MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Model-Based Software Assurance with the SAE Architecture Analysis & Design Language (AADL) California Institute.

Slides:



Advertisements
Similar presentations
AMUSE Autonomic Management of Ubiquitous Systems for e-Health Prof. J. Sventek University of Glasgow In collaboration.
Advertisements

MDI 2010, Oslo, Norway Behavioural Interoperability to Support Model-Driven Systems Integration Alek Radjenovic, Richard Paige The University of York,
Technology Module: Technology Readiness Levels (TRLs) Space Systems Engineering, version 1.0 SOURCE INFORMATION: The material contained in this lecture.
The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Chapter 2 The Software Process
© 2004 by Carnegie Mellon University The Society of Automotive Engineers (SAE) Architecture Analysis & Design Language (AADL) Standard An International.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA Architecture Analysis & Design Language (SAE.
Architecture Modeling and Analysis for Embedded Systems Oleg Sokolsky CIS700 Fall 2005.
Chapter 13 Embedded Systems
1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.
Course Instructor: Aisha Azeem
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.
Software Engineering Muhammad Fahad Khan
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
SAS_08_AADL_Exec_Gluch MAC-T IVV Model-Based Software Assurance with the SAE Architecture Analysis & Design Language (AADL) California Institute.
Chapter 8 Architecture Analysis. 8 – Architecture Analysis 8.1 Analysis Techniques 8.2 Quantitative Analysis  Performance Views  Performance.
© 2007 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1 A Discipline of Software Design.
An Introduction to Software Architecture
Chapter 1: Introduction to Systems Analysis and Design
T. Dawson, TASC 9/11/13 Use of a Technical Reference in NASA IV&V.
Introduction to MDA (Model Driven Architecture) CYT.
John D. McGregor Module 3 Session 2 AADL
Using AADL to Model a Protodol Stack Didier Delanote, Stefan Van Baelen, Wouter Joosen and Yolande Berbers Katholieke Universiteit Leuven.
Architecting Web Services Unit – II – PART - III.
1 AADL Architectural Analysis and Design Language Jason Mowry UW-Platteville Undergraduate Software Engineering.
Software Engineering Principles Principles form the basis of methods, techniques, methodologies and tools Principles form the basis of methods, techniques,
CHECKPOINTS OF THE PROCESS Three sequences of project checkpoints are used to synchronize stakeholder expectations throughout the lifecycle: 1)Major milestones,
University of Southern California Center for Systems and Software Engineering Model-Based Software Engineering Supannika Koolmanojwong Spring 2013.
Ocean Observatories Initiative OOI Cyberinfrastructure Architecture Overview Michael Meisinger September 29, 2009.
Using Architecture and Analysis Design Language (AADL) to Independently Validate and Verify (IV&V) System Performance Requirements and Design Performance.
© 2012 xtUML.org Bill Chown – Mentor Graphics Model Driven Engineering.
1 Introduction to Software Engineering Lecture 1.
The Center for Space Research Programs CSRP Technology Readiness Level.
1 LiSyC ENSIETA/DTN 02/04/2008 AADL execution semantics transformation for formal verification Joel Champeau, Thomas Abdoul, Pierre Yves Pillain, Philippe.
Software Engineering Prof. Ing. Ivo Vondrak, CSc. Dept. of Computer Science Technical University of Ostrava
Unified Modeling Language* Keng Siau University of Nebraska-Lincoln *Adapted from “Software Architecture and the UML” by Grady Booch.
Modeling Component-based Software Systems with UML 2.0 George T. Edwards Jaiganesh Balasubramanian Arvind S. Krishna Vanderbilt University Nashville, TN.
Performance evaluation of component-based software systems Seminar of Component Engineering course Rofideh hadighi 7 Jan 2010.
L6-S1 UML Overview 2003 SJSU -- CmpE Advanced Object-Oriented Analysis & Design Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I College.
The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
CPSC 372 John D. McGregor Module 3 Session 1 Architecture.
07/09/04 Johan Muskens ( TU/e Computer Science, System Architecture and Networking.
Welcome Experiences in the Use of MDA and UML in Developing NATO Standards 16 July 2008 Chris Raistrick, Kennedy KC.COM.
FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.
MILAN: Technical Overview October 2, 2002 Akos Ledeczi MILAN Workshop Institute for Software Integrated.
March 2004 At A Glance NASA’s GSFC GMSEC architecture provides a scalable, extensible ground and flight system approach for future missions. Benefits Simplifies.
Laboratory of Model Driven Engineering for Embedded Systems An Execution Framework for MARTE-based Models UML&AADL’2008 workshop Belfast, Northern Ireland.
CPSC 871 John D. McGregor Module 3 Session 2 AADL.
Toulouse, September 2003 Page 1 JOURNEE ALTARICA Airbus ESACS  ISAAC.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Architecture Analysis and Design Language: An Overview Drew Gardner.
Process Asad Ur Rehman Chief Technology Officer Feditec Enterprise.
Basic Concepts and Definitions
OOD OO Design. OOD-2 OO Development Requirements Use case analysis OO Analysis –Models from the domain and application OO Design –Mapping of model.
March 2004 At A Glance The AutoFDS provides a web- based interface to acquire, generate, and distribute products, using the GMSEC Reference Architecture.
SwCDR (Peer) Review 1 UCB MAVEN Particles and Fields Flight Software Critical Design Review Peter R. Harvey.
Cross-Domain Semantic Interoperability ~ Via Common Upper Ontologies ~ Presentation to: Expedition Workshop #53 15 Aug 2006 James Schoening
Resource Optimization for Publisher/Subscriber-based Avionics Systems Institute for Software Integrated Systems Vanderbilt University Nashville, Tennessee.
Technical Presentation
Technology Readiness Assessment (TRA)
Chapter 1: Introduction to Systems Analysis and Design
Analysis models and design models
An Introduction to Software Architecture
John D. McGregor Design Concept C5
Chapter 1: Introduction to Systems Analysis and Design
Software Architecture
Design Yaodong Bi.
Chapter 1: Introduction to Systems Analysis and Design
Presentation transcript:

