Ensuring Consistency of Critical Systems in Agile Development

Transcription

1 Ensuring Consistency of Critical Systems in Agile Development Helmut Bunge, Samir Sarkic, Bosch Dr. Christof Ebert, Kai Ruedele, Vector Consulting Services V

2 Bosch technology to enhance quality of life Some 59,000 1 researchers and developers work at Bosch: at locations worldwide, in a single network. Bosch is one of the world s leading international providers of technology and services. Over the past six years, Bosch has invested more than 27 billion euros in research and development. Our objective: to develop innovative, useful, and exciting products and solutions to enhance quality of life technology that is Invented for life. 1 As of R&D locations with >50 associates, as of Internal C/CCB, C/CCD December 2017 Robert Bosch GmbH All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. 2/21

3 Vector Consulting Services Vector is global market leader in automotive software and engineering toolchain with over employees Vector Consulting Services is supporting clients worldwide Product development, IT and change management Processes, tools, trainings, coaching transformation, interim support Agile, cybersecurity, safety, ASPICE, requirements engineering, etc. Automotive Medical Aerospace IT & Finance Digital Transformation Transport 3/21

4 Agenda 1. Welcome 2. Motivation 3. Ensuring Consistency in Agile Development 4. Conclusions and Outlook 4/21

5 Motivation Vector Client Survey 2018: Security and Safety are Major Challenges 80% 70% 60% 50% Midterm challenges Digital transformation Magic Triangle Innovation Safety and security 40% Connectivity 30% 20% 10% 0% Others Compliance Distributed teams Complexity Flexibility Competences Efficiency 0% 10% 20% 30% 40% 50% 60% 70% Shortterm challenges Vector Client Survey Details: Horizontal axis shows shortterm challenges; vertical axis shows midterm challenges. Sum > 200% due to 5 answers per question. Strong validity with >4% response rate of 2000 recipients from different industries worldwide. Safety and Cybersecurity have arrived as major challenges now and in future. Solution: Agile innovation 5/21

6 Motivation Overview: Agile Safety and Cybersecurity Vision Safe and secure product release within few hours with formal approval process and documentation This allows to react fast to cybersecurity attacks with safety impact. Challenge Frequent and late changes in safety related product development are often hindered because they take too much effort to release with right quality level. Solution Agile safety analysis process supported by semiautomated tooling: Method, Organization, Tooling This presentation presents the evolution path to integrate agile and safety/security. With the growth of IoT and convergence of IT and embedded systems it applies to practically all industries 6/21

7 Agenda 1. Welcome 2. Motivation 3. Ensuring Consistency in Agile Development 4. Conclusions and Outlook 7/21

8 Ensuring Consistency in Agile Development Method: ModelBased Dependency Analysis (1/2) System Requirements Logical System Architecture SwitchMatrix y:pm_y x:pm_x sel:pm_selection Type: SwitchMatrix PowerManagement KeyIn:KeyIn x+:pm_pass_x+ y+:pm_pass_y+ y:pm_pass_yx:pm_pass_xy+:pm_driv_yx:pm_driv_x y:pm_driv_y x+:pm_driv_x+ Assembly Net Assembly Net PowerMirrorCtrl y:pm_y x:pm_x sel:pm_selection def12:keyin PowerMirrorPass x+:pm_pass_x+ y+:pm_pass_y+ y:pm_pass_yx:pm_pass_xy+:pm_driv_y+ Type: PowerMirr... PowerMirrorDriver x:pm_driv_x y:pm_driv_y x+:pm_driv_x+ System FTA/FMEA Type: PowerMan... Type: PowerMirrorCtrl Type: PowerMirr... Pass Door Ctrl Driver Door Ctrl Component Architecture PassengerMirror DriverMirror cv2:4w KA_Pass Door Ctrl _0 DoorLIN:LIN SwtichMatrix BatMng CANPT:CANC Gateway Body Ctrl PowerSupply Ground Component FTA/FMEA Simulation Implementation Fault Injection / TDD Traceability from changes based on hierarchic modelling & update of analysis and tests 8/21

9 Ensuring Consistency in Agile Development Method: ModelBased Dependency Analysis (2/2) Scenario: small change leads to negative impact on safety Challenge: early detection of safety impact Target: Continuous Safety Analysis Simplified Example: Activity Diagram (SysML) helps to investigate impact of changes Based on this effect chain analysis the related tasks for safety analysis update can be identified (e.g. are safety related operations affected by change) 9/21

10 Ensuring Consistency in Agile Development Method: Continuous Regression Testing Assets and Attack Potentials Features and Operation Scenarios? Safety Operations Security Operations Threat and Risk Assessment Security Goals Hazard and Risk Assessment Safety Goals Safety Case Validate Safety Assumptions Security Case Validate Security Assumptions Security Architecture Functional SafetyConcept Test Safety Mechanisms Test Security Mechanisms, Pen Tests Technical Security Concept Technical SafetyConcept Verify Safety Mechanisms Verify Security Mechanisms Implement. of Security Mechanisms Implement. of Safety Mechanisms Safety Verification on Unit Level Security Verification on Unit Level Safety Activity Security Activity Safe / Secure Implementation of Nominal Functions Similar to Safety, Security needs to be an integrated part of the development process. For efficient and fast rampup, connect security with existing safety governance. 10/21

