Contents
  - What's New? 
 in last-first order, our publications in the last  ten years.
Arranged by category:
     Back to Contents
Other Venues
 Ladkin 
blogs at The Abnormal Distribution 
at the URL
www.abnormaldistribution.org.
Publications of the
tech-transfer company Causalis Limited
may be found on the
Causalis Limited Publications Page.
Significant recent published work
 
In last-to-first order:
	- 
		Assurance Points in Software Development
 Peter Bernard Ladkin
 21 May 2018
 The slideset to accompany PBL's Keynote talk at the 6th Scandinavian Conference on Software and
System Safety in Stockholm. The slideset to accompany the talk was not intended as read-alone. This
set has been extended with a Prolegomenon giving the main argument.
 [ PDF ]
 
	- 
    Digital System Safety - Mostly Qualitative Aspects
 Peter Bernard Ladkin
 [ Table of contents ] RVS-Bk-17-02, 11 December 2017
 
- 
  A Critical-System Assurance Manifesto: Issues Arising from IEC 61508
 Peter Bernard Ladkin
 A number of issues in critical-system assurance have arisen during discussions about the next
edition of the digital-system functional safety standard IEC 61508. This book discusses statistical
evaluation, some key concepts with suggestions for redefinition where appropriate, and issues
concerning safety and and the increasing importance of effective cybersecurity. The chapters will be
individually updated as the conversation progresses.
 [ Table of contents ] RVS-Bk-17-01, 10 December 2017
 
- 
Power cuts - a view from the affected area
 Roger Kemp
 On 5th December, 2015, the centre of the city of Lancaster in North-West England was flooded by the river, including a central electricity substation in Caton Road near the river. All of central Lancaster suffered a power cut, which persisted over a day and days until electricity was reliably restored. Professor Kemp lives there, and wrote this short piece about what happened. PBL thinks that it is one of the most important papers about resilience he has ever read.
 Roger Kemp is a Professorial Fellow of Lancaster University and a Fellow of the Royal Academy of Engineering. He joined the University in 2003, after 30 years in industry, most recently with Alstom Transport. RVS is very grateful to Professor Kemp for agreeing to publication of his note.
 24 January 2016 (written December 2015)
- 
Practical Statistical Evaluation of Critical Software
 Peter Bernard Ladkin and Bev Littlewood
 Paper presented at the 24th annual Safety-Critical Systems Symposium, Brighton, UK, 2-4 February, 2016
 In 2010, Rolf Spiker approached one of us with a query from a client concerning advisory material in IEC 61508 on the statistical evaluation of software. We realised that there is a dearth of practical guidance for those who wish to evaluate critical software statistically. We believe statistical evaluation of software is an increasingly important assurance technique. We commence with a brief introduction to some of the simpler statistics and then consider discursively the issues which arise during evaluation.
 3 February 2016
- 
Resilience is an Emergent System Property: A Partial Argument
 Peter Bernard Ladkin and Bernd Sieker
 Paper presented at the 24th annual Safety-Critical Systems Symposium, Brighton, UK, 2-4 February, 2016
 Systems are collections of objects exhibiting joint behaviour. Some- times this behaviour is anticipated, sometimes not. We have studied a number of types of complex systems and their failures, including electricity supply grids, mo- torways, the financial system, and air traffic control. We argue that the resilience properties of such systems are largely emergent. We illustrate the thesis through analysis of three electricity blackout events. We consider one event in detail and two others summarily.
 3 February 2016
- 
Some Practical Issues in Statistically Evaluating Critical Software
 Peter Bernard Ladkin
 Presented at the IET System Safety and Cyber Security Conference 2015, 20-22 October, Bristol UK
 In 2010, the author was approached with a query from industry concerning the application of IEC 61508-7:2010 Annex D, on the statistical evaluation of software. We realised that Annex D is not a helpful guide for a number of reasons. We discuss some common assessment scenarios and their quandaries and requirements for the application of statistical methods based on Bernoulli/Poisson mathematics.
 21 October 2015
- 
Causal Analysis of the 1991 Patriot Missile System Failure
 Peter Bernard Ladkin
 In 1991, a Patriot anti-missile system engaged but failed to shoot down a hostile Scud missile, which subsequently exploded at a US base in Saudi Arabia, killing some troops. There was "drift" in the value of a parameter used in the tracking algorithms which significantly reduced the chances of a successful engagement. Some discussion on the System Safety List suggests there were two software-engineering anomalies involved. One was the use of data-type-incorrect calculation (through type coercion); another was the choice of clock-time parameter. Martyn Thomas raised a question about the relative significance of the anomalies. I show that this question cannot be answered through purely-causal analysis.
 12 May 2015
- 
Practical Statistical Evaluation of Critical Software
 Peter Bernard Ladkin and Bev Littlewood
 In 2010, Rolf Spiker approached one of us with a query concerning the application of IEC 61508-7:2010 Annex D, on the statistical evaluation of software, which derived from a client. We relaised that Annex D gives sparse and sometimes misleading information to those who wish to evaluate critical software statistically, and embarked on a project to substitute Annex D with more helpful material. We have both encountered common assessment scenarios and their quandaries. We discuss them and the application of statistical methods, and conclude with a list of prerequisites to the application of Bernoulli/Poisson mathematics.
 This paper has been submitted for publication.
 01 March 2015
- 
Software, the Urn Model, and Failure
 Peter Bernard Ladkin
 IEC 61508-7:2010 Annex D explicates some features of the statistical evaluation of software through its operational history. But it raises many questions. One is: how does the traditional urn model apply, if at all, to software? A second is: to what kinds of software does the reasoning in Annex D apply? A third is: do the confidence-interval numbers apply to all distributions of inputs? Recently, I have experienced reliability-engineering experts giving wrong answers to the second and third questions. It seemed worthwhile to explain correct answers in terms understandable also by non-professionals. This paper attempts to do so.
 25 February 2015
- 
Risks People Take and Games People Play
 Peter Bernard Ladkin
 in Parsons, M. and Anderson,
T., Engineering Systems for Safety, Proceedings of the Twenty-Third Safety Critical Systems
Symposium, SSS 2015, Bristol, UK, 3-5 February 2015, ISBN 978-1505689082, SCSC on Amazon. Paper to accompany a Keynote talk. It concerns the case of the shootdown of Malaysian Airlines Flight 17 over East Ukraine in 2014, and how one might assess the risk of such a commercial-aircraft shootdown. I suggest that the risk assessment is fundamentally different from that used in safety standards such as IEC 61508 or even in commercial-aircraft certification procedures. I suggest that, first, the values of certain quasi-Boolean parameters critical to the situation must be assessed, that these then determine a game in the sense of Thomas Schelling, who adapted game theory to political-scientific analysis, and that on the basis of the chosen game a straightforward risk analysis may then be performed. I discuss various special cases.
 04 Febuary 2015
- 
Risks People Take and Games People Play: Talk
 Peter Bernard Ladkin
 The slides from the Keynote talk at the Safety-Critical Systems Symposium 2015 in Bristol on 4 February 2015. It extends the paper, by showing how factors in the Causal Fault Graph can be assigned quasi-Boolean values, and that these values propagate through the CFG by virtue of the semantics of "necesary causal factor". A CFG can thus be pruned to represent the actual case to hand determined by the quasi-Booleans, and a risk assessment can be performed using the pruned CFG. This is an improvement over choosing games, because it is a uniform approach which does not rely on guessing a game.
 Please note this file is large (about 57MB) and may take some time to download.
 04 February 2015
- 
A Real Paradox?
 Peter Bernard Ladkin
 I am interested in everyday logical reasoning. It seems to me it does not always adhere to the principles of "classical" logic, I would suggest for good reason. Mike Holloway asserted something in an e-mail discussion which may seem reasonable, and contradicts principles of classical logic along with maybe some of what are often taken to be properties of belief. That gave me the opportunity to construct what might be a classical-logic paradox. I lay it out here, but do not give the game away. The paper and its style is intended to interest curious teenagers rather than academics.
 29 January 2015
- 
Example of a Safety-Critical Element With Deliberately Unreliable Function
 Peter Bernard Ladkin
 Rainer Faller introduced the example of a SW element (entity in a system) which has a function which does not necessarily fulfil its safety requirements specification, which is triggered by a specific input known to the SW developer but not necessarily to an application developer who wishes to use the SW "out of the box". The question arises if and how such SW can be proposed for use in cases in which the element has to satisfy a SIL, in particular if statistical data on the SW functionality is taken as evidence for assessing the SW as fit for purpose. This paper discusses the case.
 01 January 2015
- 
A Series of Software-Related Sociotechnical System Failures
 Peter Bernard Ladkin
 This paper discusses the German railways WWW-based ticketing system and how it interacts with other operations of the railways as well as with customers. It stems from the author's recent personal experience. But it highlights the lessons in system engineering which could be learnt. They are broadly the same as in other areas of dependable SW engineering but here, as in other areas, still apparently lacking.
 13 January 2015
- 
Notes on Properties Needed in Software Safety Requirements
 Peter Bernard Ladkin, Bernd Sieker, RVS White Paper 7
 This is a discussion of state of the art in formal software requirements engineering in safety-critical systems and formal
checking procedures for requirements. It is intended that the results of discussion will be introduced into the maintenance of IEC 61508-3.
Commentary please to ladkin@rvs.uni-bielefeld.de or bsieker@rvs.uni-bielefeld.de.
 24 April 2014
- 
Professional Opinion on Skills with Formal Description Languages
 Many authors, compiled by Peter Bernard Ladkin and Bernd Sieker
 This document compiles key contributions to a discussion on the use of formal description languages which took place in February 2014 on the System Safety mailing list, administered at the Faculty of Technology at the University of Bielefeld. It commenced with a request for comment. Pertinent contributions are included. A short commentary follows.
 25 February 2014
- 
The Importance of Logic in the Informatics Curriculum
 Peter Bernard Ladkin, RVS White Paper 6
 We have recently discussed the importance (or otherwise) of logic in our informatics curricula in Bielefeld. This white paper discusses why some study of formal languages with unambiguous semantics, and logic in particular, is essential for any informatics curriculum. (More White Papers on this topic are planned to follow.)
 18 February 2014
- 
Communications Privacy and Surveillance: References
 prepared by Peter Bernard Ladkin
 
