337 research outputs found

    Evaluating Architectural Safeguards for Uncertain AI Black-Box Components

    Get PDF
    Although tremendous progress has been made in Artificial Intelligence (AI), it entails new challenges. The growing complexity of learning tasks requires more complex AI components, which increasingly exhibit unreliable behaviour. In this book, we present a model-driven approach to model architectural safeguards for AI components and analyse their effect on the overall system reliability

    Anpassen verteilter eingebetteter Anwendungen im laufenden Betrieb

    Get PDF
    The availability of third-party apps is among the key success factors for software ecosystems: The users benefit from more features and innovation speed, while third-party solution vendors can leverage the platform to create successful offerings. However, this requires a certain decoupling of engineering activities of the different parties not achieved for distributed control systems, yet. While late and dynamic integration of third-party components would be required, resulting control systems must provide high reliability regarding real-time requirements, which leads to integration complexity. Closing this gap would particularly contribute to the vision of software-defined manufacturing, where an ecosystem of modern IT-based control system components could lead to faster innovations due to their higher abstraction and availability of various frameworks. Therefore, this thesis addresses the research question: How we can use modern IT technologies and enable independent evolution and easy third-party integration of software components in distributed control systems, where deterministic end-to-end reactivity is required, and especially, how can we apply distributed changes to such systems consistently and reactively during operation? This thesis describes the challenges and related approaches in detail and points out that existing approaches do not fully address our research question. To tackle this gap, a formal specification of a runtime platform concept is presented in conjunction with a model-based engineering approach. The engineering approach decouples the engineering steps of component definition, integration, and deployment. The runtime platform supports this approach by isolating the components, while still offering predictable end-to-end real-time behavior. Independent evolution of software components is supported through a concept for synchronous reconfiguration during full operation, i.e., dynamic orchestration of components. Time-critical state transfer is supported, too, and can lead to bounded quality degradation, at most. The reconfiguration planning is supported by analysis concepts, including simulation of a formally specified system and reconfiguration, and analyzing potential quality degradation with the evolving dataflow graph (EDFG) method. A platform-specific realization of the concepts, the real-time container architecture, is described as a reference implementation. The model and the prototype are evaluated regarding their feasibility and applicability of the concepts by two case studies. The first case study is a minimalistic distributed control system used in different setups with different component variants and reconfiguration plans to compare the model and the prototype and to gather runtime statistics. The second case study is a smart factory showcase system with more challenging application components and interface technologies. The conclusion is that the concepts are feasible and applicable, even though the concepts and the prototype still need to be worked on in future -- for example, to reach shorter cycle times.Eine große Auswahl von Drittanbieter-Lösungen ist einer der Schlüsselfaktoren für Software Ecosystems: Nutzer profitieren vom breiten Angebot und schnellen Innovationen, während Drittanbieter über die Plattform erfolgreiche Lösungen anbieten können. Das jedoch setzt eine gewisse Entkopplung von Entwicklungsschritten der Beteiligten voraus, welche für verteilte Steuerungssysteme noch nicht erreicht wurde. Während Drittanbieter-Komponenten möglichst spät -- sogar Laufzeit -- integriert werden müssten, müssen Steuerungssysteme jedoch eine hohe Zuverlässigkeit gegenüber Echtzeitanforderungen aufweisen, was zu Integrationskomplexität führt. Dies zu lösen würde insbesondere zur Vision von Software-definierter Produktion beitragen, da ein Ecosystem für moderne IT-basierte Steuerungskomponenten wegen deren höherem Abstraktionsgrad und der Vielzahl verfügbarer Frameworks zu schnellerer Innovation führen würde. Daher behandelt diese Dissertation folgende Forschungsfrage: Wie können wir moderne IT-Technologien verwenden und unabhängige Entwicklung und einfache Integration von Software-Komponenten in verteilten Steuerungssystemen ermöglichen, wo Ende-zu-Ende-Echtzeitverhalten gefordert ist, und wie können wir insbesondere verteilte Änderungen an solchen Systemen konsistent und im Vollbetrieb vornehmen? Diese Dissertation beschreibt Herausforderungen und verwandte Ansätze im Detail und zeigt auf, dass existierende Ansätze diese Frage nicht vollständig behandeln. Um diese Lücke zu schließen, beschreiben wir eine formale Spezifikation einer Laufzeit-Plattform und einen zugehörigen Modell-basierten Engineering-Ansatz. Dieser Ansatz entkoppelt die Design-Schritte der Entwicklung, Integration und des Deployments von Komponenten. Die Laufzeit-Plattform unterstützt den Ansatz durch Isolation von Komponenten und zugleich Zeit-deterministischem Ende-zu-Ende-Verhalten. Unabhängige Entwicklung und Integration werden durch Konzepte für synchrone Rekonfiguration im Vollbetrieb unterstützt, also durch dynamische Orchestrierung. Dies beinhaltet auch Zeit-kritische Zustands-Transfers mit höchstens begrenzter Qualitätsminderung, wenn überhaupt. Rekonfigurationsplanung wird durch Analysekonzepte unterstützt, einschließlich der Simulation formal spezifizierter Systeme und Rekonfigurationen und der Analyse der etwaigen Qualitätsminderung mit dem Evolving Dataflow Graph (EDFG). Die Real-Time Container Architecture wird als Referenzimplementierung und Evaluationsplattform beschrieben. Zwei Fallstudien untersuchen Machbarkeit und Nützlichkeit der Konzepte. Die erste verwendet verschiedene Varianten und Rekonfigurationen eines minimalistischen verteilten Steuerungssystems, um Modell und Prototyp zu vergleichen sowie Laufzeitstatistiken zu erheben. Die zweite Fallstudie ist ein Smart-Factory-Demonstrator, welcher herausforderndere Applikationskomponenten und Schnittstellentechnologien verwendet. Die Konzepte sind den Studien nach machbar und nützlich, auch wenn sowohl die Konzepte als auch der Prototyp noch weitere Arbeit benötigen -- zum Beispiel, um kürzere Zyklen zu erreichen

