D. Akerlund, P. Bieber, E. Böde, C. Bougnol, M. Bozzano et al., ESACS : an integrated methodology for design and safety analysis of complex systems, ESREL, 2003.

O. Akerlund, P. Bieber, E. Boede, M. Bozzano, M. Bretschneider et al., ISAAC, a framework for integrated safety analysis of functionale, geometrical and human aspects, ERTS, 2006.

]. J. Abr96, The B Book -Assigning Programs to Meanings, 1996.

]. A. Agpr99a, A. Arnold, G. Griffault, A. Point, and . Rauzy, The AltaRica formalism for describing concurrent systems, Fundamenta Informaticae, 1999.

]. A. Agpr99b, A. Arnold, G. Griffault, A. Point, and . Rauzy, Manuel méthodologique, 1999.

M. [. Arnold and . Nivat, Comportements de processus, Coloque AFCET "Les Mathématiques de l'Informatique, pp.35-68, 1982.

]. A. Arn92 and . Arnold, Systèmes de transitions finis et sémantique des processus communiquants, 1992.

M. Bozzano, A. Cavallo, M. Cifaldi, L. Valacca, and A. Villafiorita, Improving Safety Assessment of Complex Systems: An Industrial Case Study, FM, 2003.
DOI : 10.1007/978-3-540-45236-2_13

C. [. Bieber, C. Castel, C. Kehren, and . Seguin, Analyse des exigences de sûreté d'un système électrique par model-checking, Lambda Mu 14, 2004.

M. Boiteau, Y. Dutuit, A. Rauzy, and J. P. Signoret, The altarica data-flow language in use : Assessment of production availability of a multistates system, Reliability Engineering and System Safety, pp.747-755, 2006.

J. [. Van-benthem, V. Van-eijck, and . Stebletsova, Modal Logic, Transition Systems and Processes, Journal of Logic and Computation, vol.4, issue.5, pp.811-855, 1994.
DOI : 10.1093/logcom/4.5.811

J. Y. Brunel, A. Ferrari, E. Fourgeau, and P. Giusto, How aerospace and transportation design challenges can be addressed from simulation-based virtual prototyping for distributed safety critical automotive applications, 2004.

]. M. Bou90 and . Bouissou, Figaro : un outil de modélisation en fiabilité. In Revue "Faits marquants, 1990.

M. [. Banach and . Poppleton, Retrenchment: An engineering variation on refinement, B'98 : Proceedings of the Second Internation B Conference on Recent Advances in the Development and Use of the B Method, pp.129-147, 1998.
DOI : 10.1007/BFb0053358

C. [. Bouissou and . Seguin, Comparaison des langages de modélisation altarica et figaro, Procs. of Lambda-Mu 15, 2006.

A. [. Bozzano and . Villafiorita, Improving System Reliability via Model Checking: The FSAP/NuSMV-SA Safety Analysis Platform, Procs. of the 22nd International Conference on Computer Safety, Reliability and Security, 2003.
DOI : 10.1007/978-3-540-39878-3_5

V. [. Cauffriez, D. Benard, and . Renaux, A New Formalism for Designing and Specifying RAMS Parameters for Complex Distributed Control Systems: The Safe-SADT Formalism, IEEE Transations on Reliability, pp.397-410, 2006.
DOI : 10.1109/TR.2006.879604

URL : https://hal.archives-ouvertes.fr/hal-00289488

E. [. Clarke, A. Emerson, and . Sistla, Automatic verification of finite-state concurrent systems using temporal logic specifications, ACM Transactions on Programming Languages and Systems, vol.8, issue.2, pp.244-263, 1986.
DOI : 10.1145/5397.5399

O. E. Clarke, S. Grumberg, Y. Jha, H. Lu, and . Veith, Counterexample-guided abstraction refinement for symbolic model checking, Journal of the ACM, vol.50, issue.5, pp.752-794, 2003.
DOI : 10.1145/876638.876643

O. [. Clarke and D. A. Grumberg, Peled. Model Checking, 2000.

]. P. Cru89 and . Crubillé, Réalisation de l'outil Mec, spécification fonctionnelle et architecture, 1989.

]. J. Da04a, O. Deneux, and . Akerlund, A common framework for design and safety analyses using formal methods, ESREL, 2004.

]. J. Da04b, O. Deneux, and . Akerlund, Designing safe, reliable systems using scade, ISOLA, 2004.