 Thirteenth Version, 4 March 2014
 
 I am holding a seminar on communications privacy and surveillance this academic year (October 2013 - September 2014) and am compiling a list of WWW sources on the revelations starting in June 2013 on NSA and GCHQ surveillance of electronic communications, largely published by the Guardian newspaper in the UK, working with the New York Times and sometime the Washington Post in the US, and der Spiegel in Germany. These revelations started an important debate on the extent of surveillance, invasions of privacy, undermining the internet infrastructure, and the tensions and trade-offs between freedom, security and privacy, some of which we hope to conduct in the seminar. The document is updated on a roughly weekly basis.
 Thirteenth version 4 March 2014; first version 7 November 2013
- Unfallursachenanalyse The Galloping Ghost, 2011, Reno, Nevada
 [  PDF  3.4 M ]
 Bachelor Thesis by Rico Magnucki, RVS Group, September 2013
- 
Smart Meter Security Infrastructure: Some Observations
 Jan Sanders, RVS White Paper 5
 In 2012, Germany as well as great Britain were considering countrywide installation of so-called smart utility meters, which can communicate data in real-time on use of electricity, gas, and water in a building. We are concerned about the security issues that arise and wrote a very short overview, which we have conveyed to interested parties.
 12 May 2012, mildly revised 5 December 2013
- 
The Fukushima Dai-Ichi Accident
 Peter Bernard Ladkin, Bernd Sieker and Christoph Goeker, eds.
 Our book arising from the Eleventh Bieschweig Workshop in August 2011
is now available (December 2013) from the publisher, 
LIT Verlag WebShop (please note there is a button on the WWW site for English-language and German-language pages). It includes longer articles on both engineering and risk issues by  Lee Clarke, John Downer, Peter Bernard Ladkin,  Stephen Mosley, Charles Perrow, Volkmar Pipek and Gunnar Stevens, Bernd Sieker and Stefan Strohschneider and is dedicated to Hal Lewis, one of the pioneers of accurate risk assessment of nuclear-power technology.
 27 November 2013
- 
Gefährdungsanalyse des Ladesystems für Elektrofahrzeuge
 prepared by Peter Bernard Ladkin and Bernd Sieker
 The German organisation for electrotechnical standards, DKE, has an ongoing effort to standardise, and to participate in international standardisation of, electrotechnical equipment for electric road vehicles. Such vehicles have large-capacity batteries, and may be charged from dedicated charging stations either at the roadside and directly connected to the grid ("Ladesäule", so-called Mode 3 charging) or attached to building supply circuits (Mode 2 charging). A committee of the DKE has prepared a hazard and qualitative-risk analysis of Mode 3 charging. We publish it here to invite public comment. The document is written in the German language. The Version here is Version 8, from 13 September 2012.
 17 October 2013
- 
A preliminary draft of our new book on Safety of Computer-Based Systems is on-line (spoiler: the 2013 version is significantly extended).
 Safety of Computer-Based Systems
 Peter B. Ladkin, Jan Sanders, Bernd Sieker, et.al.
 [ Table of contents ] 
      RVS-Bk-11-01, draft version 1.0 of 27 July 2011.
- 
Assessing Critical SW as "Proven in Use": Pitfalls and Possibilities
 Peter Bernard Ladkin, RVS White Paper 4
 The paper tells a short story about a fictional SW provider for critical systems (those which may be subject to dangerous failures as defined in IEC 61508), in order to show the weaknesses of current criteria for qualifying SW as "proven in use" in IEC 61508:2010, and indeed in some current proposals for their replacement. It concludes by suggesting a possible alternative way in which SW may be qualified as "proven in use" for critical uses.
 17 June 2013
- 
IEC 61508 Case Study
 Peter Bernard Ladkin, RVS White Paper 3
 The White Paper describes a case study with some hard questions to which the author has not seen satisfactory answers. The case study stems from two 2009 notes to a mailing list, and a subsequent working paper presented to the German functional safety standardisation group DKE GK914 in 2009.
 20 February 2013
- 
61508 Weaknesses and Anomalies
 Peter Bernard Ladkin, RVS White Paper 2
 The White Paper describes current suggestions as to what is wrong with the functional safety standard IEC 61508
 12 February 2013, minor modification 20 February 2013
- 
Standards for Standards: Improving the Process
 Peter Bernard Ladkin, RVS White Paper 1
 The White Paper describes three principles for the development of technical standards which would improve both the technical quality of standards and their function as disseminating best practice.
 3 February 2013
- 
Root Cause Analysis: Terms and Definitions, Accimaps, MES, SOL and WBA
 Peter Bernard Ladkin
 From late 2012 until January 2013, I was involved in an effort to write a standard for causal analysis of focus events, Root Cause Analysis (RCA). Our WBA is a RCA technique, for example. Use of RCA seems to be split between the industrial quality-control community, who use it to improve processes, and accident analysts, who use it because most significant accidents must be causally analysed for a variety of legal and technical reasons. Our work derives from the accident-analysis community. This paper includes material on terms and definitions, as well as short surveys of the accident-analysis techniques mentioned in the title, which I produced for the standardisation effort but which will not be used, along with an introduction containing pointers to the literature on widely-used techniques which are not addressed here.
 21 January 2013
- 
Hot Issues in Software Safety Standardisation
 Peter Bernard Ladkin
 Slides for a Keynote talk PBL gave at the 2012 IET System Safety conference in Edinburgh on 16th October, 2012. A video of the talk, including a fine performance of one of PBL's favorite tunes, Gordon Duncan's composition Pressed for Time by the magnificent piper Lorne MacDougall (about 43 minutes into the video) can be found on IET.tv at this page
 20 November 2012
- 
Verbal Communication Protocols in Safety-Critical System Operations
 Peter Bernard Ladkin
 A version of an article written for the Handbook of Technical Communication, ed. A. Mehler and D. Gibbon, Mouton de Gruyter, Berlin, to appear 2012. It is about what the title says.
 18 November 2011
- 
The Assurance of Cyber-Physical Systems: Auffahr Accidents and Rational Cognitive Model Checking
 Peter Bernard Ladkin
 Aa somewhat whimsical draft, written in blog style, of a chapter or part of a chapter of a book on Cyber-Physical Systems, ed. H. Giese, B. Rumpe, B. Schätz and J. Sztipanovits, publisher under negotiation, 2012. The book arose, as did this note, from Seminar 11441 on Science and Engineering of Cyber-Physical Systems at the Leibniz Centre for Informatics at Schloss Dagstuhl in the Saarland on 1-4 November, 2011. PBL took part in the subgroup on certification and assurance of cyber-physical systems. Participants opined that there is something essentially new and different about assuring such systems (for safety, say) and this is an attempt to put a finger on one new aspect.
 17 November 2011
- 
Murphy Was An Optimist
 Kevin Driscoll, Honeywell International, Inc.
 Version 19 of a lecture by Kevin, which he had been invited to give at SAFECOMP 2010 in Vienna, which lecture PBL chaired. This set of slides includes the first known photograph of a Byzantine fault, something which before then was regarded as pure behavior. His photo is of a transistor which transmogrified into a capacitor, raising the daunting prospect of (as Kevin calls it) Transmogrification Analysis, which consists in analysing the behavior of a digital system in which electronic components morph into something else. Many thanks to Kevin for agreeing for us to present his fine lecture on this site!
  
