Unified Systems Engeneering with GoedelWorks


Published on

Describes a unified metamodel for systems engineering and a supporting internet based platform.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Unified Systems Engeneering with GoedelWorks

  1. 1. From Deep Space To Deep Sea R&D project of Open License Society: Metamodel for systems engineering: “systems grammar” OpenSpecs and OpenCookBook prototype web portal Input: EVOLVE ITEA project Evolutionary Validation, Verification and Certification FP7 OPENCOSS project: Open Platform for EvolutioNary Certification Of Safety-critical Systems (automotive, railway, avionics) ASIL: Flanders Drive project on developing a common safety engineering methodology for automotive and related domains Currently commercialised and redeveloped as GoedelWorks by AltreonicOct-2011 Altreonic NV – From Deep Space to Deep Sea - 2
  2. 2. Refinement by adding structure and properties Avoids overlapping in concepts Domain Metamodel Model Instance d1 d1 d1 d2 d2 d2 E1 E2 d3 d3 d3 Entities Entities and Structure & System / Interactions Architecture ProcessOct-2011 Altreonic NV – From Deep Space to Deep Sea - 3 User levels Abstract meta-levels RTOS domain M4: M4: element (of set) Mathematician meta-meta-type M4: Interacting Entities M3: Metatypes declarations (inheritance of the M4 M3: Virtual machine executing M2 functions for M3: Expert element meta-meta-type) M1 data M2: types declarations (inheritance of M3 meta-types M2: domain specific declarations M2: Engineer with domain specific attributes) (types, grammar, functions) M1: Instances of M2 types with concrete values of M1: User attributes M1: DataOct-2011 Altreonic NV – From Deep Space to Deep Sea - 4
  3. 3. View 1: System = Processes + Architecture or: the ”right” System = “how” + “what” View 2: A process is a meta-system Has to be developed as well In practice different views correspond to complementary domains: Process, Engineering, Modeling, Simulation, Testing, Software, Hardware, Safety, …Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 5 System Sub-entities Project Sub-Project Process Sub-Process Reference Requirement Sub-Requirement Specification Sub-Specification Resource Work Package Development, Verification, Test, Validation Task Work Package Flow Work Package Work Product Process type (“Evidence”) or development (“Model”) Model Sub-Models Entity Sub-Entities Change Request IssueOct-2011 Altreonic NV – From Deep Space to Deep Sea - 6
  4. 4. SYSTEM PROCESS PROJECT Organ- Supporti Plan- System under Development Development isation ng ning WPT- WPT- MODEL template Process WP ENTITY WP Flow Tasks SPC RES WP WP DEV REQ Tasks SPEC RES Tasks SPC RES VER REF DEV REQ DEV REQ TST VER REF VER REF GoedelWorks VAT Meta-Meta-concept TST TST VAT VATOct-2011 Altreonic NV – From Deep Space to Deep Sea - 7 Association links: Dependency links: E.g. a SPC depends on REQ (n) Precedence links: A Verification Task preceeds a Test Task Structural links: A WP is composed of Tasks (n) A Model is composed of Entities (n) Navigation links: Navigation tree for easy access Flow links (next-previous) for defining flowsOct-2011 Altreonic NV – From Deep Space to Deep Sea - 8
  5. 5. Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 9 During the life-time of a Project/Process entities go through states: Defined => In Work => Frozen For Approval => Approved Dependency and structural relationships create a partial order for Approval REF=>REQ=>SPC // RES // Tasks =>WP=>WPT (MOD) A Project is a collection of Processes producing Work Products. Not a single V-model but 100’s. Overall Process follows from respecting states WorkProducts morph: Resource at input is always result of previous Project Work Product template => Work Product specific Project System in Project A => component in Project BOct-2011 Altreonic NV – From Deep Space to Deep Sea - 10
  6. 6. ASIL developed template flow + template WorkProducts + guidelines To be defined or completed by each organisation DV-VE-TE-VAT (ᴝ) WPT_Process Development (out)_ WP SPC (in) REQ (in) REF template. Organisation RES (in) PROCESSES Supporting Planning DV-VE-TEt-TAT (ᴝ) SE system MOD ENT WP SPC (in) REQ (in) RES System Domain DVT-VE-TET-VAT PROJECTS (ᴝ) Specific domain WPT -Process (out) WP_flow WP SPC (in) REQ (in) (Project specific) The template is a RES (input) – RES (in) hence a link to it or make copy. When selecting ASIL as processOct-2011 Altreonic NV – From Deep Space to Deep Sea - 11 Explicit difference between Requirements and Specifications Distinction Process (how) and Project (what) Verification = verifying the work done Testing = verifying the system meets specifications Validation = verifying it meets requirements (includes integration) Process/Project is not seen as flow but as a collection of actions producing WorkProducts (+/- 100!) System = Implementation model Safety case is seen as Specification-Fault case Domain agnosticOct-2011 Altreonic NV – From Deep Space to Deep Sea - 12
  7. 7. Trustworthy system Safety Security Usability Privacy no physical fault can no injected fault can no interface fault can no personal data loss cause harm cause harm cause harm can cause harm Specification has subtypes: Normal Case, Test Case, Fault Case Safety and Security case are subtypes of Fault CaseOct-2011 Altreonic NV – From Deep Space to Deep Sea - 13 Input: ASIL project of Flanders Drive Automotive Safety Integrity Level Goal: develop common safety engineering process based on existing standards: Automotive: off-highway, on-highway Machinery IEC 61508, IEC 62061, ISO DIS 26262, ISO 13849, ISO DIS 25119 and ISO 15998 Partners: Altreonic, DANA, EIA, Flanders Drive, Punch Powertrain, Triphase, TüV Nord DO-178C, DO-254, ARP4761: AltreonicOct-2011 Altreonic NV – From Deep Space to Deep Sea - 14