MAC-T IVV SAS_08_AADL_Tech_Gluch Model-Based Software Assurance with the SAE Architecture Analysis & Design Language (AADL) California Institute of Technology Carnegie Mellon University Pittsburgh, PA September 2008 Dave Gluch Technical Presentation

2 MAC-T IVV SAS_08_AADL_Tech_Gluch Outline Carnegie Mellon University Pittsburgh, PA Peter Feiler & Dave Gluch California Institute of Technology Kenny Meyer &Katie Weiss Kurt Woodham Ken Evensen Project Overview AADL Overview MDS Architecture and Models MBA with the AADL Analysis Examples Next Steps Summary and Discussions

3 MAC-T IVV SAS_08_AADL_Tech_Gluch Project Overview Year 2 objectives Objective: Formulate and demonstrate AADL-driven model-based engineering in software assurance for NASA development — Activity: extend the case study using focused example models and analysis products taken from the JPL Mission Data System (MDS) Objective: Generate an AADL practice framework — Activity: extend the year 1 beta AADL practice framework to define model-based analysis practices with the AADL for software assurance in NASA development project V&V and IV&V Objective: Lay a foundation for technology transition — Activity: develop a plan for transitioning practices into JPL (Three-year project overview provided in executive session)

4 MAC-T IVV SAS_08_AADL_Tech_Gluch Technical Accomplishments Post-SAS 07 Report on the case study MDS (12/2007) Demonstrated the use of AADL in the analysis of critical MDS performance elements and system assurance concerns (e.g. latency, task scheduling, integral fault protection) Addressed key MDS architectural themes (e.g. state-based closed loop control, separation of estimation from control, ground-to-flight migration) Beta version of the AADL Practice Framework (12/2007) Applied practices to MDS example adaptations Defined analysis views that address critical concerns Current activities Investigating goal planning and re-planning issues within MDS case study Conducting analyses of the MDS integral fault protection capabilities Developing exemplar applications of the Practice Framework

5 MAC-T IVV SAS_08_AADL_Tech_Gluch Tech Transfer Accomplishments JPL On-site 11/8/2007 AADL overview presentation (approximately 25 participants) Working session with MDS project to discuss case study and future analysis JPL On-site 6/18/2008 Process/technology transfer approach discussions Working session with MDS project to provide status on 11/8/2007 direction Meet with Europa project as potential case study target SEI On-site 7/24/2008 Discuss transfer plan approach and potential inhibitors of successful transition Condensed overview of AADL language, tools, and analysis capabilities Tech Transfer Maturing practice framework focusing on detailing analysis practices – applied directly to case studies as demonstration of framework instantiation and execution Out-year goals focused on migration of practice framework into embedded development and assurance activities Configuring additional case studies to target typical analytical activities beneficial to both development verification/validation and independent assurance

