SlideShare a Scribd company logo

[SiriusCon 2018] AdvoCATE: An Assurance Case Automation Toolset Based on Eclipse and Sirius

Obeo
Obeo

SiriusCon 2018 - Talk by Ewen W. Denney, NASA - Robust Software Engineering Group We describe AdvoCATE, the assurance case automation toolset, under development at NASA Ames Research Center. An assurance case provides a comprehensive basis for the stakeholders of a system to have justified confidence in its dependability attributes—safety, security, reliability, etc. A safety case is a specialized assurance case that focuses on providing a formal justification of acceptable safety. In many safety-critical industries, such as aviation, the production and evaluation of a safety case can be a prerequisite for regulatory approval to field and operate a system. A safety case developed in AdvoCATE comprises multiple interrelated artifacts, including a hazard log, a requirements repository, a safety architecture, and several structured arguments, all of which must be kept mutually consistent. The hazard log and requirements repository record the results of safety analysis activities; the safety architecture graphically describes the relevant safety-related scenarios along with the collection of safety risk reduction mechanisms, whilst providing the foundation for risk assessment and visualization. Structured arguments link various safety related claims to heterogeneous sources of evidence gathered during systems engineering, also capturing rationale pertinent to safety and other auxiliary concerns. AdvoCATE is an Eclipse Rich Client Platform (RCP) application that leverages a variety of models specified using Eclipse Modeling Framework (EMF), Sirius for creating graphical representations, NatTable for tabular environments, and Xtext for domain-specific languages. Thus, AdvoCATE facilitates model-based development, exploiting validations, transformations, and a range of views in the construction of (some of) the artifacts constituting a safety case. We have used AdvoCATE to develop safety cases and successfully obtain regulatory approval for NASA flight operations involving a fleet of small unmanned aircraft systems (UAS) flying beyond visual line of sight.

1 of 46
Download to read offline
AdvoCATE: An Assurance Case Automation Toolset Based on Eclipse and Sirius 4th December, 2018 Ewen Denney & Robbie Henderson (Joint work with Ganesh Pai and Dimo Petroff) NASA Ames Research Center Robust Software Engineering Group ewen.denney@nasa.gov
Research Motivation • High-hazard industries are moving to active safety management – Safety management system (SMS) in aviation – Need to • Unify reasoning about technical aspects of safety • Support safety-related decision making • Goals-based regulation is attractive for novel applications – When regulations and performance standards are absent • Unmanned aircraft systems (UAS), Autonomous systems, … – Increases flexibility for regulated entity – Evidence-based assurance  safety case / assurance case 2
Safety and Assurance Cases ‘A safety case is a structured argument, supported by a body of evidence, that provides a compelling, comprehensible and valid case that a system is safe for a given application in a given operating environment’ - NASA System Safety Handbook ver. 1 (2014) • Essentially, a safety risk management artifact – Other compatible definitions and guidance on content – Based on application domain, standard, regulatory paradigm, etc. • An assurance case generalizes safety cases to other assurance properties: reliability, security, availability, … 3
Risk Control Risk Analysis and Assessment Hazard Effect Severity Likelihood Initial Risk Level Hazard Control Residual Risk Level H1 - Airspace encounter with GA aircraft NMAC / MAC 2 (Haz.) 1 (Cat.) Probable Probable 2B 1B Detect & Avoid Flt. Termination ... 2D 2D H2 – Stall CFIT Safety Risk Management 4 System Analysis Concept of Operations, System/change description, Regulations, … HazID Hazards Operational, functional, … Design target Barrier Modeling – Abstract Safety Architecture Safety Requirements Implementation Mitigations Safety requirements Barrier and Control functions Risk scenarios, design targets, risk evaluation Assurance Rationale (Structured Argument) Evidence Artifacts Design, Analysis, Verification Testing, Assurance claims, strategies, context, rationale, … Operational Safety Assurance (Monitoring and Update) Safety performance measures, monitors, … Operational Evidence Verification of safety performance targets Assumption corroboration Hazard tracking, Precursors, …
Example: UAS Safety 5 Combination of operating modes • Visual line of sight (VLOS) • Beyond visual line of sight (BVLOS) • Beyond radio line of sight (BRLOS) Varying access profiles • Operating range • Terminal airspace • Transit (vertical / lateral) Diverse environment • Populated / urban / built-up areas • Uncontrolled / controlled airspace • Low / high density airspace Varying mission concepts • Package delivery • Surveillance • Aerial inspection • Mapping, … Different configurations • Airborne sensors (Lidar, sonar, FPV camera, Radar) • Ground sensors (Radar) • Multiple GCS, Roaming GCS, … Increasing complexity in mission and operations UAS – Unmanned Aerial System (aka drone)
UTM: UAS Traffic Management 6
Tool Needs • Creation and assessment of assurance cases – Support variety of diagrams and for assurance artifacts representations (graphical, tabular, textual) – Views for diverse stakeholders and use cases – Consistency and navigation between assurance artifacts – Automation workflows – Integration with 3rd party tools • Tool technologies – EMF: model-based assurance – Sirius: graphical editing of industry standard safety notations – Xtext: domain specific languages and querying of safety models – NatTable: table editor for hazard/requirements analysis 7
Barrier Modeling • Collection of barrier models providing a risk basis – Collection of all factors affecting risk – Model for risk qualification/quantification 8 Event chain / accident trajectory Barrier compromise/breach Loss of Control State Threats / Causes / Initiating Events or States Accident / Loss / Harmful States or Events Prevention Barriers Recovery Barriers Hazard
Bow Tie Diagram (BTD) 9
Example: Loss of Separation 10
Rationale Capture via Assurance Arguments 11 Chain of reasoning Safety / Dependability Claims Item of Evidence Developed claims Documentation and Details Goal Structuring Notation (GSN)
Example: Battery Failure 12
AdvoCATE: Tables • Assurance Case Automation Toolset • Hazard analysis and risk assessment – Conducting hazard identification – Specification of hazard causes and consequences – Assessment of initial and residual risk levels given in terms of probability and severity • Safety and assurance requirements capture 13
Hazard Log and Tabular Editor 14
Safety Requirements Capture 15
AdvoCATE: Arguments and Patterns • Structured argument development – Pattern specification – Automated pattern instantiation • Integration of formal methods and formal tool-based evidence – Hierarchical and Modular organization – Argument queries and views • Metrics 16
Argument Editor 17
AdvoCATE: Safety Architectures • Safety architecture development – Composition of multiple bow tie diagrams – Views – Transformations (event and barrier split / merge) • Sequential event split: Loss of safe separation  Loss of “well-clear” separation + NMAC • Parallel event split: MAC  MAC within OR || MAC outside OR • Barrier split: Ground-based surveillance  Radar surveillance + Visual surveillance – Risk computation: event probability along paths 18
Safety Architectures 19 Bow Tie Modeling Automated View Extraction
AdvoCATE: Traceability • Navigation • Traceability matrices • Maintaining consistency between related artifacts, e.g., between – Entries in the hazard log and the relevant assurance requirements – Arguments and the corresponding requirements, verification artifacts, etc. 20
Tracing and Consistency 21 Hazards Safety and Assurance Requirements Assurance Arguments / Rationale Bow Tie Diagrams / Safety Architecture
Amalgam Activity Explorer • The Amalgam activity explorer is used in the design of our Safety, Mission Assurance, and Risk management (SMART) dashboard 22
Amalgam Activity Explorer • The (SMART) Dashboard allows us to: – Provide a clear and directional workflow towards a completed safety/assurance case 23
Amalgam Activity Explorer 24 • For each step we have one EMF model • Dependencies provide some of the workflow, i.e. safety architectures can require “requirements” model components • Necessary components are clearly prompted • Sirius diagrams relevant to the current model are accessible
Amalgam Activity Explorer • The (SMART) Dashboard allows us to: – Provide a clear and directional workflow towards a completed safety/assurance case – Provide feedback on the status of assurance activities, and areas that need to be developed further – Provide a naive evaluation of the current system safety 25
Amalgam Activity Explorer 26 • Problems with the safety case development are clearly brought to the users attention, with hyperlinking to the problem source
Amalgam Activity Explorer • The (SMART) Dashboard allows us to: – Provide a clear and directional workflow towards a completed safety/assurance case – Provide feedback on the status of assurance activities, and areas that need to be developed further – Provide a naive evaluation of the current system safety – In future, provide real-time evaluation of system based on feedback from a live platform 27
Activity Explorer Issues • We don’t always have a Sirius “session” – Amalgam works very well when provided a Sirius “session” – Some of our models are entirely developed in a DSL, or NAT Table tabular editor – Initially we created viewpoints for all resources….even when it wasn’t useful – We now manually load resources and open editors by id, and only use the Sirius session for the opening/creation of viewpoints • Debugging is hard! – Issues with activity explorer pages often result in no activity explorer at all, with no logging – help! 28
BX of Safety Models • Sirius viewpoints are used extensively, along side various editors, to avoid complex bi- directional transformations of the safety models – The safety architecture of a system can be viewed as a Controlled Event Structure, a single diagram showing the temporal flow of all events – One event in a CES may have a local bow tie, where we only care about the event, its own causes and effects – Through a combination of Xtend model helpers and multiple viewpoints, we managed to merge most models containing similar information and just provide viewpoints where necessary 29
BX of Safety Models 30
Sirius Custom Properties Panel • Many of AdvoCATE’s graphical elements are the product of multiple modelled constructs – To handle this, we made use of Sirius custom property panels – Model elements, such as hazards, are edited from many locations in AdvoCATE, and are viewed in different forms all over the tool – One custom property panel is added, allowing us to define one uniform editing experience for the combined feature, regardless of what is shown – Certain semantic attributes can be shown, but not edited to allow the user context while in a particular viewpoint 31
Sirius Custom Properties Panel 32 Calculated Values – Mitigation of Risk A Hazard/Event A Hazard in progress – Event Instance
Property Panel Additions • Some customizations to the custom properties panel we have implemented: – Enum Lists: We have many model features as lists of enumerated values – Xtext editor widgets (more on that later) – Xtext index-query selection boxes – model cross references 33
Xtext 34 • All models within AdvoCATE make use of Xtext resources and the powerful index they provide • Extensive cross-referencing between models became cumbersome using pure EMF • Integration of Xtext and Sirius has been very smooth – with only minimal customizations to Sirius widgets and some services to take advantage of the Xtext index in diagrams • Most models we use require an Xtext DSL to keep all users happy…so extra effort is minimal
Xtext - Indexing 35 • With all models being Xtext resources we are able to take advantage of the Xtext index as a one-stop repository of safety elements • Cross-referencing by loading resources becomes quite cumbersome with large projects • We wrap Xtext index querying in services used by our Sirius diagrams, to take advantage of our DSL scope providers • Future plans will involve the DSL Devkit Scope/Export framework, to allow us to fine tune relevant safety artifacts, and export these to an external repository (large scale safety case development)
Xtext - Indexing 36 • We create an Xtext scope-provider-fed custom property widget • As the DSL is modified, the Sirius properties view is updated automatically – it simply calls our scope provider • Relevant EObjects are resolved and the list of choices is populated
Xtext – Serialized Models 37 • One important future feature of AdvoCATE is collaborative safety case development – When using pure EMF + Sirius, we found that version control struggled a little…
Xtext – Serialized Models 38 • One way we thought to combat this problem is a combination of: – Really good auto-layout (if a little ambitious) • We don’t necessarily need to version control the layout if we can do so automatically, and reliably • AIRD merge conflicts become huge, and impossible to merge – we might not need to track them – Serialize the model as a DSL, and parse • The models themselves in XMI format can be hard to merge • New features cause compatibility problems
Xtext – Serialized Models 39 • By designing a robust Xtext DSL for each model, we can more reliably track changes – Git likes DSLs way more than XMI – New features, or modified metamodels are less likely to also break the parser, but XMI almost always will – We can auto-create appropriate diagrams for our models in Sirius, and auto-layout on first opening • We’re still in the process of finding a solution to our problems – but this fits nicely so far
Xtext – Direct Edit Xtext Editor 40 • In some contexts, complex syntax had to be embedded in our graphical editors – Argument patterns, are a way to generate a GSN argument based on given data and a “pattern” providing the structure – Parameters are defined, and then embedded in node descriptions to be evaluated at generation time – To do so, we designed a DSL to define the pattern and it’s parameters – Great! We get all the content assist, linking, and that fun stuff
Xtext – Direct Edit Xtext Editor 41 But wait…what’s the structure?
Xtext – Direct Edit Xtext Editor 42 • Clearly, a graphical layout gives a much more manageable view of what the generated result might be – We needed a solution that combined the power of the Xtext DSL, for what might become very complex string-building expressions, with the high-level view of a Sirius viewpoint – We created a Sirius Direct Edit widget which wrapped the Xtext Embedded editor – Now we have content assist, syntax highlighting, hyperlinking, and inline validation – all as part of direct edit
Xtext – Direct Edit Xtext Editor 43
Perspectives • Ongoing focus on design-time assurance – Artifacts and rationale from development, prior to release-into-service • Outlook towards operational assurance through lifecycle – In-service safety performance monitoring • Autonomy applications – NASA System-wide Safety Project – DARPA Assured Autonomy Program – Expansion in application domain to spaceflight: initially robotic, eventually, human spaceflight • Future tool development – User-customizable dashboards – Query/view language – Collaborative development – Towards the Cloud … 44
We’re hiring! Contact: ewen.denney@nasa.gov 45 Looking for software engineers with experience in Eclipse, Sirius, Xtext, NatTable, ...
Please wait a few seconds before we automatically bring you to the next session (First Day Closing Session) If you want to keep talking with the speakers of actual talk, you will have to come back to this session. Thanks for listening to (Ewen Denney|NASA Ames) Any questions?

Recommended

SimfiaNeo - Workbench for Safety Analysis powered by Sirius
SimfiaNeo - Workbench for Safety Analysis powered by SiriusSimfiaNeo - Workbench for Safety Analysis powered by Sirius
SimfiaNeo - Workbench for Safety Analysis powered by Sirius
Obeo
 
Unit iv-testing-pune-university-sres-coe
Unit iv-testing-pune-university-sres-coeUnit iv-testing-pune-university-sres-coe
Unit iv-testing-pune-university-sres-coe
Hitesh Mohapatra
 
Sirius Web Advanced : Customize and Extend the Platform
Sirius Web Advanced : Customize and Extend the PlatformSirius Web Advanced : Customize and Extend the Platform
Sirius Web Advanced : Customize and Extend the Platform
Obeo
 
CTFL - BSTQB
CTFL - BSTQBCTFL - BSTQB
CTFL - BSTQB
Fabrício Campos
 
Dev ops lpi-701
Dev ops lpi-701Dev ops lpi-701
Dev ops lpi-701
Radhouen Assakra
 
Testing object oriented software.pptx
Testing object oriented software.pptxTesting object oriented software.pptx
Testing object oriented software.pptx
DRPOONAMDRPOONAM1
 
Doors hints and tips schema
Doors hints and tips schemaDoors hints and tips schema
Doors hints and tips schema
Hazel Woodcock
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service Mesh
Aspen Mesh
 

Recommended

SimfiaNeo - Workbench for Safety Analysis powered by Sirius
SimfiaNeo - Workbench for Safety Analysis powered by SiriusSimfiaNeo - Workbench for Safety Analysis powered by Sirius
SimfiaNeo - Workbench for Safety Analysis powered by Sirius
Obeo
 
Unit iv-testing-pune-university-sres-coe
Unit iv-testing-pune-university-sres-coeUnit iv-testing-pune-university-sres-coe
Unit iv-testing-pune-university-sres-coe
Hitesh Mohapatra
 
Sirius Web Advanced : Customize and Extend the Platform
Sirius Web Advanced : Customize and Extend the PlatformSirius Web Advanced : Customize and Extend the Platform
Sirius Web Advanced : Customize and Extend the Platform
Obeo
 
CTFL - BSTQB
CTFL - BSTQBCTFL - BSTQB
CTFL - BSTQB
Fabrício Campos
 
Dev ops lpi-701
Dev ops lpi-701Dev ops lpi-701
Dev ops lpi-701
Radhouen Assakra
 
Testing object oriented software.pptx
Testing object oriented software.pptxTesting object oriented software.pptx
Testing object oriented software.pptx
DRPOONAMDRPOONAM1
 
Doors hints and tips schema
Doors hints and tips schemaDoors hints and tips schema
Doors hints and tips schema
Hazel Woodcock
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service Mesh
Aspen Mesh
 
STPA Analysis of Automotive Safety Using Arcadia and Capella
STPA Analysis of Automotive Safety Using Arcadia and CapellaSTPA Analysis of Automotive Safety Using Arcadia and Capella
STPA Analysis of Automotive Safety Using Arcadia and Capella
David Hetherington
 
Unleash the power of functional chains with Capella 1.3.1
Unleash the power of functional chains with Capella 1.3.1Unleash the power of functional chains with Capella 1.3.1
Unleash the power of functional chains with Capella 1.3.1
Obeo
 
Matomo: Your data compass
Matomo: Your data compassMatomo: Your data compass
Matomo: Your data compass
Kristina D.C. Hoeppner
 
LML to SysML and Back - Systems Engineering Languages
LML to SysML and Back - Systems Engineering LanguagesLML to SysML and Back - Systems Engineering Languages
LML to SysML and Back - Systems Engineering Languages
Elizabeth Steiner
 
Code Decay
Code DecayCode Decay
Code Decay
Md. Shafiuzzaman Hira
 
Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...
Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...
Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...
camunda services GmbH
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
The Capabilities and Innovations of Joint Communications Support Element (JCS...
The Capabilities and Innovations of Joint Communications Support Element (JCS...The Capabilities and Innovations of Joint Communications Support Element (JCS...
The Capabilities and Innovations of Joint Communications Support Element (JCS...
AFCEA International
 
IEC 61508-3 SW Engineering
IEC 61508-3 SW EngineeringIEC 61508-3 SW Engineering
IEC 61508-3 SW Engineering
Hongseok Lee
 
Connecting Textual Requirements with Capella Models
Connecting Textual Requirements with Capella Models Connecting Textual Requirements with Capella Models
Connecting Textual Requirements with Capella Models
Obeo
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
ForAllSecure
 
Best practices for effective doors implementation-Ashwini Patil
Best practices for effective doors implementation-Ashwini PatilBest practices for effective doors implementation-Ashwini Patil
Best practices for effective doors implementation-Ashwini Patil
Roopa Nadkarni
 
Establishing and analyzing traceability between artifacts
Establishing and analyzing traceability between artifactsEstablishing and analyzing traceability between artifacts
Establishing and analyzing traceability between artifacts
IBM Rational software
 
MBSE and Model-Based Testing with Capella
MBSE and Model-Based Testing with CapellaMBSE and Model-Based Testing with Capella
MBSE and Model-Based Testing with Capella
Obeo
 
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
Obeo
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
Mahesh Patwardhan
 
Innoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and moreInnoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and more
Elizabeth Steiner
 
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
Obeo
 
Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective
Engineering Software Lab
 
Adversary Emulation Workshop
Adversary Emulation WorkshopAdversary Emulation Workshop
Adversary Emulation Workshop
prithaaash
 
Notes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journeyNotes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journey
Olivier Busolini
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
CloudHesive
 

More Related Content

What's hot

STPA Analysis of Automotive Safety Using Arcadia and Capella
STPA Analysis of Automotive Safety Using Arcadia and CapellaSTPA Analysis of Automotive Safety Using Arcadia and Capella
STPA Analysis of Automotive Safety Using Arcadia and Capella
David Hetherington
 
Unleash the power of functional chains with Capella 1.3.1
Unleash the power of functional chains with Capella 1.3.1Unleash the power of functional chains with Capella 1.3.1
Unleash the power of functional chains with Capella 1.3.1
Obeo
 
Matomo: Your data compass
Matomo: Your data compassMatomo: Your data compass
Matomo: Your data compass
Kristina D.C. Hoeppner
 
LML to SysML and Back - Systems Engineering Languages
LML to SysML and Back - Systems Engineering LanguagesLML to SysML and Back - Systems Engineering Languages
LML to SysML and Back - Systems Engineering Languages
Elizabeth Steiner
 
Code Decay
Code DecayCode Decay
Code Decay
Md. Shafiuzzaman Hira
 
Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...
Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...
Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...
camunda services GmbH
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
The Capabilities and Innovations of Joint Communications Support Element (JCS...
The Capabilities and Innovations of Joint Communications Support Element (JCS...The Capabilities and Innovations of Joint Communications Support Element (JCS...
The Capabilities and Innovations of Joint Communications Support Element (JCS...
AFCEA International
 
IEC 61508-3 SW Engineering
IEC 61508-3 SW EngineeringIEC 61508-3 SW Engineering
IEC 61508-3 SW Engineering
Hongseok Lee
 
Connecting Textual Requirements with Capella Models
Connecting Textual Requirements with Capella Models Connecting Textual Requirements with Capella Models
Connecting Textual Requirements with Capella Models
Obeo
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
ForAllSecure
 
Best practices for effective doors implementation-Ashwini Patil
Best practices for effective doors implementation-Ashwini PatilBest practices for effective doors implementation-Ashwini Patil
Best practices for effective doors implementation-Ashwini Patil
Roopa Nadkarni
 
Establishing and analyzing traceability between artifacts
Establishing and analyzing traceability between artifactsEstablishing and analyzing traceability between artifacts
Establishing and analyzing traceability between artifacts
IBM Rational software
 
MBSE and Model-Based Testing with Capella
MBSE and Model-Based Testing with CapellaMBSE and Model-Based Testing with Capella
MBSE and Model-Based Testing with Capella
Obeo
 
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
Obeo
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
Mahesh Patwardhan
 
Innoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and moreInnoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and more
Elizabeth Steiner
 
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
Obeo
 
Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective
Engineering Software Lab
 
Adversary Emulation Workshop
Adversary Emulation WorkshopAdversary Emulation Workshop
Adversary Emulation Workshop
prithaaash
 

What's hot (20)

STPA Analysis of Automotive Safety Using Arcadia and Capella
STPA Analysis of Automotive Safety Using Arcadia and CapellaSTPA Analysis of Automotive Safety Using Arcadia and Capella
STPA Analysis of Automotive Safety Using Arcadia and Capella
 
Unleash the power of functional chains with Capella 1.3.1
Unleash the power of functional chains with Capella 1.3.1Unleash the power of functional chains with Capella 1.3.1
Unleash the power of functional chains with Capella 1.3.1
 
Matomo: Your data compass
Matomo: Your data compassMatomo: Your data compass
Matomo: Your data compass
 
LML to SysML and Back - Systems Engineering Languages
LML to SysML and Back - Systems Engineering LanguagesLML to SysML and Back - Systems Engineering Languages
LML to SysML and Back - Systems Engineering Languages
 
Code Decay
Code DecayCode Decay
Code Decay
 
Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...
Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...
Webinar - A Developer's Quick Start Guide to Open Source Process Automation U...
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
The Capabilities and Innovations of Joint Communications Support Element (JCS...
The Capabilities and Innovations of Joint Communications Support Element (JCS...The Capabilities and Innovations of Joint Communications Support Element (JCS...
The Capabilities and Innovations of Joint Communications Support Element (JCS...
 
IEC 61508-3 SW Engineering
IEC 61508-3 SW EngineeringIEC 61508-3 SW Engineering
IEC 61508-3 SW Engineering
 
Connecting Textual Requirements with Capella Models
Connecting Textual Requirements with Capella Models Connecting Textual Requirements with Capella Models
Connecting Textual Requirements with Capella Models
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
 
Best practices for effective doors implementation-Ashwini Patil
Best practices for effective doors implementation-Ashwini PatilBest practices for effective doors implementation-Ashwini Patil
Best practices for effective doors implementation-Ashwini Patil
 
Establishing and analyzing traceability between artifacts
Establishing and analyzing traceability between artifactsEstablishing and analyzing traceability between artifacts
Establishing and analyzing traceability between artifacts
 
MBSE and Model-Based Testing with Capella
MBSE and Model-Based Testing with CapellaMBSE and Model-Based Testing with Capella
MBSE and Model-Based Testing with Capella
 
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
CapellaDays2022 | ThermoFisher - ESI TNO | A method for quantitative evaluati...
 
IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
 
Innoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and moreInnoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and more
 
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
[SiriusCon 2020] Realization of Model-Based Safety Analysis and Integration w...
 
Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective Code Coverage in Theory and in practice form the DO178B perspective
Code Coverage in Theory and in practice form the DO178B perspective
 
Adversary Emulation Workshop
Adversary Emulation WorkshopAdversary Emulation Workshop
Adversary Emulation Workshop
 

Similar to [SiriusCon 2018] AdvoCATE: An Assurance Case Automation Toolset Based on Eclipse and Sirius

Notes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journeyNotes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journey
Olivier Busolini
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
CloudHesive
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
Karun Chennuri
 
Frans van Leuven - The security aspects of Cloud Services
Frans van Leuven - The security aspects of Cloud ServicesFrans van Leuven - The security aspects of Cloud Services
Frans van Leuven - The security aspects of Cloud Services
VNU Exhibitions Europe
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
John Yeoh
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecture
bdemchak
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security Leaders
NUS-ISS
 
Cloud Security Guidance from CESG and AWS
Cloud Security Guidance from CESG and AWSCloud Security Guidance from CESG and AWS
Cloud Security Guidance from CESG and AWS
Amazon Web Services
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
CloudHesive
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
 
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control SystemsA Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
Förderverein Technische Fakultät
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise
Amazon Web Services
 
Cloud bursting methodology
Cloud bursting methodologyCloud bursting methodology
Cloud bursting methodology
Jonathan Spindel
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
John M. Willis
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
John M. Willis
 
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
InfosecTrain Education
 
Safety Architect – a Model-Based Safety Analysis Tool Benefiting from Sirius ...
Safety Architect – a Model-Based Safety Analysis Tool Benefiting from Sirius ...Safety Architect – a Model-Based Safety Analysis Tool Benefiting from Sirius ...
Safety Architect – a Model-Based Safety Analysis Tool Benefiting from Sirius ...
Obeo
 
4831586.ppt
4831586.ppt4831586.ppt
4831586.ppt
ahmad21315
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio Management
Priyanka Aash
 

Similar to [SiriusCon 2018] AdvoCATE: An Assurance Case Automation Toolset Based on Eclipse and Sirius (20)

Notes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journeyNotes_from_a_clouds_security_journey
Notes_from_a_clouds_security_journey
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
 
Frans van Leuven - The security aspects of Cloud Services
Frans van Leuven - The security aspects of Cloud ServicesFrans van Leuven - The security aspects of Cloud Services
Frans van Leuven - The security aspects of Cloud Services
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecture
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security Leaders
 
Cloud Security Guidance from CESG and AWS
Cloud Security Guidance from CESG and AWSCloud Security Guidance from CESG and AWS
Cloud Security Guidance from CESG and AWS
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control SystemsA Behavior-based Approach to Secure and Resilient Industrial Control Systems
A Behavior-based Approach to Secure and Resilient Industrial Control Systems
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise
 
Cloud bursting methodology
Cloud bursting methodologyCloud bursting methodology
Cloud bursting methodology
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
 
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
Explore the comprehensive CISSP Certification Course syllabus with InfosecTra...
 
Safety Architect – a Model-Based Safety Analysis Tool Benefiting from Sirius ...
Safety Architect – a Model-Based Safety Analysis Tool Benefiting from Sirius ...Safety Architect – a Model-Based Safety Analysis Tool Benefiting from Sirius ...
Safety Architect – a Model-Based Safety Analysis Tool Benefiting from Sirius ...
 
4831586.ppt
4831586.ppt4831586.ppt
4831586.ppt
 
CyberSecurity Portfolio Management
CyberSecurity Portfolio ManagementCyberSecurity Portfolio Management
CyberSecurity Portfolio Management
 

More from Obeo

Digitally assisted design for safety analysis
Digitally assisted design for safety analysisDigitally assisted design for safety analysis
Digitally assisted design for safety analysis
Obeo
 
INCOSE IS 2023 | You deserve more than the best in class MBSE tool
INCOSE IS 2023 | You deserve more than the best in class MBSE toolINCOSE IS 2023 | You deserve more than the best in class MBSE tool
INCOSE IS 2023 | You deserve more than the best in class MBSE tool
Obeo
 
Tailoring Arcadia Framework in Thales UK
Tailoring Arcadia Framework in Thales UKTailoring Arcadia Framework in Thales UK
Tailoring Arcadia Framework in Thales UK
Obeo
 
CapellaDays2022 | Saratech | Interface Control Document Generation and Linkag...
CapellaDays2022 | Saratech | Interface Control Document Generation and Linkag...CapellaDays2022 | Saratech | Interface Control Document Generation and Linkag...
CapellaDays2022 | Saratech | Interface Control Document Generation and Linkag...
Obeo
 
CapellaDays2022 | Politecnico di Milano | Interplanetary Space Mission as a r...
CapellaDays2022 | Politecnico di Milano | Interplanetary Space Mission as a r...CapellaDays2022 | Politecnico di Milano | Interplanetary Space Mission as a r...
CapellaDays2022 | Politecnico di Milano | Interplanetary Space Mission as a r...
Obeo
 
CapellaDays2022 | NavalGroup | Closing the gap between traditional engineerin...
CapellaDays2022 | NavalGroup | Closing the gap between traditional engineerin...CapellaDays2022 | NavalGroup | Closing the gap between traditional engineerin...
CapellaDays2022 | NavalGroup | Closing the gap between traditional engineerin...
Obeo
 
CapellaDays2022 | Thales | Stairway to heaven: Climbing the very first steps
CapellaDays2022 | Thales | Stairway to heaven: Climbing the very first stepsCapellaDays2022 | Thales | Stairway to heaven: Climbing the very first steps
CapellaDays2022 | Thales | Stairway to heaven: Climbing the very first steps
Obeo
 
CapellaDays2022 | COMAC - PGM | How We Use Capella for Collaborative Design i...
CapellaDays2022 | COMAC - PGM | How We Use Capella for Collaborative Design i...CapellaDays2022 | COMAC - PGM | How We Use Capella for Collaborative Design i...
CapellaDays2022 | COMAC - PGM | How We Use Capella for Collaborative Design i...
Obeo
 
CapellaDays2022 | CILAS - ArianeGroup | CILAS feedback about Capella use
CapellaDays2022 | CILAS - ArianeGroup | CILAS feedback about Capella useCapellaDays2022 | CILAS - ArianeGroup | CILAS feedback about Capella use
CapellaDays2022 | CILAS - ArianeGroup | CILAS feedback about Capella use
Obeo
 
CapellaDays2022 | Thales DMS | A global engineering process based on MBSE to ...
CapellaDays2022 | Thales DMS | A global engineering process based on MBSE to ...CapellaDays2022 | Thales DMS | A global engineering process based on MBSE to ...
CapellaDays2022 | Thales DMS | A global engineering process based on MBSE to ...
Obeo
 
CapellaDays2022 | SIEMENS | Expand MBSE into Model-based Production Engineeri...
CapellaDays2022 | SIEMENS | Expand MBSE into Model-based Production Engineeri...CapellaDays2022 | SIEMENS | Expand MBSE into Model-based Production Engineeri...
CapellaDays2022 | SIEMENS | Expand MBSE into Model-based Production Engineeri...
Obeo
 
Gestion applicative des données, un REX du Ministère de l'Éducation Nationale
Gestion applicative des données, un REX du Ministère de l'Éducation NationaleGestion applicative des données, un REX du Ministère de l'Éducation Nationale
Gestion applicative des données, un REX du Ministère de l'Éducation Nationale
Obeo
 
Simulation with Python and MATLAB® in Capella
Simulation with Python and MATLAB® in CapellaSimulation with Python and MATLAB® in Capella
Simulation with Python and MATLAB® in Capella
Obeo
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems Architectures
Obeo
 
Sirius Web 101 : Create a Modeler With No Code
Sirius Web 101 : Create a Modeler With No CodeSirius Web 101 : Create a Modeler With No Code
Sirius Web 101 : Create a Modeler With No Code
Obeo
 
Sirius Project, Now and In the Future
Sirius Project, Now and In the FutureSirius Project, Now and In the Future
Sirius Project, Now and In the Future
Obeo
 
Visualizing, Analyzing and Optimizing Automotive Architecture Models using Si...
Visualizing, Analyzing and Optimizing Automotive Architecture Models using Si...Visualizing, Analyzing and Optimizing Automotive Architecture Models using Si...
Visualizing, Analyzing and Optimizing Automotive Architecture Models using Si...
Obeo
 
Defining Viewpoints for Ontology-Based DSLs
Defining Viewpoints for Ontology-Based DSLsDefining Viewpoints for Ontology-Based DSLs
Defining Viewpoints for Ontology-Based DSLs
Obeo
 
Development of DSL for Context-Aware Mobile Applications
Development of DSL for Context-Aware Mobile ApplicationsDevelopment of DSL for Context-Aware Mobile Applications
Development of DSL for Context-Aware Mobile Applications
Obeo
 
Get into MBSE-MBSA process with a dedicated toolchain
Get into MBSE-MBSA process with a dedicated toolchainGet into MBSE-MBSA process with a dedicated toolchain
Get into MBSE-MBSA process with a dedicated toolchain
Obeo
 

More from Obeo (20)

Digitally assisted design for safety analysis
Digitally assisted design for safety analysisDigitally assisted design for safety analysis
Digitally assisted design for safety analysis
 
INCOSE IS 2023 | You deserve more than the best in class MBSE tool
INCOSE IS 2023 | You deserve more than the best in class MBSE toolINCOSE IS 2023 | You deserve more than the best in class MBSE tool
INCOSE IS 2023 | You deserve more than the best in class MBSE tool
 
Tailoring Arcadia Framework in Thales UK
Tailoring Arcadia Framework in Thales UKTailoring Arcadia Framework in Thales UK
Tailoring Arcadia Framework in Thales UK
 
CapellaDays2022 | Saratech | Interface Control Document Generation and Linkag...
CapellaDays2022 | Saratech | Interface Control Document Generation and Linkag...CapellaDays2022 | Saratech | Interface Control Document Generation and Linkag...
CapellaDays2022 | Saratech | Interface Control Document Generation and Linkag...
 
CapellaDays2022 | Politecnico di Milano | Interplanetary Space Mission as a r...
CapellaDays2022 | Politecnico di Milano | Interplanetary Space Mission as a r...CapellaDays2022 | Politecnico di Milano | Interplanetary Space Mission as a r...
CapellaDays2022 | Politecnico di Milano | Interplanetary Space Mission as a r...
 
CapellaDays2022 | NavalGroup | Closing the gap between traditional engineerin...
CapellaDays2022 | NavalGroup | Closing the gap between traditional engineerin...CapellaDays2022 | NavalGroup | Closing the gap between traditional engineerin...
CapellaDays2022 | NavalGroup | Closing the gap between traditional engineerin...
 
CapellaDays2022 | Thales | Stairway to heaven: Climbing the very first steps
CapellaDays2022 | Thales | Stairway to heaven: Climbing the very first stepsCapellaDays2022 | Thales | Stairway to heaven: Climbing the very first steps
CapellaDays2022 | Thales | Stairway to heaven: Climbing the very first steps
 
CapellaDays2022 | COMAC - PGM | How We Use Capella for Collaborative Design i...
CapellaDays2022 | COMAC - PGM | How We Use Capella for Collaborative Design i...CapellaDays2022 | COMAC - PGM | How We Use Capella for Collaborative Design i...
CapellaDays2022 | COMAC - PGM | How We Use Capella for Collaborative Design i...
 
CapellaDays2022 | CILAS - ArianeGroup | CILAS feedback about Capella use
CapellaDays2022 | CILAS - ArianeGroup | CILAS feedback about Capella useCapellaDays2022 | CILAS - ArianeGroup | CILAS feedback about Capella use
CapellaDays2022 | CILAS - ArianeGroup | CILAS feedback about Capella use
 
CapellaDays2022 | Thales DMS | A global engineering process based on MBSE to ...
CapellaDays2022 | Thales DMS | A global engineering process based on MBSE to ...CapellaDays2022 | Thales DMS | A global engineering process based on MBSE to ...
CapellaDays2022 | Thales DMS | A global engineering process based on MBSE to ...
 
CapellaDays2022 | SIEMENS | Expand MBSE into Model-based Production Engineeri...
CapellaDays2022 | SIEMENS | Expand MBSE into Model-based Production Engineeri...CapellaDays2022 | SIEMENS | Expand MBSE into Model-based Production Engineeri...
CapellaDays2022 | SIEMENS | Expand MBSE into Model-based Production Engineeri...
 
Gestion applicative des données, un REX du Ministère de l'Éducation Nationale
Gestion applicative des données, un REX du Ministère de l'Éducation NationaleGestion applicative des données, un REX du Ministère de l'Éducation Nationale
Gestion applicative des données, un REX du Ministère de l'Éducation Nationale
 
Simulation with Python and MATLAB® in Capella
Simulation with Python and MATLAB® in CapellaSimulation with Python and MATLAB® in Capella
Simulation with Python and MATLAB® in Capella
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems Architectures
 
Sirius Web 101 : Create a Modeler With No Code
Sirius Web 101 : Create a Modeler With No CodeSirius Web 101 : Create a Modeler With No Code
Sirius Web 101 : Create a Modeler With No Code
 
Sirius Project, Now and In the Future
Sirius Project, Now and In the FutureSirius Project, Now and In the Future
Sirius Project, Now and In the Future
 
Visualizing, Analyzing and Optimizing Automotive Architecture Models using Si...
Visualizing, Analyzing and Optimizing Automotive Architecture Models using Si...Visualizing, Analyzing and Optimizing Automotive Architecture Models using Si...
Visualizing, Analyzing and Optimizing Automotive Architecture Models using Si...
 
