A development and assurance process for Medical Application Platform apps

Doctor of PhilosophyDepartment of Computing and Information SciencesJohn M. HatcliffMedical devices have traditionally been designed, built, and certified for use as monolithic units. A new vision of "Medical Application Platforms" (MAPs) is emerging that would enable compositional medical systems to be instantiated at the point of care from a collection of trusted components. This work details efforts to create a development environment for applications that run on these MAPs. The first contribution of this effort is a language and code generator that can be used to model and implement MAP applications. The language is a subset of the Architecture, Analysis and Design Language (AADL) that has been tailored to the platform-based environment of MAPs. Accompanying the language is software tooling that provides automated code generation targeting an existing MAP implementation. The second contribution is a new hazard analysis process called the Systematic Analysis of Faults and Errors (SAFE). SAFE is a modified version of the previously-existing System Theoretic Process Analysis (STPA), that has been made more rigorous, partially compositional, and easier. SAFE is not a replacement for STPA, however, rather it more effectively analyzes the hardware- and software-based elements of a full safety-critical system. SAFE has both manual and tool-assisted formats; the latter consists of AADL annotations that are designed to be used with the language subset from the first contribution. An automated report generator has also been implemented to accelerate the hazard analysis process. Third, this work examines how, independent of its place in the system hierarchy or the precise configuration of its environment, a component may contribute to the safety (or lack thereof) of an entire system. Based on this, we propose a reference model which generalizes notions of harm and the role of components in their environment so that they can be applied to components either in isolation or as part of a complete system. Connections between these formalisms and existing approaches for system composition and fault propagation are also established. This dissertation presents these contributions along with a review of relevant literature, evaluation of the SAFE process, and concludes with discussion of potential future work

Un meta-modèle de composants pour la réalisation d'applications temps-réel flexibles et modulaires

The increase of software complexity along the years has led researchers in the software engineering field to look for approaches for conceiving and designing new systems. For instance, the service-oriented architectures approach is considered nowadays as the most advanced way to develop and integrate fastly modular and flexible applications. One of the software engineering solutions principles is re-usability, and consequently generality, which complicates its appilication in systems where optimizations are often used, like real-time systems. Thus, create real-time systems is expensive, because they must be conceived from scratch. In addition, most real-time systems do not beneficiate of the advantages which comes with software engineering approches, such as modularity and flexibility. This thesis aim to take real time aspects into account on popular and standard SOA solutions, in order to ease the design and development of modular and flexible applications. This will be done by means of a component-based real-time application model, which allows the dynamic reconfiguration of the application architecture. The component model will be an extension to the SCA standard, which integrates quality of service attributs onto the service consumer and provider in order to stablish a real-time specific service level agreement. This model will be executed on the top of a OSGi service platform, the standard de facto for development of modular applications in Java.La croissante complexité du logiciel a mené les chercheurs en génie logiciel à chercher des approcher pour concevoir et projéter des nouveaux systèmes. Par exemple, l'approche des architectures orientées services (SOA) est considérée actuellement comme le moyen le plus avancé pour réaliser et intégrer rapidement des applications modulaires et flexibles. Une des principales préocuppations des solutions en génie logiciel et la réutilisation, et par conséquent, la généralité de la solution, ce qui peut empêcher son application dans des systèmes où des optimisation sont souvent utilisées, tels que les systèmes temps réels. Ainsi, créer un système temps réel est devenu très couteux. De plus, la plupart des systèmes temps réel ne beneficient pas des facilités apportées par le genie logiciel, tels que la modularité et la flexibilité. Le but de cette thèse c'est de prendre en compte ces aspects temps réel dans des solutions populaires et standards SOA pour faciliter la conception et le développement d'applications temps réel flexibles et modulaires. Cela sera fait à l'aide d'un modèle d'applications temps réel orienté composant autorisant des modifications dynamiques dans l'architecture de l'application. Le modèle de composant sera une extension au standard SCA qui intègre des attributs de qualité de service sur le consomateur et le fournisseur de services pour l'établissement d'un accord de niveau de service spécifique au temps réel. Ce modèle sera executé sur une plateforme de services OSGi, le standard de facto pour le developpement d'applications modulaires en Java