6 MAC-T IVV SAS_08_AADL_Tech_Gluch Transition Considerations Technology Readiness Level of the work SAE standard – in use/evaluation on real applications (TRL 7) Open Source tool environments for design and analysis Integration with UML Potential applications in IV&V Space flight systems – demonstrated on case study (TRL 5) Ground support systems Availability of data or case studies Project results Legacy system analysis and system development Barriers to research or application (challenges) New technology Integration with existing practices and technology

7 MAC-T IVV SAS_08_AADL_Tech_Gluch Technology Readiness Level 1. Basic principles observed and reported 2. Technology concept and/or application formulated 3. Analytical and experimental critical function and/or characteristic proof of concept 4. Component and/or breadboard validation in laboratory environment 5. Component and/or breadboard validation in relevant environment 6. System/subsystem model or prototype demonstration in a relevant environment (ground or space) 7. System prototype demonstration in a space environment 8. Actual system completed and 'flight qualified' through test and demonstration (ground or space) 9. Actual system 'flight proven' through successful mission operations AADL technology at large Application to IV&V (this project)

8 MAC-T IVV SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview Core modeling elements Analysis MDS Architecture and Models MBA with the AADL Analysis Examples Next Steps Summary and Discussions

9 MAC-T IVV SAS_08_AADL_Tech_Gluch Overview of the AADL Model-Based Engineering (MBE) language for architectural analysis and specification of real-time embedded systems with stringent performance requirements (e.g. fault-tolerance, security, safety-critical) Static and dynamic component-based system architecture representation Precise semantics for accurate system representation and analysis Early (high level) feasibility analyses Progressive fidelity added as desired Multi-dimensional analysis Single system architecture model Accommodates diverse analyses Standardized interchange formats Tool integration & interoperability Complementary to other modeling languages SysML, UML, (UML 2.0 Profile for AADL is in balloting) OMG MARTE (real-time UML) Based on 15 years of architecture language research SAE Standard (AS-5506) Nov 2004

10 MAC-T IVV SAS_08_AADL_Tech_Gluch AADL Language Elements AADL Language Elements AADL Language Elements engineering support engineering support infrastructure core modeling Abstractions Organization Extensions Components Interactions Properties Specifies a well-formed interface External interaction points defined as features Multiple implementations per component type Properties to specify component characteristics Components organized into system hierarchy Specifies a well-formed interface External interaction points defined as features Multiple implementations per component type Properties to specify component characteristics Components organized into system hierarchy

11 MAC-T IVV SAS_08_AADL_Tech_Gluch process thread data processor memory device bus AADL Components Application Software thread thread group process data subprogram Execution Platform processor memory bus device Composite system System Each component has predefined properties associated with its declaration. thread group Subprogram core modeling elements Components Interactions Properties

12 MAC-T IVV SAS_08_AADL_Tech_Gluch Component Interactions Connections (explicit declarations) ports (data and events [control] transfer) access (to data & bus components) parameters (sequential subprogram calls) Calls (explicit declarations & property associations) subprogram Bindings (property associations) software -> execution platform core modeling elements Components Interactions Properties out in in out parameters data access bus access out in in out data ports port groups event ports in out in out event data ports out in in out subprograms thread processor immediate connection

13 MAC-T IVV SAS_08_AADL_Tech_Gluch Bus Processor Some Standard Properties Dispatch_Protocol => Periodic; Period => 100 ms; Compute_Deadline => value (Period); Compute_Execution_Time => 10 ms.. 20 ms; Compute_Entrypoint => “speed_control”; Source_Text => “waypoint.java”; Source_Code_Size => 12 KB; Thread_Swap_Execution_Time => 5 us.. 10 us; Clock_Jitter => 5 ps; Allowed_Message_Size => 1 KB; Propagation_Delay => 1ps.. 2ps; bus_properties::Protocols => CSMA; File containing the application code Code to be executed on dispatch Thread Users can define custom properties Protocols is a user defined property Dispatch execution properties core modeling elements Components Interactions Properties

14 MAC-T IVV SAS_08_AADL_Tech_Gluch Comprehensive Representation An AADL Model is… a comprehensive model of a system’s architecture that — includes software and hardware components — can include project-specific properties and specialized analysis representations organized within packages (libraries of elements) and specification files comprised of components, interactions, and properties, including explicit data exchange and the binding of software to hardware

15 MAC-T IVV SAS_08_AADL_Tech_Gluch Model-Based System and Software Assurance Assure system performance and dependability prior to system integration, test, or upgrade through… quantitative analysis and simulation of system architecture models focus on system-wide integration aspects continual model-based verification from early abstractions through detailed design Modeling Analysis