Defining Viewpoints for Ontology-Based DSLs
Defining Viewpoints for Ontology-Based DSLsDefining Viewpoints for Ontology-Based DSLs
Defining Viewpoints for Ontology-Based DSLs
 
Development of DSL for Context-Aware Mobile Applications
Development of DSL for Context-Aware Mobile ApplicationsDevelopment of DSL for Context-Aware Mobile Applications
Development of DSL for Context-Aware Mobile Applications
 
Get into MBSE-MBSA process with a dedicated toolchain
Get into MBSE-MBSA process with a dedicated toolchainGet into MBSE-MBSA process with a dedicated toolchain
Get into MBSE-MBSA process with a dedicated toolchain
 

Recently uploaded

UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 

Recently uploaded (20)

UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 

[SiriusCon 2018] AdvoCATE: An Assurance Case Automation Toolset Based on Eclipse and Sirius

  • 1. AdvoCATE: An Assurance Case Automation Toolset Based on Eclipse and Sirius 4th December, 2018 Ewen Denney & Robbie Henderson (Joint work with Ganesh Pai and Dimo Petroff) NASA Ames Research Center Robust Software Engineering Group ewen.denney@nasa.gov
  • 2. Research Motivation • High-hazard industries are moving to active safety management – Safety management system (SMS) in aviation – Need to • Unify reasoning about technical aspects of safety • Support safety-related decision making • Goals-based regulation is attractive for novel applications – When regulations and performance standards are absent • Unmanned aircraft systems (UAS), Autonomous systems, … – Increases flexibility for regulated entity – Evidence-based assurance  safety case / assurance case 2
  • 3. Safety and Assurance Cases ‘A safety case is a structured argument, supported by a body of evidence, that provides a compelling, comprehensible and valid case that a system is safe for a given application in a given operating environment’ - NASA System Safety Handbook ver. 1 (2014) • Essentially, a safety risk management artifact – Other compatible definitions and guidance on content – Based on application domain, standard, regulatory paradigm, etc. • An assurance case generalizes safety cases to other assurance properties: reliability, security, availability, … 3
  • 4. Risk Control Risk Analysis and Assessment Hazard Effect Severity Likelihood Initial Risk Level Hazard Control Residual Risk Level H1 - Airspace encounter with GA aircraft NMAC / MAC 2 (Haz.) 1 (Cat.) Probable Probable 2B 1B Detect & Avoid Flt. Termination ... 2D 2D H2 – Stall CFIT Safety Risk Management 4 System Analysis Concept of Operations, System/change description, Regulations, … HazID Hazards Operational, functional, … Design target Barrier Modeling – Abstract Safety Architecture Safety Requirements Implementation Mitigations Safety requirements Barrier and Control functions Risk scenarios, design targets, risk evaluation Assurance Rationale (Structured Argument) Evidence Artifacts Design, Analysis, Verification Testing, Assurance claims, strategies, context, rationale, … Operational Safety Assurance (Monitoring and Update) Safety performance measures, monitors, … Operational Evidence Verification of safety performance targets Assumption corroboration Hazard tracking, Precursors, …
  • 5. Example: UAS Safety 5 Combination of operating modes • Visual line of sight (VLOS) • Beyond visual line of sight (BVLOS) • Beyond radio line of sight (BRLOS) Varying access profiles • Operating range • Terminal airspace • Transit (vertical / lateral) Diverse environment • Populated / urban / built-up areas • Uncontrolled / controlled airspace • Low / high density airspace Varying mission concepts • Package delivery • Surveillance • Aerial inspection • Mapping, … Different configurations • Airborne sensors (Lidar, sonar, FPV camera, Radar) • Ground sensors (Radar) • Multiple GCS, Roaming GCS, … Increasing complexity in mission and operations UAS – Unmanned Aerial System (aka drone)
  • 6. UTM: UAS Traffic Management 6
  • 7. Tool Needs • Creation and assessment of assurance cases – Support variety of diagrams and for assurance artifacts representations (graphical, tabular, textual) – Views for diverse stakeholders and use cases – Consistency and navigation between assurance artifacts – Automation workflows – Integration with 3rd party tools • Tool technologies – EMF: model-based assurance – Sirius: graphical editing of industry standard safety notations – Xtext: domain specific languages and querying of safety models – NatTable: table editor for hazard/requirements analysis 7
  • 8. Barrier Modeling • Collection of barrier models providing a risk basis – Collection of all factors affecting risk – Model for risk qualification/quantification 8 Event chain / accident trajectory Barrier compromise/breach Loss of Control State Threats / Causes / Initiating Events or States Accident / Loss / Harmful States or Events Prevention Barriers Recovery Barriers Hazard
  • 9. Bow Tie Diagram (BTD) 9
  • 10. Example: Loss of Separation 10
  • 11. Rationale Capture via Assurance Arguments 11 Chain of reasoning Safety / Dependability Claims Item of Evidence Developed claims Documentation and Details Goal Structuring Notation (GSN)
  • 13. AdvoCATE: Tables • Assurance Case Automation Toolset • Hazard analysis and risk assessment – Conducting hazard identification – Specification of hazard causes and consequences – Assessment of initial and residual risk levels given in terms of probability and severity • Safety and assurance requirements capture 13
  • 14. Hazard Log and Tabular Editor 14
  • 16. AdvoCATE: Arguments and Patterns • Structured argument development – Pattern specification – Automated pattern instantiation • Integration of formal methods and formal tool-based evidence – Hierarchical and Modular organization – Argument queries and views • Metrics 16
  • 18. AdvoCATE: Safety Architectures • Safety architecture development – Composition of multiple bow tie diagrams – Views – Transformations (event and barrier split / merge) • Sequential event split: Loss of safe separation  Loss of “well-clear” separation + NMAC • Parallel event split: MAC  MAC within OR || MAC outside OR • Barrier split: Ground-based surveillance  Radar surveillance + Visual surveillance – Risk computation: event probability along paths 18
  • 19. Safety Architectures 19 Bow Tie Modeling Automated View Extraction
  • 20. AdvoCATE: Traceability • Navigation • Traceability matrices • Maintaining consistency between related artifacts, e.g., between – Entries in the hazard log and the relevant assurance requirements – Arguments and the corresponding requirements, verification artifacts, etc. 20
  • 21. Tracing and Consistency 21 Hazards Safety and Assurance Requirements Assurance Arguments / Rationale Bow Tie Diagrams / Safety Architecture
  • 22. Amalgam Activity Explorer • The Amalgam activity explorer is used in the design of our Safety, Mission Assurance, and Risk management (SMART) dashboard 22
  • 23. Amalgam Activity Explorer • The (SMART) Dashboard allows us to: – Provide a clear and directional workflow towards a completed safety/assurance case 23
  • 24. Amalgam Activity Explorer 24 • For each step we have one EMF model • Dependencies provide some of the workflow, i.e. safety architectures can require “requirements” model components • Necessary components are clearly prompted • Sirius diagrams relevant to the current model are accessible
