Applying Deadlock Risk Assessment in Architectural Models of Real-Time Systems

Software Architectural Assessment is a key discipline to identify at early stages of a real-time system (RTS) synthesis the problems that may become critical in its operation. Typical mechanisms supporting concurrency, such as semaphores or monitors, usually lead to concurrency problems in execution time difficult to identify, reproduce and solve. For this reason it is crucial to understand the root causes of these problems and to provide support to identify and mitigate them at early stages of the system lifecycle. This paper aims to present the results of a research work oriented to the creation of a tool to assess deadlock risk in architectural models of a RTS. A concrete architectural style (PPOOA-UML) was used to represent PIM (Platform Independent Models) of a RTS architecture supported by the PPOOA-Visio CASE tool. A case study was used to validate the deadlock assessment tool created. In the context of one of the functions of a military transport aircraft, the auto-tuning function of the communications system was selected for the assessment of the deadlock risk. According to the results obtained some guidelines are outlined to minimize the deadlock risk of the system architecture

Application of Deadlock Risk Evaluation of Architectural Models

Software architectural evaluation is a key discipline used to identify, at early stages of a real-time system (RTS) development, the problems that may arise during its operation. Typical mechanisms supporting concurrency, such as semaphores, mutexes or monitors, usually lead to concurrency problems in execution time that are difficult to be identified, reproduced and solved. For this reason, it is crucial to understand the root causes of these problems and to provide support to identify and mitigate them at early stages of the system lifecycle. This paper aims to present the results of a research work oriented to the development of the tool called ‘Deadlock Risk Evaluation of Architectural Models’ (DREAM) to assess deadlock risk in architectural models of an RTS. A particular architectural style, Pipelines of Processes in Object-Oriented Architectures–UML (PPOOA) was used to represent platform-independent models of an RTS architecture supported by the PPOOA –Visio tool. We validated the technique presented here by using several case studies related to RTS development and comparing our results with those from other deadlock detection approaches, supported by different tools. Here we present two of these case studies, one related to avionics and the other to planetary exploration robotics. Copyright © 2011 John Wiley & Sons, Ltd

Evaluating Software Architectures: Development Stability and Evolution

We survey seminal work on software architecture evaluationmethods. We then look at an emerging class of methodsthat explicates evaluating software architectures forstability and evolution. We define architectural stabilityand formulate the problem of evaluating software architecturesfor stability and evolution. We draw the attention onthe use of Architectures Description Languages (ADLs) forsupporting the evaluation of software architectures in generaland for architectural stability in specific

An Ontological Representation of the Characteristic Problems of Real-Time Systems

International audienceSoftware Architectural Assessment is becoming a key discipline to identify at early stages of a system synthesis the most important problems that may become relevant in operation. This matter is especially critical for those systems with real-time constraints. Special emphasis shall be made on concurrency issues. Typical RTOS mechanisms supporting concurrency, such as semaphores or monitors, usually lead to execution time penalties hard to identify, reproduce and solve. For this reason it is crucial to understand the root causes of these problems and to provide support to identify and mitigate them at early stages of the system lifecycle. The main objective of this paper is to propose a new classification of the most important problems related to real-time software systems and to provide mechanisms and guidelines to help engineers improve their architectural designs. The taxonomy has been applied to a particular architectural style (UML-PPOOA) and it is used as a reference to create a new assessment module on the PPOOA- Visio CASE tool [15] to support concurrency problems detection

Adding Executable Context to Executable Architectures: Enabling an Executable Context Simulation Framework (ECSF)

A system that does not stand alone is represented by a complex entity of component combinations that interact with each other to execute a function. In today\u27s interconnected world, systems integrate with other systems - called a system-of-systems infrastructure: a network of interrelated systems that can often exhibit both predictable and unpredictable behavior. The current state-of-the-art evaluation process of these system-of-systems and their community of practitioners in the academic community are limited to static methods focused on defining who is doing what and where. However, to answer the questions of why and how a system operates within complex systems-of-systems interrelationships, a system\u27s architecture and context must be observed over time, its executable architecture, to discern effective predictable and unpredictable behavior. The objective of this research is to determine a method for evaluating a system\u27s executable architecture and assess the contribution and efficiency of the specified system before it is built. This research led to the development of concrete steps that synthesize the observance of the executable architecture, assessment recommendations provided by the North Atlantic Treaty Organization (NATO) Code of Best Practice for Command and Control (C2) Assessment, and the metrics for operational efficiency provided by the Military Missions and Means Framework. Based on the research herein, this synthesis is designed to evaluate and assess system-of-systems architectures in their operational context to provide quantitative results