Actes des Sixièmes journées nationales du Groupement De Recherche CNRS du Génie de la Programmation et du Logiciel

National audienceCe document contient les actes des Sixièmes journées nationales du Groupement De Recherche CNRS du Génie de la Programmation et du Logiciel (GDR GPL) s'étant déroulées au CNAM à Paris du 11 au 13 juin 2014. Les contributions présentées dans ce document ont été sélectionnées par les différents groupes de travail du GDR. Il s'agit de résumés, de nouvelles versions, de posters et de démonstrations qui correspondent à des travaux qui ont déjà été validés par les comités de programmes d'autres conférences et revues et dont les droits appartiennent exclusivement à leurs auteurs

Supporting model based safety and security assessment of high assurance systems

Doctor of PhilosophyDepartment of Computer ScienceJohn M HatcliffModern embedded systems are more complex than ever due to intricate interaction with the physical world in a system environment and sophisticated software in a resource-constrained context. Cyber attacks in software-reliant and networked safety-critical systems lead to consideration of security aspects from the system’s inception. Model-Based Development (MBD) is one approach that has been an effective development practice because of the abstraction mechanism that hides the complicated lower-level details of software and hardware components. Standards play an essential role in embedded development to ensure the safety of the users and environment. In safety-critical domains like avionics, automotive, and medical devices, standards provide best practices and consistent approaches across the community. The Analysis and Design Language (AADL) is a standardized modeling language that includes patterns that reflect best architectural practices inspired by multiple safety-critical domains. The work described in this dissertation comprises numerous contributions that support a model analysis framework for AADL that aims to help developers design and assure safety and security requirements and demonstrate system conformance to specific categories of standards. This first contribution is Awas - an open-source framework for performing reachability analysis on AADL models annotated with information flow annotations at varying degrees of detail. The framework provides highly scalable interactive visualizations of flows with dynamic querying capabilities. Awas provide a simple domain-specific language to ease posing various queries to check information flow properties in the model. The second contribution is a process for integrating risk management tasks of ISO 14971 - the primary risk management standard in the medical device domain — with AADL modeling, specifically with AADL’s error modeling (EM) of fault and error propagations. This work uses an open-source patient-controlled analgesic (PCA) pump - the largest open-source AADL model to illustrate the integration of risk management process with AADL and provides the first mapping of AADL EM to ISO 14971 concepts. It also provides industry engineers, academic researchers, and regulators with a complex example that can be used to investigate methodologies and methods of integrating MBD and risk management. The third contribution is a technique to model and analyze security properties such as confidentiality, authentication, and resource partitioning within AADL models. This effort comprises an AADL annex language to model multi-level security domains along with classification of system elements and data using those domains and a tool to infer security levels and check information leaks. The annex language and the tools are evaluated and integrated into the AADL development environment for a seamless workflow

Modelo gráfico para simulação e controlo do chão de fábrica no contexto da indústria 5.0

Os valores da indústria 5.0 alteram o paradigma do atual modelo de produção. Com repercussões em toda a cadeia de valor. Desafios como a mass customization, abrem oportunidades para novas abordagens em que se contempla a redução do desperdício de forma a otimizar a utilização dos recursos do planeta. O objetivo deste trabalho é propor um modelo funcional que apresenta o chão de fábrica como um prestador de serviços para o produto a ser construído. Desta forma o processo de fabrico adapta-se dinamicamente a eventuais alterações. São apresentadas simulações e análises dos resultados de forma a validar o modelo. Assim, pretende-se contribuir com um modelo capaz de realizar simulações. E que a integração do modelo com os atuais dispositivos físicos, através de tecnologias da Internet das Coisas, permita a reutilização dos mesmos além de controlar o chão de fábrica