Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems

We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment aimed at fostering the collaboration between system designers and security experts at all methodological stages of the development of an embedded system. A central issue in the design of an embedded system is the definition of the hardware/software partitioning of the architecture of the system, which should take place as early as possible. SysML-Sec aims to extend the relevance of this analysis through the integration of security requirements and threats. In particular, we propose an agile methodology whose aim is to assess early on the impact of the security requirements and of the security mechanisms designed to satisfy them over the safety of the system. Security concerns are captured in a component-centric manner through existing SysML diagrams with only minimal extensions. After the requirements captured are derived into security and cryptographic mechanisms, security properties can be formally verified over this design. To perform the latter, model transformation techniques are implemented in the SysML-Sec toolchain in order to derive a ProVerif specification from the SysML models. An automotive firmware flashing procedure serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

The Vortex of Continuous Development of Embedded Systems: An Inquiry into Agility Orchestration

Agile methodologies have become a popular and widely accepted method for managing software development. Since the inception of the Agile Manifesto over ten years ago, agile development techniques have superseded waterfall methods in many, if not most, software development organizations. Despite its apparent success, many companies have struggled with the adoption and implementation of agile, and exactly what level of adoption provides optimum agility. Agility is commonly held in the literature to be constructed of elements external to a company or project but may in fact be composed of both external and internal elements. The exact relationship of the adoption of agile development techniques and their relationship to the actual agility of a business remain unclear. A primary contributor to this uncertainty is the somewhat amorphous definition of agile itself. In academic literature, the concept is still relatively young and loosely defined. In practice, organizations have largely opted for a hybrid approach to agile, mixing its concepts and methods with existing Stage Gate or waterfall methodologies. This has made the management of agile even more complex. Crucially, there is no definition or criterion available to determine the appropriate mix of agile and waterfall processes in an embedded software development context nor is there a method to determine the impact of one against the other. These issues beg the question: how do organizations manage agility? This interpretive case study provides an empirical account of how stakeholders manage both market and process agility in an embedded systems context via a hybrid agility implementation and product genesis. As a result, we provide the notion of agile vorticity, as the point at which market and process agility collide to produce business momentum at a specific point of innovation within the agile business vortex

Efficient Embedded System Development: A Workbench for an Integrated Methodology

International audienceThe scientific foundations of embedded system development associate two disciplines that have largely grown on their own: computer science and electrical engineering. This superposition of two domains with little common ground raises a number of industrial issues in team work organisation, sound progress tracking, and cooperation between these different skills and cultures. In this paper we introduce HOE², an integrated MDE method for embedded system development that is organised around a set of limited yet powerful artefacts. We describe how HOE² can address the issues faced during development of mixed HW/SW systems and present the first version of a tool dedicated to its instrumentation

Embedded device farm proof-of-concept:enabler for test execution on target hardware as a part of continuous delivery pipeline