    A Formal Engineering Approach for Interweaving Functional and Security Requirements of RESTful Web APIs

    Get PDF
    RESTful Web API adoption has become ubiquitous with the proliferation of REST APIs in almost all domains with modern web applications embracing the micro-service architecture. This vibrant and expanding adoption of APIs, has made an increasing amount of data to be funneled through systems which require proper access management to ensure that web assets are secured. A RESTful API provides data using the HTTP protocol over the network, interacting with databases and other services and must preserve its security properties. Currently, practitioners are facing two major challenges for developing high quality secure RESTful APIs. One, REST is not a protocol. Instead, it is a set of guidelines that define how web resources can be designed and accessed over HTTP endpoints. There are a set of guidelines which stipulate how related resources should be structured using hierarchical URIs as well as how specific well-defined actions on those resources should be represented using different HTTP verbs. Whereas security has always been critical in the design of RESTful APIs, there are no clear formal models utilizing a secure-by-design approach that interweaves both the functional and security requirements. The other challenge is how to effectively utilize a model driven approach for constructing precise requirements and design specifications so that the security of a RESTFul API is considered as a concern that transcends across functionality rather than individual isolated operations.This thesis proposes a novel technique that encourages a model driven approach to specifying and verifying APIs functional and security requirements with the practical formal method SOFL (Structured-Object-Oriented Formal Language). Our proposed approach provides a generic 6 step model driven approach for designing security aware APIs by utilizing concepts of domain models, domain primitives, Ecore metamodel and SOFL. The first step involves generating a flat file with APIs resource listings. In this step, we extract resource definitions from an input RESTful API documentation written in RAML using an existing RAML parser. The output of this step is a flat file representing API resources as defined in the RAML input file. This step is fully automated. The second step involves automatic construction of an API resource graph that will work as a blue print for creating the target API domain model. The input for this step is the flat file generated from step 1 and the output is a directed graph (digraph) of API resource. We leverage on an algorithm which we created that takes a list of lists of API resource nodes and the defined API root resource node as an input, and constructs a digraph highlighting all the API resources as an output. In step 3, we use the generated digraph as a guide to manually define the API’s initial domain model as the target output with an aggregate root corresponding to the root node of the input digraph and the rest of the nodes corresponding to domain model entities. In actual sense, the generated digraph in step 2 is a barebone representation of the target domain model, but what is missing in the domain model at this stage in the distinction between containment and reference relationship between entities. The resulting domain model describes the entire ecosystem of the modeled API in the form of Domain Driven Design Concepts of aggregates, aggregate root, entities, entity relationships, value objects and aggregate boundaries. The fourth step, which takes our newly defined domain model as input, involves a threat modeling process using Attack Defense Trees (ADTrees) to identify potential security vulnerabilities in our API domain model and their countermeasures. aCountermeasures that can enforce secure constructs on the attributes and behavior of their associated domain entities are modeled as domain primitives. Domain primitives are distilled versions of value objects with proper invariants. These invariants enforce security constraints on the behavior of their associated entities in our API domain model. The output of this step is a complete refined domain model with additional security invariants from the threat modeling process defined as domain primitives in the refined domain model. This fourth step achieves our first interweaving of functional and security requirements in an implicit manner. The fifth step involves creating an Ecore metamodel that describes the structure of our API domain model. In this step, we rely on the refined domain model as input and create an Ecore metamodel that our refined domain model corresponds to, as an output. Specifically, this step encompasses structural modeling of our target RESTful API. The structural model describes the possible resource types, their attributes, and relations as well as their interface and representations. The sixth and the final step involves behavioral modeling. The input for this step is an Ecore metamodel from step 5 and the output is formal security aware RESTful API specifications in SOFL language. Our goal here is to define RESTful API behaviors that consist of actions corresponding to their respective HTTP verbs i.e., GET, POST, PUT, DELETE and PATCH. For example, CreateAction creates a new resource, an UpdateAction provides the capability to change the value of attributes and ReturnAction allows for response definition including the Representation and all metadata. To achieve behavioral modelling, we transform our API methods into SOFL processes. We take advantage of the expressive nature of SOFL processes to define our modeled API behaviors. We achieve the interweaving of functional and security requirements by injecting boolean formulas in post condition of SOFL processes. To verify whether the interweaved functional and security requirements implement all expected functions correctly and satisfy the desired security constraints, we can optionally perform specification testing. Since implicit specifications do not indicate algorithms for implementation but are rather expressed with predicate expressions involving pre and post conditions for any given specification, we can substitute all the variables involved a process with concrete values of their types with results and evaluate their results in the form of truth values true or false. When conducting specification testing, we apply SOFL process animation technique to obtain the set of concrete values of output variables for each process functional scenario. We analyse test results by comparing the evaluation results with an analysis criteria. An analysis criteria is a predicate expression representing the properties to be verified. If the evaluation results are consistent with the predicate expression, the analysis show consistency between the process specification and its associated requirement. We generate the test cases for both input and output variables based on the user requirements. The test cases generated are usually based on test targets which are predicate expressions, such as the pre and post conditions of a process. when testing for conformance of a process specification to its associated service operation, we only need to observe the execution results of the process by providing concrete input values to all of its functional scenarios and analyze their defining conditions relative to user requirements. We present an empirical case study for validating the practicality and usability of our model driven formal engineering approach by applying it in developing a Salon Booking System. A total of 32 services covering functionalities provided by the Salon Booking System API were developed. We defined process specifications for the API services with their respective security requirements. The security requirements were injected in the threat modeling and behavioral modeling phase of our approach. We test for the interweaving of functional and security requirements in the specifications generated by our approach by conducting tests relative to original RAML specifications. Failed tests were exhibited in cases where injected security measure like requirement of an object level access control is not respected i.e., object level access control is not checked. Our generated SOFL specification correctly rejects such case by returning an appropriate error message while the original RAML specification incorrectly dictates to accept such request, because it is not aware of such measure. We further demonstrate a technique for generating SOFL specifications from a domain model via model to text transformation. The model to text transformation technique semi-automates the generation of SOFL formal specification in step 6 of our proposed approach. The technique allows for isolation of dynamic and static sections of the generated specifications. This enables our technique to have the capability of preserving the static sections of the target specifications while updating the dynamic sections in response to the changes of the underlying domain model representing the RESTful API in design. Specifically, our contribution is provision of a systemic model driven formal engineering approach for design and development of secure RESTful web APIs. The proposed approach offers a six-step methodology covering both structural and behavioral modelling of APIs with a focus on security. The most distinguished merit of the model to text transformation is the utilization of the API’s domain model as well as a metamodel that the domain model corresponds to as the foundation for generation of formal SOFL specifications that is a representation of API’s functional and security requirements.博士(理学)法政大学 (Hosei University

