Presentation is loading. Please wait.

Presentation is loading. Please wait.

MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Model-Based Software Assurance with the SAE Architecture Analysis & Design Language (AADL) California Institute.

Published byClarence Little Modified over 8 years ago

Similar presentations

Presentation on theme: "MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Model-Based Software Assurance with the SAE Architecture Analysis & Design Language (AADL) California Institute."— Presentation transcript:

1 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Model-Based Software Assurance with the SAE Architecture Analysis & Design Language (AADL) California Institute of Technology Carnegie Mellon University Pittsburgh, PA 15213 September 2008 Dave Gluch Technical Presentation

2 2 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Outline Carnegie Mellon University Pittsburgh, PA 15213 Peter Feiler & Dave Gluch California Institute of Technology Kenny Meyer &Katie Weiss Kurt Woodham Ken Evensen Project Overview AADL Overview MDS Architecture and Models MBA with the AADL Analysis Examples Next Steps Summary and Discussions

3 3 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Project Overview Year 2 objectives Objective: Formulate and demonstrate AADL-driven model-based engineering in software assurance for NASA development — Activity: extend the case study using focused example models and analysis products taken from the JPL Mission Data System (MDS) Objective: Generate an AADL practice framework — Activity: extend the year 1 beta AADL practice framework to define model-based analysis practices with the AADL for software assurance in NASA development project V&V and IV&V Objective: Lay a foundation for technology transition — Activity: develop a plan for transitioning practices into JPL (Three-year project overview provided in executive session)

4 4 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Technical Accomplishments Post-SAS 07 Report on the case study MDS (12/2007) Demonstrated the use of AADL in the analysis of critical MDS performance elements and system assurance concerns (e.g. latency, task scheduling, integral fault protection) Addressed key MDS architectural themes (e.g. state-based closed loop control, separation of estimation from control, ground-to-flight migration) Beta version of the AADL Practice Framework (12/2007) Applied practices to MDS example adaptations Defined analysis views that address critical concerns Current activities Investigating goal planning and re-planning issues within MDS case study Conducting analyses of the MDS integral fault protection capabilities Developing exemplar applications of the Practice Framework

5 5 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Tech Transfer Accomplishments JPL On-site 11/8/2007 AADL overview presentation (approximately 25 participants) Working session with MDS project to discuss case study and future analysis JPL On-site 6/18/2008 Process/technology transfer approach discussions Working session with MDS project to provide status on 11/8/2007 direction Meet with Europa project as potential case study target SEI On-site 7/24/2008 Discuss transfer plan approach and potential inhibitors of successful transition Condensed overview of AADL language, tools, and analysis capabilities Tech Transfer Maturing practice framework focusing on detailing analysis practices – applied directly to case studies as demonstration of framework instantiation and execution Out-year goals focused on migration of practice framework into embedded development and assurance activities Configuring additional case studies to target typical analytical activities beneficial to both development verification/validation and independent assurance

6 6 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Transition Considerations Technology Readiness Level of the work SAE standard – in use/evaluation on real applications (TRL 7) Open Source tool environments for design and analysis Integration with UML Potential applications in IV&V Space flight systems – demonstrated on case study (TRL 5) Ground support systems Availability of data or case studies Project results Legacy system analysis and system development Barriers to research or application (challenges) New technology Integration with existing practices and technology

7 7 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Technology Readiness Level 1. Basic principles observed and reported 2. Technology concept and/or application formulated 3. Analytical and experimental critical function and/or characteristic proof of concept 4. Component and/or breadboard validation in laboratory environment 5. Component and/or breadboard validation in relevant environment 6. System/subsystem model or prototype demonstration in a relevant environment (ground or space) 7. System prototype demonstration in a space environment 8. Actual system completed and 'flight qualified' through test and demonstration (ground or space) 9. Actual system 'flight proven' through successful mission operations AADL technology at large Application to IV&V (this project)

8 8 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview Core modeling elements Analysis MDS Architecture and Models MBA with the AADL Analysis Examples Next Steps Summary and Discussions

9 9 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Overview of the AADL Model-Based Engineering (MBE) language for architectural analysis and specification of real-time embedded systems with stringent performance requirements (e.g. fault-tolerance, security, safety-critical) Static and dynamic component-based system architecture representation Precise semantics for accurate system representation and analysis Early (high level) feasibility analyses Progressive fidelity added as desired Multi-dimensional analysis Single system architecture model Accommodates diverse analyses Standardized interchange formats Tool integration & interoperability Complementary to other modeling languages SysML, UML, (UML 2.0 Profile for AADL is in balloting) OMG MARTE (real-time UML) Based on 15 years of architecture language research SAE Standard (AS-5506) Nov 2004

10 10 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch AADL Language Elements AADL Language Elements AADL Language Elements engineering support engineering support infrastructure core modeling Abstractions Organization Extensions Components Interactions Properties Specifies a well-formed interface External interaction points defined as features Multiple implementations per component type Properties to specify component characteristics Components organized into system hierarchy Specifies a well-formed interface External interaction points defined as features Multiple implementations per component type Properties to specify component characteristics Components organized into system hierarchy

11 11 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch process thread data processor memory device bus AADL Components Application Software thread thread group process data subprogram Execution Platform processor memory bus device Composite system System Each component has predefined properties associated with its declaration. thread group Subprogram core modeling elements Components Interactions Properties

12 12 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Component Interactions Connections (explicit declarations) ports (data and events [control] transfer) access (to data & bus components) parameters (sequential subprogram calls) Calls (explicit declarations & property associations) subprogram Bindings (property associations) software -> execution platform core modeling elements Components Interactions Properties out in in out parameters data access bus access out in in out data ports port groups event ports in out in out event data ports out in in out subprograms thread processor immediate connection

13 13 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Bus Processor Some Standard Properties Dispatch_Protocol => Periodic; Period => 100 ms; Compute_Deadline => value (Period); Compute_Execution_Time => 10 ms.. 20 ms; Compute_Entrypoint => “speed_control”; Source_Text => “waypoint.java”; Source_Code_Size => 12 KB; Thread_Swap_Execution_Time => 5 us.. 10 us; Clock_Jitter => 5 ps; Allowed_Message_Size => 1 KB; Propagation_Delay => 1ps.. 2ps; bus_properties::Protocols => CSMA; File containing the application code Code to be executed on dispatch Thread Users can define custom properties Protocols is a user defined property Dispatch execution properties core modeling elements Components Interactions Properties

14 14 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Comprehensive Representation An AADL Model is… a comprehensive model of a system’s architecture that — includes software and hardware components — can include project-specific properties and specialized analysis representations organized within packages (libraries of elements) and specification files comprised of components, interactions, and properties, including explicit data exchange and the binding of software to hardware

15 15 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Model-Based System and Software Assurance Assure system performance and dependability prior to system integration, test, or upgrade through… quantitative analysis and simulation of system architecture models focus on system-wide integration aspects continual model-based verification from early abstractions through detailed design Modeling Analysis

16 16 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Model-Based Assurance with AADL Real-time Performance Execution time/ Deadline Deadlock/starvation Latency Analysis Across Perspectives Security Intrusion Integrity Confidentiality Availability & Reliability MTBF FMEA Hazard analysis Data precision/ accuracy Temporal correctness Confidence Data Quality Architecture Model Resource Consumption Bandwidth CPU time Power consumption

17 17 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview MDS Architecture and Models Reference Architecture Adaptation Instances MBA with the AADL Analysis Examples Analysis Next Steps Summary and Discussions

18 18 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch The Mission Data System - Perspectives A reference architecture To be instantiated for different applications An embedded systems architecture Consists of physical system, computing hardware, application software A control systems architecture Feedback loops in application architecture Feedback loops in data management system A multi-layered architecture From low-level control loops to goal-oriented planning and plan execution Generic Architecture Pattern with Connection Topology

19 19 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Case Study: MDS Reference Architecture Textual & Graphical Representations Excerpt from the Textual Specification: system implementation complete.MDS_system subcomponents Hardware_Being_Controlled: system controlled_systems.sensors_actuators; State_Knowledge: system state.knowledge; Mission_Planning_Execution: system planning.mission_and_execution; State_Estimation: system estimators.of_state; State_Control: system contollers.of_state; Hardware_Adapter: system adapters.hardware; Excerpt from the Textual Specification: system implementation complete.MDS_system subcomponents Hardware_Being_Controlled: system controlled_systems.sensors_actuators; State_Knowledge: system state.knowledge; Mission_Planning_Execution: system planning.mission_and_execution; State_Estimation: system estimators.of_state; State_Control: system contollers.of_state; Hardware_Adapter: system adapters.hardware; MDS Principles Closed loop Goal-Directed Explicit models Separation of Concerns Integral Fault Protection MDS Principles Closed loop Goal-Directed Explicit models Separation of Concerns Integral Fault Protection MDS Control System

