modeling and vericaon of func.onal and non func.onal...
TRANSCRIPT
ModelingandVerica.onofFunc.onalandNonFunc.onalRequirementsforAmbientSelfAdap.veSystems
ManzoorAhmad,NicolasBelloir,Jean-MichelBruel
JournéesduGDRGPL2016,Besançon,10juin20161
Plan
Generalapproach
ModelingandVerifica5onofFunc5onalandNonFunc5onalRequirementsofAmbient,Self-Adap5veSystems
UsingRelaxinaSecurityRequirementselicita5onprocessforSoS
Perspec5vesandconclusion
3 JournéesduGDRGPL2016 10juin2016
Howtoimproveprojectsuccess?
The Standish Group CHAOS Report
“inappropriateRequirements Engineeringis one of the mostimportant reasons forprojectfailures”
“Currently, the MBSEprocess and methods aregenerallyprac.cedinanadhoc manner and notintegrated into the overallsystems engineeringprocesses”
4 JournéesduGDRGPL2016 10juin2016
RoadMap
Mainidea «beYertakeintoaccountaboutextra-func.onalrequirementshelpstobeYerintegrateitinspecifica.onprocess»
Focusonthefollowingextra-func5onalrequirements Adapta.on «Systemswillbedesignedforcon.nuousadapta.on,whichwills.mulategreateruseofoff-the-shelfcomponents»[SEVision2020]
Security Objec.vein2025:«Systemsengineeringrou.nelyincorporatesrequirementstoenhancesystemsandinforma.onsecurityandresiliencytocyberthreatsearly»[SEVision2025]
Integrateintoamodel-basedprocess Elicita.onanddesignofrequirements
Targetlanguage:SysML
5 JournéesduGDRGPL2016 10juin2016
WhySysML?
LanguageforSystemEngineering DefinedbyOMGandINCOSE
Specifica5onofcomplexsystemsandsystems-of-systems
Successfullyusedbyindustrials
A350,Ariane5,…
Lotofexis.ngandadaptabletools desing,documentgenera.ons,simula.ons
Assoc ia5on SysML-F rance
Encouragerlesdiscussionsetlesretoursd’expériencesurSysMLdanslacommunautéfrancophone
hYp://www.sysml-france.fr/
2016:intégra.onàl’AFIS
Plan
Generalapproach
ModelingandVerifica5onofFunc5onalandNonFunc5onalRequirementsofAmbient,Self-Adap5veSystems
UsingRelaxinaSecurityRequirementselicita5onprocessforSoS
Perspec5vesandconclusion
7 JournéesduGDRGPL2016 10juin2016
Localiza.oninageneraldesignprocess
Stakeholdersneeds
RequirementDesign
Requirementselicita.on
Systemspecifica.on
Proper.esverifica.on
Valida.onOK
8 JournéesduGDRGPL2016 10juin2016
Localiza.oninageneraldesignprocess
Stakeholdersneeds
FocusonNFRs
ConceptualworkonNFRsRequirementDesign
Requirementselicita.on
Systemspecifica.on SysMLSpecifica.on
Proper.esverifica.on
Valida.onOK
9 JournéesduGDRGPL2016 10juin2016
RELAX[WhiYleandall,RE,2009]
RequirementsEngineeringlanguageforSelfAdap.veSystems
FocusonSHALLstatements
Hypothesis: NotalwayspossibletoachieveallSHALLstatements
Needtorelaxnoncri.calrequirements
10 JournéesduGDRGPL2016 10juin2016
RELAXOperators
11 JournéesduGDRGPL2016 10juin2016
Illustra.on
Thesynchroniza.onprocessSHALLbeini.atedwhenAliceenterstheroomandat30minuteintervalsthereaqer
RELAXProcess
Thesynchroniza.onprocessSHALLbeini.atedASEARLYASPOSSIBLEAFTERAliceenterstheroomandASCLOSEASPOSSIBLETO30minuteintervalsthereaqerENV:loca.onofAlice;synchroniza.oninterval.MON:mo.onsensors;networksensorsREL:mo.onsensorsprovideloca.onofAlice;networksensorsprovidesynchroniza.oninterval
12 JournéesduGDRGPL2016 10juin2016
RELAXProcess
13 JournéesduGDRGPL2016 10juin2016
RelaxEditor
RelaxGrammar
XtextEditor
Modelsample
14 JournéesduGDRGPL2016 10juin2016
Localiza.oninageneraldesignprocess
Stakeholdersneeds
FocusonNFRs
ConceptualworkonNFRsRequirementDesign
Requirementselicita.on
Systemspecifica.on SysMLSpecifica.on
Proper.esverifica.on
Valida.onOK
15 JournéesduGDRGPL2016 10juin2016
Conceptualworkonrequirements
UseofGoalOrientedRequirementsEngineeringmethod
Kaos SysML/Kaos
Intermediarystep
GoalOrientedModeling
requirementselicita.on SystemModeling
16 JournéesduGDRGPL2016 10juin2016
DeKaosàSysML/Kaos
ATLModelTransforma.on
Collabora.onwithJoaoAraujoandJean-MichelBruel
17 JournéesduGDRGPL2016 10juin2016
Tabledescorrespondances
18 JournéesduGDRGPL2016 10juin2016
ExploiterunepropriétérelâchéeenSysMLKaos
SysML/Kaosmmdl
SysML/Kaoseditor
SysML/Kaosmodels
19 JournéesduGDRGPL2016 10juin2016
RèglesATL
MetaModels
Rules
20 JournéesduGDRGPL2016 10juin2016
Synthe.cviewoftheapproach[M.Ahmad]
Requirements
SystemDesign
Relax InvariantRequirements
RelaxedRequirements
RELAXCOOLEditor
Conver.ngRelaxedRequirementstoGoals
RelaxedRequirementsintheformofGoals
Relax2SysMLKaosEditor
ATLRules
ModelingwithSysMLKaos
Validated
???
Legend
Processus
Doc.
Tool
21 JournéesduGDRGPL2016 10juin2016
Localiza.oninageneraldesignprocess
Stakeholdersneeds
FocusonNFRs
ConceptualworkonNFRsRequirementDesign
Requirementselicita.on
Systemspecifica.on SysMLSpecifica.on
Proper.esverifica.on
Valida.onOK
22 JournéesduGDRGPL2016 10juin2016
OMEGA2/IFx[Ober&all,2012]
OMEGA2isanexecutableUML/SysMLprofile[OMEGA2IFx12]
formalspecifica.on&Valida.onofcri.calreal-.mesystems
clearandcoherentopera.onaland.medseman.cs.
Containthemainconstructsformodeling: systemstructure(class/block,internalblock)
systembehavior(statemachine) definesasetofwell-formednessrules->strongtypinglanguage
Operational semantics of OMEGA2 asynchronous timed execution model class/block represented by a timed input/output automata, communicating via asynchronous operation calls and signals.
23 JournéesduGDRGPL2016 10juin2016
OMEGA2Observers
Observers Forspecifyingandverifyingdynamicproper.es
Specialclasses/blocksmonitoringrun-.mestatesandevents Statemachinedescribestheirbehavior
toexpressthe(non)sa.sfac.onofsafetyproper.esStatesareclassifiedas <<success>> <<error>>
24 JournéesduGDRGPL2016 10juin2016
Proper.esVerifica.on&Simula.onusingIFx
IfxToolsetallows
Verifica.onofproper.esonOMEGA2models automa.cprocessofverifyingwhetheranOMEGA2modelsa.sfies(someof)theproper.es(i.e.observers)definedonit
basedonsystema.cexplora.onofthesystemstatespace(i.e.ModelChecking)
SimulateOMEGA2models interac.veexecu.onofOMEGA2models
guidedbyasimula.onscenario(e.g.ErrorScenario)
25 JournéesduGDRGPL2016 10juin2016
Intelligenthouse-IUTdeBlagnacASelf-Adap.veSystem
26 JournéesduGDRGPL2016 10juin2016
Vérifica.ondespropriétésviaOMEGA2/IFx[Simultech2013]
AAL Main IBD
Fridge IBD
27 JournéesduGDRGPL2016 10juin2016
Modélisa.onetvérifica.ondespropriétésrelâchéesenu.llisantdesobservers
ErrorStates
28 JournéesduGDRGPL2016 10juin2016
Vuesynthé.quedel’approche
Requirements
SystemDesign
Relax InvariantRequirements
RelaxedRequirements OMEGA2IFx
ObserverModeling
Observers(statesmachines)
OMEGA2IFx
Validated
???