16 MAC-T IVV SAS_08_AADL_Tech_Gluch Model-Based Assurance with AADL Real-time Performance Execution time/ Deadline Deadlock/starvation Latency Analysis Across Perspectives Security Intrusion Integrity Confidentiality Availability & Reliability MTBF FMEA Hazard analysis Data precision/ accuracy Temporal correctness Confidence Data Quality Architecture Model Resource Consumption Bandwidth CPU time Power consumption

17 MAC-T IVV SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview MDS Architecture and Models Reference Architecture Adaptation Instances MBA with the AADL Analysis Examples Analysis Next Steps Summary and Discussions

18 MAC-T IVV SAS_08_AADL_Tech_Gluch The Mission Data System - Perspectives A reference architecture To be instantiated for different applications An embedded systems architecture Consists of physical system, computing hardware, application software A control systems architecture Feedback loops in application architecture Feedback loops in data management system A multi-layered architecture From low-level control loops to goal-oriented planning and plan execution Generic Architecture Pattern with Connection Topology

19 MAC-T IVV SAS_08_AADL_Tech_Gluch Case Study: MDS Reference Architecture Textual & Graphical Representations Excerpt from the Textual Specification: system implementation complete.MDS_system subcomponents Hardware_Being_Controlled: system controlled_systems.sensors_actuators; State_Knowledge: system state.knowledge; Mission_Planning_Execution: system planning.mission_and_execution; State_Estimation: system estimators.of_state; State_Control: system contollers.of_state; Hardware_Adapter: system adapters.hardware; Excerpt from the Textual Specification: system implementation complete.MDS_system subcomponents Hardware_Being_Controlled: system controlled_systems.sensors_actuators; State_Knowledge: system state.knowledge; Mission_Planning_Execution: system planning.mission_and_execution; State_Estimation: system estimators.of_state; State_Control: system contollers.of_state; Hardware_Adapter: system adapters.hardware; MDS Principles Closed loop Goal-Directed Explicit models Separation of Concerns Integral Fault Protection MDS Principles Closed loop Goal-Directed Explicit models Separation of Concerns Integral Fault Protection MDS Control System

20 MAC-T IVV SAS_08_AADL_Tech_Gluch Model of the MDS Control System Excerpt from the Textual Specification: process implementation MDSControlSystem.basic subcomponents GoalPlanner: thread group ControlSoftware::GoalPlanner; GoalExecutive: thread group ControlSoftware::GoalExecutive; GoalMonitor: thread group ControlSoftware::XGoalMonitor; StateEstimation: thread group ControlSoftware::estimator; StateControl: thread group ControlSoftware::controller; OperatorConsole: thread group ControlSoftware::OperatorConsole; Excerpt from the Textual Specification: process implementation MDSControlSystem.basic subcomponents GoalPlanner: thread group ControlSoftware::GoalPlanner; GoalExecutive: thread group ControlSoftware::GoalExecutive; GoalMonitor: thread group ControlSoftware::XGoalMonitor; StateEstimation: thread group ControlSoftware::estimator; StateControl: thread group ControlSoftware::controller; OperatorConsole: thread group ControlSoftware::OperatorConsole; Focus on Information Flow Goal-oriented Mission Tasks Time-sensitive Continuous Control Tasks

21 MAC-T IVV SAS_08_AADL_Tech_Gluch Reference Architecture Instantiation Instantiation of reference architecture through refinement of AADL model Deployment on different computing hardware platforms

22 MAC-T IVV SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview MDS Architecture and Models MBA with the AADL Analysis Examples Next Steps Summary and Discussions

23 MAC-T IVV SAS_08_AADL_Tech_Gluch AADL Model-Based Analysis Practice Framework

24 MAC-T IVV SAS_08_AADL_Tech_Gluch Example Component Library ConstellationISSMars Rover NASA Facility MDS Reference Architecture Utilizes Library Components performance resource consumption behaviordata quality AADL models are developed as part of individual analysis viewpoints and views within an Analysis Portfolio Analysis Portfolio security MDS rover model dependability Each viewpoint addresses specific concerns and may involve multiple views and models

25 MAC-T IVV SAS_08_AADL_Tech_Gluch Developing Analysis Views within an Analysis Portfolio Analysis Portfolio MDS Rover ModelRequired Component extends

26 MAC-T IVV SAS_08_AADL_Tech_Gluch AADL Rover Wheel Control

27 MAC-T IVV SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview MDS Architecture and Models MBA with the AADL Analysis Examples Latency Goal Network Next Steps Summary and Discussions