20 20 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Model of the MDS Control System Excerpt from the Textual Specification: process implementation MDSControlSystem.basic subcomponents GoalPlanner: thread group ControlSoftware::GoalPlanner; GoalExecutive: thread group ControlSoftware::GoalExecutive; GoalMonitor: thread group ControlSoftware::XGoalMonitor; StateEstimation: thread group ControlSoftware::estimator; StateControl: thread group ControlSoftware::controller; OperatorConsole: thread group ControlSoftware::OperatorConsole; Excerpt from the Textual Specification: process implementation MDSControlSystem.basic subcomponents GoalPlanner: thread group ControlSoftware::GoalPlanner; GoalExecutive: thread group ControlSoftware::GoalExecutive; GoalMonitor: thread group ControlSoftware::XGoalMonitor; StateEstimation: thread group ControlSoftware::estimator; StateControl: thread group ControlSoftware::controller; OperatorConsole: thread group ControlSoftware::OperatorConsole; Focus on Information Flow Goal-oriented Mission Tasks Time-sensitive Continuous Control Tasks

21 21 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Reference Architecture Instantiation Instantiation of reference architecture through refinement of AADL model Deployment on different computing hardware platforms

22 22 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview MDS Architecture and Models MBA with the AADL Analysis Examples Next Steps Summary and Discussions

23 23 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch AADL Model-Based Analysis Practice Framework

24 24 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Example Component Library ConstellationISSMars Rover NASA Facility MDS Reference Architecture Utilizes Library Components performance resource consumption behaviordata quality AADL models are developed as part of individual analysis viewpoints and views within an Analysis Portfolio Analysis Portfolio security MDS rover model dependability Each viewpoint addresses specific concerns and may involve multiple views and models

25 25 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Developing Analysis Views within an Analysis Portfolio Analysis Portfolio MDS Rover ModelRequired Component extends

26 26 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch AADL Rover Wheel Control

27 27 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview MDS Architecture and Models MBA with the AADL Analysis Examples Latency Goal Network Next Steps Summary and Discussions

28 28 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Temperature Control AADL Representation Use of immediate & delayed connections to achieve deterministic sampling flow path Control engineering concerns: Processing latency, sampling latency, physical signal latency Software systems engineering concerns: Preemption, processor speed, resource contention, communication delay, rate group optimization, partitioned architecture, migration of functionality

29 29 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Temperature Control AADL Representation flow path

30 30 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Transport Latency Analysis Results * Note that illustrative values are used for this model and the results are not indicative of the results for any existing MDS implementation. Excerpt from the Textual Specification*: flows TempRsp: end to end flow camera_hardware.TempRsp1 -> DC02 -> temperature_sensor_adapter.TempRsp -> DC04 -> state_estimation.TempRsp -> DC07 -> State_Variables.TempRsp -> DC08 -> state_control.TempRsp -> DC06 -> switch_actuator_hardware_adapter.TempRsp -> DC03 -> camera_hardware.TempRsp {latency => 50 ms;}; flows TempRsp: flow path control_goals -> commands {Latency => 20 ms;}; flows TempRsp: flow sink switch_command -> DataConnection1 -> switch_actuator.TempRsp; TempRsp1: flow source temperature_sensor.TempRsp -> DataConnection5 -> temperature_measurement; Analysis Results*: Analysis can be extended to the thread level

31 31 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview MDS Architecture and Models MBA with the AADL Analysis Examples Latency Goal Network Next Steps Summary and Discussions

32 32 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Modeling and Analysis of Mission Processing Mission planning & plan execution Modeling and analysis framework in place by MDS Represent planning & plan execution tasks Represent goal-based fault management Modeling of execution of goal network execution AADL modes to represent active components and connections Identify operational modes/states in the execution of the goal network Identify layers and patterns in goal network Recognize different categories of faults and fault management strategies Analyze impact of runtime architecture Alternative hardware platforms, e.g., multi-core Workload and scheduling analysis driven by goal sequences Consistency of delegation & safing Responsiveness of replanning & consistent migration to new plans

33 33 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Error Model Specification Parameterization of error model Architecture topology & mapping drive system fault model Traceability between system fault model and system architecture Parameterization of error model Architecture topology & mapping drive system fault model Traceability between system fault model and system architecture

34 34 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Outline Project Overview AADL Overview MDS Architecture and Models MBA with the AADL Analysis Examples Next Steps Summary and Discussions