C. Dejiu, R. Johansson, H. Lönn, Y. Papadopoulos, A. Sandberg et al., Modelling support for design of safety-critical automotive embedded systems Dutuit and A. Rauzy. Exact and truncated computations of prime implicants of coherent and non-coherent fault trees within aralia, Procs. of the 27th International Conference on Computer Safety, Reliability and Security Reliability Engineering and System Safety, pp.127-144, 1997.

[. Easa, CS-25 Certification Specifications for Airworthiness of Large Aeroplanes, Amendment 5, European Aviation Safety Agency, 2008.

S. [. Elmqvist and . Nadjm-tehrani, Formal Support for Quantitative Analysis of Residual Risks in Safety-Critical Systems, 2008 11th IEEE High Assurance Systems Engineering Symposium, pp.154-164, 2008.
DOI : 10.1109/HASE.2008.59

J. Elmqvist, S. Nadjm-tehrani, and M. Minea, Safety Interfaces for Component-Based Systems, 24 th International Conference on Computer Safety, Reliability and Secu- rity(SAFECOMP'05), 2005.
DOI : 10.1007/11563228_19

]. C. Eri99 and . Ericson, Fault tree analysis -a history, 17 th International System Safety Conference, 1999.

[. Faa, FAR Part 25 -Airworthiness Standards : Transport Category Airplanes, Amendment 16, Federal Aviation Agency, issue.1, 2003.

P. Fenelon, J. A. Mcdermid, M. Nicholson, and D. J. Pumfrey, Towards integrated safety analysis and design, ACM SIGAPP Applied Computing Review, vol.2, issue.1, 1994.
DOI : 10.1145/381766.381770

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.127.3666

A. [. Feiler and . Rugina, Dependability modeling with the architecture analysis and design language(aadl), Software Enginering Institute, 2007.

M. [. Gervais, R. Frappier, and . Laleau, Vous avez dit raffinement ?, 2005.
URL : https://hal.archives-ouvertes.fr/hal-01125045

H. Garavel and H. Hermanns, On Combining Functional Verification and Performance Evaluation Using CADP, Proceedings of the 11th International Symposium of Formal Methods Europe FME'2002, 2002.
DOI : 10.1007/3-540-45614-7_23

URL : https://hal.archives-ouvertes.fr/inria-00072096

]. A. Glp-+-98, S. Griffault, G. Lajeunesse, A. Point, J. Rauzy et al., The AltaRica language, European Safety and Reliability International Conference, p.98, 1998.

]. A. Glp-+-99, S. Griffault, G. Lajeunesse, A. Point, J. Rauzy et al., Le langage AltaRica, Actes du 11 ème congrès ?µ. Hermès, 1999.

A. [. Griffault and . Vincent, Vérification de modèles AltaRica, MAJESTIC, 2003.

A. [. Griffault and . Vincent, The Mec??5 Model-Checker, Computer Aided Verification, CAV, 2004.
DOI : 10.1007/978-3-540-27813-9_43

URL : https://hal.archives-ouvertes.fr/hal-00351697

R. J. Van-glabbeek and W. Peter-weijland, Branching time and abstraction in bisimulation semantics, Journal of the ACM, vol.43, issue.3, pp.555-600, 1996.
DOI : 10.1145/233551.233556

E. Holberg, M. Böde, I. Bretschneider, T. Brückner, H. Peikenkamp et al., Modelbased safety analysis of a flap control system, INCOSE, 2004.

]. S. Hum08 and . Humbert, Déclinaison d'exigences de sécurité du système vers le logiciel, assistée par des modèles formels, 2008.

M. [. Joshi and . Heimdal, Model-Based Safety Analysis of Simulink Models Using SCADE Design Verifier, SAFECOMP, 2005.
DOI : 10.1007/11563228_10

M. [. Joshi, M. P. Whalen, and . Heimdal, Model-based safety analysis final report, 2005.

]. C. Keh05 and . Kehren, Motifs formels d'architecture de systèmes pour la sûreté de fonctionnement, 2005.

]. D. Koz83 and . Kozen, Results on the propositional µ-calculus, Theoretical Computer Science, vol.27, pp.333-354, 1983.

A. [. Larsen and . Skou, Bisimulation through probabilistic testing, Information and Computation, vol.94, issue.1, pp.1-28, 1991.
DOI : 10.1016/0890-5401(91)90030-6

URL : http://doi.org/10.1016/0890-5401(91)90030-6

M. Mckelvin, G. Eirea, C. Pinello, S. Kanajan, and A. Sangiovanni-vincentelli, A formal approach to fault tree synthesis for the analysis of distributed fault tolerant systems, Proceedings of the 5th ACM international conference on Embedded software , EMSOFT '05, pp.237-246, 2005.
DOI : 10.1145/1086228.1086272

]. R. Mil80 and . Milner, Calculus of communicating systems, LNCS 92, pp.167-183, 1980.