Formal verification of automotive embedded UML designs

Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches

Revision of Security Risk-oriented Patterns for Distributed Systems

Turvariskide haldamine on oluline osa tarkvara arendusest. Arvestades, et enamik tänapäeva ettevõtetest sõltuvad suuresti infosüsteemidest, on turvalisusel oluline roll sujuvalt toimivate äriprotsesside tagamisel. Paljud inimesed kasutavad e-teenuseid, mida pakuvad näiteks pangad ja haigekassa. Ebapiisavatel turvameetmetel infosüsteemides võivad olla soovimatud tagajärjed nii ettevõtte mainele kui ka inimeste eludele.\n\rTarkvara turvalisusega tuleb tavaliselt tegeleda kogu tarkvara arendusperioodi ja tarkvara eluea jooksul. Uuringute andmetel tegeletakse tarkvara turvaküsimustega alles tarkvara arenduse ja hooldus etappidel. Kuna turvariskide vähendamine kaasneb tavaliselt muudatustena informatsioonisüsteemi spetsifikatsioonis, on turvaanalüüsi mõistlikum teha tarkvara väljatöötamise algusjärgus. See võimaldab varakult välistada ebasobivad lahendused. Lisaks aitab see vältida hilisemaid kulukaid muudatusi tarkvara arhitektuuris.\n\rKäesolevas töös käsitleme turvalise tarkvara arendamise probleemi, pakkudes lahendusena välja turvariskidele orienteeritud mustreid. Need mustrid aitavad leida turvariske äriprotsessides ja pakuvad välja turvariske vähendavaid lahendusi. Turvamustrid pakuvad analüütikutele vahendit turvanõuete koostamiseks äriprotsessidele. Samuti vähendavad nad riskianalüüsiks vajalikku töömahtu. Oma töös joondame me turvariskidele orienteeritud mustrid vastu hajussüsteemide turvaohtude mustreid. See võimaldab meil täiustada olemasolevaid turvariski mustreid ja võtta kasutusele täiendavaid mustreid turvariskide vähendamiseks hajussüsteemides.\n\rTurvariskidele orienteeritud mustrite kasutatavust on kontrollitud lennunduse äriprotsessides. Tulemused näitavad, et turvariskidele orienteeritud mustreid saab kasutada turvariskide vähendamiseks hajussüsteemides.Security risk management is an important part of software development. Given that majority of modern organizations rely heavily on information systems, security plays a big part in ensuring smooth operation of business processes. Many people rely on e-services offered by banks and medical establishments. Inadequate security measures in information systems could have unwanted effects on an organization’s reputation and on people’s lives. Security concerns usually need to be addressed throughout the development and lifetime of a software system. Literature reports however, that security is often considered during implementation and maintenance stages of software development. Since security risk mitigation usually results with changes to an IS’s specification, security analysis is best done at an early phase of the development process. This allows an early exclusion of inadequate system designs. Additionally, it helps prevent the need for fundamental and expensive design changes later in the development process. In this thesis, we target the secure system development problem by suggesting application of security risk-oriented patterns. These patterns help find security risk occurrences in business processes and present mitigations for these risks. They provide business analysts with means to elicit and introduce security requirements to business processes. At the same time, they reduce the efforts needed for risk analysis. We confront the security risk-oriented patterns against threat patterns for distributed systems. This allows us to refine the collection of existing patterns and introduce additional patterns to mitigate security risks in processes of distributed systems. The applicability of these security risk-oriented patterns is validated on business processes from aviation turnaround system. The validation results show that the security risk-oriented patterns can be used to mitigate security risks in distributed systems