- 
  The Fukushima Accident
 Peter Bernard Ladkin
 A version of the paper to accompany a keynote talk PBL gave at the 20th Safety-Critical Systems Symposium in Bristol in February 2012. The paper will be published in the Proceedings, to appear with Springer-Verlag, London, 2012. The original will be available at www.springerlink.com
 09 November 2011
- 
   A series of slide sets and essays
 Robin Bloomfield, Lee Clarke, John Downer, Peter Bernard Ladkin, Charles Perrow, Bernd Sieker, Martyn Thomas
 on the Fukushima nuclear accident and systems prone to extreme unsafe events (EUEs), given at the 11th Bieleschweig Workshop
 3-4 August 2011
- 
  Dependable Software: A View
 Peter Bernard Ladkin
 Slides for a Keynote talk at the Ada Connection 2011 conference in Edinburgh, Scotland. Note these are by no means the same as the paper below, which I wrote three months before, for the conference volume. But then Springer-Verlag insisted that I give them the copyright, which I am not willing to do for two reasons: (a) it is my intellectual property and they didn't offer to pay me for it, and (b) I don't think it appropriate to give a commercial company complete power over pro bono public service work, such as standardisation activity, on which the paper reports.
 21 June 2011
- 
   Functional Safety of Software-Based Critical Systems
 Peter Bernard Ladkin
 The paper to accompany PBL's Keynote talk at the Ada Connection/16th International Conference on Reliable Software Systems, Edinburgh, 21-23 June 2011
- 
   Systemanforderungsanalyse von Bahnbetriebsverfahren mit Hilfe der Ontological Hazard Analysis am Beispiel des Zugleitbetriebs nach FV-NE
 Bernd Manfred Sieker
 Doctoral Dissertation (in German), RVS Group TechFak and CITEC, Uni Bielefeld, April 2010
 
 
-                                                                                                                                                                      
   A Sustainable System Development Method with Applications
 I Made Wiryana
 Doctoral Dissertation, RVS Group TechFak, Uni Bielefeld, 2009
 
 
- 
   Zusicherung in der Anwendung von IEC 61508 Part 3
 Peter Bernard Ladkin
 Paper to accompany PBL's Invited Telk (in German), Proceedings of VDE 0803 Tagung zur Funktionalen Sicherheit IEC 61508: Sichere Software, 04-05 May 2011, VDE Verlag, 2011.
 
 
- 
   Securing The Interface: Safety-Critical Interaction Between Humans and Mobile Robots
 Peter Bernard Ladkin
 Keynote Talk, 4th IET International Conference on System Safety, London, 26-28 October 2009
 
 
- 
        Steps Towards a Robust Analysis of Procedure: New Formal
          Methods for Human-Machine Cooperative Tasks
 Peter Bernard Ladkin, Bernd Sieker
 submitted for publication, 
      13 July 2009
 
 
- 
        Dependable Risk Analysis for Systems with E/E/PE Components: Two Case Studies
 Jörn Stuphorn, Bernd Sieker, Peter Bernard Ladkin
 appeared in Chris Dale and Tom Anderson, editors,
        Safety-Critical Systems: Problems, Process and Practice, the proceedings of the Seventeenth Safety-Critical 
        Systems Symposium, Brighton, UK, 3-5 February 2009.
 
Back to Contents
- 
Notes on Properties Needed in Software Safety Requirements
 Peter Bernard Ladkin, Bernd Sieker, RVS White Paper 7
 This is a discussion of state of the art in formal software requirements engineering in safety-critical systems and formal
checking procedures for requirements. It is intended that the results of discussion will be introduced into the maintenance of IEC 61508-3.
Commentary please to ladkin@rvs.uni-bielefeld.de or bsieker@rvs.uni-bielefeld.de.
 24 April 2014
- 
The Importance of Logic in the Informatics Curriculum
 Peter Bernard Ladkin, RVS White Paper 6
 We have recently discussed the importance (or otherwise) of logic in our informatics curricula in Bielefeld. This white paper discusses why some study of formal languages with unambiguous semantics, and logic in particular, is essential for any informatics curriculum. (More White Papers on this topic are planned to follow.)
 18 February 2014
- 
Smart Meter Security Infrastructure: Some Observations
 Jan Sanders, RVS White Paper 5
 In 2012, Germany as well as great Britain were considering countrywide installation of so-called smart utility meters, which can communicate data in real-time on use of electricity, gas, and water in a building. We are concerned about the security issues that arise and wrote a very short overview, which we have conveyed to interested parties.
 12 May 2012, mildly revised 5 December 2013
- 
Assessing Critical SW as "Proven in Use": Pitfalls and Possibilities
 Peter Bernard Ladkin, RVS White Paper 4
 The paper tells a short story about a fictional SW provider for critical systems (those which may be subject to dangerous failures as defined in IEC 61508), in order to show the weaknesses of current criteria for qualifying SW as "proven in use" in IEC 61508:2010, and indeed in some current proposals for their replacement. It concludes by suggesting a possible alternative way in which SW may be qualified as "proven in use" for critical uses.
 17 June 2013
- 
IEC 61508 Case Study
 Peter Bernard Ladkin, RVS White Paper 3
 The White Paper describes a case study with some hard questions to which the author has not seen satisfactory answers. The case study stems from two 2009 notes to a mailing list, and a subsequent working paper presented to the German functional safety standardisation group DKE GK914 in 2009.
 20 February 2013
- 
61508 Weaknesses and Anomalies
 Peter Bernard Ladkin, RVS White Paper 2
 The White Paper describes current suggestions as to what is wrong with the functional safety standard IEC 61508
 12 February 2013, minor modification 20 February 2013
- 
Standards for Standards: Improving the Process
 Peter Bernard Ladkin, RVS White Paper 1
 The White Paper describes three principles for the development of technical standards which would improve both the technical quality of standards and their function as disseminating best practice.
 3 February 2013
Back to Contents 
- 
Practical Statistical Evaluation of Critical Software
 Peter Bernard Ladkin and Bev Littlewood
 in Mike Parsons and Tom Anderson (eds.), Developing Safe Systems, Proceedings of the Twenty-fourth Safety-critical Systems Symposium, Brighton, UK, 2nd-4th February, 2016, ISBN 978-1519420077, SCSC/Amazon 2016.
 2 February 2016
- 
Resilience is an Emergent System Property: A Partial Argument
 Peter Bernard Ladkin and Bernd Sieker
 in Mike Parsons and Tom Anderson (eds.), Developing Safe Systems, Proceedings of the Twenty-fourth Safety-critical Systems Symposium, Brighton, UK, 2nd-4th February, 2016, ISBN 978-1519420077, SCSC/Amazon 2016.
 2 February 2016
- 
Some Practical Issues in Statistically Evaluating Critical Software
 Peter Bernard Ladkin
 Proceedings of the IET System Safety and Cyber Security Conference 2015, 20-22 October, Bristol UK, ISBN 978-1-78561-092-9, eISBN 978-1-78561-093-6, ISSN 0537-9989 Reference PEP...U, IET 2015.
 21 October 2015
- 
Risks People Take and Games People Play
 Peter Bernard Ladkin
 in Parsons, M. and Anderson,
T., Engineering Systems for Safety, Proceedings of the Twenty-Third Safety Critical Systems
Symposium, SSS 2015, Bristol, UK, 3-5 February 2015, ISBN 978-1505689082, SCSC/Amazon.
 04 Febuary 2015
- 
The Fukushima Dai-Ichi Accident
 Peter Bernard Ladkin, Bernd Sieker and Christoph Goeker, eds.
 Available at LIT Verlag WebShop (please note there is a button on the WWW site for English-language and German-language pages).
 27 November 2013
- 
Verbal Communication Protocols in Safety-Critical System Operations
 Peter Bernard Ladkin
 in Handbook of Technical Communication, ed. A. Mehler and D. Gibbon, Mouton de Gruyter, Berlin, 2012.
 18 November 2011
- 
  The Fukushima Accident
 Peter Bernard Ladkin
 in Chris Dale, Tom Anderson, eds., Achieving Systems Safety, Proceedings of the Twentieth Safety-Critical Systems Symposium, Bristol, UK, 7-9th February 2012, Springer-Verlag, London 2012. The original is available at www.springerlink.com
 09 November 2011
- 
   Zusicherung in der Anwendung von IEC 61508 Part 3
 Peter Bernard Ladkin
 Paper to accompany PBL's Invited Telk (in German), Proceedings of VDE 0803 Tagung zur Funktionalen Sicherheit IEC 61508: Sichere Software, 04-05 May 2011, VDE Verlag, 2011.
 