    A PRISMA-driven systematic mapping study on system assurance weakeners

    Full text link
    Context: An assurance case is a structured hierarchy of claims aiming at demonstrating that a given mission-critical system supports specific requirements (e.g., safety, security, privacy). The presence of assurance weakeners (i.e., assurance deficits, logical fallacies) in assurance cases reflects insufficient evidence, knowledge, or gaps in reasoning. These weakeners can undermine confidence in assurance arguments, potentially hindering the verification of mission-critical system capabilities. Objectives: As a stepping stone for future research on assurance weakeners, we aim to initiate the first comprehensive systematic mapping study on this subject. Methods: We followed the well-established PRISMA 2020 and SEGRESS guidelines to conduct our systematic mapping study. We searched for primary studies in five digital libraries and focused on the 2012-2023 publication year range. Our selection criteria focused on studies addressing assurance weakeners at the modeling level, resulting in the inclusion of 39 primary studies in our systematic review. Results: Our systematic mapping study reports a taxonomy (map) that provides a uniform categorization of assurance weakeners and approaches proposed to manage them at the modeling level. Conclusion: Our study findings suggest that the SACM (Structured Assurance Case Metamodel) -- a standard specified by the OMG (Object Management Group) -- may be the best specification to capture structured arguments and reason about their potential assurance weakeners

    Architecture-based Evolution of Dependable Software-intensive Systems

    Get PDF
    This cumulative habilitation thesis, proposes concepts for (i) modelling and analysing dependability based on architectural models of software-intensive systems early in development, (ii) decomposition and composition of modelling languages and analysis techniques to enable more flexibility in evolution, and (iii) bridging the divergent levels of abstraction between data of the operation phase, architectural models and source code of the development phase