Abstract. Agile software development has produced a completely new way of working into the field of software development. The new focus is to continuously integrate, deliver, and deploy each software change. The term continuous practices is used to refer to these practices. Comprehensive testing plays a major role in so called continuous delivery pipeline. The goal of this thesis is to implement an embedded device farm, a system which is used to effortlessly connect embedded hardware targets as part of continuous delivery pipeline. Hardware is playing a big role in embedded software development and testing. On the other hand, it is seen as a major challenge in implementing continuous practices for embedded software project. Embedded device farm is used to interact with target hardware targets by both automation systems and individual developers in unified manner. Six platforms are evaluated for the purpose and a system called Linaro Automation and Validation Architecture (LAVA) is integrated as part of existing CI/CD service. In addition, this thesis describes the continuous practices in general introducing the benefits as well as the challenges related to implementing them. A closer look is taken into adopting the practices into embedded systems domain. Embedded systems software development differs from traditional or web software development. Embedded systems’ domain specific characteristics and challenges related to continuous practices are presented.Sulautetun laitefarmin konseptitoteutus : mahdollistaja testien suorittamiselle kohdelaitteistossa osana jatkuvan toimituksen ketjua. Tiivistelmä. Ketterä kehitys on tuonut ohjelmistokehityksen alalle täysin uudet toimintatavat, joiden keskipisteessä on ohjelmiston muutosten jatkuva integrointi, jatkuva toimitus ja jatkuva muutosten käyttöönotto. Näistä uusista menetelmistä käytetään kollektiivisesti nimitystä jatkuvat menetelmät. Kattavalla testaamisella on tärkeä rooli niin sanotussa jatkuvan toimituksen ketjussa. Tämän työn tavoitteena on toteuttaa sulautettu laitefarmi, jolla sulautettua tietokonelaitteistoa voidaan vaivattomasti yhdistää osaksi jatkuvan toimituksen ketjua. Tietokonelaitteistolla on tärkeä rooli sulautettujen järjestelmien ohjelmistokehityksessä ja -testauksessa, mutta toisaalta laitteisto nähdään suurena haasteena toteutettaessa jatkuvia menetelmiä sulautetussa ohjelmistoprojektissa. Sulautetun laitefarmin kautta sekä automaatiojärjestelmät että yksittäiset ohjelmistokehittäjät voivat käyttää sulautettuja laitteistoja yhtenäistetyllä tavalla. Työssä arvioidaan kuuden eri järjestelmän soveltuvuutta käyttötarkoitukseen, ja järjestelmä nimeltään Linaro Automation and Validation Architecture (LAVA) integroidaan osaksi olemassa olevaa CI/CD palvelua. Lisäksi tässä työssä esitellään jatkuvat menetelmät yleisesti, niiden toteuttamiseen liittyvät haasteet ja niillä saavutettavat hyödyt. Työssä paneudutaan tarkemmin menetelmien toteuttamiseen sulautettujen järjestelmien alalla. Sulautettujen järjestelmien ohjelmistot eroavat perinteisistä ja web-ohjelmistoista, joten jatkuvia menetelmiä ja niihin liittyviä haasteita tarkastellaan myös sulautettujen järjestelmien näkökulmasta

Development Process for Multi-Disciplinary Embedded Control Systems

This report contains the progress report for the qualification exam for Industrial PhD student Sune Wolff. Initial work on describing a development process for multi-disciplinary systems using collaborative modelling and co-simulation is described

The Sync-Up Process to Improve the Multiple Stakeholder Communication of Requirements Analysis in Embedded Medical Software Development

The development of embedded medical software is different from ordinary software development as it needs to be coordinated with the hardware development. A typical embedded system project involves multiple stakeholders such as the business unit, software developers, hardware engineers and firmware developers. Agile methods have been successfully adopted in generic software engineering, and more recently in embedded medical software development. In this research, a systematic review has been performed to identify the challenges of embedded medical and safety-critical software development domains. From the challenges identified, this research focuses on the challenge of multiple stakeholder communication in embedded medical software development. Additionally, agile practices which have been successfully adopted in the embedded safety-critical domains have been investigated. This thesis describes the development and evaluation of a process (Sync-Up) to improve multiple stakeholder communication for embedded medical software development during requirement analysis. Through this research, the following contribution to knowledge has been made in the area of embedded medical domain. The development of the Sync-Up process to assist multiple stakeholder communication of embedded medical software development. The Sync-Up process is evaluated through both expert review by leading experts, and a case study conducted in an embedded company. Findings from the evaluations undertaken show a positive outcome during the requirement analysis phase of the Sync-Up process

Using Executable VDM++ Models in an Industrial Application - Self-defense System for Fighter Aircraft

When developing complex software systems, one of the most significant challenges is to make sure that the customer and developer agree on the requirements of the system. By using executable models early in the development process, a higher degree of confidence can be gained in the system design and misunderstandings or ambiguous functional requirements can be avoided. This paper presents an industrial case of a communication protocol between two parts of a selfdefense system used on-board fighter aircraft. An executable model of both systems were created using the Vienna Development Method (VDM), and exercised using many scenarios to cover different corner cases. This was done as an alternative to analysing all the scenarios by hand, which would be much more time consuming and far more error prone. The results of the scenario based tests were used to communicate with the customer and ensure that agreement of the requirements was reached