The document discusses the importance of dependability in embedded systems and systems of systems. It notes that modern society relies on interconnected critical systems like power grids, transportation, and healthcare. Ensuring the safety, reliability, and security of these complex, life-critical systems is paramount but also challenging given the scale and integration involved. The document advocates for model-based systems engineering approaches using high-fidelity modeling to facilitate requirements management, architecture design, and dependability analysis through techniques like fault tree analysis, security analysis diagrams, and automated reporting. This helps deliver functionality while addressing concerns of safety, performance, integration and certification early in the development process.
2. IBM Software Group | Rational software
Triathlon – A life without embedded devices?
Individual sport composed of
Swimming
Bicycling
Running
And, occasionally, throwing up
You against the course, mano a mano
A sport of grit, determination, endurance,
and pain tolerance
Surely this has nothing to do with
embedded systems
Innovation for a smarter planet 2
3. IBM Software Group | Rational software
A day in the (embedded) life of a triathlete
Yes, I am wearing devil horns –
That’s the way I roll …
Innovation for a smarter planet 3
4. IBM Software Group | Rational software
Embedded Systems for Triathletes?
Bike computer
Bike power meter
GPS Sports Watch w/ HR, cadence, computer interface
Race timing system
Innovation for a smarter planet 4
5. IBM Software Group | Rational software
What about the stuff around the triathlete?
Innovation for a smarter planet 5
6. IBM Software Group | Rational software
What about the stuff around the triathlete?
Innovation for a smarter planet 6
7. IBM Software Group | Rational software
What about the stuff around the triathlete?
Innovation for a smarter planet 7
8. IBM Software Group | Rational software
Healthcare is deeply electronically-interconnected
Primary Care
Specialists Physician
Electronic Personal
Health Health Record Health Record
Plans
Patient
Pharmacy /
Surgery
Labs
Employers Care Emergency
Providers Department
Medical Devices
Imaging, Pumps,
Robotics
Remote Emergency
Monitoring Services
State & Central
Programs Remote Telehealth
Data Diagnosis Consultation
Innovation for a smarter planet 8
9. IBM Software Group | Rational software
We live in a deeply electronically-interconnected world
Each subject area is rich with embedded systems closely interconnected
All subject areas interconnect with others providing and using data and services
This interconnection provides the basis for a technology-centric society
Water Treatment,
Power Generation Water management, sewer
Communications Pharmacy /
Generation and distribution Phone, Radio, TV Labs
Emergency
Transportation Health Care Department
Planes, Trains & Autos Imaging, Pumps,
Robotics
Innovation for a smarter planet 9
10. IBM Software Group | Rational software
Are we ready to develop these systems?
Are we ready?
• To deliver the functionality?
• To deliver the performance?
• To integrate dozens to hundreds of complex systems?
• To deliver the system with adequate security?
• To deliver the system with adequate safety?
Innovation for a smarter planet 10
11. IBM Software Group | Rational software
Are we ready to develop these systems?
Are we ready?
• To deliver the functionality?
• To deliver the performance?
• To integrate dozens to hundreds of complex systems?
• To deliver the system with adequate security?
• To deliver the system with adequate safety?
Malware implicated in fatal Spanair
plane crash
- msnbc.com August 23, 2010
Innovation for a smarter planet 11
12. IBM Software Group | Rational software
Are we ready to develop these systems?
Nuclear plant in Georgia forced into
emergency shutdown due to
unintentional “cyber-incident”
- Washington Post, June 5, 2008
Are we ready?
• To deliver the functionality?
• To deliver the performance?
• To integrate dozens to hundreds of complex systems?
• To deliver the system with adequate security?
• To deliver the system with adequate safety?
Malware implicated in fatal Spanair
plane crash
- msnbc.com August 23, 2010
Innovation for a smarter planet 12
13. IBM Software Group | Rational software
Are we ready to develop these systems?
Nuclear plant in Georgia forced into
emergency shutdown due to
unintentional “cyber-incident”
- Washington Post, June 5, 2008
Are we ready?
• To deliver the functionality?