 
- 
   Securing The Interface: Safety-Critical Interaction Between Humans and Mobile Robots
 Peter Bernard Ladkin
 Keynote Talk, 4th IET International Conference on System Safety, London, 26-28 October 2009
        - 
        Dependable Risk Analysis for Systems with E/E/PE Components: Two Case Studies
 Jörn Stuphorn, Bernd Sieker, Peter Bernard Ladkin
 appeared in Chris Dale and Tom Anderson, editors,
        Safety-Critical Systems: Problems, Process and Practice, the proceedings of the Seventeenth Safety-Critical 
        Systems Symposium, Brighton, UK, 3-5 February 2009.
 
        - Opinion - Taking Software Seriously
 Peter B. Ladkin
 [ PDF ] 
    Journal of System Safety 41(3), May-June 2005
 
        - Ontological Analysis
 Peter B. Ladkin
 [ PDF ] Safety Systems 14(3), May 2005
 
  - Causal Analysis of the ACAS/TCAS Sociotechnical System
 Peter B. Ladkin
 Invited paper, in Safety Critical Systems and Software 2004, the Proceedings of the 9th Australian Workshop on 
Safety-Related Programmable Systems,
volume 47 of Conferences in Research and Practice in Information Technology, ed. Tony Cant, Australian Computer Society, 2005.
 [ PDF ] RVS-RR-05-01, 24 January 2005
 
  - Two Causal Analyses of the Black Hawk Shootdown During Operation Provide Comfort
 Peter B. Ladkin
 Invited paper, in Safety Critical Systems and Software 2003, the Proceedings of the 8th Australian Workshop on 
Safety Critical Software and Systems,
volume 33 of Conferences in Research and Practice in Information Technology, ed. Peter Lindsay and Tony Cant, Australian Computer Society, 2004.
 [ PDF ] October 2004
 
    -  
     Causal Analysis of Aircraft Accidents 
 Peter B. Ladkin
 Invited Paper in Computer Safety, Reliability and Security, 
   Proceedings of the 19th International Conference, SAFECOMP 2000,
     Lecture Notes in Computer Science No. 1943, Springer-Verlag, 2000
  -  
     Formalism Helps in Describing Accidents 
 Peter Ladkin and Karsten Loer
 in 18th Digital Avionics Systems Conference Proceedings, 
     IEEE Press, 1999
  -  
     Lazy Caching in TLA 
 Peter Ladkin, Leslie Lamport, Bryan Olivier, and Denis Roegel
 in Distributed Computing 12:151-174, 1999
  -  
     Implementing and Verifying Message Sequence Chart Specifications
        Using Promela/XSpin 
 Stefan Leue and Peter Ladkin
 in The SPIN Verification System,
  ed. J.-C. Grégoire, G. Holtzmann and D. Peled,
    DIMACS Series Vol. 32, American Mathematical Society, 1997, 65-89.
     This paper conjoins the work reported in
       - 
          Implementing Message Sequence Charts in Promela, 
 by Stefan Leue and Peter B. Ladkin,
 in Proceedings of the
           First SPIN Workshop, ed J.-C. Grégoire, 
           Montréal, Canada, October 1995;
- 
          Implementing and Verifying Scenario-Based Specifications          
          Using Promela/XSpin
           by Stefan Leue and Peter B. Ladkin,
 in Proceedings of the
           Second SPIN Workshop, 
           Rutgers University, New Brunswick, New Jersey, August 1996;
 
  -  
      Simple Reasoning With Time-Dependent Propositions 
 Maroua Bouzid and Peter Ladkin
 To appear in the Journal of the IGPL, 1997.
  -  
     From logic to manuals again
 Harold Thimbleby and Peter Ladkin
 in IEE Proceedings - Software Engineering 144(3):185-192, June 1997
   -  
     Fast Algebraic Methods for Interval Constraint Problems 
 Peter Ladkin and Alexander Reinefeld
 Invited Paper in 
       Annals of Mathematics and Artificial Intelligence 19:383-411, 1997
 This paper extends results reported in
      - A Symbolic Approach to Interval Constraint Problems,
 by Peter Ladkin and Alexander Reinefeld,
 in Artificial Intelligence and 
             Symbolic Mathematical Computing, 
             ed. Jacques Calmet and John A. Campbell,
             LNCS vol. 737, pp65-84, Springer Verlag, 1993;
- Fast Solution of Large Interval Constraint Networks,
 by Alexander Reinefeld and Peter Ladkin,
 in Proceedings of AI'92,
             the 9th Canadian Conference on Artificial Intelligence,
             ed. Janice Glasgow and Roland Hedley, pp156-162, 
             Morgan Kaufmann, San Mateo, California, 1992;
- Effective solution of qualitative interval constraint 
             problems,
 by Peter B. Ladkin and Alexander Reinefeld,
 Artificial Intelligence 57:105-124, September 1992;
 
  -  
     From Logic To Manuals 
 Harold Thimbleby and Peter Ladkin
 in Software Engineering Journal 11(6):347-354, 1996
  -  
      Analysis of a Technical Description of the Airbus 
        A320 Braking System 
 Peter Ladkin
 in High Integrity Systems 1(4):331-349, 1995
  -  
     Static Deadlock Analysis for CSP-Type Communications
 Peter Ladkin and Barbara Simons
 in  Responsive Computer Systems:
   Steps Toward Fault-Tolerant Real-Time Systems, 
      ed. D. N. Fussell and M. Malek,
   Kluwer, 1995
  -  
     A proper explanation when you need one 
 Harold Thimbleby and Peter Ladkin
 in People and Computers X, 
      Proceedings of the BCS Conference on Human-Computer
     Interaction, HCI'95, Cambridge University Press, 1995.
  -  
     Interpreting Message Flow Graphs 
 Peter Ladkin and Stefan Leue
 in Formal Aspects of Computing 7(5):473-509, 1995
 
  
  -  
     Comments on a Proposed Semantics for Message Sequence Charts
 [ 
      Postscript | 
      
      DVI ]
 Peter Ladkin and Stefan Leue
 Technical Correspondence, The Computer Journal 37(9):814-815,
       1995.
  - 
     Four Issues Concerning the Semantics of Message Flow Graphs
 [ 
      Abstract | 
  
      Zip-ed Postscript, 81K ]
 Peter B. Ladkin and Stefan Leue
 Formal Description Techniques VII,ed. D. Hogrefe
       and S. Leue,IFIP Series, Chapman and Hall, 1995
- On Binary Constraint Problems
  [ 
    Abstract | 
    
    Postscript | 
    
    DVI ] 
 by Peter B. Ladkin and Roger D. Maddux,
 Journal of the ACM 41(3):435-469, May 1994.
 This paper is a substantial reworking of the technical report:
      - On Binary Constraint Networks,
          by Peter B. Ladkin and Roger Maddux,
 Technical Report KES.U.88.8, Kestrel Institute, 1988.
 but does not include the parts on
     the derivation of the pointisable relations
     (due independently to P. van Beek) or the construction of the 
    IA from certain four-node path-consistent networks of the PA,
    later generalised by R. Hirsch in Relation Algebras of Intervals,
    preprint, Imperial College of Science and Technology, London, 1994;
- Comments on a Paper by Voas, Payne and Cohen, 
    "A model for detecting the existence of software corruption in
     real time"
     [ Postscript |
       DVI ] 
 by Peter Ladkin and Harold Thimbleby,
 Computers and Security 13(6):527-531, October 1994;
- What Do Message Sequence Charts Mean?
     [ Zip-ed Postscript, 90K ] 
 by Peter B. Ladkin and Stefan Leue,
 in Formal Description Techniques VI, IFIP Transactions C, 
     ed. R. L. Tenney, P. D. Amer and M. U. Uyar, 
     North-Holland, 1994
- Integrating Metric and Qualitative Temporal Reasoning
     [ Postscript |
       DVI ] 
 by Henry Kautz and Peter B. Ladkin,
 in AAAI-91, Proceedings of the 9th National Conference on Artificial
     Intelligence, MIT/AAAI Press, 1991;
- Satisfying First-Order Constraints About Time Intervals
 by Peter Ladkin
 in AAAI-88, Proceedings of the 7th National Conference on Artificial
     Intelligence, Morgan Kaufmann, 1988;
 an extended version of this paper is to be found in Ladkin's
     Ph.D. Thesis.
- The Completeness of a Natural System for Reasoning 
        with Time Intervals
 by Peter Ladkin,
 in IJCAI-87, Proceedings of the 10th International Joint Conference 
     on Artificial Intelligence, 1987;
 a version of this paper is to be found in Ladkin's
     Ph.D. Thesis.
- Models of Axioms for Time Intervals
 by Peter Ladkin
 in AAAI-87, Proceedings of the 6th National Conference on Artificial
     Intelligence, Morgan Kaufmann, 1987;
 a version of this paper is to be found in Ladkin's
     Ph.D. Thesis.
- Specification of Time Dependencies and Synthesis of Concurrent
       Processes
 by Peter Ladkin
 in Proceedings of the 9th International Conference on Software
     Engineering, IEEE Press, 1987;
 a version of this paper is to be found in Ladkin's
     Ph.D. Thesis.
- Primitives and Units for Time Specification
 by Peter Ladkin
 in AAAI-86, Proceedings of the 5th National Conference on Artificial
     Intelligence, Morgan Kaufmann, 1986;
 a version of this paper is to be found in Ladkin's
     Ph.D. Thesis.
- Time Representation: A Taxonomy of Interval Relations
 by Peter Ladkin
 in AAAI-86, Proceedings of the 5th National Conference on Artificial
     Intelligence, Morgan Kaufmann, 1986;
 a version of this paper is to be found in Ladkin's
     Ph.D. Thesis.
Back to Contents
Back to Contents
For purposes of reference, reports are fully described as 
Research Report RVS-RR-yy-nn, RVS Group, Faculty of Technology, University of Bielefeld, 19yy or 20yy
        - 
        Forensic Analysis on Nakula and Antareja 
	Machine Incidents on 18th January 2002
 I Made Wiryana, Avinanta Tarigan
 [ PDF ] RVS-RR-02-02, 
      18 January 2002
 
- 
        Why-Because Analysis of the Glenbrook, NSW Rail
        Accident and Comparison with Hopkins's Accimap
 Peter B. Ladkin
 [ PDF ] RVS-RR-05-05, 19 December 2005
 The report is accompanied by a separate document,
      The Glenbrook Why-Because Graphs, Causal Graphs, 
      and Accimap(PDF)
      reproducing the figures in the report in a format more amenable to reading.
- Checking and Comparison of WB-Graphs
 Peter B. Ladkin
 [ PDF ] RVS-RR-05-04, 9 December 2005
 
- Privacy Checklist for Privacy Enhancing Technology Concepts for RFID Technology Revisited
 Bernd Sieker, Peter B. Ladkin, Jan E. Hennig
 [ PDF ] RVS-RR-05-03, 13 October 2005
 
- WB-Analysis of the attack on the Nakula and Antareja machines in January 2002
 Lars Molske, Damian Nowak, Peter B. Ladkin
 [ PDF, 3.23MB ] RVS-RR-05-02, 30 June 2005
 
- Absehbare Risiken und Wirkungen beim RFID-Einsatz
 Jan E. Hennig, Peter B. Ladkin, Bernd Sieker
 [ Postscript, 240KB ], RVS-RR-04-04, 21 December 2004
 
- The Crash of AA587: A Guide
 Peter B. Ladkin
 [ PDF ] RVS-RR-04-03, 18 November 2004
 
- Privacy Enhancing Technology Concepts for RFID Technology Scrutinised
 Jan Hennig, Peter B. Ladkin, Bernd Sieker
 [ PDF ] RVS-RR-04-02, 28 October 2004
 
- Preserving Privacy in RFID Deployment
 Jan E. Hennig
 [ PDF ] RVS-RR-04-01, 23 March 2004
 
- WBA of the Royal Majesty Accident
 Lars Heidiecker, Nils Hoffmann, Peter Husemann, Peter B. Ladkin, Jan Paller, Jan Sanders, Jörn Stuphorn, Andreas Vangerow
 [ Paper, PDF | Slides, PDF ] RVS-RR-03-01, 1 July 2003
 