11 Ensuring Consistency in Agile Development Organization: Scaled Agile with Safety integration Testing Team Scrum of Scrums Challenge: Manage dependencies between teams in case of safety related changes Location 2 Location 1 Coordinate safety via Scrum Of Scrums focus on safety impact coordination SW Team 1 SW Team 2 HW Team Coordinate change waves e.g. update of HW leads to significant SW and Safety update Location 1 Location 2 Location 3 Semiautomated safety analysis to detect unexpected sideeffects 11/21

12 Ensuring Consistency in Agile Development Organization: Testoriented Requirements Engineering (TORE) with Agile Teams Testing Team Scrum of Scrums Location 2 Location 1 Safety Manager SW Team 1 SW Team 2 HW Team Mechanical Team Safety Engineering Location 1 Location 2 Location 3 Location 1 Legend Chief Technical Lead SW Lead Team 1 SW Lead Team 2 Technical Lead Testing Team Member Hardware Lead Mechanical Lead Kanban Board Agile teams clarify initially the test setup based on hierarchic requirements and models 12/21

13 Ensuring Consistency in Agile Development Tools: Integrated Safety Tools Why is the tooling important? Safety Analysis depends on Respective scope, i.e. System, SW, HWDesign Specific safety requirements Dependencies from cybersecurity threat analysis Requirements Architecture + Design 1 Develop Safety Analysis 3 Improve Changes have complex dependencies and interactions across work products. Tooling is mandatory for efficient and consistent change handling. Interface Design to Safety Analysis 2 Analyse 13/21

14 Ensuring Consistency in Agile Development Tools: Support for Consistency in Agile Development Benefits from automated tools Maintaining the continuous safetycase with necessary documentation in agile incremental deliveries of critical systems Efficient implementation of cybersecurity and functional safety during changes Full LifeCycle support from requirements to concept, design, test and aftersales Traceability and governance Support for heterogeneous environments Evolution to automated generation of Safety Analysis based on detailed modeling of static and dynamic aspects Vector SafetyCheck / SecurityCheck Continuous Safety Case PREEvision Safety support Bosch DASP Workbench 14/21

15 Agenda 1. Welcome 2. Motivation 3. Ensuring Consistency in Agile Development 4. Conclusions and Outlook 15/21

16 Conclusions and Outlook Conclusion: Safety/Security are Possible in Agile Development Integration of safety and cybersecurity in agile projects is possible and has benefits if the following conditions are fulfilled Methods > Consistency across work products from HARA/TARA to safety/security goals and requirements to design, implementation, (regression) test and safety/security case documentation Organization > Safety team is integrated in agile team (safety manager / safety engineer). > Agile team has necessary safety and security competences. Tools > Sufficient tool based traceability (requirements, architecture, tests, change sets..) is established. > Safety tooling supports interfaces to design tools (System, SW, HW). Safety and cybersecurity engineering must be integrated with software development. Systematic integration ensures efficient and robust development in agile context 16/21

17 Conclusions and Outlook Evolution: Critical Systems Demand Agility Scaling High Vector ACE Risk Criticality Governance Low Flexibility, Continuity High Source: Ebert, Requirements Engineering, 2018 Agility for safety and cybersecurity needs profound methodology and guidance 17/21

18 Conclusions and Outlook Further Information: Automotive E/E Trends Mobility: From driving to multimodal mobility services and sharing culture Business Models: From incumbent tiered supplychain to flexible new players from IT industry E/E architecture: From distributed electronic controllers to standardized threetier architecture IT architecture: From proprietary building blocks to open IT systems with offtheshelf components and adaptive SOA. Development lifecycle: From the classic V model with rather heavy release cycles to agile DevOpslike approach. Governance: From encapsulated safetycritical functions to interwoven quality assurance for liability, safety, cybersecurity, privacy. Culture: From R&D vs. IT separation to convergence. Competences: From automotive embedded electronics to IT as a core competence of all engineers. Source: IEEE Software May 2017 (Vector Guest Edited) Contact Vector for white papers, technical benchmarks and consulting 18/21

19 Conclusions and Outlook Agile in Practice Vector Forum 2019 The Agile Organization Adaptive, Distributed, Scaling Agile for Critical Systems 27. June 2019 in Stuttgart Practical experiences from global leaders, across industries Enhance your competences Grow your networks Details 19/21

20 Conclusions and Outlook More Information Bosch: Vector: 20/21

21 Thank you for your attention. For more information please contact us. Passion. Partner. Value. Vector Consulting Phone: