW can be proposed for use in cases in which the element has to satisfy a SIL, in particular if statistical data on the SW functionality is taken as evidence for assessing the SW as fit for purpose. This paper discusses the case.
01 January 2015
A Series of Software-Related Sociotechnical System Failures
Peter Bernard Ladkin
This paper discusses the German railways WWW-based ticketing system and how it interacts with other operations of the railways as well as with customers. It stems from the author's recent personal experience. But it highlights the lessons in system engineering which could be learnt. They are broadly the same as in other areas of dependable SW engineering but here, as in other areas, still apparently lacking.
13 January 2015
Notes on Properties Needed in Software Safety Requirements
Peter Bernard Ladkin, Bernd Sieker, RVS White Paper 7
This is a discussion of state of the art in formal software requirements engineering in safety-critical systems and formal
checking procedures for requirements. It is intended that the results of discussion will be introduced into the maintenance of IEC 61508-3.
Commentary please to or
24 April 2014
Professional Opinion on Skills with Formal Description Languages
Many authors, compiled by Peter Bernard Ladkin and Bernd Sieker
This document compiles key contributions to a discussion on the use of formal description languages which took place in February 2014 on the System Safety mailing list, administered at the Faculty of Technology at the University of Bielefeld. It commenced with a request for comment. Pertinent contributions are included. A short commentary follows.
25 February 2014
The Importance of Logic in the Informatics Curriculum
Peter Bernard Ladkin, RVS White Paper 6
We have recently discussed the importance (or otherwise) of logic in our informatics curricula in Bielefeld. This white paper discusses why some study of formal languages with unambiguous semantics, and logic in particular, is essential for any informatics curriculum. (More White Papers on this topic are planned to follow.)
18 February 2014
Communications Privacy and Surveillance: References
prepared by Peter Bernard Ladkin
Thirteenth Version, 4 March 2014
I am holding a seminar on communications privacy and surveillance this academic year (October 2013 - September 2014) and am compiling a list of WWW sources on the revelations starting in June 2013 on NSA and GCHQ surveillance of electronic communications, largely published by the Guardian newspaper in the UK, working with the New York Times and sometime the Washington Post in the US, and der Spiegel in Germany. These revelations started an important debate on the extent of surveillance, invasions of privacy, undermining the internet infrastructure, and the tensions and trade-offs between freedom, security and privacy, some of which we hope to conduct in the seminar. The document is updated on a roughly weekly basis.
Thirteenth version 4 March 2014; first version 7 November 2013
- Unfallursachenanalyse The Galloping Ghost, 2011, Reno, Nevada
[ PDF 3.4 M ]
Bachelor Thesis by Rico Magnucki, RVS Group, September 2013
Smart Meter Security Infrastructure: Some Observations
Jan Sanders, RVS White Paper 5
In 2012, Germany as well as great Britain were considering countrywide installation of so-called smart utility meters, which can communicate data in real-time on use of electricity, gas, and water in a building. We are concerned about the security issues that arise and wrote a very short overview, which we have conveyed to interested parties.
12 May 2012, mildly revised 5 December 2013
The Fukushima Dai-Ichi Accident
Peter Bernard Ladkin, Bernd Sieker and Christoph Goeker, eds.
Our book arising from the Eleventh Bieschweig Workshop in August 2011
is now available (December 2013) from the publisher,
LIT Verlag WebShop (please note there is a button on the WWW site for English-language and German-language pages). It includes longer articles on both engineering and risk issues by Lee Clarke, John Downer, Peter Bernard Ladkin, Stephen Mosley, Charles Perrow, Volkmar Pipek and Gunnar Stevens, Bernd Sieker and Stefan Strohschneider and is dedicated to Hal Lewis, one of the pioneers of accurate risk assessment of nuclear-power technology.
27 November 2013
Gefährdungsanalyse des Ladesystems für Elektrofahrzeuge
prepared by Peter Bernard Ladkin and Bernd Sieker
The German organisation for electrotechnical standards, DKE, has an ongoing effort to standardise, and to participate in international standardisation of, electrotechnical equipment for electric road vehicles. Such vehicles have large-capacity batteries, and may be charged from dedicated charging stations either at the roadside and directly connected to the grid ("Ladesäule", so-called Mode 3 charging) or attached to building supply circuits (Mode 2 charging). A committee of the DKE has prepared a hazard and qualitative-risk analysis of Mode 3 charging. We publish it here to invite public comment. The document is written in the German language. The Version here is Version 8, from 13 September 2012.
17 October 2013
A preliminary draft of our new book on Safety of Computer-Based Systems is on-line (spoiler: the 2013 version is significantly extended).
Safety of Computer-Based Systems
Peter B. Ladkin, Jan Sanders, Bernd Sieker,
[ Table of contents ]
RVS-Bk-11-01, draft version 1.0 of 27 July 2011.
Assessing Critical SW as "Proven in Use": Pitfalls and Possibilities
Peter Bernard Ladkin, RVS White Paper 4
The paper tells a short story about a fictional SW provider for critical systems (those which may be subject to dangerous failures as defined in IEC 61508), in order to show the weaknesses of current criteria for qualifying SW as "proven in use" in IEC 61508:2010, and indeed in some current proposals for their replacement. It concludes by suggesting a possible alternative way in which SW may be qualified as "proven in use" for critical uses.
17 June 2013
IEC 61508 Case Study
Peter Bernard Ladkin, RVS White Paper 3
The White Paper describes a case study with some hard questions to which the author has not seen satisfactory answers. The case study stems from two 2009 notes to a mailing list, and a subsequent working paper presented to the German functional safety standardisation group DKE GK914 in 2009.
20 February 2013
61508 Weaknesses and Anomalies
Peter Bernard Ladkin, RVS White Paper 2
The White Paper describes current suggestions as to what is wrong with the functional safety standard IEC 61508
12 February 2013, minor modification 20 February 2013
Standards for Standards: Improving the Process
Peter Bernard Ladkin, RVS White Paper 1
The White Paper describes three principles for the development of technical standards which would improve both the technical quality of standards and their function as disseminating best practice.
3 February 2013
Root Cause Analysis: Terms and Definitions, Accimaps, MES, SOL and WBA
Peter Bernard Ladkin
From late 2012 until January 2013, I was involved in an effort to write a standard for causal analysis of focus events, Root Cause Analysis (RCA). Our WBA is a RCA technique, for example. Use of RCA seems to be split between the industrial quality-control community, who use it to improve processes, and accident analysts, who use it because most significant accidents must be causally analysed for a variety of legal and technical reasons. Our work derives from the accident-analysis community. This paper includes material on terms and definitions, as well as short surveys of the accident-analysis techniques mentioned in the title, which I produced for the standardisation effort but which will not be used, along with an introduction containing pointers to the literature on widely-used techniques which are not addressed here.