Integra.ngRelaxedRequirementtoSystemDesign
Process
Plan
Generalapproach
ModelingandVerifica5onofFunc5onalandNonFunc5onalRequirementsofAmbient,Self-Adap5veSystems
UsingRelaxinaSecurityRequirementselicita5onprocessforSoS
Perspec5vesandconclusion
30 JournéesduGDRGPL2016 10juin2016
RelaxingSecurityrequirementswithinSoS
Mari5mesafetyandsecuritycasestudy*
Focusoninforma5onaccesscontrol
31 JournéesduGDRGPL2016 10juin2016
TheOrBACModel
Organiza.onbasedAccessControl:OrBAC allowthepolicydesignertodefineasecuritypolicyindependentlyoftheimplementa.on
Availabletool:motOrBAC
PredicateSamples: permission(org,role,acJvity,view,context)
prohibiJon….
32 JournéesduGDRGPL2016 10juin2016
RelaxingSecurityrequirementswithinSoS
Workinprogress
33 JournéesduGDRGPL2016 10juin2016
Mari.mesafetyandsecuritycasestudy
Textualsecurityrequirementssamples Msc2:OperatorsonvesselsoftheEU_NAVFORwhichareassignedtothepreven.onofcriminalac.vi.es(orsimilartasks)canaccessaddi.onal“offtherecord“informa.onaboutshipswhichhasbeengatheredduringtheopera.on.
Msc3:OperatorsonSARvesselscer.fiedbyEU_NAVFORmemberscanaccessalltheinforma.onaboutashipincaseofemergency.
ORBACtransla.on(manual) Msc2:permission(EU_NAVFOR,EU_Lawenforcement,read_info,private_info,default_context);
Msc3:permission(EU_NAVFOR,EU_SAR,read_info,all_info,emergency);
34 JournéesduGDRGPL2016 10juin2016
AMDEbasedprocess
Metamodelsandtransforma.onchains
35 JournéesduGDRGPL2016 10juin2016
Mari.mesafetyandsecuritycasestudy
Relaxingsecurityreqstolimittheirconflicts
RelaxedMsc2andMsc3:
Privateinforma.onMAYbereadbyshipsthatareexecu.ngataskoffigh.ngagainstcrimeORbySARshipsincaseofemergency.
ENV:fightagainstcrime(FAC),accesstoprivateinforma.on(API)
MON:Aggressionlevel(AL),Accessrules(AR)
REL:FAC=(AL>10?true;false);API=select∗fromARwhere...
DEP:ithasaposi.vedependencyonMsc1-2.
Plan
Generalapproach
ModelingandVerifica5onofFunc5onalandNonFunc5onalRequirementsofAmbient,Self-Adap5veSystems
UsingRelaxinaSecurityRequirementselicita5onprocessforSoS
Perspec5vesandconclusion
37 JournéesduGDRGPL2016 10juin2016
Conclusion
Workissuitedinearlyrequirementanalysisphase
Targe.ngoncomplexsystemsandsystemsofsystems
Focusmadeonextra-func.onalrequirements Adaptability Security
UsingMDEconcepts
SysMLasspecifica.onlanguage
38 JournéesduGDRGPL2016 10juin2016
Perspec.ves
Shortterm Formalizingacollabora5veprocessclearlydescribinghowtousetheapproach
Developingindustrialstudyforevalua.ngrealapplicabilityoftheapproach
Middleterm BeYerdefiningrequirements.Ok,butaqerthat? Connectwhatwecanformalizewithinotherwell-usedapproaches
ForsecurityNFRs,linkwithSysML-Sec[(LudovicApvrille]
ConsequencesonSoSarchitectures UseofspecificpaWerns?
ProjectfocusingonsecurityforCyber-PhysicalSystemswithMandragoneUniversity,BrooxesUniversity,…
Ques.ons?
ManzoorAhamd,NicolasBelloiretJean-MichelBruel.«Modelingandverifica/onofFunc/onalandNon-Func/onalRequirementsofambientSelf-Adap/veSystems».JournalofSystemsandSoVware,Volume107,pages50-70,sept2015.
NicolasBelloir,VaneaChiprianov,ManzoorAhmad,ManuelMunier,LaurentGallonandJean-MichelBruel.«UsingRelaxOperatorsintoanMDESecurityRequirementElicita5onProcessforSystemsofSystems».2ndInterna/onalworkshoponSoEwareEngineeringforSystems-of-systems,inthefieldof8thEuropeanConferenceonsoEwareArchitecture,Vienna,Autria,26August2014.ACMDigitalLibrary