• To deliver the performance?
• To integrate dozens to hundreds of complex systems?
• To deliver the system with adequate security?
• To deliver the system with adequate safety?
Braking software glitch contributes to
recall of hundreds of thousands of
vehicles worldwide
- Associated Press, 2010
Malware implicated in fatal Spanair
plane crash
- msnbc.com August 23, 2010
Innovation for a smarter planet 13
14. IBM Software Group | Rational software
Are we ready to develop these systems?
Nuclear plant in Georgia forced into
emergency shutdown due to
unintentional “cyber-incident”
- Washington Post, June 5, 2008
Are we ready? Siemens SCADA system breached by
• To deliver the functionality?
weaponized computer virus
• To deliver the performance?
• To integrate dozens to hundreds of complex systems?
- ComputerWorld July 17, 2010
• To deliver the system with adequate security?
• To deliver the system with adequate safety?
Braking software glitch contributes to
recall of hundreds of thousands of
vehicles worldwide
- Associated Press, 2010
Malware implicated in fatal Spanair
plane crash
- msnbc.com August 23, 2010
Innovation for a smarter planet 14
15. IBM Software Group | Rational software
Systems Engineering – the solution to all our problems….?
Innovation for a smarter planet 15
16. IBM Software Group | Rational software
State of the Practice for Systems Development
Systems and Software Engineering Environment in general
Are document-centric
Require huge investment in planning that doesn’t reflect actual project execution
Have difficulty adapting to change.
Require expensive and error-prone manual review and update processes.
Require long integration and validation cycles
Are difficult to maintain over the long haul
Additional standards constraints
(eg DO-178B, ISO26262, AUTOSAR,
DoDAF) add to the challenge
Tooling Selection
Dependability engineering
Safety
Reliability
Security
System certification
Innovation for a smarter planet 16
17. IBM Software Group | Rational software
Modern Processes and Practices are Evolving
Past Future
Model-Based Engineering Analysis &
Design
Defect Avoidance Requirements
Definition &
Management
Construction
Configuratio
Defensive Design n & Change
Mgmt
Build &
Release
Continuous Integration Management
Quality
Asset
Management
& Reuse
Management
Risk Management Production
Project Governance
Dynamic Planning THE AGILE MODEL
Moving from waterfall “ballistic” planning to incremental, adaptive approach
Innovation for a smarter planet 17
18. IBM Software Group | Rational software
High-Fidelity Modeling for Systems Engineering
Hi-MBE brings to engineering
Precision
Executability
Stakeholder/Analysis-relevant viewpoints at any desired level of abstraction e.g.
Functionality
State-based behavior
Algorithmic/control behavior
Structure and Architecture
Integration of engineering work, e.g.
Functional requirements
Dependability analysis
– Safety
– Reliability
– Security/Information Assurance
Architectural structure, behavior, and allocation
Control analysis
Innovation for a smarter planet 18
19. IBM Software Group | Rational software
Models and Viewpoints in Model-Based Systems Engineering
Subsystems, interfaces, Mechanical
Subsystem use cases/ Specification Model and text
Functional Requirements
Model
Model-
bas ed
Executable use cases
Architectural handof f
Functional and
QoS requirements Model
Subsystem Electronic
Model(s) Specification
Dependability Model and text
Model
Safety, reliability,
Control
and security analysis Model
FTA, FMEA, FEMCA,
Software
Asset Diagram, SAD Control algorithms, Specification Model and text
mathematical models
Innovation for a smarter planet 19
20. IBM Software Group | Rational software
Dependability == ∑ Safety, Reliability, and Security
Cyberphysical systems and system of systems exist today that create and manage
society-supporting services and systems, including
Power grids
Transportation (air, ground, and sea)
Emergency response
Water and sewage
Communications
… to name just a few
Cyberphysical systems and systems of systems have the potential for extremely
impactful consequences in terms of safety, reliability, and security
It is crucial that we can reason appropriately about these concerns early and not
rely on ex post facto analyses
Innovation for a smarter planet 20
21. IBM Software Group | Rational software
Model-Based Dependability Analysis
Innovation for a smarter planet 21
22. IBM Software Group | Rational software
Model-Based Threat Analysis
Security Analysis Diagram (SAD)
is like a Fault Tree Analysis (FTA)
but for security, rather than safety
It looks for the logical relation
between assets, vulnerabilities,
attacks, and security violations
Permits reasoning about security
What kind?