35 35 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Next Steps Phase 2 - Initiate transition and extend development verification efforts Complete extended case studies and case study report — Goal network analysis — Integral fault protection — Expanded control system analyses Develop analysis framework document — Detailed examples Develop a JPL transition plan Phase 3 – Mature transition Conduct a pilot study in-line with a development project Support implementation of the JPL transition plan Develop an IV&V transition plan

36 36 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Next Steps Confirm and extend interim results Continue models and conduct analyses of the MDS and its adaptations Address the critical aspects and MDS themes identified in the case study Assess ability to predict critical architecture properties in MDS implementations Explore the appropriateness of the AADL as an architectural framework for system and software assurance Refine the model-based AADL Practice Framework to addresses the concerns of software assurance in project V&V and IV&V Pursue the issues and research directions arising out of the case study that have long term implications for model-based software assurance Continuing case study efforts Addressing the issues of handling state variables in the application model Investigating transport latency and latency jitter Modeling integral fault protection

37 37 MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Summary: AADL for Project V&V and IV&V AADL SAE standard Models embedded software, computing platform, and physical environment Focus is the runtime essence of an architecture Precise & analyzable (lightweight, formal, qualitative, or quantitative) Separates application from computational system concerns Extensible (individualized property sets, specialized annexes) OMG MARTE AADL profile provides a migration path for UML community Basis for a V&V Analysis Practice Broad computing system (software and hardware) perspective Layered levels of analysis Lightweight analyses Detailed quantitative analyses Specialized analyses Single integrated architectural analysis representation

Download ppt "MAC-T IVV-08-150 SAS_08_AADL_Tech_Gluch Model-Based Software Assurance with the SAE Architecture Analysis & Design Language (AADL) California Institute."

Similar presentations

AMUSE Autonomic Management of Ubiquitous Systems for e-Health Prof. J. Sventek University of Glasgow In collaboration.

AMUSE Autonomic Management of Ubiquitous Systems for e-Health Prof. J. Sventek University of Glasgow In collaboration.
MDI 2010, Oslo, Norway Behavioural Interoperability to Support Model-Driven Systems Integration Alek Radjenovic, Richard Paige The University of York,

MDI 2010, Oslo, Norway Behavioural Interoperability to Support Model-Driven Systems Integration Alek Radjenovic, Richard Paige The University of York,
Technology Module: Technology Readiness Levels (TRLs) Space Systems Engineering, version 1.0 SOURCE INFORMATION: The material contained in this lecture.

Technology Module: Technology Readiness Levels (TRLs) Space Systems Engineering, version 1.0 SOURCE INFORMATION: The material contained in this lecture.
The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.

The System and Software Development Process Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU.
Chapter 2 The Software Process

Chapter 2 The Software Process
© 2004 by Carnegie Mellon University The Society of Automotive Engineers (SAE) Architecture Analysis & Design Language (AADL) Standard An International.

© 2004 by Carnegie Mellon University The Society of Automotive Engineers (SAE) Architecture Analysis & Design Language (AADL) Standard An International.
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA 15213-3890 Architecture Analysis & Design Language (SAE.

Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA Architecture Analysis & Design Language (SAE.
Architecture Modeling and Analysis for Embedded Systems Oleg Sokolsky CIS700 Fall 2005.

Architecture Modeling and Analysis for Embedded Systems Oleg Sokolsky CIS700 Fall 2005.
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems
1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.

1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.
Course Instructor: Aisha Azeem

Course Instructor: Aisha Azeem
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Basic Concepts The Unified Modeling Language (UML) SYSC 3100 - System Analysis and Design.

Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.
Software Engineering Muhammad Fahad Khan

Software Engineering Muhammad Fahad Khan
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
SAS_08_AADL_Exec_Gluch MAC-T IVV-08-149 Model-Based Software Assurance with the SAE Architecture Analysis & Design Language (AADL) California Institute.

SAS_08_AADL_Exec_Gluch MAC-T IVV Model-Based Software Assurance with the SAE Architecture Analysis & Design Language (AADL) California Institute.
Chapter 8 Architecture Analysis. 8 – Architecture Analysis 8.1 Analysis Techniques 8.2 Quantitative Analysis  8.2.1 Performance Views  8.2.2 Performance.

Chapter 8 Architecture Analysis. 8 – Architecture Analysis 8.1 Analysis Techniques 8.2 Quantitative Analysis  Performance Views  Performance.
© 2007 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1 A Discipline of Software Design.

© 2007 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1 A Discipline of Software Design.
An Introduction to Software Architecture

An Introduction to Software Architecture

Similar presentations

Ads by Google