2,368 research outputs found
Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems
We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment
aimed at fostering the collaboration between system designers and security
experts at all methodological stages of the development of an embedded system.
A central issue in the design of an embedded system is the definition of the
hardware/software partitioning of the architecture of the system, which should
take place as early as possible. SysML-Sec aims to extend the relevance of this
analysis through the integration of security requirements and threats. In
particular, we propose an agile methodology whose aim is to assess early on the
impact of the security requirements and of the security mechanisms designed to
satisfy them over the safety of the system. Security concerns are captured in a
component-centric manner through existing SysML diagrams with only minimal
extensions. After the requirements captured are derived into security and
cryptographic mechanisms, security properties can be formally verified over
this design. To perform the latter, model transformation techniques are
implemented in the SysML-Sec toolchain in order to derive a ProVerif
specification from the SysML models. An automotive firmware flashing procedure
serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Modeling and Validation of ARINC653 architectures
International audienceAvionics systems must be carefully designed due to their criticality since fault may lead to loss of life. Thes e systems must be verified and certified. However, design of avionics arc hitectures becomes more and more complex due to an increasing demand of new functionalities. It makes very diffic ult to analyze systems and detect potential faults that may cause damages. This paper presents an approac h to model and validate avionics systems. Architecture requirements, properties and constraints are described with the Architecture Analysis and Design Language (AA DL) and its associated A RINC653 annex. Then, we apply validation rules to check system correctness and constraints enforcement. This approac h provides a high-level view of the system and eases the development of avionics system by validating their requirements at a model- level, before any implementation effort
Experience in spacecraft on-board software development
This paper describes some important aspects of high- integrity software development based on the authors' work. Current group research is oriented towards mixed- criticality partitioned systems, development tools, real- time kernels, and language features. The UPMSat-2 satellite software is being used as technology demonstra- tor and a case study for the assessment of the research results. The flight software that will run on the satellite is based on proven technology, such as GNAT/ORK+ and LEON3. There is an experimental version that is being built using a partitioned approach, aiming at assessing a toolset targeting partitioned multi-core em- bedded systems. The singularities of both approaches are discussed, as well as some of the tools that are being used for developing the software
Partitioned System with XtratuM on PowerPC
XtratuM is a real-time hypervisor originally built on x86 architecture. It is designed referencing the concept of partitioned system. The main work in this thesis is to implement XtratuM in PowerPC architecture.Zhou, R. (2009). Partitioned System with XtratuM on PowerPC. http://hdl.handle.net/10251/12738Archivo delegad
Defeasible Argumentation of Software Architectures
Defeasible argumentation is typical of legal and
scientific reasoning. A defeasible argument is one in which
the conclusion can be accepted tentatively in relation with the
evidence known so far, but may need to be retracted as new
evidence comes in. This paper analyses the role of defeasible
argumentation in the explanation and evaluation of architectural
decisions. We analyse technical explanations offered by engineers
at Twitter and eBay about several architectural decisions adopted
in those systems. We generalize these examples in four argumentation
schemes. We also study the typical case of reasoning
with a formal model of an architecture, and we infer a fifth
argumentation scheme. Finally, we apply Hastings’ method of
attaching a set of critical questions to each scheme. We show
that the existence of critical questions reveals that the inferred
schemes are defeasible: in argumentation theory, if a respondent
asks one of the critical questions matching a scheme and the
proponent of an argument fails to offer an adequate answer, the
argument defaults and the conclusion is retracted. This dialogical
structure is the basis of typical architectural evaluations. We
conclude that the provided evidence supports the hypothesis that
defeasible argumentation is employed in architectural evaluation.