28 MAC-T IVV SAS_08_AADL_Tech_Gluch Temperature Control AADL Representation Use of immediate & delayed connections to achieve deterministic sampling flow path Control engineering concerns: Processing latency, sampling latency, physical signal latency Software systems engineering concerns: Preemption, processor speed, resource contention, communication delay, rate group optimization, partitioned architecture, migration of functionality

29 MAC-T IVV SAS_08_AADL_Tech_Gluch Temperature Control AADL Representation flow path

30 MAC-T IVV SAS_08_AADL_Tech_Gluch Transport Latency Analysis Results * Note that illustrative values are used for this model and the results are not indicative of the results for any existing MDS implementation. Excerpt from the Textual Specification*: flows TempRsp: end to end flow camera_hardware.TempRsp1 -> DC02 -> temperature_sensor_adapter.TempRsp -> DC04 -> state_estimation.TempRsp -> DC07 -> State_Variables.TempRsp -> DC08 -> state_control.TempRsp -> DC06 -> switch_actuator_hardware_adapter.TempRsp -> DC03 -> camera_hardware.TempRsp {latency => 50 ms;}; flows TempRsp: flow path control_goals -> commands {Latency => 20 ms;}; flows TempRsp: flow sink switch_command -> DataConnection1 -> switch_actuator.TempRsp; TempRsp1: flow source temperature_sensor.TempRsp -> DataConnection5 -> temperature_measurement; Analysis Results*: Analysis can be extended to the thread level

31 MAC-T IVV SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview MDS Architecture and Models MBA with the AADL Analysis Examples Latency Goal Network Next Steps Summary and Discussions

32 MAC-T IVV SAS_08_AADL_Tech_Gluch Modeling and Analysis of Mission Processing Mission planning & plan execution Modeling and analysis framework in place by MDS Represent planning & plan execution tasks Represent goal-based fault management Modeling of execution of goal network execution AADL modes to represent active components and connections Identify operational modes/states in the execution of the goal network Identify layers and patterns in goal network Recognize different categories of faults and fault management strategies Analyze impact of runtime architecture Alternative hardware platforms, e.g., multi-core Workload and scheduling analysis driven by goal sequences Consistency of delegation & safing Responsiveness of replanning & consistent migration to new plans

33 MAC-T IVV SAS_08_AADL_Tech_Gluch Error Model Specification Parameterization of error model Architecture topology & mapping drive system fault model Traceability between system fault model and system architecture Parameterization of error model Architecture topology & mapping drive system fault model Traceability between system fault model and system architecture

34 MAC-T IVV SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview MDS Architecture and Models MBA with the AADL Analysis Examples Next Steps Summary and Discussions

35 MAC-T IVV SAS_08_AADL_Tech_Gluch Next Steps Phase 2 - Initiate transition and extend development verification efforts Complete extended case studies and case study report — Goal network analysis — Integral fault protection — Expanded control system analyses Develop analysis framework document — Detailed examples Develop a JPL transition plan Phase 3 – Mature transition Conduct a pilot study in-line with a development project Support implementation of the JPL transition plan Develop an IV&V transition plan

36 MAC-T IVV SAS_08_AADL_Tech_Gluch Next Steps Confirm and extend interim results Continue models and conduct analyses of the MDS and its adaptations Address the critical aspects and MDS themes identified in the case study Assess ability to predict critical architecture properties in MDS implementations Explore the appropriateness of the AADL as an architectural framework for system and software assurance Refine the model-based AADL Practice Framework to addresses the concerns of software assurance in project V&V and IV&V Pursue the issues and research directions arising out of the case study that have long term implications for model-based software assurance Continuing case study efforts Addressing the issues of handling state variables in the application model Investigating transport latency and latency jitter Modeling integral fault protection

37 MAC-T IVV SAS_08_AADL_Tech_Gluch Summary: AADL for Project V&V and IV&V AADL SAE standard Models embedded software, computing platform, and physical environment Focus is the runtime essence of an architecture Precise & analyzable (lightweight, formal, qualitative, or quantitative) Separates application from computational system concerns Extensible (individualized property sets, specialized annexes) OMG MARTE AADL profile provides a migration path for UML community Basis for a V&V Analysis Practice Broad computing system (software and hardware) perspective Layered levels of analysis Lightweight analyses Detailed quantitative analyses Specialized analyses Single integrated architectural analysis representation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.