Ein verallgemeinerter Prozess zur Verifikation und Validerung von Modellen und Simulationsergebnissen

With technologies increasing rapidly, symbolic, quantitative modeling and computer-based simulation (M&S) have become affordable and easy-to-apply tools in numerous application areas as, e.g., supply chain management, pilot training, car safety improvement, design of industrial buildings, or theater-level war gaming. M&S help to reduce the resources required for many types of projects, accelerate the development of technical systems, and enable the control and management of systems of high complexity. However, as the impact of M&S on the real world grows, the danger of adverse effects of erroneous or unsuitable models or simu-lation results also increases. These effects may range from the delayed delivery of an item ordered by mail to hundreds of avoidable casualties caused by the simulation-based acquisi-tion (SBA) of a malfunctioning communication system for rescue teams. In order to benefit from advancing M&S, countermeasures against M&S disadvantages and drawbacks must be taken. Verification and Validation (V&V) of models and simulation results are intended to ensure that only correct and suitable models and simulation results are used. However, during the development of any technical system including models for simulation, numerous errors may occur. The later they are detected, and the further they have propagated through the model development process, the more resources they require to correct thus, their propaga-tion should be avoided. If the errors remain undetected, and major decisions are based on in-correct or unsuitable models or simulation results, no benefit is gained from M&S, but a dis-advantage. This thesis proposes a structured and rigorous approach to support the verification and valida-tion of models and simulation results by a) the identification of the most significant of the current deficiencies of model develop-ment (design and implementation) and use, including the need for more meaningful model documentation and the lack of quality assurance (QA) as an integral part of the model development process; b) giving an overview of current quality assurance measures in M&S and in related areas. The transferability of concepts like the capability maturity model for software (SW-CMM) and the ISO9000 standard is discussed, and potentials and limits of documents such as the VV&A Recommended Practices Guide of the US Defense Modeling and Simulation Office are identified; c) analysis of quality assurance measures and so called V&V techniques for similarities and differences, to amplify their strengths and to reduce their weaknesses. d) identification and discussion of influences that drive the required rigor and intensity of V&V measures (risk involved in using models and simulation results) on the one hand, and that limit the maximum reliability of V&V activities (knowledge about both the real system and the model) on the other. This finally leads to the specification of a generalized V&V process - the V&V Triangle. It illustrates the dependencies between numerous V&V objectives, which are derived from spe-cific potential errors that occur during model development, and provides guidance for achiev-ing these objectives by the association of V&V techniques, required input, and evidence made available. The V&V Triangle is applied to an M&S sample project, and the lessons learned from evaluating the results lead to the formulation of future research objectives in M&S V&V

Adding Executable Context to Executable Architectures: Enabling an Executable Context Simulation Framework (ECSF)

A system that does not stand alone is represented by a complex entity of component combinations that interact with each other to execute a function. In today\u27s interconnected world, systems integrate with other systems - called a system-of-systems infrastructure: a network of interrelated systems that can often exhibit both predictable and unpredictable behavior. The current state-of-the-art evaluation process of these system-of-systems and their community of practitioners in the academic community are limited to static methods focused on defining who is doing what and where. However, to answer the questions of why and how a system operates within complex systems-of-systems interrelationships, a system\u27s architecture and context must be observed over time, its executable architecture, to discern effective predictable and unpredictable behavior. The objective of this research is to determine a method for evaluating a system\u27s executable architecture and assess the contribution and efficiency of the specified system before it is built. This research led to the development of concrete steps that synthesize the observance of the executable architecture, assessment recommendations provided by the North Atlantic Treaty Organization (NATO) Code of Best Practice for Command and Control (C2) Assessment, and the metrics for operational efficiency provided by the Military Missions and Means Framework. Based on the research herein, this synthesis is designed to evaluate and assess system-of-systems architectures in their operational context to provide quantitative results

Hybrid Multiresolution Simulation & Model Checking: Network-On-Chip Systems

abstract: Designers employ a variety of modeling theories and methodologies to create functional models of discrete network systems. These dynamical models are evaluated using verification and validation techniques throughout incremental design stages. Models created for these systems should directly represent their growing complexity with respect to composition and heterogeneity. Similar to software engineering practices, incremental model design is required for complex system design. As a result, models at early increments are significantly simpler relative to real systems. While experimenting (verification or validation) on models at early increments are computationally less demanding, the results of these experiments are less trustworthy and less rewarding. At any increment of design, a set of tools and technique are required for controlling the complexity of models and experimentation. A complex system such as Network-on-Chip (NoC) may benefit from incremental design stages. Current design methods for NoC rely on multiple models developed using various modeling frameworks. It is useful to develop frameworks that can formalize the relationships among these models. Fine-grain models are derived using their coarse-grain counterparts. Moreover, validation and verification capability at various design stages enabled through disciplined model conversion is very beneficial. In this research, Multiresolution Modeling (MRM) is used for system level design of NoC. MRM aids in creating a family of models at different levels of scale and complexity with well-formed relationships. In addition, a variant of the Discrete Event System Specification (DEVS) formalism is proposed which supports model checking. Hierarchical models of Network-on-Chip components may be created at different resolutions while each model can be validated using discrete-event simulation and verified via state exploration. System property expressions are defined in the DEVS language and developed as Transducers which can be applied seamlessly for model checking and simulation purposes. Multiresolution Modeling with verification and validation capabilities of this framework complement one another. MRM manages the scale and complexity of models which in turn can reduces V&V time and effort and conversely the V&V helps ensure correctness of models at multiple resolutions. This framework is realized through extending the DEVS-Suite simulator and its applicability demonstrated for exemplar NoC models.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Toward composing variable structure models and their interfaces: a case of intensional coupling definitions

In this thesis, we investigate a combination of traditional component-based and variable structure modeling. The focus is on a structural consistent specification of couplings in modular, hierarchical models with a variable structure. For this, we exploitintensional definitions, as known from logic, and introduce a novel intensional coupling definition, which allows a concise yet expressive specification of complex communication and interaction patterns in static as well as variable structure models, without the need to worryabout structural consistency.In der Arbeit untersuchen wir ein Zusammenbringen von klassischer komponenten-basierter und variabler Strukturmodellierung. Der Fokus liegt dabei auf der Spezifikation von strukturkonsistenten Kopplungen in modular-hierarchischen Modellen mit einer variablen Struktur. Dafür nutzen wir intensionale Definitionen, wie sie aus der Logik bekannt sind, und führen ein neuartiges Konzept von intensionalen Kopplungen ein, welches kompakte gleichzeitig ausdrucksstarke Spezifikationen von komplexen Kommunikations- und Interaktionsmuster in statischen und variablen Strukturmodellen erlaubt

WS-CDL Based Specification for Web Services Collaboration Testing

Service Oriented Computing(SOC) is becoming a major paradigm for developing next generation of software systems, and one of the major challenges of Service Oriented Computing is testing interactions and collaborations among the distributed and dynamically integrated web services. To support automated test of web service‟s collaborations, a formal specification is needed. This thesis proposes a specification of web services collaborations based on Web Services Choreography Description Language (WS-CDL). We identify the basic constructs that can be found in any web services collaboration, and we mapped them to the new WS-CDL based language (WS-CDL+). Finally, A scenario of web services collaboration is developed and specification in WS-CDL+ is provided. This work builds a foundation for automated web services testing in a service oriented computing environment

Understanding the Elements of Executable Architectures Through a Multi-Dimensional Analysis Framework

