modeling and vericaon of func.onal and non func.onal...

ModelingandVerica.onofFunc.onalandNonFunc.onalRequirementsforAmbientSelfAdap.veSystems

ManzoorAhmad,NicolasBelloir,Jean-MichelBruel

JournéesduGDRGPL2016,Besançon,10juin20161

Plan

Generalapproach

ModelingandVerifica5onofFunc5onalandNonFunc5onalRequirementsofAmbient,Self-Adap5veSystems

UsingRelaxinaSecurityRequirementselicita5onprocessforSoS

Perspec5vesandconclusion

3 JournéesduGDRGPL2016 10juin2016

Howtoimproveprojectsuccess?

The Standish Group CHAOS Report

“inappropriateRequirements Engineeringis one of the mostimportant reasons forprojectfailures”

“Currently, the MBSEprocess and methods aregenerallyprac.cedinanadhoc manner and notintegrated into the overallsystems engineeringprocesses”


RoadMap

  Mainidea  «beYertakeintoaccountaboutextra-func.onalrequirementshelpstobeYerintegrateitinspecifica.onprocess»

  Focusonthefollowingextra-func5onalrequirements  Adapta.on  «Systemswillbedesignedforcon.nuousadapta.on,whichwills.mulategreateruseofoff-the-shelfcomponents»[SEVision2020]

  Security  Objec.vein2025:«Systemsengineeringrou.nelyincorporatesrequirementstoenhancesystemsandinforma.onsecurityandresiliencytocyberthreatsearly»[SEVision2025]

  Integrateintoamodel-basedprocess  Elicita.onanddesignofrequirements

  Targetlanguage:SysML


WhySysML?

  LanguageforSystemEngineering  DefinedbyOMGandINCOSE

  Specifica5onofcomplexsystemsandsystems-of-systems

  Successfullyusedbyindustrials

  A350,Ariane5,…

  Lotofexis.ngandadaptabletools  desing,documentgenera.ons,simula.ons

Assoc ia5on SysML-F rance

Encouragerlesdiscussionsetlesretoursd’expériencesurSysMLdanslacommunautéfrancophone

hYp://www.sysml-france.fr/

2016:intégra.onàl’AFIS

Plan

Generalapproach





Localiza.oninageneraldesignprocess

Stakeholdersneeds

RequirementDesign

Requirementselicita.on

Systemspecifica.on

Proper.esverifica.on

Valida.onOK



Stakeholdersneeds

FocusonNFRs

ConceptualworkonNFRsRequirementDesign


Systemspecifica.on SysMLSpecifica.on


Valida.onOK


RELAX[WhiYleandall,RE,2009]

  RequirementsEngineeringlanguageforSelfAdap.veSystems

  FocusonSHALLstatements

  Hypothesis:  NotalwayspossibletoachieveallSHALLstatements

  Needtorelaxnoncri.calrequirements


RELAXOperators


Illustra.on

Thesynchroniza.onprocessSHALLbeini.atedwhenAliceenterstheroomandat30minuteintervalsthereaqer

RELAXProcess

Thesynchroniza.onprocessSHALLbeini.atedASEARLYASPOSSIBLEAFTERAliceenterstheroomandASCLOSEASPOSSIBLETO30minuteintervalsthereaqerENV:loca.onofAlice;synchroniza.oninterval.MON:mo.onsensors;networksensorsREL:mo.onsensorsprovideloca.onofAlice;networksensorsprovidesynchroniza.oninterval


RELAXProcess


RelaxEditor

RelaxGrammar

XtextEditor

Modelsample



Stakeholdersneeds

FocusonNFRs





Valida.onOK


Conceptualworkonrequirements

  UseofGoalOrientedRequirementsEngineeringmethod

  Kaos  SysML/Kaos

  Intermediarystep

GoalOrientedModeling

requirementselicita.on SystemModeling


DeKaosàSysML/Kaos

ATLModelTransforma.on

Collabora.onwithJoaoAraujoandJean-MichelBruel


Tabledescorrespondances


ExploiterunepropriétérelâchéeenSysMLKaos

SysML/Kaosmmdl

SysML/Kaoseditor

SysML/Kaosmodels


RèglesATL

MetaModels

Rules


Synthe.cviewoftheapproach[M.Ahmad]

Requirements

SystemDesign

Relax InvariantRequirements

RelaxedRequirements

RELAXCOOLEditor

Conver.ngRelaxedRequirementstoGoals

RelaxedRequirementsintheformofGoals

Relax2SysMLKaosEditor

ATLRules

ModelingwithSysMLKaos

Validated

???

Legend

Processus

Doc.

Tool



Stakeholdersneeds

FocusonNFRs





Valida.onOK


OMEGA2/IFx[Ober&all,2012]

  OMEGA2isanexecutableUML/SysMLprofile[OMEGA2IFx12]

  formalspecifica.on&Valida.onofcri.calreal-.mesystems

  clearandcoherentopera.onaland.medseman.cs.

  Containthemainconstructsformodeling:  systemstructure(class/block,internalblock)

  systembehavior(statemachine)  definesasetofwell-formednessrules->strongtypinglanguage

  Operational semantics of OMEGA2   asynchronous timed execution model   class/block represented by a timed input/output automata,   communicating via asynchronous operation calls and signals.


OMEGA2Observers

  Observers  Forspecifyingandverifyingdynamicproper.es

  Specialclasses/blocksmonitoringrun-.mestatesandevents  Statemachinedescribestheirbehavior

  toexpressthe(non)sa.sfac.onofsafetyproper.esStatesareclassifiedas  <<success>>  <<error>>


Proper.esVerifica.on&Simula.onusingIFx

  IfxToolsetallows

  Verifica.onofproper.esonOMEGA2models  automa.cprocessofverifyingwhetheranOMEGA2modelsa.sfies(someof)theproper.es(i.e.observers)definedonit

  basedonsystema.cexplora.onofthesystemstatespace(i.e.ModelChecking)

  SimulateOMEGA2models  interac.veexecu.onofOMEGA2models

  guidedbyasimula.onscenario(e.g.ErrorScenario)


Intelligenthouse-IUTdeBlagnacASelf-Adap.veSystem


Vérifica.ondespropriétésviaOMEGA2/IFx[Simultech2013]

AAL Main IBD

Fridge IBD


Modélisa.onetvérifica.ondespropriétésrelâchéesenu.llisantdesobservers

ErrorStates


Vuesynthé.quedel’approche

Requirements

SystemDesign

Relax InvariantRequirements

RelaxedRequirements OMEGA2IFx

ObserverModeling

Observers(statesmachines)

OMEGA2IFx

Validated

???

Integra.ngRelaxedRequirementtoSystemDesign

Process

Plan

Generalapproach





RelaxingSecurityrequirementswithinSoS

Mari5mesafetyandsecuritycasestudy*

Focusoninforma5onaccesscontrol


TheOrBACModel

  Organiza.onbasedAccessControl:OrBAC  allowthepolicydesignertodefineasecuritypolicyindependentlyoftheimplementa.on

  Availabletool:motOrBAC

  PredicateSamples:  permission(org,role,acJvity,view,context)

  prohibiJon….


RelaxingSecurityrequirementswithinSoS

Workinprogress


Mari.mesafetyandsecuritycasestudy

  Textualsecurityrequirementssamples  Msc2:OperatorsonvesselsoftheEU_NAVFORwhichareassignedtothepreven.onofcriminalac.vi.es(orsimilartasks)canaccessaddi.onal“offtherecord“informa.onaboutshipswhichhasbeengatheredduringtheopera.on.

  Msc3:OperatorsonSARvesselscer.fiedbyEU_NAVFORmemberscanaccessalltheinforma.onaboutashipincaseofemergency.

  ORBACtransla.on(manual)  Msc2:permission(EU_NAVFOR,EU_Lawenforcement,read_info,private_info,default_context);

  Msc3:permission(EU_NAVFOR,EU_SAR,read_info,all_info,emergency);


AMDEbasedprocess

  Metamodelsandtransforma.onchains


Mari.mesafetyandsecuritycasestudy

  Relaxingsecurityreqstolimittheirconflicts

  RelaxedMsc2andMsc3:

  Privateinforma.onMAYbereadbyshipsthatareexecu.ngataskoffigh.ngagainstcrimeORbySARshipsincaseofemergency.

  ENV:fightagainstcrime(FAC),accesstoprivateinforma.on(API)

 MON:Aggressionlevel(AL),Accessrules(AR)

  REL:FAC=(AL>10?true;false);API=select∗fromARwhere...

  DEP:ithasaposi.vedependencyonMsc1-2.

Plan

Generalapproach





Conclusion

  Workissuitedinearlyrequirementanalysisphase

  Targe.ngoncomplexsystemsandsystemsofsystems

  Focusmadeonextra-func.onalrequirements  Adaptability  Security

  UsingMDEconcepts

  SysMLasspecifica.onlanguage


Perspec.ves

  Shortterm  Formalizingacollabora5veprocessclearlydescribinghowtousetheapproach

  Developingindustrialstudyforevalua.ngrealapplicabilityoftheapproach

  Middleterm  BeYerdefiningrequirements.Ok,butaqerthat?  Connectwhatwecanformalizewithinotherwell-usedapproaches

  ForsecurityNFRs,linkwithSysML-Sec[(LudovicApvrille]

  ConsequencesonSoSarchitectures  UseofspecificpaWerns?

  ProjectfocusingonsecurityforCyber-PhysicalSystemswithMandragoneUniversity,BrooxesUniversity,…

Ques.ons?

ManzoorAhamd,NicolasBelloiretJean-MichelBruel.«Modelingandverifica/onofFunc/onalandNon-Func/onalRequirementsofambientSelf-Adap/veSystems».JournalofSystemsandSoVware,Volume107,pages50-70,sept2015.

NicolasBelloir,VaneaChiprianov,ManzoorAhmad,ManuelMunier,LaurentGallonandJean-MichelBruel.«UsingRelaxOperatorsintoanMDESecurityRequirementElicita5onProcessforSystemsofSystems».2ndInterna/onalworkshoponSoEwareEngineeringforSystems-of-systems,inthefieldof8thEuropeanConferenceonsoEwareArchitecture,Vienna,Autria,26August2014.ACMDigitalLibrary

modeling and vericaon of func.onal and non func.onal...

Documents