160 research outputs found
Integrating model checking with HiP-HOPS in model-based safety analysis
The ability to perform an effective and robust safety analysis on the design of modern safetyâcritical systems is crucial. Model-based safety analysis (MBSA) has been introduced in recent years to support the assessment of complex system design by focusing on the system model as the central artefact, and by automating the synthesis and analysis of failure-extended models. Model checking and failure logic synthesis and analysis (FLSA) are two prominent MBSA paradigms. Extensive research has placed emphasis on the development of these techniques, but discussion on their integration remains limited. In this paper, we propose a technique in which model checking and Hierarchically Performed Hazard Origin and Propagation Studies (HiP-HOPS) â an advanced FLSA technique â can be applied synergistically with benefit for the MBSA process. The application of the technique is illustrated through an example of a brake-by-wire system
System Qualities Ontology, Tradespace and Affordability (SQOTA) Project â Phase 4
This task was proposed and established as a result of a pair of 2012 workshops sponsored by the DoD Engineered Resilient Systems technology priority area and by the SERC. The workshops focused on how best to strengthen DoDâs capabilities in dealing with its systemsâ non-functional requirements, often also called system qualities, properties, levels of service, and âilities. The term âilities was often used during the workshops, and became the title of the resulting SERC research task: âilities Tradespace and Affordability Project (iTAP).â As the project progressed, the term âilitiesâ often became a source of confusion, as in âDo your results include considerations of safety, security, resilience, etc., which donât have âilityâ in their names?â Also, as our ontology, methods, processes, and tools became of interest across the DoD and across international and standards communities, we found that the term âSystem Qualitiesâ was most often used. As a result, we are changing the name of the project to âSystem Qualities Ontology, Tradespace, and Affordability (SQOTA).â Some of this yearâs university reports still refer to the project as âiTAP.âThis material is based upon work supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant of Defense for Research and Engineering (ASD(R&E)) under Contract HQ0034-13-D-0004.This material is based upon work supported, in whole or in part, by the U.S. Department of Defense through the Office of the Assistant of Defense for Research and Engineering (ASD(R&E)) under Contract HQ0034-13-D-0004
Adaptive model-driven user interface development systems
Adaptive user interfaces (UIs) were introduced to address some of the usability problems that plague many software applications. Model-driven engineering formed the basis for most of the systems targeting the development of such UIs. An overview of these systems is presented and a set of criteria is established to evaluate the strengths and shortcomings of the state-of-the-art, which is categorized under architectures, techniques, and tools. A summary of the evaluation is presented in tables that visually illustrate the fulfillment of each criterion by each system. The evaluation identified several gaps in the existing art and highlighted the areas of promising improvement
Process Productivity Improvements through Semantic and Linked Data Technologies
Programa de Doctorado en Ciencia y TecnologĂa InformĂĄtica por la Universidad Carlos III de MadridPresidente: JosĂ© MarĂa Ălvarez RodrĂguez.- Secretario: Rafael Valencia GarcĂa.- Vocal: Alejandro RodrĂguez GonzĂĄle
Engineering Resilient Space Systems
Several distinct trends will influence space exploration missions in the next decade. Destinations are
becoming more remote and mysterious, science questions more sophisticated, and, as mission experience
accumulates, the most accessible targets are visited, advancing the knowledge frontier to more difficult,
harsh, and inaccessible environments. This leads to new challenges including: hazardous conditions that
limit mission lifetime, such as high radiation levels surrounding interesting destinations like Europa or
toxic atmospheres of planetary bodies like Venus; unconstrained environments with navigation hazards,
such as free-floating active small bodies; multielement missions required to answer more sophisticated
questions, such as Mars Sample Return (MSR); and long-range missions, such as Kuiper belt exploration,
that must survive equipment failures over the span of decades. These missions will need to be successful
without a priori knowledge of the most efficient data collection techniques for optimum science return.