-  The Pre-Implementation Safety Case for
     RVSM in European Airspace is Flawed
 Peter B. Ladkin
 [ Abstract | 
      HTML (18K) ]
    RVS-Occ-02-03, 29 August 2002.
-  ACAS and the South German Midair
 Peter B. Ladkin
 [ Abstract | 
      HTML (52K) ]
    RVS-Occ-02-02, 12 August 2002.
-  Building a Corpus for Cockpit Voice
           Recorder Transcripts
 Oliver Hölz and Thomas Hettenhausen
 [ Abstract | 
      PDF Version 
         (274K) |
      PS Version 
         (443K) ]
    RVS-Occ-01-06, 23 October 2001.
-  Building a Parser for ATC Language
 Martin Ellermann and Mirco Hilbert
 [ Abstract | 
      PDF Version 
         (368K) | 
      PS Version 
         (516K) ]
    RVS-Occ-01-05, 18 February 2002.
-  Review of the Cushing Grammar
 Martin Ellermann and Mirco Hilbert
 [ Abstract | 
      PDF Version 
         (240K) | 
      PS Version 
         (226K) ]
    RVS-Occ-01-02, 23 July 2001.
-  Sociology of Scientific Knowledge Is Not
                                   Radically Sceptic
 Peter B. Ladkin
 [ Abstract | 
      HTML ]
    RVS-Occ-02-01, 24 January 2002.
-  Computational Analysis of Airplane
        Cockpit-Voice-Recording Transcripts
 Andre Döring, Mark McGovern and Jan Sanders
 [ Abstract | 
      PDF Version (218K) ]
    RVS-Occ-01-07, 11 November 2001.
-  Developing an ATC Grammar using the
          Review of the Cushing Grammar
 Martin Ellerman and Mirco Hilbert
 [ Abstract | 
      PDF Version (364K) |
        Postscript Version 
        (294K) ]
    RVS-Occ-01-03, 28 June 2001.
-  How to Generate Fault Trees from Causal
          Influence Diagrams
 Peter B. Ladkin, Bernd Sieker and Joachim Weidner
 [ Abstract | 
      PDF Version (333K) |
        Postscript Version 
        (705K) ]
    RVS-Occ-01-04, 19 June 2001.
-  An Example of Everyday Risk Assessment
 Peter B. Ladkin
 [ Abstract | 
      PDF Version (145K) |
        Postscript Version 
        (137K) ]
    RVS-Occ-01-01, 2 February 2001.
-  EMI, TWA 800 and Swissair 111
 Peter B. Ladkin, Willi Schepper
 [ Abstract | 
      PDF Version (336K) |
        Postscript Version 
        (202K) ]
    RVS-Occ-00-01, 10 October 2000.
- On Classification of Factors in Failures and
   Accidents
 [ Abstract |
  (HTML, English, 97K) ]
 Peter B. Ladkin, 16 July 1999, extended 04 August 1999, 
    Report RVS-Occ-99-04.
- Analysis of Data Discontinuities
 [ Abstract |  
      (HTML, 94K) ]
 Michael Blume, Dominic Epsom, Heiko Holtkamp, Peter B. Ladkin, 
    I Made Wiryana, 25 January 1999,  Report RVS-Occ-99-01.
- Hazards, Risk and Incoherence
 [ Abstract |  
      (HTML, 35K) ]
 Peter B. Ladkin, 15 June, extended 28 June, 1998, 
        Report RVS-Occ-98-01.
- Analysing the 1993 Warsaw Accident 
         With a WB-Graph
 [ Abstract |  
      (HTML, 30K) ]
 Michael Höhl and Peter B. Ladkin,
      8 September 1997, Report RVS-Occ-97-09.
- Using the Temporal Logic of Actions: 
         A Tutorial on TLA Verification
 [ Abstract |  Paper, 69pp:
      (PS, gzipped, 169K), 
      (DVI, gzipped, 59K) ]
 Peter Ladkin,
      17 June 1997, Report RVS-RR-97-08
 Invited Tutorial on TLA, Second International Conference on Temporal
   Logic, Manchester, England, 14-18 July, 1997.
- Beschreibung eines vagen 
         Echtzeit-Hybrid-Systems in TLA+
 [ Abstract | 
      Paper
    (PS, 200K) ]
 Lutz Sommerfeld, Peter Ladkin,
      17 June 1997, Report RVS-RR-97-07
 Paper given at the 7.GI/ITG-Fachgespräch: Formale 
   Beschreibungstechniken für verteilte Systeme (7th German Society for
   Informatics Workshop on Formal Description Techniques for Distributed
   Systems, Berlin, 19-20 June, 1997).
-  
      Formalising Failure Analysis
      [ Abstract | 
      Paper ] 
 Thorsten Gerdsmeier, Peter Ladkin, Karsten Loer,
      4 June 1997, Report RVS-Occ-97-06
-  Safely Sliding Windows
      [ Abstract ]
 Dirk Henkel,
      5 May, revised 19 November, 1997
 Report RVS-RR-97-05a (Specifications and Proofs):
      [ DVI 30K, gzipped |
        PS 116K, gzipped ]
 Report RVS-RR-97-05b (Commented Specifications only):
      [ DVI 12K, gzipped | 
        PS 59K, gzipped ]
 Recommended by Prof. Stefan Leue, Department of Electrical and Computer
      Engineering, University of Waterloo, Canada.
-  
      Abstraction and Modelling
 Peter B. Ladkin,
      16 April 1997, Report RVS-Occ-97-04
-  
      Logical Form as a Binary Relation
 Peter B. Ladkin,
      16 April 1997, Report RVS-Occ-97-03
-  
     A Tool For Building and Analysing WB-Graphs
 Thorsten Gerdsmeier,
      3 March 1997, Research Report RVS-RR-97-02
 Recommended by Prof. D. Gibbon, Linguistik und Literaturwissenschaft,
     Uni Bielefeld.
-  
     Analysing the Cali Accident With a WB-Graph
 Thorsten Gerdsmeier, Peter Ladkin and Karsten Loer
 Second Version, 13 March 1997 (first version, 14 January 1997), 
       Research Report RVS-RR-97-01
 in Participant's Proceedings of the first Workshop on Human Error and
     Systems Development,
 Technical Report GAAG TR-97-2,
     Glasgow Accident Analysis Group, University of Glasgow.
-  
     News and Comment on the AeroPeru B757 Accident
 Peter Ladkin
 8 November 1996, Research Report RVS-RR-96-16
-  
     A Note on a Note on a Lemma of Ladkin 
 Peter Ladkin
 13 September 1996, revised 14 October 1996, Research Report RVS-RR-96-15
-  
     Some Dubious Theses in the Tense Logic of Accidents
 Peter Ladkin
 27 September 1996, Research Report RVS-RR-96-14
-  
     Explaining Failure with Tense Logic
 Peter Ladkin
 10 September 1996, Research Report RVS-RR-96-13
-  
     Formalism Helps in Describing Accidents
 Peter Ladkin
 4 September 1996, Research Report RVS-RR-96-12
-  
     On Needing Models 
 Peter Ladkin
 22 February 1996, Research Report RVS-RR-96-11
-  
     Comments on Confusing Conversation at Cali
 Dafydd Gibbon and Peter Ladkin
 7 February 1996, Research Report RVS-RR-96-10
-  
     Reasons and Causes
 Peter Ladkin
 31 January 1996, Research Report RVS-RR-96-09
-  
     The X-31 and A320 Warsaw Crashes: Whodunnit?
 Peter Ladkin
 Revised version 28 January 1996, Research Report RVS-RR-96-08
-  
     Formal but Lively Buffers in TLA+ 
 Peter Ladkin
 7 January 1996 - New Version, Research Report RVS-RR-96-07
-  
     Lazy Cache Implements Complete Cache 
 Peter Ladkin
 7 January 1996, Research Report RVS-RR-96-06
-  
     Future University Computing Resources 
 Peter Ladkin
 7 November 1995, Research Report RVS-RR-96-05
-  
  An Algebraic Approach to General Boolean Constraint Problems
 Hans-Werner Güsgen and Peter Ladkin
 23 April 1995, Research Report RVS-RR-96-04
-  
     Correctness in System Engineering 
 Peter Ladkin
 2 April 1995, Research Report RVS-RR-96-03
Back to Contents
Back to Contents
  -  
	Statement on Digital Wireless Technologies Prepared for the EU 6th Framework Consultation,
	8 April 2004
        .
 [ Abstract |
           PDF 
           96K ]
 Jan Hennig, RVS-S-04-01, 8 April 2004.
-  Memorandum to the Transport Sub-Committee on
        the Costing of NERC, 26 November 1998.
 Memorandum FN 12
         in (UK) House of Commons, Session 1998-99, Environment, Transport
         and Regional Affairs Committee, Third Report, The Future of
         National Air Traffic Services, pp52-55.
 [ Abstract |
           HTML 
           19K ]
 Peter B. Ladkin, RVS-S-98-02, 26 November 1998.
-  Evidence to the Transport Subcommittee on
        NERC/NSC, Wednesday 11 March, 1998.
 Memorandum ATC 20A
         in (UK) House of Commons, Session 1997-98, Environment, Transport
         and Regional Affairs Committee, Fourth Report, Air Traffic
         Control, Vol II (Minutes of Evidence and Appendices taken before
         the Transport Sub-Committee), pp161-167.
 [ Abstract |
           HTML 
           34K ]
 Peter B. Ladkin, RVS-S-98-01, 8 March 1998.
-  Letter to the Transport Subcommittee on
       NERC/NSC, Monday 17 November, 1997.
 Memorandum ATC 20
         in (UK) House of Commons, Session 1997-98, Environment, Transport
         and Regional Affairs Committee, Fourth Report, Air Traffic
         Control, Vol II (Minutes of Evidence and Appendices taken before
         the Transport Sub-Committee), pp157-161.
 [ Abstract |
           HTML 
           28K ]
 Peter B. Ladkin, RVS-S-97-01, 17 November 1997.
Back to Contents
Back to Contents
Books have a series number RVS-Bk-nn and an edition
date of publication, which appears below.
    - 
    Digital System Safety - Mostly Qualitative Aspects
 Peter Bernard Ladkin
 [ Table of contents ] RVS-Bk-17-02, 11 December 2017
 
  - 
  A Critical-System Assurance Manifesto: Issues Arising from IEC 61508
 Peter Bernard Ladkin
 A number of issues in critical-system assurance have arisen during discussions about the next
edition of the digital-system functional safety standard IEC 61508. This book discusses statistical
evaluation, some key concepts with suggestions for redefinition where appropriate, and issues
concerning safety and and the increasing importance of effective cybersecurity. The chapters will be
individually updated as the conversation progresses.
 [ Table of contents ] RVS-Bk-17-01, 10 December 2017
 
 -  Safety of Computer-Based Systems
 Peter B. Ladkin, Jan Sanders, Bernd Sieker, et.al.
 [ Table of contents ] 
      RVS-Bk-11-01, draft version 1.0 of 27 July 2001.
 -  Causal System Analysis
 Peter B. Ladkin
 [ Table of contents ]
      RVS-Bk-01-01, draft version 2.0 of 14 August 2001.
 - 
      Static Analysis of Communicating Processes
 [ Abstract | 
      
      Postscript ]
 Peter Ladkin and Barbara Simons
 preliminary, incomplete version 22 April 1995
 This book includes chapters corresponding to material in
    - Compile-Time Analysis of Communicating Processes, 
 by Peter Ladkin and Barbara Simons,
 in Proceedings of the 1992 International
        Conference on Supercomputing, pp248-259, ACM Press, 1992;
- Static Deadlock Analysis for CSP-Type Communications,
 by Peter B. Ladkin and Barbara B. Simons,
 Chapter 5 of Responsive Computer Systems:
        Steps Toward Fault-Tolerant Real-Time Systems, ed. Donald S.
        Fussell and Miroslaw Malek, Kluwer Academic Publishers, 1995.
- Static Analysis of Multiway Sychronization, 
 by Peter B. Ladkin and Barbara B. Simons,
 in Proceedings of CASCON'94, ed. J. Botsford, A. Gawman,
        M. Gentlemen, E. Kidd, K. Lyons and J. Slonim, pp142-156, IBM
        Toronto Lab and Natural Sciences and Engineering Research Council,
        Toronto, Canada, 1994.
 