In this context, a rich catalogue of argumentation schemes is a
useful tool for the architect to organize his or her reasoning;
critical questions assist the architect in identifying the weak
points of his or her explanations, and provide the evaluation
team with a checklist of issues to be raised.Universidad de Sevilla VPPI-U
A toolset for the development of mixed-criticality partitioned systems
The development of mixed-criticality virtualized multi-core systems poses new challenges that are being subject of active research work. There is an additional complexity: it is now required to identify a set of partitions, and allocate applications to partitions. In this job, a number of issues have to be considered, such as the criticality level of the application, security and dependability requirements, time requirements granularity, etc. MultiPARTES [11] toolset relies on Model Driven Engineering (MDE), which is a suitable approach in this setting, as it helps to bridge the gap between design issues and partitioning concerns. MDE is changing the way systems are developed nowadays, reducing development time. In general, modelling approaches have shown their benefits when applied to embedded systems. These benefits have been achieved by fostering reuse with an intensive use of abstractions, or automating the generation of boiler-plate code
Big Data Analytics for QoS Prediction Through Probabilistic Model Checking
As competitiveness increases, being able to guaranting QoS of delivered
services is key for business success. It is thus of paramount importance the
ability to continuously monitor the workflow providing a service and to timely
recognize breaches in the agreed QoS level. The ideal condition would be the
possibility to anticipate, thus predict, a breach and operate to avoid it, or
at least to mitigate its effects. In this paper we propose a model checking
based approach to predict QoS of a formally described process. The continous
model checking is enabled by the usage of a parametrized model of the monitored
system, where the actual value of parameters is continuously evaluated and
updated by means of big data tools. The paper also describes a prototype
implementation of the approach and shows its usage in a case study.Comment: EDCC-2014, BIG4CIP-2014, Big Data Analytics, QoS Prediction, Model
Checking, SLA compliance monitorin
Incremental Latency Analysis of Heterogeneous Cyber-Physical Systems
REACTION 2014. 3rd International Workshop on Real-time and Distributed Computing in Emerging Applications. Rome, Italy. December 2nd, 2014.Cyber-Physical Systems, as used in automotive, avionics, or aerospace domains, have critical real-time require-ments. Time-related issues might have important impacts and, as these systems are becoming extremely software-reliant, validate and enforcing timing constraints is becoming difficult. Current techniques are mainly focused on validating these constraints late by using integration tests and tracing the system execution. Such methods are time-consuming and labor-intensive and, discovering timing issue late in the development process might incur significant rework efforts. In this paper, we propose an incremental model-based ap-proach to analyze and validate timing requirements of cyber-physical systems. We first capture the system functions, its related latency requirements and validate the end-to-end latency at a high level. This functional architecture is then refined into an implementation deployed on an execution platform. As system description is evolving, the latency analysis is being refined with more precise values. Such an approach provide latency analysis from a high level specification without having to implement the system, saving potential re-engineering efforts. It also helps engineers to select appropriate execution platform components or change the deployment strategy of system functions to ensure that latency requirements will be met when implementing the system.This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of
the Software Engineering Institute, a federally funded research and development center
Distributed Hybrid Simulation of the Internet of Things and Smart Territories
This paper deals with the use of hybrid simulation to build and compose
heterogeneous simulation scenarios that can be proficiently exploited to model
and represent the Internet of Things (IoT). Hybrid simulation is a methodology
that combines multiple modalities of modeling/simulation. Complex scenarios are
decomposed into simpler ones, each one being simulated through a specific
simulation strategy. All these simulation building blocks are then synchronized
and coordinated. This simulation methodology is an ideal one to represent IoT
setups, which are usually very demanding, due to the heterogeneity of possible
scenarios arising from the massive deployment of an enormous amount of sensors
and devices. We present a use case concerned with the distributed simulation of
smart territories, a novel view of decentralized geographical spaces that,
thanks to the use of IoT, builds ICT services to manage resources in a way that
is sustainable and not harmful to the environment. Three different simulation
models are combined together, namely, an adaptive agent-based parallel and
distributed simulator, an OMNeT++ based discrete event simulator and a
script-language simulator based on MATLAB. Results from a performance analysis
confirm the viability of using hybrid simulation to model complex IoT
scenarios.Comment: arXiv admin note: substantial text overlap with arXiv:1605.0487
- …