Science objectives will have to be revised âon the flyâ, with new data collection and navigation decisions
on short timescales.
Yet, even as science objectives are becoming more ambitious, several critical resources remain
unchanged. Since physics imposes insurmountable light-time delays, anticipated improvements to the
Deep Space Network (DSN) will only marginally improve the bandwidth and communications cadence to
remote spacecraft. Fiscal resources are increasingly limited, resulting in fewer flagship missions, smaller
spacecraft, and less subsystem redundancy. As missions visit more distant and formidable locations, the
job of the operations team becomes more challenging, seemingly inconsistent with the trend of shrinking
mission budgets for operations support. How can we continue to explore challenging new locations
without increasing risk or system complexity?
These challenges are present, to some degree, for the entire Decadal Survey mission portfolio, as
documented in Vision and Voyages for Planetary Science in the Decade 2013â2022 (National Research
Council, 2011), but are especially acute for the following mission examples, identified in our recently
completed KISS Engineering Resilient Space Systems (ERSS) study:
1. A Venus lander, designed to sample the atmosphere and surface of Venus, would have to perform
science operations as components and subsystems degrade and fail;
2. A Trojan asteroid tour spacecraft would spend significant time cruising to its ultimate destination
(essentially hibernating to save on operations costs), then upon arrival, would have to act as its
own surveyor, finding new objects and targets of opportunity as it approaches each asteroid,
requiring response on short notice; and
3. A MSR campaign would not only be required to perform fast reconnaissance over long distances
on the surface of Mars, interact with an unknown physical surface, and handle degradations and
faults, but would also contain multiple components (launch vehicle, cruise stage, entry and
landing vehicle, surface rover, ascent vehicle, orbiting cache, and Earth return vehicle) that
dramatically increase the need for resilience to failure across the complex system.
The concept of resilience and its relevance and application in various domains was a focus during the
study, with several definitions of resilience proposed and discussed. While there was substantial variation
in the specifics, there was a common conceptual core that emergedâadaptation in the presence of
changing circumstances. These changes were couched in various waysâanomalies, disruptions,
discoveriesâbut they all ultimately had to do with changes in underlying assumptions. Invalid
assumptions, whether due to unexpected changes in the environment, or an inadequate understanding of
interactions within the system, may cause unexpected or unintended system behavior. A system is
resilient if it continues to perform the intended functions in the presence of invalid assumptions.
Our study focused on areas of resilience that we felt needed additional exploration and integration,
namely system and software architectures and capabilities, and autonomy technologies. (While also an
important consideration, resilience in hardware is being addressed in multiple other venues, including
2
other KISS studies.) The study consisted of two workshops, separated by a seven-month focused study
period. The first workshop (Workshop #1) explored the âproblem spaceâ as an organizing theme, and the
second workshop (Workshop #2) explored the âsolution spaceâ. In each workshop, focused discussions
and exercises were interspersed with presentations from participants and invited speakers.
The study period between the two workshops was organized as part of the synthesis activity during the
first workshop. The study participants, after spending the initial days of the first workshop discussing the
nature of resilience and its impact on future science missions, decided to split into three focus groups,
each with a particular thrust, to explore specific ideas further and develop material needed for the second
workshop. The three focus groups and areas of exploration were:
1. Reference missions: address/refine the resilience needs by exploring a set of reference missions
2. Capability survey: collect, document, and assess current efforts to develop capabilities and
technology that could be used to address the documented needs, both inside and outside NASA
3. Architecture: analyze the impact of architecture on system resilience, and provide principles and
guidance for architecting greater resilience in our future systems
The key product of the second workshop was a set of capability roadmaps pertaining to the three
reference missions selected for their representative coverage of the types of space missions envisioned for
the future. From these three roadmaps, we have extracted several common capability patterns that would
be appropriate targets for near-term technical development: one focused on graceful degradation of
system functionality, a second focused on data understanding for science and engineering applications,
and a third focused on hazard avoidance and environmental uncertainty. Continuing work is extending
these roadmaps to identify candidate enablers of the capabilities from the following three categories:
architecture solutions, technology solutions, and process solutions.
The KISS study allowed a collection of diverse and engaged engineers, researchers, and scientists to think
deeply about the theory, approaches, and technical issues involved in developing and applying resilience
capabilities. The conclusions summarize the varied and disparate discussions that occurred during the
study, and include new insights about the nature of the challenge and potential solutions:
1. There is a clear and definitive need for more resilient space systems. During our study period,
the key scientists/engineers we engaged to understand potential future missions confirmed the
scientific and risk reduction value of greater resilience in the systems used to perform these
missions.
2. Resilience can be quantified in measurable termsâproject cost, mission risk, and quality of
science return. In order to consider resilience properly in the set of engineering trades performed
during the design, integration, and operation of space systems, the benefits and costs of resilience
need to be quantified. We believe, based on the work done during the study, that appropriate
metrics to measure resilience must relate to risk, cost, and science quality/opportunity. Additional
work is required to explicitly tie design decisions to these first-order concerns.
3. There are many existing basic technologies that can be applied to engineering resilient space
systems. Through the discussions during the study, we found many varied approaches and
research that address the various facets of resilience, some within NASA, and many more
beyond. Examples from civil architecture, Department of Defense (DoD) / Defense Advanced
Research Projects Agency (DARPA) initiatives, âsmartâ power grid control, cyber-physical
systems, software architecture, and application of formal verification methods for software were
identified and discussed. The variety and scope of related efforts is encouraging and presents
many opportunities for collaboration and development, and we expect many collaborative
proposals and joint research as a result of the study.
4. Use of principled architectural approaches is key to managing complexity and integrating
disparate technologies. The main challenge inherent in considering highly resilient space
systems is that the increase in capability can result in an increase in complexity with all of the
3
risks and costs associated with more complex systems. What is needed is a better way of
conceiving space systems that enables incorporation of capabilities without increasing
complexity. We believe principled architecting approaches provide the needed means to convey a
unified understanding of the system to primary stakeholders, thereby controlling complexity in
the conception and development of resilient systems, and enabling the integration of disparate
approaches and technologies. A representative architectural example is included in Appendix F.
5. Developing trusted resilience capabilities will require a diverse yet strategically directed
research program. Despite the interest in, and benefits of, deploying resilience space systems, to
date, there has been a notable lack of meaningful demonstrated progress in systems capable of
working in hazardous uncertain situations. The roadmaps completed during the study, and
documented in this report, provide the basis for a real funded plan that considers the required
fundamental work and evolution of needed capabilities.
Exploring space is a challenging and difficult endeavor. Future space missions will require more
resilience in order to perform the desired science in new environments under constraints of development
and operations cost, acceptable risk, and communications delays. Development of space systems with
resilient capabilities has the potential to expand the limits of possibility, revolutionizing space science by
enabling as yet unforeseen missions and breakthrough science observations.
Our KISS study provided an essential venue for the consideration of these challenges and goals.
Additional work and future steps are needed to realize the potential of resilient systemsâthis study
provided the necessary catalyst to begin this process
Recommended from our members
Engineering Adaptive Model-Driven User Interfaces for Enterprise Applications
Enterprise applications such as enterprise resource planning systems have numerous complex user interfaces (UIs). Usability problems plague these UIs because they are offered as a generic off-the-shelf solution to end-users with diverse needs in terms of their required features and layout preferences. Adaptive UIs can help in improving usability by tailoring the features and layout based on the context-of-use. The model-driven UI development approach offers the possibility of applying different types of adaptations on the various UI levels of abstraction. This approach forms the basis for many works researching the development of adaptive UIs. Yet, several gaps were identified in the state-of-the-art adaptive model-driven UI development systems. To fill these gaps, this thesis presents an approach that offers the following novel contributions:
- The Cedar Architecture serves as a reference for developing adaptive model-driven enterprise application user interfaces.