  8. 8. Acquiring general understanding of Safety and Systems Engineering standards. Development of ASIL process flow: Dissecting standards in semi-atomic statements Tagging according to activity domain Development of ASIL V-model with 3 Process domains: Organisational Processes ("safety culture") Supporting Processes Safety and Engineering Development Processes. Completion Identification of Work Products and RACI Roles Development of templates for Work Products (.doc or .xls) Development of Guidelines (e.g. HARA) Development of GlossaryOct-2011 Altreonic NV – From Deep Space to Deep Sea - 15 Organisational Safety and Engineering/ Development SupportingOct-2011 Altreonic NV – From Deep Space to Deep Sea - 16
  9. 9. Effort: approx. 21000 personhours (over 3 years.) Semi-atomic process requirements extracted: ~3800 Work products defined: 98 => templates Types of roles identified: 17 => HR responsibility Guidelines developed: 34 => templates ASIL process flow has 355 steps Organisational processes identified:19 Supporting processes identified: 75 Safety and Engineering processes identified: 261 Work is not finished! (validation using use cases + organisation specific mapping) + templates + iterative!Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 17 GoedelWorks ASIL Process Process Flow Flow Work Package Step with descriptive text Tasks (DEV, VET, TST, VAT) Not defined Project Not defined Model/Entity Not defined Reference Standards’ requirements attached to Step Requirement Not defined, merged in Step description Specification Not defined Resource Roles, Work Product template, Guidelines Work Product Work Product (input and output of Step) Change Request Not defined, but Change Management Step Issue Not defined, but Change Management Step State Not defined Relationships Net defined, except as WPT input and RolesOct-2011 Altreonic NV – From Deep Space to Deep Sea - 18
  10. 10. V-model respected by following order: Steps become Work Packages Default WP Tasks, missing REQ and SPC created Dependencies and structural relationships inserted but left empty State: most often “In Work” upon creation Guidelines and templates attached Benefits from import: All Process (and Project) Entities user-editable Project entities and Process entities can be linked Organisation specific instance of Processes can be created and new processes added Dependency analysis and reportingOct-2011 Altreonic NV – From Deep Space to Deep Sea - 19 Main lessons learned: Bridging different domains: semantic differences Safety engineering standards are subsets of systems engineering Certification requires “evidence” (artifacts) Major problems: Find a common language Find a clean language: orthogonality Usability aspects prime requirement for tool Difficult in a web based environment Standards’ license terms!Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 20
  11. 11. ASIL imported referenceOct-2011 Altreonic NV – From Deep Space to Deep Sea - 21 Example of state verification (Approval)Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 22
  12. 12. Dependency graph (Process)Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 23 Example: shift-by-wire exampleOct-2011 Altreonic NV – From Deep Space to Deep Sea - 24
  13. 13. Generated precedence graphOct-2011 Altreonic NV – From Deep Space to Deep Sea - 25Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 26
  14. 14. Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 27 Roles and permissions at entity level Locking during edit Version management + transaction log Comments per entity Importing or creating in bulk Import/export subset Precedence and dependency tree graphs Doc generation (html, pdf) Project schedule, Gannt chart (in work) ….Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 28
  15. 15. Portal based HARA (vs. xls template) Fault Tree Analysis Templates doc on-line Linking/integration with software development environmentsOct-2011 Altreonic NV – From Deep Space to Deep Sea - 29 Conclusion Systems engineering process can be formalised using a common metamodel Booklet available from Altreonic website Challenges Integration of different domains Concepts, Architectural design, WorkFlow System Engineering processes (“standards”) are heuristic Progress through formalisation Reduction of design space give reliability Modular architecture and unified semantics essential for incremental/evolutionary verification/validation/certification Automated support is feasible • Work will continue in OPENCOSS FP7 project • (cover avionics, railway, automotive) • DO-178C and DO-254 • Focus on re-useOct-2011 Altreonic NV – From Deep Space to Deep Sea - 30
  16. 16. www.altreonic.comOct-2011 Altreonic NV – From Deep Space to Deep Sea - 31 Set-up fee: 1500 euro (SSL, Firewall, …) Standard process support: 1500 euro/mo/first 3 users ASIL process support: 1500 euro/mo/first 3 users (license of standard needed) Minimum period: 12 months, up to 12 projects Additional users: 100 euro/month/module Recommended: Hands-on training Completing flow with Organisation’s procedures Organisation specific customisation Optional: In-house hosting (open technology license only). Encryption of data on disk, dedicated VM, …Oct-2011 Altreonic NV – From Deep Space to Deep Sea - 32