  • 25. Amalgam Activity Explorer • The (SMART) Dashboard allows us to: – Provide a clear and directional workflow towards a completed safety/assurance case – Provide feedback on the status of assurance activities, and areas that need to be developed further – Provide a naive evaluation of the current system safety 25
  • 26. Amalgam Activity Explorer 26 • Problems with the safety case development are clearly brought to the users attention, with hyperlinking to the problem source
  • 27. Amalgam Activity Explorer • The (SMART) Dashboard allows us to: – Provide a clear and directional workflow towards a completed safety/assurance case – Provide feedback on the status of assurance activities, and areas that need to be developed further – Provide a naive evaluation of the current system safety – In future, provide real-time evaluation of system based on feedback from a live platform 27
  • 28. Activity Explorer Issues • We don’t always have a Sirius “session” – Amalgam works very well when provided a Sirius “session” – Some of our models are entirely developed in a DSL, or NAT Table tabular editor – Initially we created viewpoints for all resources….even when it wasn’t useful – We now manually load resources and open editors by id, and only use the Sirius session for the opening/creation of viewpoints • Debugging is hard! – Issues with activity explorer pages often result in no activity explorer at all, with no logging – help! 28
  • 29. BX of Safety Models • Sirius viewpoints are used extensively, along side various editors, to avoid complex bi- directional transformations of the safety models – The safety architecture of a system can be viewed as a Controlled Event Structure, a single diagram showing the temporal flow of all events – One event in a CES may have a local bow tie, where we only care about the event, its own causes and effects – Through a combination of Xtend model helpers and multiple viewpoints, we managed to merge most models containing similar information and just provide viewpoints where necessary 29
  • 30. BX of Safety Models 30
  • 31. Sirius Custom Properties Panel • Many of AdvoCATE’s graphical elements are the product of multiple modelled constructs – To handle this, we made use of Sirius custom property panels – Model elements, such as hazards, are edited from many locations in AdvoCATE, and are viewed in different forms all over the tool – One custom property panel is added, allowing us to define one uniform editing experience for the combined feature, regardless of what is shown – Certain semantic attributes can be shown, but not edited to allow the user context while in a particular viewpoint 31
  • 32. Sirius Custom Properties Panel 32 Calculated Values – Mitigation of Risk A Hazard/Event A Hazard in progress – Event Instance
  • 33. Property Panel Additions • Some customizations to the custom properties panel we have implemented: – Enum Lists: We have many model features as lists of enumerated values – Xtext editor widgets (more on that later) – Xtext index-query selection boxes – model cross references 33
  • 34. Xtext 34 • All models within AdvoCATE make use of Xtext resources and the powerful index they provide • Extensive cross-referencing between models became cumbersome using pure EMF • Integration of Xtext and Sirius has been very smooth – with only minimal customizations to Sirius widgets and some services to take advantage of the Xtext index in diagrams • Most models we use require an Xtext DSL to keep all users happy…so extra effort is minimal
  • 35. Xtext - Indexing 35 • With all models being Xtext resources we are able to take advantage of the Xtext index as a one-stop repository of safety elements • Cross-referencing by loading resources becomes quite cumbersome with large projects • We wrap Xtext index querying in services used by our Sirius diagrams, to take advantage of our DSL scope providers • Future plans will involve the DSL Devkit Scope/Export framework, to allow us to fine tune relevant safety artifacts, and export these to an external repository (large scale safety case development)
  • 36. Xtext - Indexing 36 • We create an Xtext scope-provider-fed custom property widget • As the DSL is modified, the Sirius properties view is updated automatically – it simply calls our scope provider • Relevant EObjects are resolved and the list of choices is populated
  • 37. Xtext – Serialized Models 37 • One important future feature of AdvoCATE is collaborative safety case development – When using pure EMF + Sirius, we found that version control struggled a little…
  • 38. Xtext – Serialized Models 38 • One way we thought to combat this problem is a combination of: – Really good auto-layout (if a little ambitious) • We don’t necessarily need to version control the layout if we can do so automatically, and reliably • AIRD merge conflicts become huge, and impossible to merge – we might not need to track them – Serialize the model as a DSL, and parse • The models themselves in XMI format can be hard to merge • New features cause compatibility problems
  • 39. Xtext – Serialized Models 39 • By designing a robust Xtext DSL for each model, we can more reliably track changes – Git likes DSLs way more than XMI – New features, or modified metamodels are less likely to also break the parser, but XMI almost always will – We can auto-create appropriate diagrams for our models in Sirius, and auto-layout on first opening • We’re still in the process of finding a solution to our problems – but this fits nicely so far
  • 40. Xtext – Direct Edit Xtext Editor 40 • In some contexts, complex syntax had to be embedded in our graphical editors – Argument patterns, are a way to generate a GSN argument based on given data and a “pattern” providing the structure – Parameters are defined, and then embedded in node descriptions to be evaluated at generation time – To do so, we designed a DSL to define the pattern and it’s parameters – Great! We get all the content assist, linking, and that fun stuff
  • 41. Xtext – Direct Edit Xtext Editor 41 But wait…what’s the structure?
  • 42. Xtext – Direct Edit Xtext Editor 42 • Clearly, a graphical layout gives a much more manageable view of what the generated result might be – We needed a solution that combined the power of the Xtext DSL, for what might become very complex string-building expressions, with the high-level view of a Sirius viewpoint – We created a Sirius Direct Edit widget which wrapped the Xtext Embedded editor – Now we have content assist, syntax highlighting, hyperlinking, and inline validation – all as part of direct edit
  • 43. Xtext – Direct Edit Xtext Editor 43
  • 44. Perspectives • Ongoing focus on design-time assurance – Artifacts and rationale from development, prior to release-into-service • Outlook towards operational assurance through lifecycle – In-service safety performance monitoring • Autonomy applications – NASA System-wide Safety Project – DARPA Assured Autonomy Program – Expansion in application domain to spaceflight: initially robotic, eventually, human spaceflight • Future tool development – User-customizable dashboards – Query/view language – Collaborative development – Towards the Cloud … 44
  • 45. We’re hiring! Contact: ewen.denney@nasa.gov 45 Looking for software engineers with experience in Eclipse, Sirius, Xtext, NatTable, ...
  • 46. Please wait a few seconds before we automatically bring you to the next session (First Day Closing Session) If you want to keep talking with the speakers of actual talk, you will have to come back to this session. Thanks for listening to (Ewen Denney|NASA Ames) Any questions?