How much?
Where?
When?
Risk assessments
Innovation for a smarter planet 22
23. IBM Software Group | Rational software
Model-Based Threat Analysis
An Asset Diagram looks at
the semantic relations
between roles,
authentication,
vulnerabilities, and
countermeasures. It is a
way of representing the
security-relevant design
elements.
Here it is shown with
traceability links to
requirements
Assets can be
Physical
Informational
Currency
Resource
Security
Services
Innovation for a smarter planet 23
24. IBM Software Group | Rational software
Auto-generation of dependability-relevant summary data
Fault Source Matrix, Fault Detection Matrix, Fault-Requirement Matrix, FMEA, FMCA, Hazard Analysis…
• Traceability improves your ability to
make your safety/security case
Dependability metadata guides
- System requirements
- Downstream engineering work
- Regulatory approval submissions
Innovation for a smarter planet 24
25. IBM Software Group | Rational software
Design for Dependability
Dependability Analysis:
• Fault Tree Analysis (FTA)
• Fault Means and Effective
Analysis (FMEA)
• Hazard Analysis Safety Eng.
• Security Analysis Diagram ARP-4761
• Asset Diagram ISO
26262
IEC 61508
Requirements Analysis:
• Functional and Non-Functional
Requirements
• Safety Requirements Systems Eng.
• Business and Regulatory
ARP-4754
Requirements
System and Software Design:
• Structural
• Behavioral Software
Developer
• Temporal
DO-178B
• … IEC 62304
Innovation for a smarter planet 25
26. IBM Software Group | Rational software
Systems Engineering Workflows (e.g. Safety Analysis)
Harmony/SE
Systems Engineering:
Requirements Analysis
Innovation for a smarter planet 26
27. IBM Software Group | Rational software
Harmony/SE: Design Synthesis
Innovation for a smarter planet 27
28. IBM Software Group | Rational software
Update Safety Analysis Task
Innovation for a smarter planet 28
29. IBM Software Group | Rational software
Tooling automates best practice workflows
Use modeling to validate requirements, architecture
and design throughout the development process
Practices
Architecture & Design
Rational Rhapsody and Process
Requirements
Management Quality Management
Rational Quality Manager
Rational DOORS
Manage all system requirements Achieve “quality by design”
with full traceability across Collaboration with an integrated, automated
the lifecycle Rational Team Concert testing process
Collaborate across diverse engineering
disciplines and development teams
COLLABORATE AUTOMATE REPORT
Achieve common Increase efficiency Continuously improve
goals by optimizing and predictability by by measuring and
how people work integrating workflows reporting progress
Innovation for a smarter planet 29
30. IBM Software Group | Rational software
Designing systems as if our lives depend on them
Our society is only sustainable with technological assistance
Reliable, safe, and secure delivery of services
Productivity of agriculture and industry
Unbroken distribution chains
Low cost of energy
Balancing dwindling resources
Innovation in production
The systems we create today are absolutely crucial in supporting our society, health,
and well-being
(Hard) Each individual system must be designed to be reliable, safe, and secure
(Harder) The totality of systems acting in concert must be reliable, safe and secure
This can be done by innovatively supporting systems development with
Intelligence
Best Practices
Tooling
Innovation for a smarter planet 30
31. IBM Software Group | Rational software
Thank you very much!
Innovation for a smarter planet 31
Editor's Notes
To succeed, a project must not only meet its deliverables, it must be on time and on budget. Careful attention to the early stages — discovery, planning, requirements gathering, and resource allocation — is where the foundation for successful project achievement is prepared. No or Slow visibility means that in many cases metrics and status are collected by hand. This information when gathered can be out of date as well as inaccurate.