The objective of this dissertation study is to conduct a holistic investigation into the elements of executable architectures. Current research in the field of Executable Architectures has provided valuable solution-specific demonstrations and has also shown the value derived from such an endeavor. However, a common theory underlying their applications has been missing. This dissertation develops and explores a method for holistically developing an Executable Architecture Specification (EAS), i.e., a meta-model containing both semantic and syntactic information, using a conceptual framework for guiding data coding, analysis, and validation. Utilization of this method resulted in the description of the elements of executable architecture in terms of a set of nine information interrogatives: an executable architecture information ontology. Once the detail-rich EAS was constructed with this ontology, it became possible to define the potential elements of executable architecture through an intermediate level meta-model. The intermediate level meta-model was further refined into an interrogative level meta-model using only the nine information interrogatives, at a very high level of abstraction

Remote software upload techniques in future vehicles and their performance analysis

Updating software in vehicle Electronic Control Units (ECUs) will become a mandatory requirement for a variety of reasons, for examples, to update/fix functionality of an existing system, add new functionality, remove software bugs and to cope up with ITS infrastructure. Software modules of advanced vehicles can be updated using Remote Software Upload (RSU) technique. The RSU employs infrastructure-based wireless communication technique where the software supplier sends the software to the targeted vehicle via a roadside Base Station (BS). However, security is critically important in RSU to avoid any disasters due to malfunctions of the vehicle or to protect the proprietary algorithms from hackers, competitors or people with malicious intent. In this thesis, a mechanism of secure software upload in advanced vehicles is presented which employs mutual authentication of the software provider and the vehicle using a pre-shared authentication key before sending the software. The software packets are sent encrypted with a secret key along with the Message Digest (MD). In order to increase the security level, it is proposed the vehicle to receive more than one copy of the software along with the MD in each copy. The vehicle will install the new software only when it receives more than one identical copies of the software. In order to validate the proposition, analytical expressions of average number of packet transmissions for successful software update is determined. Different cases are investigated depending on the vehicle\u27s buffer size and verification methods. The analytical and simulation results show that it is sufficient to send two copies of the software to the vehicle to thwart any security attack while uploading the software. The above mentioned unicast method for RSU is suitable when software needs to be uploaded to a single vehicle. Since multicasting is the most efficient method of group communication, updating software in an ECU of a large number of vehicles could benefit from it. However, like the unicast RSU, the security requirements of multicast communication, i.e., authenticity, confidentiality and integrity of the software transmitted and access control of the group members is challenging. In this thesis, an infrastructure-based mobile multicasting for RSU in vehicle ECUs is proposed where an ECU receives the software from a remote software distribution center using the road side BSs as gateways. The Vehicular Software Distribution Network (VSDN) is divided into small regions administered by a Regional Group Manager (RGM). Two multicast Group Key Management (GKM) techniques are proposed based on the degree of trust on the BSs named Fully-trusted (FT) and Semi-trusted (ST) systems. Analytical models are developed to find the multicast session establishment latency and handover latency for these two protocols. The average latency to perform mutual authentication of the software vendor and a vehicle, and to send the multicast session key by the software provider during multicast session initialization, and the handoff latency during multicast session is calculated. Analytical and simulation results show that the link establishment latency per vehicle of our proposed schemes is in the range of few seconds and the ST system requires few ms higher time than the FT system. The handoff latency is also in the range of few seconds and in some cases ST system requires less handoff time than the FT system. Thus, it is possible to build an efficient GKM protocol without putting too much trust on the BSs

The Abertay Code Bar – unlocking access to university-generated computer games intellectual poperty

Progress report on a digital platform and dual licensing model developed to unlock access to a University repository of new and legacy computer games based Intellectual Property (IP) assets for educational and commercial use. The digital creative industries have been identified by a number of governments as a priority area in delivering sustainable economic growth. Code Bar is an innovation that allows digital products to be commercially successful beyond the end of the Dare competition or coursework submission. To be selected for Code Bar, game products must be well designed for both player and market; technically robust (i.e. operating consistently and reliably on a single/multiple platforms), and be free from ambiguity around 3rd party IP. We describe various technical, pedagogic and legal challenges in developing the digital platform, licensing model and packaging of computer games products for release through the platform. The model is extendable beyond computer games to other software products