ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

Similar documents
ARINC653 AADL Annex Update

OSATE Analysis Support

ARINC653 toolset: Ocarina, Cheddar and POK

Software, Security, and Resiliency. Paul Nielsen SEI Director and CEO

Model-Driven Verifying Compilation of Synchronous Distributed Applications

SEI/CMU Efforts on Assured Systems

Modeling the Implementation of Stated-Based System Architectures

ARINC653 annex: examples

Model-Based Engineering for the Development of ARINC653 Architectures

Causal Modeling of Observational Cost Data: A Ground-Breaking use of Directed Acyclic Graphs

ARINC653 and AADL. Julien Delange Laurent Pautet

Verifying Periodic Programs with Priority Inheritance Locks

Involved subjects in this presentation Security and safety in real-time embedded systems Architectural description, AADL Partitioned architectures

COTS Multicore Processors in Avionics Systems: Challenges and Solutions

Model-Based Engineering for the Development of ARINC653 Architectures

Fall 2014 SEI Research Review Verifying Evolving Software

Inference of Memory Bounds

Design Pattern Recovery from Malware Binaries

POK. An ARINC653-compliant operating system released under the BSD licence. Julien Delange, European Space Agency

Advancing Cyber Intelligence Practices Through the SEI s Consortium

Panel: Future of Cloud Computing

Encounter Complexes For Clustering Network Flow

Analyzing 24 Years of CVD

The CERT Top 10 List for Winning the Battle Against Insider Threats

Roles and Responsibilities on DevOps Adoption

Defining Computer Security Incident Response Teams

Investigating APT1. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Deana Shick and Angela Horneman

Automated Provisioning of Cloud and Cloudlet Applications

Static Analysis Alert Audits Lexicon And Rules David Svoboda, CERT Lori Flynn, CERT Presenter: Will Snavely, CERT

Julia Allen Principal Researcher, CERT Division

Query Language for AADLv2, Jérôme Hugues, ISAE Serban Gheorghe, Edgewater

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Model-Driven Verifying Compilation of Synchronous Distributed Applications

Investigation of System Timing Concerns in Embedded Systems: Tool-based Analysis of AADL Models

Smart Grid Maturity Model

Information Security Is a Business

Institut Supérieur de l Aéronautique et de l Espace Ocarina: update and future directions

Software Assurance Education Overview

2013 US State of Cybercrime Survey

Using DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps

Flow Latency Analysis with the Architecture Analysis and Design Language (AADL)

Cyber Hygiene: A Baseline Set of Practices

AADL : about code generation

Situational Awareness Metrics from Flow and Other Data Sources

Flow Analysis for Network Situational Awareness. Tim Shimeall January Carnegie Mellon University

Be Like Water: Applying Analytical Adaptability to Cyber Intelligence

Providing Information Superiority to Small Tactical Units

Secure Coding Initiative

Denial of Service Attacks

Foundations for Summarizing and Learning Latent Structure in Video

Pharos Static Analysis Framework

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

Semantic Importance Sampling for Statistical Model Checking

POK, an ARINC653-compliant operating system released under the BSD license

Collaborative Autonomy with Group Autonomy for Mobile Systems (GAMS)

Researching New Ways to Build a Cybersecurity Workforce

AADL v2.1 errata AADL meeting Sept 2014

Prioritizing Alerts from Static Analysis with Classification Models

Passive Detection of Misbehaving Name Servers

Goal-Based Assessment for the Cybersecurity of Critical Infrastructure

RAMSES. Refinement of AADL Models for the Synthesis of Embedded Systems. Etienne Borde

Modelling Avionics Architectures

Modeling, Verifying, and Generating Software for Distributed Cyber- Physical Systems using DMPL and AADL

Components and Considerations in Building an Insider Threat Program

Architectural Implications of Cloud Computing

Cyber Threat Prioritization

10 Years of FloCon. Prepared for FloCon George Warnagiris - CERT/CC #GeoWarnagiris Carnegie Mellon University

Fall 2014 SEI Research Review FY14-03 Software Assurance Engineering

AADL Fault Modeling and Analysis Within an ARP4761 Safety Assessment

Generating high-integrity systems with AADL and Ocarina. Jérôme Hugues, ISAE/DMIA

AADL Webinar. Carnegie Mellon University Notices Architecture Analysis with AADL The Speed Regulation Case-Study... 4

Current Threat Environment

Open Systems: What s Old Is New Again

The Need for Operational and Cyber Resilience in Transportation Systems

Engineering High- Assurance Software for Distributed Adaptive Real- Time Systems

Netflow in Daily Information Security Operations

Engineering Improvement in Software Assurance: A Landscape Framework

Time-Bounded Analysis of Real- Time Systems

POK User Guide. POK Team

Report Writer and Security Requirements Finder: User and Admin Manuals

The TASTE MBE development toolchain - update & case-studies

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

This is an author-deposited version published in: Eprints ID: 3664

TUNISIA CSIRT CASE STUDY

The Insider Threat Center: Thwarting the Evil Insider

Copyright 2018 Adventium Labs. 1

Using CERT-RMM in a Software and System Assurance Context

Learn AADL concepts in a pleasant way

Dr. Kenneth E. Nidiffer Director of Strategic Plans for Government Programs

Improving Software Assurance 1

The Priority Ceiling Protocol: A Method for Minimizing the Blocking of High-Priority Ada Tasks

Measuring the Software Security Requirements Engineering Process

NO WARRANTY. Use of any trademarks in this presentation is not intended in any way to infringe on the rights of the trademark holder.