- Role-Based User Interface Simplification (RBUIS) is a mechanism for improving usability through adaptive behavior, by providing end-users with a minimal feature-set and an optimal layout based on the context-of-use.
- Cedar Studio is an integrated development environment, which provides tool support for building adaptive model-driven enterprise application UIs using RBUIS based on the Cedar Architecture.
The contributions were evaluated from the technical and human perspectives. Several metrics were established and applied to measure the technical characteristics of the proposed approach after integrating it into an open-source enterprise application. Additional insights about the approach were obtained through the opinions of industry experts and data from real-life projects. Usability studies showed the approachâs ability to significantly improve usability in terms of end-user efficiency, effectiveness and satisfaction
Recommended from our members
The Early Assessment of System Performance in Distributed Real-time Systems
Distributed real-time process control systems are notoriously difficult to develop. They frequently overrun time schedules and break cost constraints. The problems are compounded where there are multiple development teams and stakeholders. Conventional model-driven development has been examined to see if it can be extended to resolve some of these problems. It may be possible to use early system design stages to identify performance issues which would otherwise not be identified until late in the development of the system. A functional model is proposed, in addition to those conventionally used for model-driven development, based on loosely coupled functional elements, to represent the behaviour of each system component. The model complements existing requirements and design specifications and addresses the combination of individual component abstractions to produce a complete system specification.
The functional model enables the accurate prediction of system performance prior to the detailed design of each component. The thesis examines how performance can be calculated and modelled. An animator tool and associated code generator are used to predict system and component performance in a distributed aircraft navigation system.
The use of the animator to support the system design prior to the generation of the component contract specifications and interface control documents provides a means of assessing performance which is accessible to domain experts and system designers alike. The model also enables the effects of requirements changes and component design issues on the system design to be assessed in terms of the system design to provide system wide solutions.
This performance assessment model and animator compliments the existing 'fix-it-later' approach, reducing the chances of performance failure detected late during the system development process when they are most expensive to fix
Optimizing the Automotive Security Development Process in Early Process Design Phases
Security is a relatively new topic in the automotive industry. In the former days, the only security defense methods were the engine immobilizer and the anti-theft alarm system. The rising connection of vehicles to external networks made it necessary to extend the security effort by introducing security development processes. These processes include, amongothers, risk analysis and treatment steps. In parallel, the development of ISO/SAE 21434 and UN-ECE No. R155 started. The long development cycles in the automotive industry made it necessary to align the development processes' early designs with the standards' draft releases.
This work aims to design a new consistent, complete and efficient security development process, aligned with the normative references. The resulting development process design aligns with the overall development methodology of the underlying, evaluated development process. Use cases serve as a basis for evaluating improvements and the method designs. This work concentrates on the left leg of the V-Model. Nevertheless, future work targets extensions for a holistic development
approach for safety and security.:I. Foundation
1. Introduction
2. Automotive Development
3. Methodology
II. Meta-Functional Aspects
4. Dependability as an Umbrella-Term
5. Security Taxonomy
6. Terms and Definitions
III. Security Development Process Design
7. Security Relevance Evaluation
8. Function-oriented Security Risk Analysis
9. Security Risk Analysis on System Level
10. Risk Treatment
IV. Use Cases and Evaluation
11. Evaluation Criteria
12. Use Case: Security Relevance Evaluation
13. Use Case: Function-oriented Security Risk Analysis
14. Use Case: System Security Risk Analysis
15. Use Case: Risk Treatment
V. Closing
16. Discussion
17. Conclusion
18. Future Work
Appendix A. Attacker Model Categories and Rating
Appendix B. Basic Threat Classes for System SRA
Appendix C. Categories of Defense Method Propertie
- âŠ