Back to Contents
- The Logic of Time Representation
  [ 
    Abstract | 
    
    Postscript | 
    
    DVI ] 
 My thesis was written in partial fulfilment of the requirements of the
    degree of Ph.D. in Logic and the Methodology of Science (Tarski founded
    the L&M Group)
    at the University of California, Berkeley, granted in December 1987. 
    For the curious, my advisor
    was Ralph McKenzie (Math) and the two other reading committee members were
    Stuart Russell (CS) and Ernest Adams (Philosophy). Examiners included also
    Manuel Blum (CS) and Jack Silver (Math).
 My thesis includes chapters corresponding to the following papers:
      - Primitives and Units for Time Specification 
         (Proceedings of AAAI-86, pp354-359);
      
- Time Representation: A Taxonomy of Interval Relations
 (Proceedings of AAAI-86, pp360-366);
- Models of Axioms for Time Intervals 
          (Proceedings of AAAI-87, pp234-239);
      
- The Completeness of a Natural System for Reasoning with Time
          Intervals 
 (Proceedings of IJCAI-87, pp462-467);
- Specification of Time Dependencies and Synthesis of Concurrent
          Processes 
 (Proceedings of 9th ICSE, IEEE Press 1987, pp106-115);
- Satisfying First-Order Constraints About Time Intervals 
 (Proceedings of AAAI-88, pp512-517).
 
Back to Contents
Essays include commentary of various sorts, from innovative to 
expository to whimsical.
 -  Fuel Flammability, Flight Path Coercion and
          Technical Security Analysis
 Peter B. Ladkin with Frank Taylor
 [ Abstract | 
      HTML ]
    RVS-J-01-01, 17 September 2001.
- Talking to Newspapers: A Cautionary 
         Tale with Moral
 [ Abstract |
       (HTML, English, 26K) ]
 Peter B. Ladkin, 
    Report RVS-J-99-01, 16 July 1999.
- The Year 2000 Problem
 [ Abstract |  
      (HTML, English, 23K) |
      (HTML, German, 26K) ]
 Heiko Holtkamp, Peter B. Ladkin,
 Report RVS-J-98-05,  30 October 1998.
- The Risks of Hubris,
     Inside Risks, Communications of the ACM 41(12), Dec. 1998
 [ Abstract |  
      (HTML, 6K) ]
 Peter B. Ladkin 
      28 October 1998, Report RVS-J-98-04.
-  EMI and TWA800: Critique of a Proposal
 [ Abstract |  
      (HTML, 16K) ]
 Peter B. Ladkin, RVS-J-98-03, 10 April 1998.
-  The Ariane 5 Accident: A Programming Problem?
 [ Abstract |  
      (HTML, 25K) ]
 Peter B. Ladkin, RVS-J-98-02, 20 March 1998.
- The Crash of Flight CI676, 
     a China Airlines Airbus A300, Taipei, Taiwan, Monday 16 February, 1998:
     What We Know So Far
 [ Abstract |  
      (HTML, 41K) ]
 Peter Ladkin, RVS-J-98-01, 19 February 1998.
- University Education in the US, UK and Germany:
       A Quick Comparison
 [ Abstract |  
      (HTML, 23K) ]
 Peter Ladkin, RVS-J-97-12, 11 December 1997.
- Ziele zur Hochschulreform
 [ Abstract |  
      (HTML) ]
 Dirk Stössel u.a., RVS-J-97-11, 2 December 1997.
- Risks of Technological Remedy,
     Inside Risks, Communications of the ACM 40(11):160, Nov. 1997
 [ Abstract |  
      (HTML, 6.5K) ]
 Peter B. Ladkin 
      10 September 1997, Report RVS-J-97-10.
-  
    The Crash of Flight KE801, 
     a Boeing B747-300, Guam, Wednesday 6 August, 1997:
 What We Know So Far
 Peter B. Ladkin
    RVS-J-97-09, 11 September 1997.
-  
    Controlled Flight Into Terrain: 
    What is Being Done?
 Peter B. Ladkin
    RVS-J-97-08, 21 August 1997.
-  
    Flying An ILS or Localiser 
          Approach - An Example 
 Peter B. Ladkin,
     RVS-J-97-07, 25 August 1997.
-  
    Traditional Aviation Radio 
     Navigation: An Introduction
 Peter B. Ladkin
     RVS-J-97-06, 20 August 1997.
-  
    
    Unravelling the Nets: 
    Some observations prompted by Rochlin's study `Trapped in the Net'
 Peter B. Ladkin,
    RVS-J-97-05, 3 August 1997.
-  
    
    To Drive or To Fly - Is That Really The Question?
 Peter B. Ladkin,
    RVS-J-97-04, 24 July 1997.
-  
    Electromagnetic Interference with Aircraft Systems: why worry?
 Peter B. Ladkin with colleagues,
    RVS-J-97-03, 13 July 1997.
-  
          
     Research Careers in German Universities:
    a short guide, with diversions, for the curious.
 Peter B. Ladkin, 
    RVS-J-97-02, 29 June 1997.
-  
     
     How Aircraft Crash: Accident Reports and Causal Explanation
 Thorsten Gerdsmeier, Michael Höhl, Peter Ladkin, Karsten Loer
 RVS-J-97-01, 11 June 1997.
 Prepared for the Magazine Forschung an der Universität Bielefeld
     volume 16, University of Bielefeld, 1997 (in German).
Back to Contents
The on-line Forum on Risks to the Public in Computers and Related Systems has been
compiled by Peter Neumann from contributions from others for twenty years. It is
a publication of the ACM Committee on Computers and Public Policy.
Here follow links to articles by Peter Ladkin up until October 2005. More
recent contributions by Peter Ladkin may be found by searching the Risks archives.
Back to Contents
Back to Contents
Back to Contents
 Note: This list has not been maintained since the year 2000.
- The german television channel RTL-II carried a program on
prime time (10:15) entitled "Die schreckliste
Flugabst\"urtze der Welt" (The world's worst air accidents)
on 15 January 2000, which contained significant
footage of military and commercial accidents in progress, along
with some commentaries from Peter Ladkin and others.
- The magazine program Absolut Resitarits on Austrian
televison ORF carried a report on the risks of high-technology
in aircraft and air traffic control on 8 July, 1999. This report 
included a live discussion with Peter Ladkin, H-Jürgen Lachmann,
President of the German professional pilot's association 
Vereinigung Cockpit, and Capt. Rudolph Rausch, Flight
Safety Manager at Austrian Airlines.
- The Austrian newspaper Kurier carried a report on
Peter Ladkin's work, based unfortunately also on the Sunday
Times article of 27 June, sometime in the period 28-30 June.
- On 28 June, 1999, the German newspaper Bild, and
the Hamburger Abendblatt (Hamburg) both carried reports
of Peter Ladkin's work, unfortunately based on the Sunday Times
report of 27 June. The |textit{Hamburger Abendblatt published
a correction in the form of a letter from Peter Ladkin on 6 July,
and Bild published a correction on 9 July.
- On 27 June, 1999, the (London) Sunday Times carried a report
entitled "Faulty computers blamed for `pilot error' jet 
crashes", which was based on an interview with Peter Ladkin.
Unfortunately, the article misrepresented Ladkin's work or what
he said, and a correction was published by the Sunday Times on
11 July, 1999.
- On 8 March, 1999, the German television channel SAT1
broadcast an edition of Planetopia, a magazine program 
which reports on new developments in science and technology, which 
carried a report based on an interview with Peter Ladkin
about high-technology aerospace accidents, in particular the 
X-31 and Ariane 501 accidents.
- The Dutch weekly Vrij Nederland carried an article De
Logica van een vliegramp by Rob Sijmons, on aircraft accidents
with new technology and the use of WBA to explain them, based on an
interview with Peter Ladkin, in its edition of 10 October (No. 41),
1998, pages 42-44.
 