21 January 2013
Hot Issues in Software Safety Standardisation
Peter Bernard Ladkin
Slides for a Keynote talk PBL gave at the 2012 IET System Safety conference in Edinburgh on 16th October, 2012. A video of the talk, including a fine performance of one of PBL's favorite tunes, Gordon Duncan's composition Pressed for Time by the magnificent piper Lorne MacDougall (about 43 minutes into the video) can be found on at this page
20 November 2012
Verbal Communication Protocols in Safety-Critical System Operations
Peter Bernard Ladkin
A version of an article written for the Handbook of Technical Communication, ed. A. Mehler and D. Gibbon, Mouton de Gruyter, Berlin, to appear 2012. It is about what the title says.
18 November 2011
The Assurance of Cyber-Physical Systems: Auffahr Accidents and Rational Cognitive Model Checking
Peter Bernard Ladkin
Aa somewhat whimsical draft, written in blog style, of a chapter or part of a chapter of a book on Cyber-Physical Systems, ed. H. Giese, B. Rumpe, B. Schätz and J. Sztipanovits, publisher under negotiation, 2012. The book arose, as did this note, from Seminar 11441 on Science and Engineering of Cyber-Physical Systems at the Leibniz Centre for Informatics at Schloss Dagstuhl in the Saarland on 1-4 November, 2011. PBL took part in the subgroup on certification and assurance of cyber-physical systems. Participants opined that there is something essentially new and different about assuring such systems (for safety, say) and this is an attempt to put a finger on one new aspect.
17 November 2011
Murphy Was An Optimist
Kevin Driscoll, Honeywell International, Inc.
Version 19 of a lecture by Kevin, which he had been invited to give at SAFECOMP 2010 in Vienna, which lecture PBL chaired. This set of slides includes the first known photograph of a Byzantine fault, something which before then was regarded as pure behavior. His photo is of a transistor which transmogrified into a capacitor, raising the daunting prospect of (as Kevin calls it) Transmogrification Analysis, which consists in analysing the behavior of a digital system in which electronic components morph into something else. Many thanks to Kevin for agreeing for us to present his fine lecture on this site!
The Fukushima Accident
Peter Bernard Ladkin
A version of the paper to accompany a keynote talk PBL gave at the 20th Safety-Critical Systems Symposium in Bristol in February 2012. The paper will be published in the Proceedings, to appear with Springer-Verlag, London, 2012. The original will be available at
09 November 2011
A series of slide sets and essays
Robin Bloomfield, Lee Clarke, John Downer, Peter Bernard Ladkin, Charles Perrow, Bernd Sieker, Martyn Thomas
on the Fukushima nuclear accident and systems prone to extreme unsafe events (EUEs), given at the 11th Bieleschweig Workshop
3-4 August 2011
Dependable Software: A View
Peter Bernard Ladkin
Slides for a Keynote talk at the Ada Connection 2011 conference in Edinburgh, Scotland. Note these are by no means the same as the paper below, which I wrote three months before, for the conference volume. But then Springer-Verlag insisted that I give them the copyright, which I am not willing to do for two reasons: (a) it is my intellectual property and they didn't offer to pay me for it, and (b) I don't think it appropriate to give a commercial company complete power over pro bono public service work, such as standardisation activity, on which the paper reports.
21 June 2011
Functional Safety of Software-Based Critical Systems
Peter Bernard Ladkin
The paper to accompany PBL's Keynote talk at the Ada Connection/16th International Conference on Reliable Software Systems, Edinburgh, 21-23 June 2011
Systemanforderungsanalyse von Bahnbetriebsverfahren mit Hilfe der Ontological Hazard Analysis am Beispiel des Zugleitbetriebs nach FV-NE
Bernd Manfred Sieker
Doctoral Dissertation (in German), RVS Group TechFak and CITEC, Uni Bielefeld, April 2010
A Sustainable System Development Method with Applications
I Made Wiryana
Doctoral Dissertation, RVS Group TechFak, Uni Bielefeld, 2009
Zusicherung in der Anwendung von IEC 61508 Part 3
Peter Bernard Ladkin
Paper to accompany PBL's Invited Telk (in German), Proceedings of VDE 0803 Tagung zur Funktionalen Sicherheit IEC 61508: Sichere Software, 04-05 May 2011, VDE Verlag, 2011.
Securing The Interface: Safety-Critical Interaction Between Humans and Mobile Robots
Peter Bernard Ladkin
Keynote Talk, 4th IET International Conference on System Safety, London, 26-28 October 2009
Steps Towards a Robust Analysis of Procedure: New Formal
Methods for Human-Machine Cooperative Tasks
Peter Bernard Ladkin, Bernd Sieker
submitted for publication,
13 July 2009
Dependable Risk Analysis for Systems with E/E/PE Components: Two Case Studies
Jörn Stuphorn, Bernd Sieker, Peter Bernard Ladkin
appeared in Chris Dale and Tom Anderson, editors,
Safety-Critical Systems: Problems, Process and Practice, the proceedings of the Seventeenth Safety-Critical
Systems Symposium, Brighton, UK, 3-5 February 2009.
Back to Contents
Notes on Properties Needed in Software Safety Requirements
Peter Bernard Ladkin, Bernd Sieker, RVS White Paper 7
This is a discussion of state of the art in formal software requirements engineering in safety-critical systems and formal
checking procedures for requirements. It is intended that the results of discussion will be introduced into the maintenance of IEC 61508-3.
Commentary please to or
24 April 2014
The Importance of Logic in the Informatics Curriculum
Peter Bernard Ladkin, RVS White Paper 6
We have recently discussed the importance (or otherwise) of logic in our informatics curricula in Bielefeld. This white paper discusses why some study of formal languages with unambiguous semantics, and logic in particular, is essential for any informatics curriculum. (More White Papers on this topic are planned to follow.)
18 February 2014
Smart Meter Security Infrastructure: Some Observations
Jan Sanders, RVS White Paper 5
In 2012, Germany as well as great Britain were considering countrywide installation of so-called smart utility meters, which can communicate data in real-time on use of electricity, gas, and water in a building. We are concerned about the security issues that arise and wrote a very short overview, which we have conveyed to interested parties.
12 May 2012, mildly revised 5 December 2013
Assessing Critical SW as "Proven in Use": Pitfalls and Possibilities
Peter Bernard Ladkin, RVS White Paper 4
The paper tells a short story about a fictional SW provider for critical systems (those which may be subject to dangerous failures as defined in IEC 61508), in order to show the weaknesses of current criteria for qualifying SW as "proven in use" in IEC 61508:2010, and indeed in some current proposals for their replacement. It concludes by suggesting a possible alternative way in which SW may be qualified as "proven in use" for critical uses.
17 June 2013
IEC 61508 Case Study
Peter Bernard Ladkin, RVS White Paper 3
The White Paper describes a case study with some hard questions to which the author has not seen satisfactory answers. The case study stems from two 2009 notes to a mailing list, and a subsequent working paper presented to the German functional safety standardisation group DKE GK914 in 2009.
20 February 2013
61508 Weaknesses and Anomalies
Peter Bernard Ladkin, RVS White Paper 2
The White Paper describes current suggestions as to what is wrong with the functional safety standard IEC 61508
12 February 2013, minor modification 20 February 2013
Standards for Standards: Improving the Process
Peter Bernard Ladkin, RVS White Paper 1
The White Paper describes three principles for the development of technical standards which would improve both the technical quality of standards and their function as disseminating best practice.
3 February 2013
Back to Contents
Practical Statistical Evaluation of Critical Software
Peter Bernard Ladkin and Bev Littlewood
in Mike Parsons and Tom Anderson (eds.), Developing Safe Systems, Proceedings of the Twenty-fourth Safety-critical Systems Symposium, Brighton, UK, 2nd-4th February, 2016, ISBN 978-1519420077, SCSC/Amazon 2016.
2 February 2016
Resilience is an Emergent System Property: A Partial Argument
Peter Bernard Ladkin and Bernd Sieker
in Mike Parsons and Tom Anderson (eds.), Developing Safe Systems, Proceedings of the Twenty-fourth Safety-critical Systems Symposium, Brighton, UK, 2nd-4th February, 2016, ISBN 978-1519420077, SCSC/Amazon 2016.
2 February 2016
Some Practical Issues in Statistically Evaluating Critical Software
Peter Bernard Ladkin
Proceedings of the IET System Safety and Cyber Security Conference 2015, 20-22 October, Bristol UK, ISBN 978-1-78561-092-9, eISBN 978-1-78561-093-6, ISSN 0537-9989 Reference PEP...U, IET 2015.
21 October 2015
Risks People Take and Games People Play
Peter Bernard Ladkin
in Parsons, M. and Anderson,
T., Engineering Systems for Safety, Proceedings of the Twenty-Third Safety Critical Systems
Symposium, SSS 2015, Bristol, UK, 3-5 February 2015, ISBN 978-1505689082, SCSC/Amazon.
04 Febuary 2015
The Fukushima Dai-Ichi Accident
Peter Bernard Ladkin, Bernd Sieker and Christoph Goeker, eds.
Available at LIT Verlag WebShop (please note there is a button on the WWW site for English-language and German-language pages).
27 November 2013
Verbal Communication Protocols in Safety-Critical System Operations
Peter Bernard Ladkin
in Handbook of Technical Communication, ed. A. Mehler and D. Gibbon, Mouton de Gruyter, Berlin, 2012.
18 November 2011
The Fukushima Accident
Peter Bernard Ladkin
in Chris Dale, Tom Anderson, eds., Achieving Systems Safety, Proceedings of the Twentieth Safety-Critical Systems Symposium, Bristol, UK, 7-9th February 2012, Springer-Verlag, London 2012. The original is available at
09 November 2011
Zusicherung in der Anwendung von IEC 61508 Part 3
Peter Bernard Ladkin
Paper to accompany PBL's Invited Telk (in German), Proceedings of VDE 0803 Tagung zur Funktionalen Sicherheit IEC 61508: Sichere Software, 04-05 May 2011, VDE Verlag, 2011.
Securing The Interface: Safety-Critical Interaction Between Humans and Mobile Robots
Peter Bernard Ladkin
Keynote Talk, 4th IET International Conference on System Safety, London, 26-28 October 2009
Dependable Risk Analysis for Systems with E/E/PE Components: Two Case Studies
Jörn Stuphorn, Bernd Sieker, Peter Bernard Ladkin
appeared in Chris Dale and Tom Anderson, editors,
Safety-Critical Systems: Problems, Process and Practice, the proceedings of the Seventeenth Safety-Critical
Systems Symposium, Brighton, UK, 3-5 February 2009.
- Opinion - Taking Software Seriously
Peter B. Ladkin
[ PDF ]
Journal of System Safety 41(3), May-June 2005
- Ontological Analysis
Peter B. Ladkin
[ PDF ] Safety Systems 14(3), May 2005
- Causal Analysis of the ACAS/TCAS Sociotechnical System
Peter B. Ladkin
Invited paper, in Safety Critical Systems and Software 2004, the Proceedings of the 9th Australian Workshop on
Safety-Related Programmable Systems,
volume 47 of Conferences in Research and Practice in Information Technology, ed. Tony Cant, Australian Computer Society, 2005.
[ PDF ] RVS-RR-05-01, 24 January 2005
- Two Causal Analyses of the Black Hawk Shootdown During Operation Provide Comfort
Peter B. Ladkin
Invited paper, in Safety Critical Systems and Software 2003, the Proceedings of the 8th Australian Workshop on
Safety Critical Software and Systems,
volume 33 of Conferences in Research and Practice in Information Technology, ed. Peter Lindsay and Tony Cant, Australian Computer Society, 2004.
[ PDF ] October 2004
Causal Analysis of Aircraft Accidents
Peter B. Ladkin
Invited Paper in Computer Safety, Reliability and Security,
Proceedings of the 19th International Conference, SAFECOMP 2000,
Lecture Notes in Computer Science No. 1943, Springer-Verlag, 2000
Formalism Helps in Describing Accidents
Peter Ladkin and Karsten Loer
in 18th Digital Avionics Systems Conference Proceedings,
IEEE Press, 1999
Lazy Caching in TLA
Peter Ladkin, Leslie Lamport, Bryan Olivier, and Denis Roegel
in Distributed Computing 12:151-174, 1999
Implementing and Verifying Message Sequence Chart Specifications
Using Promela/XSpin
Stefan Leue and Peter Ladkin
in The SPIN Verification System,
ed. J.-C. Grégoire, G. Holtzmann and D. Peled,
DIMACS Series Vol. 32, American Mathematical Society, 1997, 65-89.
This paper conjoins the work reported in
Implementing Message Sequence Charts in Promela,
by Stefan Leue and Peter B. Ladkin,
in Proceedings of the
First SPIN Workshop, ed J.-C. Grégoire,
Montréal, Canada, October 1995;
Implementing and Verifying Scenario-Based Specifications
Using Promela/XSpin
by Stefan Leue and Peter B. Ladkin,
in Proceedings of the
Second SPIN Workshop,
Rutgers University, New Brunswick, New Jersey, August 1996;
Simple Reasoning With Time-Dependent Propositions
Maroua Bouzid and Peter Ladkin
To appear in the Journal of the IGPL, 1997.
From logic to manuals again
Harold Thimbleby and Peter Ladkin
in IEE Proceedings - Software Engineering 144(3):185-192, June 1997
Fast Algebraic Methods for Interval Constraint Problems
Peter Ladkin and Alexander Reinefeld
Invited Paper in
Annals of Mathematics and Artificial Intelligence 19:383-411, 1997
This paper extends results reported in
- A Symbolic Approach to Interval Constraint Problems,
by Peter Ladkin and Alexander Reinefeld,
in Artificial Intelligence and
Symbolic Mathematical Computing,
ed. Jacques Calmet and John A. Campbell,
LNCS vol. 737, pp65-84, Springer Verlag, 1993;
- Fast Solution of Large Interval Constraint Networks,
by Alexander Reinefeld and Peter Ladkin,
in Proceedings of AI'92,
the 9th Canadian Conference on Artificial Intelligence,
ed. Janice Glasgow and Roland Hedley, pp156-162,
Morgan Kaufmann, San Mateo, California, 1992;
- Effective solution of qualitative interval constraint
by Peter B. Ladkin and Alexander Reinefeld,
Artificial Intelligence 57:105-124, September 1992;
From Logic To Manuals
Harold Thimbleby and Peter Ladkin
in Software Engineering Journal 11(6):347-354, 1996
Analysis of a Technical Description of the Airbus
A320 Braking System
Peter Ladkin
in High Integrity Systems 1(4):331-349, 1995
Static Deadlock Analysis for CSP-Type Communications
Peter Ladkin and Barbara Simons
in Responsive Computer Systems:
Steps Toward Fault-Tolerant Real-Time Systems,
ed. D. N. Fussell and M. Malek,
Kluwer, 1995
A proper explanation when you need one
Harold Thimbleby and Peter Ladkin
in People and Computers X,
Proceedings of the BCS Conference on Human-Computer
Interaction, HCI'95, Cambridge University Press, 1995.
Interpreting Message Flow Graphs
Peter Ladkin and Stefan Leue
in Formal Aspects of Computing 7(5):473-509, 1995
Comments on a Proposed Semantics for Message Sequence Charts
Postscript |
Peter Ladkin and Stefan Leue
Technical Correspondence, The Computer Journal 37(9):814-815,
Four Issues Concerning the Semantics of Message Flow Graphs
Abstract |
Zip-ed Postscript, 81K ]
Peter B. Ladkin and Stefan Leue
Formal Description Techniques VII,ed. D. Hogrefe
and S. Leue,IFIP Series, Chapman and Hall, 1995
- On Binary Constraint Problems
Abstract |
Postscript |
by Peter B. Ladkin and Roger D. Maddux,
Journal of the ACM 41(3):435-469, May 1994.
This paper is a substantial reworking of the technical report:
- On Binary Constraint Networks,
by Peter B. Ladkin and Roger Maddux,
Technical Report KES.U.88.8, Kestrel Institute, 1988.
but does not include the parts on
the derivation of the pointisable relations
(due independently to P. van Beek) or the construction of the
IA from certain four-node path-consistent networks of the PA,
later generalised by R. Hirsch in Relation Algebras of Intervals,
preprint, Imperial College of Science and Technology, London, 1994;
- Comments on a Paper by Voas, Payne and Cohen,
"A model for detecting the existence of software corruption in
real time"
[ Postscript |
by Peter Ladkin and Harold Thimbleby,
Computers and Security 13(6):527-531, October 1994;
- What Do Message Sequence Charts Mean?
[ Zip-ed Postscript, 90K ]
by Peter B. Ladkin and Stefan Leue,
in Formal Description Techniques VI, IFIP Transactions C,
ed. R. L. Tenney, P. D. Amer and M. U. Uyar,
North-Holland, 1994
- Integrating Metric and Qualitative Temporal Reasoning
[ Postscript |
by Henry Kautz and Peter B. Ladkin,
in AAAI-91, Proceedings of the 9th National Conference on Artificial
Intelligence, MIT/AAAI Press, 1991;
- Satisfying First-Order Constraints About Time Intervals
by Peter Ladkin
in AAAI-88, Proceedings of the 7th National Conference on Artificial
Intelligence, Morgan Kaufmann, 1988;
an extended version of this paper is to be found in Ladkin's
Ph.D. Thesis.
- The Completeness of a Natural System for Reasoning
with Time Intervals
by Peter Ladkin,
in IJCAI-87, Proceedings of the 10th International Joint Conference
on Artificial Intelligence, 1987;
a version of this paper is to be found in Ladkin's
Ph.D. Thesis.
- Models of Axioms for Time Intervals
by Peter Ladkin
in AAAI-87, Proceedings of the 6th National Conference on Artificial
Intelligence, Morgan Kaufmann, 1987;
a version of this paper is to be found in Ladkin's
Ph.D. Thesis.
- Specification of Time Dependencies and Synthesis of Concurrent
by Peter Ladkin
in Proceedings of the 9th International Conference on Software
Engineering, IEEE Press, 1987;
a version of this paper is to be found in Ladkin's
Ph.D. Thesis.
- Primitives and Units for Time Specification
by Peter Ladkin
in AAAI-86, Proceedings of the 5th National Conference on Artificial
Intelligence, Morgan Kaufmann, 1986;
a version of this paper is to be found in Ladkin's
Ph.D. Thesis.
- Time Representation: A Taxonomy of Interval Relations
by Peter Ladkin
in AAAI-86, Proceedings of the 5th National Conference on Artificial
Intelligence, Morgan Kaufmann, 1986;
a version of this paper is to be found in Ladkin's
Ph.D. Thesis.
Back to Contents
Back to Contents
For purposes of reference, reports are fully described as
Research Report RVS-RR-yy-nn, RVS Group, Faculty of Technology, University of Bielefeld, 19yy or 20yy
Forensic Analysis on Nakula and Antareja
Machine Incidents on 18th January 2002
I Made Wiryana, Avinanta Tarigan
[ PDF ] RVS-RR-02-02,
18 January 2002
Why-Because Analysis of the Glenbrook, NSW Rail
Accident and Comparison with Hopkins's Accimap
Peter B. Ladkin
[ PDF ] RVS-RR-05-05, 19 December 2005
The report is accompanied by a separate document,
The Glenbrook Why-Because Graphs, Causal Graphs,
and Accimap(PDF)
reproducing the figures in the report in a format more amenable to reading.
- Checking and Comparison of WB-Graphs
Peter B. Ladkin
[ PDF ] RVS-RR-05-04, 9 December 2005
- Privacy Checklist for Privacy Enhancing Technology Concepts for RFID Technology Revisited
Bernd Sieker, Peter B. Ladkin, Jan E. Hennig
[ PDF ] RVS-RR-05-03, 13 October 2005
- WB-Analysis of the attack on the Nakula and Antareja machines in January 2002
Lars Molske, Damian Nowak, Peter B. Ladkin
[ PDF, 3.23MB ] RVS-RR-05-02, 30 June 2005
- Absehbare Risiken und Wirkungen beim RFID-Einsatz
Jan E. Hennig, Peter B. Ladkin, Bernd Sieker
[ Postscript, 240KB ], RVS-RR-04-04, 21 December 2004
- The Crash of AA587: A Guide
Peter B. Ladkin
[ PDF ] RVS-RR-04-03, 18 November 2004
- Privacy Enhancing Technology Concepts for RFID Technology Scrutinised
Jan Hennig, Peter B. Ladkin, Bernd Sieker
[ PDF ] RVS-RR-04-02, 28 October 2004
- Preserving Privacy in RFID Deployment
Jan E. Hennig
[ PDF ] RVS-RR-04-01, 23 March 2004
- WBA of the Royal Majesty Accident
Lars Heidiecker, Nils Hoffmann, Peter Husemann, Peter B. Ladkin, Jan Paller, Jan Sanders, Jörn Stuphorn, Andreas Vangerow
[ Paper, PDF | Slides, PDF ] RVS-RR-03-01, 1 July 2003
- The Pre-Implementation Safety Case for
RVSM in European Airspace is Flawed
Peter B. Ladkin
[ Abstract |
HTML (18K) ]
RVS-Occ-02-03, 29 August 2002.
- ACAS and the South German Midair
Peter B. Ladkin
[ Abstract |
HTML (52K) ]
RVS-Occ-02-02, 12 August 2002.
- Building a Corpus for Cockpit Voice
Recorder Transcripts
Oliver Hölz and Thomas Hettenhausen
[ Abstract |
PDF Version
(274K) |
PS Version
(443K) ]
RVS-Occ-01-06, 23 October 2001.
- Building a Parser for ATC Language
Martin Ellermann and Mirco Hilbert
[ Abstract |
PDF Version
(368K) |
PS Version
(516K) ]
RVS-Occ-01-05, 18 February 2002.
- Review of the Cushing Grammar
Martin Ellermann and Mirco Hilbert
[ Abstract |
PDF Version
(240K) |
PS Version
(226K) ]
RVS-Occ-01-02, 23 July 2001.
- Sociology of Scientific Knowledge Is Not
Radically Sceptic
Peter B. Ladkin
[ Abstract |
RVS-Occ-02-01, 24 January 2002.
- Computational Analysis of Airplane
Cockpit-Voice-Recording Transcripts
Andre Döring, Mark McGovern and Jan Sanders
[ Abstract |
PDF Version (218K) ]
RVS-Occ-01-07, 11 November 2001.
- Developing an ATC Grammar using the
Review of the Cushing Grammar
Martin Ellerman and Mirco Hilbert
[ Abstract |
PDF Version (364K) |
Postscript Version
(294K) ]
RVS-Occ-01-03, 28 June 2001.
- How to Generate Fault Trees from Causal
Influence Diagrams
Peter B. Ladkin, Bernd Sieker and Joachim Weidner
[ Abstract |
PDF Version (333K) |
Postscript Version
(705K) ]
RVS-Occ-01-04, 19 June 2001.
- An Example of Everyday Risk Assessment
Peter B. Ladkin
[ Abstract |
PDF Version (145K) |
Postscript Version
(137K) ]
RVS-Occ-01-01, 2 February 2001.
- EMI, TWA 800 and Swissair 111
Peter B. Ladkin, Willi Schepper
[ Abstract |
PDF Version (336K) |
Postscript Version
(202K) ]
RVS-Occ-00-01, 10 October 2000.
- On Classification of Factors in Failures and
[ Abstract |
(HTML, English, 97K) ]
Peter B. Ladkin, 16 July 1999, extended 04 August 1999,
Report RVS-Occ-99-04.
- Analysis of Data Discontinuities
[ Abstract |
(HTML, 94K) ]
Michael Blume, Dominic Epsom, Heiko Holtkamp, Peter B. Ladkin,
I Made Wiryana, 25 January 1999, Report RVS-Occ-99-01.
- Hazards, Risk and Incoherence
[ Abstract |
(HTML, 35K) ]
Peter B. Ladkin, 15 June, extended 28 June, 1998,
Report RVS-Occ-98-01.
- Analysing the 1993 Warsaw Accident
With a WB-Graph
[ Abstract |
(HTML, 30K) ]
Michael Höhl and Peter B. Ladkin,
8 September 1997, Report RVS-Occ-97-09.
- Using the Temporal Logic of Actions:
A Tutorial on TLA Verification
[ Abstract | Paper, 69pp:
(PS, gzipped, 169K),
(DVI, gzipped, 59K) ]
Peter Ladkin,
17 June 1997, Report RVS-RR-97-08
Invited Tutorial on TLA, Second International Conference on Temporal
Logic, Manchester, England, 14-18 July, 1997.
- Beschreibung eines vagen
Echtzeit-Hybrid-Systems in TLA+
[ Abstract |
(PS, 200K) ]
Lutz Sommerfeld, Peter Ladkin,
17 June 1997, Report RVS-RR-97-07
Paper given at the 7.GI/ITG-Fachgespräch: Formale
Beschreibungstechniken für verteilte Systeme (7th German Society for
Informatics Workshop on Formal Description Techniques for Distributed
Systems, Berlin, 19-20 June, 1997).
Formalising Failure Analysis
[ Abstract |
Paper ]
Thorsten Gerdsmeier, Peter Ladkin, Karsten Loer,
4 June 1997, Report RVS-Occ-97-06
- Safely Sliding Windows
[ Abstract ]
Dirk Henkel,
5 May, revised 19 November, 1997
Report RVS-RR-97-05a (Specifications and Proofs):
[ DVI 30K, gzipped |
PS 116K, gzipped ]
Report RVS-RR-97-05b (Commented Specifications only):
[ DVI 12K, gzipped |
PS 59K, gzipped ]
Recommended by Prof. Stefan Leue, Department of Electrical and Computer
Engineering, University of Waterloo, Canada.
Abstraction and Modelling
Peter B. Ladkin,
16 April 1997, Report RVS-Occ-97-04
Logical Form as a Binary Relation
Peter B. Ladkin,
16 April 1997, Report RVS-Occ-97-03
A Tool For Building and Analysing WB-Graphs
Thorsten Gerdsmeier,
3 March 1997, Research Report RVS-RR-97-02
Recommended by Prof. D. Gibbon, Linguistik und Literaturwissenschaft,
Uni Bielefeld.
Analysing the Cali Accident With a WB-Graph
Thorsten Gerdsmeier, Peter Ladkin and Karsten Loer
Second Version, 13 March 1997 (first version, 14 January 1997),
Research Report RVS-RR-97-01
in Participant's Proceedings of the first Workshop on Human Error and
Systems Development,
Technical Report GAAG TR-97-2,
Glasgow Accident Analysis Group, University of Glasgow.
News and Comment on the AeroPeru B757 Accident
Peter Ladkin
8 November 1996, Research Report RVS-RR-96-16
A Note on a Note on a Lemma of Ladkin
Peter Ladkin
13 September 1996, revised 14 October 1996, Research Report RVS-RR-96-15
Some Dubious Theses in the Tense Logic of Accidents
Peter Ladkin
27 September 1996, Research Report RVS-RR-96-14
Explaining Failure with Tense Logic
Peter Ladkin
10 September 1996, Research Report RVS-RR-96-13
Formalism Helps in Describing Accidents
Peter Ladkin
4 September 1996, Research Report RVS-RR-96-12
On Needing Models
Peter Ladkin
22 February 1996, Research Report RVS-RR-96-11
Comments on Confusing Conversation at Cali
Dafydd Gibbon and Peter Ladkin
7 February 1996, Research Report RVS-RR-96-10
Reasons and Causes
Peter Ladkin
31 January 1996, Research Report RVS-RR-96-09
The X-31 and A320 Warsaw Crashes: Whodunnit?
Peter Ladkin
Revised version 28 January 1996, Research Report RVS-RR-96-08
Formal but Lively Buffers in TLA+
Peter Ladkin
7 January 1996 - New Version, Research Report RVS-RR-96-07
Lazy Cache Implements Complete Cache
Peter Ladkin
7 January 1996, Research Report RVS-RR-96-06
Future University Computing Resources
Peter Ladkin
7 November 1995, Research Report RVS-RR-96-05
An Algebraic Approach to General Boolean Constraint Problems
Hans-Werner Güsgen and Peter Ladkin
23 April 1995, Research Report RVS-RR-96-04
Correctness in System Engineering
Peter Ladkin
2 April 1995, Research Report RVS-RR-96-03
Back to Contents
Back to Contents
Statement on Digital Wireless Technologies Prepared for the EU 6th Framework Consultation,
8 April 2004
[ Abstract |
96K ]
Jan Hennig, RVS-S-04-01, 8 April 2004.
- Memorandum to the Transport Sub-Committee on
the Costing of NERC, 26 November 1998.
Memorandum FN 12
in (UK) House of Commons, Session 1998-99, Environment, Transport
and Regional Affairs Committee, Third Report, The Future of
National Air Traffic Services, pp52-55.
[ Abstract |
19K ]
Peter B. Ladkin, RVS-S-98-02, 26 November 1998.
- Evidence to the Transport Subcommittee on
NERC/NSC, Wednesday 11 March, 1998.
Memorandum ATC 20A
in (UK) House of Commons, Session 1997-98, Environment, Transport
and Regional Affairs Committee, Fourth Report, Air Traffic
Control, Vol II (Minutes of Evidence and Appendices taken before
the Transport Sub-Committee), pp161-167.
[ Abstract |
34K ]
Peter B. Ladkin, RVS-S-98-01, 8 March 1998.
- Letter to the Transport Subcommittee on
NERC/NSC, Monday 17 November, 1997.
Memorandum ATC 20
in (UK) House of Commons, Session 1997-98, Environment, Transport
and Regional Affairs Committee, Fourth Report, Air Traffic
Control, Vol II (Minutes of Evidence and Appendices taken before
the Transport Sub-Committee), pp157-161.
[ Abstract |
28K ]
Peter B. Ladkin, RVS-S-97-01, 17 November 1997.
Back to Contents
Back to Contents
Books have a series number RVS-Bk-nn and an edition
date of publication, which appears below.
Digital System Safety - Mostly Qualitative Aspects
Peter Bernard Ladkin
[ Table of contents ] RVS-Bk-17-02, 11 December 2017
A Critical-System Assurance Manifesto: Issues Arising from IEC 61508
Peter Bernard Ladkin
A number of issues in critical-system assurance have arisen during discussions about the next
edition of the digital-system functional safety standard IEC 61508. This book discusses statistical
evaluation, some key concepts with suggestions for redefinition where appropriate, and issues
concerning safety and and the increasing importance of effective cybersecurity. The chapters will be
individually updated as the conversation progresses.
[ Table of contents ] RVS-Bk-17-01, 10 December 2017
- Safety of Computer-Based Systems
Peter B. Ladkin, Jan Sanders, Bernd Sieker,
[ Table of contents ]
RVS-Bk-11-01, draft version 1.0 of 27 July 2001.
- Causal System Analysis
Peter B. Ladkin
[ Table of contents ]
RVS-Bk-01-01, draft version 2.0 of 14 August 2001.
Static Analysis of Communicating Processes
[ Abstract |
Postscript ]
Peter Ladkin and Barbara Simons
preliminary, incomplete version 22 April 1995
This book includes chapters corresponding to material in
- Compile-Time Analysis of Communicating Processes,
by Peter Ladkin and Barbara Simons,
in Proceedings of the 1992 International
Conference on Supercomputing, pp248-259, ACM Press, 1992;
- Static Deadlock Analysis for CSP-Type Communications,
by Peter B. Ladkin and Barbara B. Simons,
Chapter 5 of Responsive Computer Systems:
Steps Toward Fault-Tolerant Real-Time Systems, ed. Donald S.
Fussell and Miroslaw Malek, Kluwer Academic Publishers, 1995.
- Static Analysis of Multiway Sychronization,
by Peter B. Ladkin and Barbara B. Simons,
in Proceedings of CASCON'94, ed. J. Botsford, A. Gawman,
M. Gentlemen, E. Kidd, K. Lyons and J. Slonim, pp142-156, IBM
Toronto Lab and Natural Sciences and Engineering Research Council,
Toronto, Canada, 1994.
Back to Contents
- The Logic of Time Representation
Abstract |
Postscript |
My thesis was written in partial fulfilment of the requirements of the
degree of Ph.D. in Logic and the Methodology of Science (Tarski founded
the L&M Group)
at the University of California, Berkeley, granted in December 1987.
For the curious, my advisor
was Ralph McKenzie (Math) and the two other reading committee members were
Stuart Russell (CS) and Ernest Adams (Philosophy). Examiners included also
Manuel Blum (CS) and Jack Silver (Math).
My thesis includes chapters corresponding to the following papers:
- Primitives and Units for Time Specification
(Proceedings of AAAI-86, pp354-359);
- Time Representation: A Taxonomy of Interval Relations
(Proceedings of AAAI-86, pp360-366);
- Models of Axioms for Time Intervals
(Proceedings of AAAI-87, pp234-239);
- The Completeness of a Natural System for Reasoning with Time
(Proceedings of IJCAI-87, pp462-467);
- Specification of Time Dependencies and Synthesis of Concurrent
(Proceedings of 9th ICSE, IEEE Press 1987, pp106-115);
- Satisfying First-Order Constraints About Time Intervals
(Proceedings of AAAI-88, pp512-517).
Back to Contents
Essays include commentary of various sorts, from innovative to
expository to whimsical.
- Fuel Flammability, Flight Path Coercion and
Technical Security Analysis
Peter B. Ladkin with Frank Taylor
[ Abstract |
RVS-J-01-01, 17 September 2001.
- Talking to Newspapers: A Cautionary
Tale with Moral
[ Abstract |
(HTML, English, 26K) ]
Peter B. Ladkin,
Report RVS-J-99-01, 16 July 1999.
- The Year 2000 Problem
[ Abstract |
(HTML, English, 23K) |
(HTML, German, 26K) ]
Heiko Holtkamp, Peter B. Ladkin,
Report RVS-J-98-05, 30 October 1998.
- The Risks of Hubris,
Inside Risks, Communications of the ACM 41(12), Dec. 1998
[ Abstract |
(HTML, 6K) ]
Peter B. Ladkin
28 October 1998, Report RVS-J-98-04.
- EMI and TWA800: Critique of a Proposal
[ Abstract |
(HTML, 16K) ]
Peter B. Ladkin, RVS-J-98-03, 10 April 1998.
- The Ariane 5 Accident: A Programming Problem?
[ Abstract |
(HTML, 25K) ]
Peter B. Ladkin, RVS-J-98-02, 20 March 1998.
- The Crash of Flight CI676,
a China Airlines Airbus A300, Taipei, Taiwan, Monday 16 February, 1998:
What We Know So Far
[ Abstract |
(HTML, 41K) ]
Peter Ladkin, RVS-J-98-01, 19 February 1998.
- University Education in the US, UK and Germany:
A Quick Comparison
[ Abstract |
(HTML, 23K) ]
Peter Ladkin, RVS-J-97-12, 11 December 1997.
- Ziele zur Hochschulreform
[ Abstract |
(HTML) ]
Dirk Stössel u.a., RVS-J-97-11, 2 December 1997.
- Risks of Technological Remedy,
Inside Risks, Communications of the ACM 40(11):160, Nov. 1997
[ Abstract |
(HTML, 6.5K) ]
Peter B. Ladkin
10 September 1997, Report RVS-J-97-10.
The Crash of Flight KE801,
a Boeing B747-300, Guam, Wednesday 6 August, 1997:
What We Know So Far
Peter B. Ladkin
RVS-J-97-09, 11 September 1997.
Controlled Flight Into Terrain:
What is Being Done?
Peter B. Ladkin
RVS-J-97-08, 21 August 1997.
Flying An ILS or Localiser
Approach - An Example
Peter B. Ladkin,
RVS-J-97-07, 25 August 1997.
Traditional Aviation Radio
Navigation: An Introduction
Peter B. Ladkin
RVS-J-97-06, 20 August 1997.
Unravelling the Nets:
Some observations prompted by Rochlin's study `Trapped in the Net'
Peter B. Ladkin,
RVS-J-97-05, 3 August 1997.
To Drive or To Fly - Is That Really The Question?
Peter B. Ladkin,
RVS-J-97-04, 24 July 1997.
Electromagnetic Interference with Aircraft Systems: why worry?
Peter B. Ladkin with colleagues,
RVS-J-97-03, 13 July 1997.
Research Careers in German Universities:
a short guide, with diversions, for the curious.
Peter B. Ladkin,
RVS-J-97-02, 29 June 1997.
How Aircraft Crash: Accident Reports and Causal Explanation
Thorsten Gerdsmeier, Michael Höhl, Peter Ladkin, Karsten Loer
RVS-J-97-01, 11 June 1997.
Prepared for the Magazine Forschung an der Universität Bielefeld
volume 16, University of Bielefeld, 1997 (in German).
Back to Contents
The on-line Forum on Risks to the Public in Computers and Related Systems has been
compiled by Peter Neumann from contributions from others for twenty years. It is
a publication of the ACM Committee on Computers and Public Policy.
Here follow links to articles by Peter Ladkin up until October 2005. More
recent contributions by Peter Ladkin may be found by searching the Risks archives.
Back to Contents
Back to Contents
Back to Contents
Note: This list has not been maintained since the year 2000.
- The german television channel RTL-II carried a program on
prime time (10:15) entitled "Die schreckliste
Flugabst\"urtze der Welt" (The world's worst air accidents)
on 15 January 2000, which contained significant
footage of military and commercial accidents in progress, along
with some commentaries from Peter Ladkin and others.
- The magazine program Absolut Resitarits on Austrian
televison ORF carried a report on the risks of high-technology
in aircraft and air traffic control on 8 July, 1999. This report
included a live discussion with Peter Ladkin, H-Jürgen Lachmann,
President of the German professional pilot's association
Vereinigung Cockpit, and Capt. Rudolph Rausch, Flight
Safety Manager at Austrian Airlines.
- The Austrian newspaper Kurier carried a report on
Peter Ladkin's work, based unfortunately also on the Sunday
Times article of 27 June, sometime in the period 28-30 June.
- On 28 June, 1999, the German newspaper Bild, and
the Hamburger Abendblatt (Hamburg) both carried reports
of Peter Ladkin's work, unfortunately based on the Sunday Times
report of 27 June. The |textit{Hamburger Abendblatt published
a correction in the form of a letter from Peter Ladkin on 6 July,
and Bild published a correction on 9 July.
- On 27 June, 1999, the (London) Sunday Times carried a report
entitled "Faulty computers blamed for `pilot error' jet
crashes", which was based on an interview with Peter Ladkin.
Unfortunately, the article misrepresented Ladkin's work or what
he said, and a correction was published by the Sunday Times on
11 July, 1999.
- On 8 March, 1999, the German television channel SAT1
broadcast an edition of Planetopia, a magazine program
which reports on new developments in science and technology, which
carried a report based on an interview with Peter Ladkin
about high-technology aerospace accidents, in particular the
X-31 and Ariane 501 accidents.
- The Dutch weekly Vrij Nederland carried an article De
Logica van een vliegramp by Rob Sijmons, on aircraft accidents
with new technology and the use of WBA to explain them, based on an
interview with Peter Ladkin, in its edition of 10 October (No. 41),
1998, pages 42-44.
- The German bi-weekly computer magazine c't carried two
short articles by Peter Ladkin, Fallstricke auf dem Weg ins
All, about the Ariane 501 failure, its WB-graph and the
requirements engineering failure (pages 158-9), and Flug ins
Ungewisse, about accidents with new-technology aircraft (page
164), in its 1998 volume 19, 14-27.9.1998.
- The British science news weekly New Scientist carried an
article High Anxiety by Mark Ward, about the problems with the
development of the software for the New En-Route Center air traffic
control system, based on interviews with Peter Ladkin and others, in
its No. 2145 of 1 August, 1998, pages 18-19.
- Die Deutsche Welle radio taped a short interview with
Peter Ladkin concerning WBA, new automation, and safety of commercial
aviation for distribution in Latin America on 1 April 1998.
- OWL Aktuell, the local television news program of WDR for the region
Ostwestfalen-Lippe, contained a live interview with Peter Ladkin
on safety of commercial aviation on Monday, 30 March 1998.
