A Formal Component-Based Software Engineering Approach For Developing Trustworty Systems

Software systems are increasingly becoming ubiquitous, affecting the way we experience the world. Embedded software systems, especially those used in smart devices, have become an essential constituent of the technological infrastructure of modern societies. Such systems, in order to be trusted in society, must be proved to be trustworthy. Trustworthiness is a composite non-functional property that implies safety, timeliness, security, availability, and reliability. This thesis is a contribution to a rigorous development of systems in which trustworthiness property can be specified and formally verified. Developing trustworthy software systems that are complex and used by a large heterogeneous population of users is a challenging task. The component-based software engineering (CBSE) paradigm can provide an effective solution to address these challenges. However, none of the current component-based approaches can be used as is, because all of them lack the essential requirements for constructing trustworthy systems. The three contributions made in this thesis are intended to add to the expressive power needed to raise CBSE practices to a rigorous level for constructing formally verifiable trustworthy systems. The first contribution of the thesis is a formal definition of the trustworthy component model. The trustworthiness quality attributes are introduced as first class structural elements. The behavior of a component is automatically generated as an extended timed automata. A model checking technique is used to verify the properties of trustworthiness. A composition theory that preserves the properties of trustworthiness in a composition is presented. Conventional software engineering development processes are not suitable either for developing component-based systems or for developing trustworthy systems. In order to develop a component-based trustworthy system, the development process must be reuseoriented,component-oriented, and must integrate formal languages and rigorous methods in all phases of system life-cycle. The second contribution of the thesis is a software engineering process model that consists of several parallel tracks of activities including component development, component assessment, component reuse, and component-based system development. The central concern in all activities of this process is ensuring trustworthiness. The third and final contribution of the thesis is a development framework with a comprehensive set of tools supporting the spectrum of formal development activity from modeling to deployment. The proposed approach has been applied to several case studies in the domains of component-based development and safety-critical systems. The experience from the case studies confirms that the approach is suitable for developing large and complex trustworthy systems

A formal component-based software engineering approach for developing trustworthy systems

Software systems are increasingly becoming ubiquitous, affecting the way we experience the world. Embedded software systems, especially those used in smart devices, have become an essential constituent of the technological infrastructure of modem societies. Such systems, in order to be trusted in society, must be proved to be trustworthy. Trustworthiness is a composite non-functional property that implies safety, timeliness, security, availability, and reliability. This thesis is a contribution to a rigorous development of systems in which trustworthiness property can be specified and formally verified. Developing trustworthy software systems that are complex and used by a large heterogenous population of users is a challenging task. The component-based software engineering (CBSE) paradigm can provide an effective solution to address these challenges. However, none of the current component-based approaches can be used as is, because all of them lack the essential requirements for constructing trustworthy systems. The three contributions made in this thesis are intended to add to the expressive power needed to raise CBSE practices to a rigorous level for constructing formally verifiable trustworthy systems. The first contribution of the thesis is a formal definition of the trustworthy component model. The trustworthiness quality attributes are introduced as first class structural elements. The behavior of a component is automatically generated as an extended timed automata. A model checking technique is used to verify the properties of trustworthiness. A composition theory that preserves the properties of trustworthiness in a composition is presented. Conventional software engineering development processes are not suitable either for developing component-based systems or for developing trustworthy systems. In order to develop a component-based trustworthy system, the development process must be reuse-oriented, component-oriented, and must integrate formal languages and rigorous methods in all phases of system life-cycle. The second contribution of the thesis is a software engineering process model that consists of several parallel tracks of activities including component development, component assessment, component reuse, and component-based system development. The central concern in all activities of this process is ensuring trustworthiness. The third and final contribution of the thesis is a development framework with a comprehensive set of tools supporting the spectrum of formal development activity from modeling to deployment. The proposed approach has been applied to several case studies in the domains of component-based development and safety-critical systems. The experience from the case studies confirms that the approach is suitable for developing large and complex trustworthy systems

Animation and formal verification of real-time reactive systems in an object-oriented environment

Real-time reactive systems are characterized by their continuous interaction with their environment through stimulus-response behavior. The safety-critical nature of their domain and their inherent complexity advocate the use of formal methods in the software development process. TROMLAB development environment supports a process model adequate for dealing with the complexity of reactive systems. The foundation of the TROMLAB environment is the Timed Reactive Object Model (TROM), which combines object-oriented and real-time technologies. Simulation is essential in the behavioral analysis of real-time reactive systems; animation allows a visualization of the simulation process. A rigorous trace analysis of simulation scenarios provides insight into the behavior of the collaborating entities in the configuration. This supports validation of systems designed incrementally and iteratively in the software development life-cycle. Moreover, safety-critical systems need to be verified for adherence to stringent safety and liveness properties. The scope of this thesis is two-fold. We first present an animation tool supporting simulation of reactive systems described in the TROM formalism. We include formal specifications of the functionalities of the simulator in VDM specification language. We then introduce a methodology for formal verification of TROM subsystems. The novelty of the methodology lies in the formal verification approach embedded within an object-oriented framework. The simulator and the verification methodology conform respectively to the operational and logical semantics of TROMs

High Profile Systems Illustrating Contradistinctive Aspects of Systems Engineering

AbstractMany modern systems have a high degree of dependence on embedded software in order to perform their required functions. Some examples include transportation systems, hand-held devices, and medical equipment, among others. In designing their products, systems engineers typically take a top-down, process-oriented approach, decomposing a complex system into simpler, easier to manage, subsystems; the system requirements can then be allocated and flowed down as necessary to the appropriate subsystems. Software engineers take a more bottom-up, object-oriented approach, using simple building blocks to create a more complex system, and enhancing their existing blocks with new ones where necessary.In many cases, both techniques must be employed together in order to design a successful system. Although it may have been acceptable in the past for simpler systems to view software as a separate subsystem with a fixed set of requirements, greater complexity of modern systems requires a corresponding improvement in working methodology. With the software playing an increasingly pivotal role, systems engineers must become much more familiar with the architecture of the software than previously; Likewise, software engineers need a systems-level view to understand which aspects of the design could be volatile due to new stakeholders (bringing with them new requirements), technology upgrades, and the changing world in general.Systems whose success or failure play out in the public arena provide a rare opportunity to study the factors that contribute to their outcome. Using two such systems, the Denver International Airport baggage handling system and the Apple iPad, this paper will study some best practices that can lead to project success or failure, and show the importance of a rigorous capture and flow down to both hardware and software of the requirements that must be correct from the start, as well as of designing an architecture that can accommodate the inevitable changes to a system.Designing extensible systems with a tolerance for future changes is a key factor in modern complex systems. The baggage handling system failed in part because of a failure to appreciate the central role of software and an apparent lack of a suitable strategy for handling requirement changes. Methods for creating software which is resilient to change have been well studied; however what may be somewhat lacking even to the present day is a broader education of the existing body of knowledge, and how to integrate it with systems engineering methods.The iPad succeeded where many of its predecessors had failed by a successful application of traditional systems engineering techniques and correctly implementing the hardware elements. Coming from companies with experience in software development, the system extensibility was not an issue in this case. However, the designers of the earlier systems seemingly failed to understand the actual market needs, failed to develop a corresponding set of requirements to meet those needs, and failed to translate those requirements into an integrated hardware/software solution

A Platform-Based Software Design Methodology for Embedded Control Systems: An Agile Toolkit

A discrete control system, with stringent hardware constraints, is effectively an embedded real-time system and hence requires a rigorous methodology to develop the software involved. The development methodology proposed in this paper adapts agile principles and patterns to support the building of embedded control systems, focusing on the issues relating to a system's constraints and safety. Strong unit testing, to ensure correctness, including the satisfaction of timing constraints, is the foundation of the proposed methodology. A platform-based design approach is used to balance costs and time-to-market in relation to performance and functionality constraints. It is concluded that the proposed methodology significantly reduces design time and costs, as well as leading to better software modularity and reliability

On properties of modeling control software for embedded control applications with CSP/CT framework

This PROGRESS project (TES.5224) traces a design framework for implementing embedded real-time software for control applications by exploiting its natural concurrency. The paper illustrates the stage of yielded automation in the process of structuring complex control software architectures, modeling controlled mechatronic systems and designing corresponding control laws, simulating them, generating control code out of simulated control strategy and implementing the software system on a (embedded) computer. The gap between the development of control strategies and the procedures of implementing them on chosen hardware targets is going to be overcome