- The German bi-weekly computer magazine c't carried two
short articles by Peter Ladkin, Fallstricke auf dem Weg ins
All, about the Ariane 501 failure, its WB-graph and the
requirements engineering failure (pages 158-9), and Flug ins
Ungewisse, about accidents with new-technology aircraft (page
164), in its 1998 volume 19, 14-27.9.1998.
- The British science news weekly New Scientist carried an
article High Anxiety by Mark Ward, about the problems with the
development of the software for the New En-Route Center air traffic
control system, based on interviews with Peter Ladkin and others, in
its No. 2145 of 1 August, 1998, pages 18-19.
- Die Deutsche Welle radio taped a short interview with
Peter Ladkin concerning WBA, new automation, and safety of commercial
aviation for distribution in Latin America on 1 April 1998.
- OWL Aktuell, the local television news program of WDR for the region
Ostwestfalen-Lippe, contained a live interview with Peter Ladkin
on safety of commercial aviation on Monday, 30 March 1998.
- Fliegen muß noch sicherer werden,
by Jens Flottau in the Süddeutsche Zeitung, Nr. 47,
26 February 1998, p35 (first page of Umwelt, Technik, Wissenschaft 
section) is based on an interview with Peter Ladkin concerning WBA and 
various accidents.
- Neue Technik macht Luftverkehr sicherer: Bielefelder Experte untersucht
Flugzeugabstürze,
by Carsten Heil in the Neue Westfälische Zeitung, Nr. 83,
10 April 1997, p3, contains an interview with Peter Ladkin on
safety of computers in aircraft.
- Luchtvaart op het Internet by Daan Vlaskamp, in 
the Dutch magazine
Piloot & Vliegtuig, March 1997, p36, contains a brief but
complimentary review of the Compendium RVS-Comp-01.
- 
A radio program on modern technology and aviation safety
by Stan Correy, of ABC Radio National (Australian
Broadcasting Company), broadcast on 8 December 1996,
contained an interview with Peter Ladkin.
- Computer-Aided Disaster, by Robert Wilson in 
The Australian, October 12 1996, p11 contains
a detailed interview with Peter Ladkin on computer-related
aviation incidents.
- Chaos is king when the chips are down, by Julie
Rowbotham, Sydney Morning Herald, also in 
The Age (Melbourne), 20 August 1996, page D12
cites the compendium
Computer-Related Incidents with 
Commercial Aircraft, above.
  
  
-  what's happening, a column in the ACM publication
Interactions, a magazine for HCI professionals,
July-August 1996, p13. This column discussed the 
article The Cali and 
Puerto Plata B757 Crashes from RISKS-18.10, above.
Back to Contents
Diploma theses (Diplomarbeiten) have a designation RVS-Dip-yy-nn in which yy is
the year and nn the series number.
Doctoral theses (Doktorarbeiten) have a similar designation RVS-Dok-yy-nn.
  - Abschätzung der vorhandenen
    Haus-Elektroinstallation am Beispiel einer Kleinstadt
 [  PDF 11 M ]
 Master Thesis by Christoph Goeker, RVS Group, January 2014
 
- Unfallursachenanalyse The Galloping Ghost, 2011, Reno, Nevada
 [  PDF  3.4 M ]
 Bachelor Thesis by Rico Magnucki, RVS Group, September 2013
- Systemanforderungsanalyse von Bahnbetriebsverfahren mit Hilfe
    der Ontological Hazard Analysis am Beispiel des Zugleitbetriebs nach FV-NE"
 [ PDF 821 k ]
 Doctoral Dissertation (in German), RVS Group TechFak and CITEC, Uni Bielefeld, April 2010
 
- A Sustainable System Development Method with Applications
 [  PDF 12 M ]
 Doctoral Dissertation by I Made Wiryana, RVS Group, Uni Bielefeld, June 2009
- Integration einer kollaborativen Arbeitsumgebung 
    in die Kommunikationsplattform Worksphere
 [ PDF 4.5M ]
 Heiko Holtkamp, RVS-Dip-06-03, April 2006
 
- Entwicklung einer Systemarchitektur fü
    forensische Analysen
 Andreas Vangerow, RVS-Dip-06-02, März 2006
 
- Entwicklung einer unterstützenden Softwarelösung 
    zur Erfassung und Bearbeitung von List of Facts unter Berücksichtigung kausaler Faktoren
 Jan Paller, RVS-Dip-06-01, Januar 2006
 
- Iterative Decomposition of a Communication-Bus 
    System using Ontological Analysis
 [ Abstract | PDF 
    1.88M | PDF 1.43M, gzipped 
    ]
 Jörn Stuphorn, RVS-Dip-05-03, July 2005.
- Analyse der Bluetooth-Sicherheit
 Marcel Holtmann, RVS-Dip-05-02, Juni 2005
 
-  Formal Task Analysis of Graphical System Engineering 
    Software Use
 [ Abstract | PDF 
    4.89M ]
 Thilo Paul-Stüve, RVS-Dip-05-01, 10 March 2005.
-  Ein Framework fü agentbasierte QoS-Messungen 
    in einer Peer-to-Peer Infrastruktur
 Christoph Marzetz, RVS-Dip-04-02, 1 November 2004.
-  Visualisation Concepts and Improved Software Tools 
    for Causal System Analysis
 [ Abstract | PDF 
    2.94M ]
 Bernd Sieker, RVS-Dip-04-01, 27 February 2004
-  Spezifikation und Implementation eines sicheren 
    Lernerfolgskontrollmoduls für CSCL-Werkzeuge
 [ Abstract | PDF 
    807K ]
 Andre Döring, RVS-Dip-03-03, 15 October 2003.
-  Theoretical Approaches to Systems
 [ PS 455K | PS 
    188K, gzipped ]
 Jan Sanders, RVS-Dip-03-02, 1 October 2003.
-  Konzeption eines verteilten Datenarchivierungssystem
 [ Abstract | PDF 
    6.43M | PDF 
    902K, gzipped | PS 
    12.55M | PS 
    784K, gzipped ]
 Jan E. Hennig, RVS-Dip-03-01, 5 September 2003.
-  Design und Entwicklung einer vorlesungsbegleitenden 
    Übungsplattform
 Martin Ellermann, RVS-Dip-02-01, 2 September 2002.
-  Lastermittlung und deren Vorhersage für nicht 
    lokale Web Server
 Michael Blume, RVS-Dip-00-03, 16 November 2000.
-  Sichere geschäftsbedingte funknetzübermittelte 
    Kommunikation zwischen PDA und SAP-R/3-Systemen
 Andreas Berndt, RVS-Dip-00-02, 26 September 2000.
-  Dependability-Analyse TCP/IP basierender Informationssysteme
 Mark Niemann, RVS-Dip-00-01, 1 September 2000.
-  Safely Sliding Windows: Into the Depths of Formal 
    System Verification
 Dirk Henkel, RVS-Dip-99-01, 12 April 1999.
-  Komplexitätsbetrachtung einer Softwareumstellung 
    an Beispielen von SAP R/2
 [ Abstract | HTML 
    intro page ]
 Olaf Kerger, RVS-Dip-98-05, 9 October 1998.
-  Vergleichende Analyse von elektronischen Geldtransfer-Systemen
 [ Abstract | PS 
    260K, gzipped ]
 Andreas Kaiser, RVS-Dip-98-04, 5 August 1998.
-  Towards "Why...Because"-Analysis of Failures
 [ Abstract | DVI 
    134K, gzipped | PS 503K, gzipped ]
 Karsten Loer, RVS-Dip-98-02, 20 February, revised 5 July 1998
-  Practical Static Methods for Exact Deadlock Prediction 
    in Message Passing Concurrent Processes
 [ Abstract | PS 
    175K, gzipped ]
 Christina Claudia Wuzik, RVS-Dip-98-03, 9 February 1998
-  Formale Beschreibung von DATR
 [ Abstract | PS 
    275K, gzipped ]
 Thorsten Gerdsmeier, RVS-Dip-98-01, 5 January 1998
-  Spezifikation eines 20 l-Perfusionsbioreaktor in 
    TLA+
 [ Abstract | DVI 
    80K, gzipped | PS 219K, gzipped ]
 Lutz Sommerfeld, RVS-Dip-97-01
Back to Contents