System-level co-modeling AADL and Simulink specifications using Polychrony (and Syndex)

SAE Architecture Analysis and Design Language. AS-2C AADL Subcommittee Meeting Feb 3-6, 2014 Toulouse, France

Pattern-Based Analysis of an Embedded Real-Time System Architecture

An Information Model for High-Integrity Real Time Systems

Model-Based Embedded System Engineering & Analysis of Performance-Critical Systems

An Incident Management Ontology

The Ocarina Tool Suite. Thomas Vergnaud

Transcription:

ARINC653 AADL Annex Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Julien Delange 07/08/2013

Context, Rationale ARINC653 Avionics standard Standardized API (called APEX APplication EXecutive) Central part of the IMA philosophy Time & space partitioning Rationale of ARINC653 annex for AADLv2 Standardize modeling patterns Better modeling & analysis support Design associated toolset and framework 2

ARINC653 standard overview Partitioning support Software isolated in partitions Partitions run as if they were on a single processor Time isolation Execution during a fixed & predefined time slice Tasks scheduled with a dedicated scheduling policy Space isolation Code & data stored in a separated address space Fault containment Faults are propagated from processor to partitions Partition-dependent recovery strategy 3

ARINC653 services Time and space isolation Time slices allocation Address spaces allocation Tasking (process) services Similar to the thread concept Process 1 Process 2 Process 1 Process 2 Communication services Intra-partition Inter-partitions (module enforced) Partition 1 Partition 2 Module Health Monitoring Recover faults at module, partition or process levels 4

Mapping ARINC653 to AADL Partitioning support Partition execution context : virtual processor Partition content : process Partitions control (with time & space specification) Support for partitions execution : processor Tasking/process service Thread component Communication services Rely on ports connections Health Monitoring Dedicated properties (ARINC653 property set) 5

Mapping rules ARINC 653 concept Partition Module Process Intra-partition comm. Inter-partition comm. Health Monitoring AADL entities Process bound to virtual processor and memory Processor with virtual processor subcomponents Thread Data port (blackboard) Event data port (buffer) Data port (sampling) Event data port (queueing) Properties on components 6

ARINC653 system mapping example Process 1 Process 2 Partition 1 Process 1 Process 2 Partition 2 P1 P2 Partition 1 P1 P2 Partition 2 Module System view AADL view 7

Tool support Modeling support Support for dedicated properties Graphical view Integration in the Instance Model Viewer Analysis tool Analyze and detect system issues from models Third-party tools integration Code generation for ARINC653 compliant systems 8

Modeling support Integration of properties Graphical view in IMV 9

Model analysis System Performance Latency Architecture refinement Architecture Consistency Scheduling definition Partitions isolation Resources dimension Impact between partitions having heterogeneous criticality levels Easily extensible Implementation with LUTE, a constraint language from Rockwell-Collins 10

Model analysis - Latency Timing concerns Thread behavior Runtime behavior OS specific properties Migration impact Federated vs. IMA 11

Model analysis Criticality (safety/security) Crit. sender == Crit. receiver theorem safety foreach Conn in Connection_Set do foreach P_Src in {x in Process_Set Owner (Source(Conn)) = x} do foreach P_Dst in {y in Process_Set Owner (Destination(Conn)) = y} do foreach Runtime_Src in {w in Virtual_Processor_Set Is_Bound_To (P_Src, w)} do foreach Runtime_Dst in {z in Virtual_Processor_Set Is_Bound_To (P_Dst, z)} do check ((Property (Runtime_Src, "ARINC653::Criticality")) = (Property (Runtime_Dst, "ARINC653::Criticality"))); end; 12

Model analysis Memory dimensioning Partition requirements Thread Stack Code and data Context/env data <= Associated segment size theorem check_memory_requirements_partitions foreach prs in Process_Set do Thrs := {x in Thread_Set Is_Direct_Subcomponent_Of (x, prs)}; mems := {x in Memory_Set Is_Bound_To (prs, x)}; check ((Sum (Property (Thrs, "Source_Stack_Size")) + Sum (Property (Thrs, "Source_Data_Size")) + Sum (Property (Thrs, "Source_Code_Size"))) < (Sum (Property (mems, "byte_count")))); end; 13

Third Party tools, code generation Automatic ARINC653 configuration production (Ocarina) Generate ARINC653 XML configuration Reflect partitions and modules AADL requirements Implementation Generation (Ocarina, RAMSES) Create ARINC653 C code Produce code from model, ensuring requirements enforcement With link to functional model (e.g. Simulink, SCADE, etc.) 14

Conclusion Standardized modeling patterns for ARINC653 systems Support in OSATE Third-party support for implementation production Analysis for several architecture candidats Capture IMA vs. federated architectures Problems when migrating from one execution platform to another Extensible framework Implementation with LUTE Ease for extension and add new theorems 15

Links & Useful Information AADL website http://www.aadl.info AADL wiki - https://wiki.sei.cmu.edu/aadl/index.php/main_page ARINC653 AADL annex standard - http://standards.sae.org/as5506/2/ RAMSES - http://penelope.enst.fr/aadl/wiki/ramsesinstallationsources 16

Contact Presenter / Point of Contact Dr. Julien Delange RTSS AP Initiative Telephone: +1 412-268-9652 Email: jdelange@sei.cmu.edu U.S. Mail Software Engineering Institute Customer Relations 4500 Fifth Avenue Pittsburgh, PA 15213-2612 USA Web www.aadl.info www.sei.cmu.edu www.sei.cmu.edu/contact.cfm Customer Relations Email: info@sei.cmu.edu Telephone: +1 412-268-5800 SEI Phone: +1 412-268-5800 SEI Fax: +1 412-268-6257 17

Copyright 2013 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. DM-0000087 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback