Early aspects: aspect-oriented requirements engineering and architecture design

This paper reports on the third Early Aspects: Aspect-Oriented Requirements Engineering and Architecture Design Workshop, which has been held in Lancaster, UK, on March 21, 2004. The workshop included a presentation session and working sessions in which the particular topics on early aspects were discussed. The primary goal of the workshop was to focus on challenges to defining methodical software development processes for aspects from early on in the software life cycle and explore the potential of proposed methods and techniques to scale up to industrial applications

A model-driven engineering process for autonomic sensor-actuator networks

Cyber-Physical Systems (CPS) are the next generation of embedded ICT systems designed to be aware of the physical environment by using sensor-actuator networks to provide users with a wide range of smart applications and services. Many of these smart applications are possible due to the incorporation of autonomic control loops that implement advanced processing and analysis of historical and real-time data measured by sensors; plan actions according to a set of goals or policies; and execute plans through actuators. The complexity of this kind of systems requires mechanisms that can assist the system?s design and development. This paper presents a solution for assisting the design and development of CPS based on Model-Driven Development: MindCPS (doMaIN moDel for CPS) solution. MindCPS solution is based on a model that provides modelling primitives for explicitly specifying the autonomic behaviour of CPS and model transformations for automatically generating part of the CPS code. In addition to the automatic code generation, the MindCPS solution offers the possibility of rapidly configuring and developing the core behaviour of a CPS, even for nonsoftware engineers. The MindCPS solution has been put into practice to deploy a smart metering system in a demonstrator located at the Technical University of Madrid

A domain-specific language based approach to component composition, error-detection, and fault prediction

Current methods of software production are resource-intensive and often require a number of highly skilled professionals. To develop a well-designed and effectively implemented system requires a large investment of resources, often numbering into millions of pounds. The time required may also prove to be prohibitive. However, many parts of the new systems being currently developed already exist, either in the form of whole or parts of existing systems. It is therefore attractive to reuseexisting code when developing new software, in order to reduce the time andresources required. This thesis proposes the application of a domain-specific language (DSL) to automatic component composition, testing and fault-prediction. The DSL ISinherently based on a domain-model which should aid users of the system m knowing how the system is structured and what responsibilities the system fulfils. The DSL structure proposed in this thesis uses a type system and grammar hence enabling the early detection of syntactically incorrect system usage. Each DSL construct's behaviour can also be defined in a testing DSL, described here as DSL-test. This can take the form of input and output parameters, which should suffice for specifying stateless components, or may necessitate the use of a special method call, described here as a White-Box Test (WBT), which allows the external observer to view the abstract state of a component. Each DSL-construct can be mapped to its implementing components i.e. the component, or amalgamation of components, that implement(s) the behaviour as prescribed by the DSL-construct. User-requirements are described using the DS Land appropriate implementing components (if sufficient exist) are automatically located and integrated. That is to say, given a requirement described in terms of the DSL and sufficient components, the architecture (which was named Hydra) will be able to generate an executable which should behave as desired. The DSL-construct behaviour description language (DSL-test) is designed in such a way that it can be translated into a computer programming language, and so code can be inserted between the system automatically to verify that the implementing component is acting in a way consistent with the model of its expected behaviour. Upon detection of an error, the system examines available data (i.e. where the error occurred, what sort of error was it, and what was the structure of the executable), to attempt to predict the location of the fault and, where possible, make remedialaction. A number of case studies have been investigated and it was found that, if applied to the appropriate problem domain, the approach proposed in this thesis shows promise in terms of full automation and integration of black-box or grey-box software. However, further work is required before it can be claimed that this approach should be used in real scale systems

Formal verification of automotive embedded UML designs

Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches

A Model-Driven Approach for the Design, Implementation, and Execution of Software Development Methods

[EN] Software development projects are diverse in nature. For this reason, software companies are often forced to define their methods in-house. In order to define methods efficiently and effectively, software companies require systematic solutions that are built upon sound methodical foundations. Providing these solutions is the main goal of the Method Engineering discipline. Method Engineering is the discipline to design, construct, and adapt methods, techniques, and tools for the development of information systems. Over the last two decades, a lot of research work has been performed in this area. However, despite its potential benefits, Method Engineering is not widely used in industrial settings. Some of the causes of this reality are the high theoretical complexity of Method Engineering and the lack of adequate software support. In this thesis, we aim to mitigate some of the problems that affect Method Engineering by providing a novel methodological approach that is built upon Model-Driven Engineering (MDE) foundations. The use of MDE enables a rise in abstraction, automation, and reuse that allows us to alleviate the complexity of our Method Engineering approach. Furthermore, by leveraging MDE techniques (such as metamodeling, model transformations, and models at runtime), our approach supports three phases of the Method Engineering lifecycle: design, implementation, and execution. This is unlike traditional Method Engineering approaches, which, in general, only support one of these phases. In order to provide software support for our proposal, we developed a Computer-Aided Method Engineering (CAME) environment that is called MOSKitt4ME. To ensure that MOSKitt4ME offered the necessary functionality, we identified a set of functional requirements prior to developing the tool. Then, after these requirements were identified, we defined the architecture of our CAME environment, and, finally, we implemented the architecture in the context of Eclipse. The thesis work was evaluated by means of a study that involved the participation of end users. In this study, MOSKitt4ME was assessed by means of the Technology Acceptance Model (TAM) and the Think Aloud method. While the TAM allowed us to measure usefulness and ease of use in a subjective manner, the Think Aloud method allowed us to analyze these measures objectively. Overall, the results were favorable. MOSKitt4ME was highly rated in perceived usefulness and ease of use; we also obtained positive results with respect to the users' actual performance and the difficulty experienced.[ES] Los proyectos de desarrollo de software son diversos por naturaleza. Por este motivo, las compañías de software se ven forzadas frecuentemente a definir sus métodos de manera interna. Para poder definir métodos de forma efectiva y eficiente, las compañías necesitan soluciones sistemáticas que estén definidas sobre unos fundamentos metodológicos sólidos. Proporcionar estas soluciones es el principal objetivo de la Ingeniería de Métodos. La Ingeniería de Métodos es la disciplina que aborda el diseño, la construcción y la adaptación de métodos, técnicas y herramientas para el desarrollo de sistemas de información. Durante las dos últimas décadas, se ha llevado a cabo mucho trabajo de investigación en esta área. Sin embargo, pese a sus potenciales beneficios, la Ingeniería de Métodos no se aplica ampliamente en contextos industriales. Algunas de las principales causas de esta situación son la alta complejidad teórica de la Ingeniería de Métodos y la falta de un apropiado soporte software. En esta tesis, pretendemos mitigar algunos de los problemas que afectan a la Ingeniería de Métodos proporcionando una propuesta metodológica innovadora que está basada en la Ingeniería Dirigida por Modelos (MDE). El uso de MDE permite elevar el nivel de abstracción, automatización y reuso, lo que posibilita una reducción de la complejidad de nuestra propuesta. Además, aprovechando técnicas de MDE (como por ejemplo el metamodelado, las transformaciones de modelos y los modelos en tiempo de ejecución), nuestra aproximación da soporte a tres fases del ciclo de vida de la Ingeniería de Métodos: diseño, implementación y ejecución. Esto es a diferencia de las propuestas existentes, las cuales, por lo general, sólo dan soporte a una de estas fases. Con el objetivo de proporcionar soporte software para nuestra propuesta, implementamos una herramienta CAME (Computer-Aided Method Engineering) llamada MOSKitt4ME. Para garantizar que MOSKitt4ME proporcionaba la funcionalidad necesaria, definimos un conjunto de requisitos funcionales como paso previo al desarrollo de la herramienta. Tras la definción de estos requisitos, definimos la arquitectura de la herramienta CAME y, finalmente, implementamos la arquitectura en el contexto de Eclipse. El trabajo desarrollado en esta tesis se evaluó por medio de un estudio donde participaron usuarios finales. En este estudio, MOSKitt4ME se evaluó por medio del Technology Acceptance Model (TAM) y del método Think Aloud. Mientras que el TAM permitió medir utilidad y facilidad de uso de forma subjetiva, el método Think Aloud permitió analizar estas medidas objetivamente. En general, los resultados obtenidos fueron favorables. MOSKitt4ME fue valorado de forma positiva en cuanto a utilidad y facilidad de uso percibida; además, obtuvimos resultados positivos en cuanto al rendimiento objetivo de los usuarios y la dificultad experimentada.[CA] Els projectes de desenvolupament de programari són diversos per naturalesa. Per aquest motiu, les companyies es veuen forçades freqüenment a definir els seus mètodes de manera interna. Per poder definir mètodes de forma efectiva i eficient, les companyies necessiten solucions sistemàtiques que estiguin definides sobre uns fundaments metodològics sòlids. Proporcionar aquestes solucions és el principal objectiu de l'Enginyeria de Mètodes. L'Enginyeria de Mètodes és la disciplina que aborda el diseny, la construcció i l'adaptació de mètodes, tècniques i eines per al desenvolupament de sistemes d'informació. Durant les dues últimes dècades, s'ha dut a terme molt de treball de recerca en aquesta àrea. No obstant, malgrat els seus potencials beneficis, l'Enginyeria de Mètodes no s'aplica àmpliament en contextes industrials. Algunes de les principals causes d'aquesta situació són l'alta complexitat teòrica de l'Enginyeria de Mètodes i la falta d'un apropiat suport de programari. En aquesta tesi, pretenem mitigar alguns dels problemes que afecten a l'Enginyeria de Mètodes proporcionant una proposta metodològica innovadora que està basada en l'Enginyeria Dirigida per Models (MDE). L'ús de MDE ens permet elevar el nivell d'abstracció, automatització i reutilització, possibilitant una reducció de la complexitat de la nostra proposta. A més a més, aprofitant tècniques de MDE (com per exemple el metamodelat, les transformacions de models i els models en temps d'execució), la nostra aproximació suporta tres fases del cicle de vida de l'Enginyeria de Mètodes: diseny, implementació i execució. Açò és a diferència de les propostes existents, les quals, en general, només suporten una d'aquestes fases. Amb l'objectiu de proporcionar suport de programari per a la nostra proposta, implementàrem una eina CAME (Computer-Aided Method Engineering) anomenada MOSKitt4ME. Per garantir que MOSKitt4ME oferia la funcionalitat necessària, definírem un conjunt de requisits funcionals com a pas previ al desenvolupament de l'eina. Després de la definició d'aquests requisits, definírem la arquitectura de l'eina CAME i, finalment, implementàrem l'arquitectura en el contexte d'Eclipse. El treball desenvolupat en aquesta tesi es va avaluar per mitjà d'un estudi on van participar usuaris finals. En aquest estudi, MOSKitt4ME es va avaluar per mitjà del Technology Acceptance Model (TAM) i el mètode Think Aloud. Mentre que el TAM va permetre mesurar utilitat i facilitat d'ús de manera subjectiva, el mètode Think Aloud va permetre analitzar aquestes mesures objectivament. En general, els resultats obtinguts van ser favorables. MOSKitt4ME va ser valorat de forma positiva pel que fa a utilitat i facilitat d'ús percebuda; a més a més, vam obtenir resultats positius pel que fa al rendiment objectiu dels usuaris i a la dificultat experimentada.Cervera Úbeda, M. (2015). A Model-Driven Approach for the Design, Implementation, and Execution of Software Development Methods [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/53931TESI

Industrialising Software Development in Systems Integration

Compared to other disciplines, software engineering as of today is still dependent on craftsmanship of highly-skilled workers. However, with constantly increasing complexity and efforts, existing software engineering approaches appear more and more inefficient. A paradigm shift towards industrial production methods seems inevitable. Recent advances in academia and practice have lead to the availability of industrial key principles in software development as well. Specialization is represented in software product lines, standardization and systematic reuse are available with component-based development, and automation has become accessible through model-driven engineering. While each of the above is well researched in theory, only few cases of successful implementation in the industry are known. This becomes even more evident in specialized areas of software engineering such as systems integration. Today’s IT systems need to quickly adapt to new business requirements due to mergers and acquisitions and cooperations between enterprises. This certainly leads to integration efforts, i.e. joining different subsystems into a cohesive whole in order to provide new functionality. In such an environment. the application of industrial methods for software development seems even more important. Unfortunately, software development in this field is a highly complex and heterogeneous undertaking, as IT environments differ from customer to customer. In such settings, existing industrialization concepts would never break even due to one-time projects and thus insufficient economies of scale and scope. This present thesis, therefore, describes a novel approach for a more efficient implementation of prior key principles while considering the characteristics of software development for systems integration. After identifying the characteristics of the field and their affects on currently-known industrialization concepts, an organizational model for industrialized systems integration has thus been developed. It takes software product lines and adapts them in a way feasible for a systems integrator active in several business domains. The result is a three-tiered model consolidating recurring activities and reducing the efforts for individual product lines. For the implementation of component-based development, the present thesis assesses current component approaches and applies an integration metamodel to the most suitable one. This ensures a common understanding of systems integration across different product lines and thus alleviates component reuse, even across product line boundaries. The approach is furthermore aligned with the organizational model to depict in which way component-based development may be applied in industrialized systems integration. Automating software development in systems integration with model-driven engineering was found to be insufficient in its current state. The reason herefore lies in insufficient tool chains and a lack of modelling standards. As an alternative, an XML-based configuration of products within a software product line has been developed. It models a product line and its products with the help of a domain-specific language and utilizes stylesheet transformations to generate compliable artefacts. The approach has been tested for its feasibility within an exemplarily implementation following a real-world scenario. As not all aspects of industrialized systems integration could be simulated in a laboratory environment, the concept was furthermore validated during several expert interviews with industry representatives. Here, it was also possible to assess cultural and economic aspects. The thesis concludes with a detailed summary of the contributions to the field and suggests further areas of research in the context of industrialized systems integration

Anpassen verteilter eingebetteter Anwendungen im laufenden Betrieb

The availability of third-party apps is among the key success factors for software ecosystems: The users benefit from more features and innovation speed, while third-party solution vendors can leverage the platform to create successful offerings. However, this requires a certain decoupling of engineering activities of the different parties not achieved for distributed control systems, yet. While late and dynamic integration of third-party components would be required, resulting control systems must provide high reliability regarding real-time requirements, which leads to integration complexity. Closing this gap would particularly contribute to the vision of software-defined manufacturing, where an ecosystem of modern IT-based control system components could lead to faster innovations due to their higher abstraction and availability of various frameworks. Therefore, this thesis addresses the research question: How we can use modern IT technologies and enable independent evolution and easy third-party integration of software components in distributed control systems, where deterministic end-to-end reactivity is required, and especially, how can we apply distributed changes to such systems consistently and reactively during operation? This thesis describes the challenges and related approaches in detail and points out that existing approaches do not fully address our research question. To tackle this gap, a formal specification of a runtime platform concept is presented in conjunction with a model-based engineering approach. The engineering approach decouples the engineering steps of component definition, integration, and deployment. The runtime platform supports this approach by isolating the components, while still offering predictable end-to-end real-time behavior. Independent evolution of software components is supported through a concept for synchronous reconfiguration during full operation, i.e., dynamic orchestration of components. Time-critical state transfer is supported, too, and can lead to bounded quality degradation, at most. The reconfiguration planning is supported by analysis concepts, including simulation of a formally specified system and reconfiguration, and analyzing potential quality degradation with the evolving dataflow graph (EDFG) method. A platform-specific realization of the concepts, the real-time container architecture, is described as a reference implementation. The model and the prototype are evaluated regarding their feasibility and applicability of the concepts by two case studies. The first case study is a minimalistic distributed control system used in different setups with different component variants and reconfiguration plans to compare the model and the prototype and to gather runtime statistics. The second case study is a smart factory showcase system with more challenging application components and interface technologies. The conclusion is that the concepts are feasible and applicable, even though the concepts and the prototype still need to be worked on in future -- for example, to reach shorter cycle times.Eine große Auswahl von Drittanbieter-Lösungen ist einer der Schlüsselfaktoren für Software Ecosystems: Nutzer profitieren vom breiten Angebot und schnellen Innovationen, während Drittanbieter über die Plattform erfolgreiche Lösungen anbieten können. Das jedoch setzt eine gewisse Entkopplung von Entwicklungsschritten der Beteiligten voraus, welche für verteilte Steuerungssysteme noch nicht erreicht wurde. Während Drittanbieter-Komponenten möglichst spät -- sogar Laufzeit -- integriert werden müssten, müssen Steuerungssysteme jedoch eine hohe Zuverlässigkeit gegenüber Echtzeitanforderungen aufweisen, was zu Integrationskomplexität führt. Dies zu lösen würde insbesondere zur Vision von Software-definierter Produktion beitragen, da ein Ecosystem für moderne IT-basierte Steuerungskomponenten wegen deren höherem Abstraktionsgrad und der Vielzahl verfügbarer Frameworks zu schnellerer Innovation führen würde. Daher behandelt diese Dissertation folgende Forschungsfrage: Wie können wir moderne IT-Technologien verwenden und unabhängige Entwicklung und einfache Integration von Software-Komponenten in verteilten Steuerungssystemen ermöglichen, wo Ende-zu-Ende-Echtzeitverhalten gefordert ist, und wie können wir insbesondere verteilte Änderungen an solchen Systemen konsistent und im Vollbetrieb vornehmen? Diese Dissertation beschreibt Herausforderungen und verwandte Ansätze im Detail und zeigt auf, dass existierende Ansätze diese Frage nicht vollständig behandeln. Um diese Lücke zu schließen, beschreiben wir eine formale Spezifikation einer Laufzeit-Plattform und einen zugehörigen Modell-basierten Engineering-Ansatz. Dieser Ansatz entkoppelt die Design-Schritte der Entwicklung, Integration und des Deployments von Komponenten. Die Laufzeit-Plattform unterstützt den Ansatz durch Isolation von Komponenten und zugleich Zeit-deterministischem Ende-zu-Ende-Verhalten. Unabhängige Entwicklung und Integration werden durch Konzepte für synchrone Rekonfiguration im Vollbetrieb unterstützt, also durch dynamische Orchestrierung. Dies beinhaltet auch Zeit-kritische Zustands-Transfers mit höchstens begrenzter Qualitätsminderung, wenn überhaupt. Rekonfigurationsplanung wird durch Analysekonzepte unterstützt, einschließlich der Simulation formal spezifizierter Systeme und Rekonfigurationen und der Analyse der etwaigen Qualitätsminderung mit dem Evolving Dataflow Graph (EDFG). Die Real-Time Container Architecture wird als Referenzimplementierung und Evaluationsplattform beschrieben. Zwei Fallstudien untersuchen Machbarkeit und Nützlichkeit der Konzepte. Die erste verwendet verschiedene Varianten und Rekonfigurationen eines minimalistischen verteilten Steuerungssystems, um Modell und Prototyp zu vergleichen sowie Laufzeitstatistiken zu erheben. Die zweite Fallstudie ist ein Smart-Factory-Demonstrator, welcher herausforderndere Applikationskomponenten und Schnittstellentechnologien verwendet. Die Konzepte sind den Studien nach machbar und nützlich, auch wenn sowohl die Konzepte als auch der Prototyp noch weitere Arbeit benötigen -- zum Beispiel, um kürzere Zyklen zu erreichen