    Context-based Access Control and Attack Modelling and Analysis

    Get PDF
    In dieser Arbeit haben wir architekturelle Sicherheitsanalysen entwickelt, um Zugriffsverletzungen und Angriffspfade zu ermitteln. Durch die fortschreitende Digitalisierung und die zunehmende Vernetzung steigt die Bedeutung der IT-Sicherheit. Die Sicherheit eines Systems besteht aus mehreren verschiedenen Eigenschaften wie Vertraulichkeit oder Integrität. In unserer Arbeit konzentrieren wir uns auf die Vertraulichkeit. Ein vertrauliches System teilt nur die benötigten Daten mit autorisierten Entitäten. Unbefugte oder böswillige Personen erhalten keinen Zugang zu vertraulichen Daten. Die Entwicklung eines vertraulichen Systems ist jedoch schwierig, da viele verschiedene Eigenschaften Einfluss auf die Vertraulichkeit haben. Ein wichtiger Einflussfaktor ist die Zugangskontrolle. Zugriffskontrollrichtlinien definieren für jedes Element innerhalb eines Systems, unter welchen Bedingungen der Zugriff gewährt werden kann. Diese Zugriffskontrollrichtlinien berücksichtigen oft den Kontext für den Zugriff. Der Kontext kann z.B. die Zeit oder der Standort von Personen sein. Durch die Berücksichtigung steigt die Komplexität der Spezifikation der Zugriffskontrolle. Dies kann zu einer Fehlspezifikation führen. Daher ist es wichtig, die Auswirkungen einer Zugriffskontrollrichtlinie zu ermitteln. Aufgrund der Komplexität ist es jedoch schwierig, die Auswirkungen zu bestimmen, da die Analyse auch den Kontext berücksichtigen muss. Neben Zugriffskontrollrichtlinien können auch Schwachstellen die Vertraulichkeit des Systems beeinflussen. Schwachstellen können von Angreifer:innen ausgenutzt werden, um Zugang zu geschützten Entitäten im System zu erhalten. Sie ermöglichen es den Angreifer:innen also, die Zugangskontrollrichtlinien zu umgehen. Schwachstellen ermöglichen nicht nur den direkten Zugang zu Entitäten, sondern ermöglichen Angreifer:innen auch die Berechtigung anderer Personen zuerlangen. Diese Berechtigung kann dann von Angreifer:innen verwendet werden, um sich bei anderen Elementen Zugang zu verschaffen. Schwachstellen hängen jedoch auch von Zugangskontrollsystemen ab, da für einige Schwachstellen eine Berechtigung erforderlich ist. So können beispielsweise einige Schwachstellen nur von berechtigten Personen ausgenutzt werden. Um die Auswirkungen einer Schwachstelle abschätzen zu können, muss eine Analyse daher auch die Eigenschaften der Zugangskontrolle berücksichtigen. Darüber hinaus ist der Kontext der Angreifer:innen wichtig, da einige Schwachstellen nur dann ausgenutzt werden können, wenn der Angreifer:innen zuvor andere Entitäten im System kompromittiert haben. Daher wird bei Angriffen eine verkettete Liste kompromittierter Entitäten erstellt. Diese Liste wird auch als Angriffspfad bezeichnet. Sie besteht aus einer Kette von Schwachstellen, die die mehrfache Ausnutzung von Schwachstellen und Zugangskontrollrichtlinien durch Angreifer:innen darstellen. Die automatische Ableitung dieser möglichen Angriffspfade kann verwendet werden, um die Auswirkungen auf die Vertraulichkeit abzuschätzen, da sie den Expert:innen eine Rückmeldung darüber gibt, welche Elemente kompromittiert werden können. Bestehende Ansätze zur Abschätzung der Sicherheit oder der Auswirkungen von Zugangskontrollrichtlinien oder Schwachstellen konzentrieren sich oft nur auf eine der beiden Eigenschaften. Ansätze, die beide Eigenschaften berücksichtigen, sind in der Anwendungsdomäne oft sehr begrenzt, z.B. lösen sie es nur für eine Anwendungsdomäne wie Microsoft Active Directory oder sie berücksichtigen nur ein begrenztes Zugangskontrollmodell. Darüber hinaus arbeiten die meisten Ansätze mit einer Netzwerktopologie. Dies kann zwar bei der Modellierung hilfreich sein, doch berücksichtigt eine Netzwerktopologie in der Regel keine weiteren Eigenschaften wie Bereitstellung von Diensten auf Servern oder die Nutzung von Komponenten. Software-Architekturmodelle können diese Informationen jedoch liefern. Darüber hinaus ermöglicht die Verwendung von Modellen, ein System bereits während der Entwicklung oder während eines Ausfalls zu analysieren. Daher hilft es bei der Verwirklichung von Security by Design. Im Einzelnen sind unsere Beiträge: Wir haben ein Metamodell für die Zugriffskontrolle entwickelt, um kontextbasierte Zugriffskontrollrichtlinien in der Software-Architektur zu spezifizieren. Zusätzlich haben wir ein Schwachstellen-Metamodell entwickelt, um Schwachstellen in Software-Architekturen zu spezifizieren. Die Zugriffskontrollrichtlinien können in einer szenariobasierten Zugriffskontrollanalyse analysiert werden, um Zugriffsverletzungen zu identifizieren. Wir haben zwei Angriffsanalysen entwickelt. Beide können Angriffspfade auf einem Architekturmodell generieren und Schwachstellen und Zugangskontrollrichtlinien verwenden. Die eine Analyse betrachtet die Angriffsausbreitung von einem bestimmten Startpunkt in der Software-Architektur. Die andere findet Angriffspfade, die zu einem bestimmten Architekturelement führen. Wir haben unsere Sicherheitsanalysen anhand verschiedener Evaluierungsszenarien evaluiert. Diese Szenarien wurden auf der Grundlage von Evaluierungsfällen aus verwandten Arbeiten oder realen Sicherheitsvorfällen erstellt. Für die erste Analyse haben wir die Genauigkeit bei der Identifizierung von Zugriffsverletzungen untersucht. Unsere Ergebnisse deuten auf eine hohe Genauigkeit hin. Für die beiden Angriffsanalysen untersuchten wir die Genauigkeit hinsichtlich der gefundenen kompromittierten Elemente, die Aufwandsreduzierung bei der Verwendung unserer Analysen und die Skalierbarkeit. Unsere Ergebnisse deuten auf eine hohe Genauigkeit und eine Aufwandsreduzierung hin. Allerdings ist die Skalierbarkeit für beide Ansätze nicht ideal. Für kleinere Software-Architekturen ist sie jedoch akzeptabel. Der von uns entwickelte Ansatz kann Software-Architekt:innen dabei helfen, sicherere Systeme zu entwerfen. Der Ansatz kann die Auswirkungen von Zugriffskontrollrichtlinien anhand von Zugriffsverletzungen und für Schwachstellen zusammen mit Zugriffskontrollrichtlinien anhand von Angriffspfaden aufzeigen. Durch die Verwendung von Software-Architekturmodellen kann unser Ansatz dieses Feedback bereits während des Entwurfs der Software liefern. Dies kann helfen, nach "Security by Design" zu entwickeln

    Methods and Models for Industrial Internet of Things-based Business Process Improvement

    Get PDF
    Over the last three decades, the Internet of Things (IoT) has gained significant importance and has been implemented in many private, public, and business contexts. Leveraging and combining the IoT's capabilities enables far-reaching transformations and disruptive innovations that are increasingly recognized, especially by industrial organizations. In this regard, the Industrial IoT (IIoT) paradigm has emerged, describing the use of IIoT technology in the industrial domain. One key use of the IIoT is the incremental or radical improvement of business processes. This goal-oriented change of business processes with IIoT technology to accomplish organizational goals more effectively is called IIoT-based Business Process Improvement (BPI). Many use cases demonstrate the benefits of IIoT-based BPI for all types of industrial organizations. However, the interconnection between IIoT and BPI lacks theoretical knowledge and applicable artifacts that support practitioners. Moreover, a significant number of related projects fail or do not achieve the anticipated benefits. This issue has drawn attention in recent scholarly literature, which calls for further research. The dissertation at hand approaches this research gap by extending and advancing existing knowledge and providing valuable contributions to managerial practice. Three critical challenges for conducting IIoT-based BPI projects are addressed in particular: First, the essential characteristics of IIoT-based BPI applications are explored. This enables their classification and a foundational comprehension of the research field. Second, the required capabilities to leverage IIoT for BPI are identified. On this basis, industrial organizations can assess their maturity and readiness for implementing corresponding applications. Third, the identification, specification, and selection of appropriate applications are addressed. These activities enable the successful practical execution of IIoT projects with BPI potential

    Methods and Models for Industrial Internet of Things-based Business Process Improvement

    Get PDF
    Over the last three decades, the Internet of Things (IoT) has gained significant importance and has been implemented in many private, public, and business contexts. Leveraging and combining the IoT's capabilities enables far-reaching transformations and disruptive innovations that are increasingly recognized, especially by industrial organizations. In this regard, the Industrial IoT (IIoT) paradigm has emerged, describing the use of IIoT technology in the industrial domain. One key use of the IIoT is the incremental or radical improvement of business processes. This goal-oriented change of business processes with IIoT technology to accomplish organizational goals more effectively is called IIoT-based Business Process Improvement (BPI). Many use cases demonstrate the benefits of IIoT-based BPI for all types of industrial organizations. However, the interconnection between IIoT and BPI lacks theoretical knowledge and applicable artifacts that support practitioners. Moreover, a significant number of related projects fail or do not achieve the anticipated benefits. This issue has drawn attention in recent scholarly literature, which calls for further research. The dissertation at hand approaches this research gap by extending and advancing existing knowledge and providing valuable contributions to managerial practice. Three critical challenges for conducting IIoT-based BPI projects are addressed in particular: First, the essential characteristics of IIoT-based BPI applications are explored. This enables their classification and a foundational comprehension of the research field. Second, the required capabilities to leverage IIoT for BPI are identified. On this basis, industrial organizations can assess their maturity and readiness for implementing corresponding applications. Third, the identification, specification, and selection of appropriate applications are addressed. These activities enable the successful practical execution of IIoT projects with BPI potential

    Architectural Alignment of Access Control Requirements Extracted from Business Processes

    Get PDF
    Business processes and information systems evolve constantly and affect each other in non-trivial ways. Aligning security requirements between both is a challenging task. This work presents an automated approach to extract access control requirements from business processes with the purpose of transforming them into a) access permissions for role-based access control and b) architectural data flow constraints to identify violations of access control in enterprise application architectures

    A Design Science Research Approach to Architecting and Developing Information Systems for Collaborative Manufacturing : A Case for Human-Robot Collaboration