C. [. Mciver and . Morgan, Abstraction and refinement in probabilistic systems, ACM SIGMETRICS Performance Evaluation Review, vol.32, issue.4, pp.41-47, 2005.
DOI : 10.1145/1059816.1059824

]. C. Pag04 and . Pagetti, Extension temps réel d'AltaRica, 2004.

]. D. Par81 and . Park, Concurrency and automata on infinite sequences, Proceedings of the 5 th GI- Conference on Theoretical Computer Science, pp.167-183, 1981.

M. [. Papadopoulos and . Maruhn, Model-based synthesis of fault trees from Matlab-Simulink models, Proceedings International Conference on Dependable Systems and Networks, 2001.
DOI : 10.1109/DSN.2001.941393

J. [. Papadopoulos, R. Mcdermid, G. Sasse, and . Heiner, Analysis and synthesis of the behaviour of complex programmable electronic systems in conditions of failure, Reliability Engineering & System Safety, vol.71, issue.3, pp.229-247, 2001.
DOI : 10.1016/S0951-8320(00)00076-4

]. G. Poi00 and . Point, AltaRica : Contribution á l'unification des méthodes formelles et de la Sûreté de fonctionnement, 2000.

]. G. Pr99a, A. Point, and . Rauzy, AltaRica -Constraint automata as a description language, European Journal on Automation, vol.33, 1999.

A. D. Bibliographie-[-pr99b, ]. G. Point, and A. Rauzy, AltaRica -Langage de modélisation par automates à contraintes, Actes du Congrés Modélisation des Systèmes Réactifs, MSR'99, 1999.

[. Queille and J. Sifakis, Fairness and related properties in transition systems ? a temporal logic to deal with fairness, Acta Informatica, vol.19, issue.3, pp.195-220, 1983.
DOI : 10.1007/BF00265555

]. A. Rau93 and . Rauzy, New algorithms for fault trees analysis, Reliability Engineering and System Safety, vol.40, pp.203-211, 1993.

]. A. Rau01 and . Rauzy, Mathematical foundation of minimal cutsets language, IEEE Transactions on Reliability, vol.50, issue.4, pp.389-396, 2001.

]. A. Rau02 and . Rauzy, Modes automata and their compilation into fault trees, Reliability Engineering and System Safety, vol.78, pp.1-12, 2002.

R. C. Raksch, D. Van-maanen, F. Rehage, U. B. Thielecke, and . Carl, Performance degradation analysis of fault-tolerant aircraft systems, DGLR/CEAS Congress, 2007.

]. Sae96a and . Sae, ARP 4761 Guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment, SAE, 1996.

]. Sae96b and . Sae, ARP 4754 Certification Considerations for Highly-Integrated or Complex Aircraft Systems . SAE Systems Intergration Requirements Task Group, 1996.

]. L. Sag08 and . Sagaspe, Allocation sûre dans les systèmes aéronautiques : Modélisation, Vérification et Génération, 2008.

D. [. Soueidan, M. Sherman, and . Nikolski, BioRica : a multi model description and simulation system, Proceedings of Foundations of Systems Biology in Engineering (FOSBE). F Allgöwer and M Reuss, 2007.
URL : https://hal.archives-ouvertes.fr/hal-00306550

S. [. Sheeran, G. Singh, and . Stalmarck, Checking Safety Properties Using Induction and a SAT-Solver, FMCAD '00 : Proceedings of the Third International Conference on Formal Methods in Computer-Aided Design, pp.108-125, 2000.
DOI : 10.1007/3-540-40922-X_8

]. P. Tho02 and . Thomas, Contribution à l'approche booléenne de la sûreté de fonctionnement : l'atelier logiciel Aralia Workshop, 2002.

[. Troubitsyna, Refining for safety, 1999.

]. A. Vil88 and . Villemeur, Sûreté de fonctionnement des systèmes industriels. Collection de la Direction des Études et Recherches d, 1988.

]. A. Vin03 and . Vincent, Conception et réalisation d'un vérificateur de modèles AltaRica, 2003.

]. S. Yam03 and . Yamane, Formal probabilistic refinement verification of embedded real-time systems, Proceedings of the IEEE Workshop on Software Technologies for Future Embedded Systems (WSTFES'03), 2003.