An interoperability framework for security policy languages

A thesis submitted to the University of Bedfordshire in partial fulfilment of the requirements for the degree of Doctor of PhilosophySecurity policies are widely used across the IT industry in order to secure environments. Firewalls, routers, enterprise application or even operating systems like Windows and Unix are all using security policies to some extent in order to secure certain components. In order to automate enforcement of security policies, security policy languages have been introduced. Security policy languages that are classified as computer software, like many other programming languages have been revolutionised during the last decade. A number of security policy languages have been introduced in the industry in order to tackle a specific business requirements. Not to mention each of these security policy languages themselves evolved and enhanced during the last few years. Having said that, a quick research on security policy languages shows that the industry suffers from the lack of a framework for security policy languages. Such a framework would facilitate the management of security policies from an abstract point. In order to achieve that specific goal, the framework utilises an abstract security policy language that is independent of existing security policy languages yet capable of expressing policies written in those languages. Usage of interoperability framework for security policy languages as described above comes with major benefits that are categorised into two levels: short and long-term benefits. In short-term, industry and in particular multi-dimensional organisations that make use of multiple domains for different purposes would lower their security related costs by managing their security policies that are stretched across their environment and often managed locally. In the long term, usage of abstract security policy language that is independent of any existing security policy languages, gradually paves the way for standardising security policy languages. A goal that seems unreachable at this moment of time. Taking the above facts into account, the aim of this research is to introduce and develop a novel framework for security policy languages. Using such a framework would allow multi-dimensional organisations to use an abstract policy language to orchestrate all security policies from a single point, which could then be propagated across their environment. In addition, using such a framework would help security administrators to learn and use only one single, common abstract language to describe and model their environment(s)