    Get PDF
    Konseptointi- ja suunnitteluvaiheessa sekä valmistuksen, käytön ja kehitysprosessin aikana syntyy tietoa, jonka hyödyntämisessä on valtavaa potentiaalia liike-elämän ja tuotantoprosessien muuttamiseen. Neljännen teollisen vallankumouksen ytimessä oleva digitaalinen muutos tunnistaa tämän painottaen erityisesti tämän tiedon yhdistämistä toimintojen ja järjestelmien tukemiseksi läpi tuotteen elinkaareen, mitä kutsutaan digitaaliseksi säikeen kehykseksi (digital thread framework). Tämän väitöskirjan tavoitteena on kehittää ja käyttää yhtä tällaista viitekehystä ihmisen ja robotin yhteistoiminnan asiayhteydessä. Tämä kehys pyrkii vastaamaan merkittävään ongelmaan, joka liittyy mukautuvuuden ja joustavuuden abstrakteihin ominaisuuksiin. Nykyiset ihmisen ja robotin yhteistyöjärjestelmät (human-robot collaboration (HRC)) on rakennettu pääasiassa pysyviksi järjestelmiksi, jotka sivuuttavat ihmisten intuitiivisen toiminnan asettamalla heidän roolinsa yhteistyötehtävissä etukäteen määritellyiksi. Lisäksi järjestelmien kyky vaihtaa tuotteesta toiseen on rajoittunutta. Tämä on erityisen ongelmallista nykyisellä laajan tuotevalikoiman aikakaudella, joka johtuu asiakkaiden räätälöidyistä vaatimuksista. Tähän taustaan vastaten, tämä väitöskirja käyttää design science research methodology -menetelmää suunnitellakseen, kehittääkseen ja ottaakseen käyttöön kolme pääasiallista artefaktia ihmisen ja robotin yhteistyösolussa laboratorioympäristössä. Ensimmäinen on digitaalisen säikeen kehys (digital thread framework), joka integroi tuotesuunnitteluympäristön toimijaksi monitoimijajärjestelmään käyttäen uusimpia tietoon perustuvia suunnittelujärjestelmiä, mikä tarjoaa prosessin toimijoille pääsyn tuotesuunnittelumalleihin reaaliajassa. Toinen on lisätyn todellisuuden malli, joka tarjoaa rajapinnan kokoonpanotehtävässä yhteistyöhön osallistuvan ihmisoperaattorin ja edellä mainitun kehyksen välille. Kolmas on tukitietomalli, jota yhteistyötä tekevät toimijat käyttävät tietopohjanaan täyttääkseen yhteistyössä tapahtuvan kokoonpanon tavoitteet mukautuvasti. Näitä kehitettyjä artefakteja käytettiin kokonaisuutena tapaustutkimuksissa, jotka liittyivät aidon dieselmoottorin kokoonpanoon, ja joissa todennettiin niiden hyödyllisyys ja että ne lisäävät joustavuutta, jota varten kehys (framework) suunniteltiin. Rajauslaatikoiden näyttäminen skaalautuvana informaationa, joka hahmottaa alikokoonpanon osien geometriaa, demostroi kehitettyjen artefaktien käytettävyyttä yhteistyötä tekevien toimijoiden aikomuksia heijastavien laajennetun todellisuuden projektioiden tuottamiseksi. Yhteenvetona tämän väitöskirjan tuloksena syntyi lähestymistapa älykkään ja mukautuvan robotiikan toteuttamiseksi hyödyntäen tietovirtoja ja mallinnusta ihmisen ja robotin yhteistoiminnan kontekstissa. Teollisuuden raportoima älykkäästi mukautuvien HRC-järjestelmien puute taas toimi osaltaan motivaationa tähän väitöskirjassa tehtyyn työhön. Kun tulevaisuuden tuotteet ja tuotantojärjestelmät muuttuvat monimutkaisemmiksi, tietojärjestelmiltä odotetaan suurempaa vastuuta korvaamaan ihmisen työmuistin luontaiset rajat ja mahdollistamaan siirtyminen kohti ihmiskeskeistä valmistusta, joihin viitataan termeillä Operator 4.0 ja Industry 5.0. Näin ollen on odotettavissa, että tietojärjestelmien tutkimus, kuten tämä väitöskirja, voi auttaa ottamaan merkittäviä askeleita tähän suuntaan.Information generated from the conceptualization, design, manufacturing, and use of a product has immense potential in transforming both the business and manufacturing processes of the manufacturing enterprise. The digital transformation at the heart of the fourth industrial revolution has acknowledged this with a special emphasis on weaving a thread of this information to support functions and systems throughout the life cycle of the product with what is known as a digital thread framework. This dissertation aims to develop and use one such framework in the context of human-robot collaborative assembly. The overarching problem that the framework aims to solve can be attributed to the abstract qualities of adaptability and flexibility. The human-robot collaboration (HRC) systems of today are built predominantly as static systems and ignore the intuitive role of humans by having their roles in collaborative tasks pre-defined. Furthermore, their ability to switch between products during product changeovers is also limited. This is especially problematic in the current era of product variety, stemming from the customised requirements of customers. To this end, this dissertation employs the design science research methodology to design, develop, and deploy predominantly three artefacts in a human-robot work cell in a laboratory setting. The first is the digital thread framework that integrates the product design environment using state-of-the-art knowledge-based engineering systems, as an agent of a multi-agent system, which provide the collaborative human-robot agents with access to product design models at run time. The second is a constituent mixed-reality model that provides an interface for the foregoing framework for the human operator engaged in collaborative assembly. The third is a supporting information model that the agents use as their knowledge base to fulfil adaptively the goals of collaborative assembly. Together, these developed artefacts were employed in case studies involving a real diesel engine assembly during which they were observed to provide utility and support the cause of adaptability for which the framework was designed. The identification of bounding boxes as a scalable information construct, that approximates the part geometry of the sub-assembly components, demonstrates the utility of the developed artefacts for spatially augmenting them as projections as intentions of collaborating agents. In summary, this dissertation contributes with an approach towards realising intelligent and adaptive robotics within the realms of information flows and modelling in the context of human-robot collaboration. The lack of intelligently adaptable HRC systems reported by the industry in part motivated the work undertaken in this dissertation. As future products and production systems become more complex, information systems are expected to assume greater responsibility to compensate for the inherent limits of the human working memory and enable transition towards a human-centred manufacturing, the current likes of which are labelled as Operator 4.0 and Industry 5.0. Thus, the expectation is that information systems research, such as this dissertation, can help take significant strides forward in this direction
    corecore