- Fliegen muß noch sicherer werden,
by Jens Flottau in the Süddeutsche Zeitung, Nr. 47,
26 February 1998, p35 (first page of Umwelt, Technik, Wissenschaft
section) is based on an interview with Peter Ladkin concerning WBA and
various accidents.
- Neue Technik macht Luftverkehr sicherer: Bielefelder Experte untersucht
by Carsten Heil in the Neue Westfälische Zeitung, Nr. 83,
10 April 1997, p3, contains an interview with Peter Ladkin on
safety of computers in aircraft.
- Luchtvaart op het Internet by Daan Vlaskamp, in
the Dutch magazine
Piloot & Vliegtuig, March 1997, p36, contains a brief but
complimentary review of the Compendium RVS-Comp-01.
A radio program on modern technology and aviation safety
by Stan Correy, of ABC Radio National (Australian
Broadcasting Company), broadcast on 8 December 1996,
contained an interview with Peter Ladkin.
- Computer-Aided Disaster, by Robert Wilson in
The Australian, October 12 1996, p11 contains
a detailed interview with Peter Ladkin on computer-related
aviation incidents.
- Chaos is king when the chips are down, by Julie
Rowbotham, Sydney Morning Herald, also in
The Age (Melbourne), 20 August 1996, page D12
cites the compendium
Computer-Related Incidents with
Commercial Aircraft, above.
- what's happening, a column in the ACM publication
Interactions, a magazine for HCI professionals,
July-August 1996, p13. This column discussed the
article The Cali and
Puerto Plata B757 Crashes from RISKS-18.10, above.
Back to Contents
Diploma theses (Diplomarbeiten) have a designation RVS-Dip-yy-nn in which yy is
the year and nn the series number.
Doctoral theses (Doktorarbeiten) have a similar designation RVS-Dok-yy-nn.
- Abschätzung der vorhandenen
Haus-Elektroinstallation am Beispiel einer Kleinstadt
[ PDF 11 M ]
Master Thesis by Christoph Goeker, RVS Group, January 2014
- Unfallursachenanalyse The Galloping Ghost, 2011, Reno, Nevada
[ PDF 3.4 M ]
Bachelor Thesis by Rico Magnucki, RVS Group, September 2013
- Systemanforderungsanalyse von Bahnbetriebsverfahren mit Hilfe
der Ontological Hazard Analysis am Beispiel des Zugleitbetriebs nach FV-NE"
[ PDF 821 k ]
Doctoral Dissertation (in German), RVS Group TechFak and CITEC, Uni Bielefeld, April 2010
- A Sustainable System Development Method with Applications
[ PDF 12 M ]
Doctoral Dissertation by I Made Wiryana, RVS Group, Uni Bielefeld, June 2009
- Integration einer kollaborativen Arbeitsumgebung
in die Kommunikationsplattform Worksphere
[ PDF 4.5M ]
Heiko Holtkamp, RVS-Dip-06-03, April 2006
- Entwicklung einer Systemarchitektur fü
forensische Analysen
Andreas Vangerow, RVS-Dip-06-02, März 2006
- Entwicklung einer unterstützenden Softwarelösung
zur Erfassung und Bearbeitung von List of Facts unter Berücksichtigung kausaler Faktoren
Jan Paller, RVS-Dip-06-01, Januar 2006
- Iterative Decomposition of a Communication-Bus
System using Ontological Analysis
[ Abstract | PDF
1.88M | PDF 1.43M, gzipped
Jörn Stuphorn, RVS-Dip-05-03, July 2005.
- Analyse der Bluetooth-Sicherheit
Marcel Holtmann, RVS-Dip-05-02, Juni 2005
- Formal Task Analysis of Graphical System Engineering
Software Use
[ Abstract | PDF
4.89M ]
Thilo Paul-Stüve, RVS-Dip-05-01, 10 March 2005.
- Ein Framework fü agentbasierte QoS-Messungen
in einer Peer-to-Peer Infrastruktur
Christoph Marzetz, RVS-Dip-04-02, 1 November 2004.
- Visualisation Concepts and Improved Software Tools
for Causal System Analysis
[ Abstract | PDF
2.94M ]
Bernd Sieker, RVS-Dip-04-01, 27 February 2004
- Spezifikation und Implementation eines sicheren
Lernerfolgskontrollmoduls für CSCL-Werkzeuge
[ Abstract | PDF
807K ]
Andre Döring, RVS-Dip-03-03, 15 October 2003.
- Theoretical Approaches to Systems
[ PS 455K | PS
188K, gzipped ]
Jan Sanders, RVS-Dip-03-02, 1 October 2003.
- Konzeption eines verteilten Datenarchivierungssystem
[ Abstract | PDF
6.43M | PDF
902K, gzipped | PS
12.55M | PS
784K, gzipped ]
Jan E. Hennig, RVS-Dip-03-01, 5 September 2003.
- Design und Entwicklung einer vorlesungsbegleitenden
Martin Ellermann, RVS-Dip-02-01, 2 September 2002.
- Lastermittlung und deren Vorhersage für nicht
lokale Web Server
Michael Blume, RVS-Dip-00-03, 16 November 2000.
- Sichere geschäftsbedingte funknetzübermittelte
Kommunikation zwischen PDA und SAP-R/3-Systemen
Andreas Berndt, RVS-Dip-00-02, 26 September 2000.
- Dependability-Analyse TCP/IP basierender Informationssysteme
Mark Niemann, RVS-Dip-00-01, 1 September 2000.
- Safely Sliding Windows: Into the Depths of Formal
System Verification
Dirk Henkel, RVS-Dip-99-01, 12 April 1999.
- Komplexitätsbetrachtung einer Softwareumstellung
an Beispielen von SAP R/2
[ Abstract | HTML
intro page ]
Olaf Kerger, RVS-Dip-98-05, 9 October 1998.
- Vergleichende Analyse von elektronischen Geldtransfer-Systemen
[ Abstract | PS
260K, gzipped ]
Andreas Kaiser, RVS-Dip-98-04, 5 August 1998.
- Towards "Why...Because"-Analysis of Failures
[ Abstract | DVI
134K, gzipped | PS 503K, gzipped ]
Karsten Loer, RVS-Dip-98-02, 20 February, revised 5 July 1998
- Practical Static Methods for Exact Deadlock Prediction
in Message Passing Concurrent Processes
[ Abstract | PS
175K, gzipped ]
Christina Claudia Wuzik, RVS-Dip-98-03, 9 February 1998
- Formale Beschreibung von DATR
[ Abstract | PS
275K, gzipped ]
Thorsten Gerdsmeier, RVS-Dip-98-01, 5 January 1998
- Spezifikation eines 20 l-Perfusionsbioreaktor in
[ Abstract | DVI
80K, gzipped | PS 219K, gzipped ]
Lutz Sommerfeld, RVS-Dip-97-01
Back to Contents