Upload
bruce-douglass
View
1.157
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Keynote I gave at the 2012 Systems and Software Symposium in Ottawa, Canada
Citation preview
®
IBM Software Group
© 2012 IBM CorporationInnovation for a smarter planet
Embedded Ubiquity and the Exigency of DependabilityDesigning systems as if our lives depend on them
Dr. Bruce Powel Douglass, Ph.D.Chief Evangelist, IBM [email protected]: @BruceDouglassYahoo: http://tech.groups.yahoo.com/group/RT-UML IBM: www-01.ibm.com/software/rational/leadership/thought/brucedouglass.html
IBM Software Group | Rational software
2Innovation for a smarter planet
Triathlon – A life without embedded devices?
Individual sport composed of Swimming
Bicycling
Running
And, occasionally, throwing up
You against the course, mano a mano
A sport of grit, determination, endurance, and pain tolerance
Surely this has nothing to do with embedded systems
IBM Software Group | Rational software
3Innovation for a smarter planet
A day in the (embedded) life of a triathlete
Yes, I am wearing devil horns – That’s the way I roll …
IBM Software Group | Rational software
4Innovation for a smarter planet
Embedded Systems for Triathletes?
Race timing system
GPS Sports Watch w/ HR, cadence, computer interfaceBike power meter
Bike computer
IBM Software Group | Rational software
5Innovation for a smarter planet
What about the stuff around the triathlete?
IBM Software Group | Rational software
6Innovation for a smarter planet
What about the stuff around the triathlete?
IBM Software Group | Rational software
7Innovation for a smarter planet
What about the stuff around the triathlete?
IBM Software Group | Rational software
8Innovation for a smarter planet
Healthcare is deeply electronically-interconnected
State & Central Programs
Health Plans
Employers
TelehealthConsultation
RemoteMonitoring
Emergency Services
RemoteData Diagnosis
Primary Care PhysicianSpecialists
Patient
Electronic Health Record
Personal Health Record
Medical Devices Imaging, Pumps,
Robotics
Surgery
Emergency Department
Pharmacy / Labs
Care Providers
Emergency Services
IBM Software Group | Rational software
9Innovation for a smarter planet
We live in a deeply electronically-interconnected world
Each subject area is rich with embedded systems closely interconnected
All subject areas interconnect with others providing and using data and services
This interconnection provides the basis for a technology-centric society
Health Care Imaging, Pumps,
Robotics
Pharmacy / Labs
Transportation Planes, Trains & Autos
Power Generation Generation and distribution
Communications Phone, Radio, TV
Water Treatment, Water management, sewer
Emergency Department
IBM Software Group | Rational software
10Innovation for a smarter planet
Are we ready to develop these systems?
Are we ready?• To deliver the functionality?• To deliver the performance?• To integrate dozens to hundreds of complex systems? • To deliver the system with adequate security? • To deliver the system with adequate safety?
IBM Software Group | Rational software
11Innovation for a smarter planet
Are we ready to develop these systems?
Are we ready?• To deliver the functionality?• To deliver the performance?• To integrate dozens to hundreds of complex systems? • To deliver the system with adequate security? • To deliver the system with adequate safety?
Malware implicated in fatal Spanair plane crash
- msnbc.com August 23, 2010
IBM Software Group | Rational software
12Innovation for a smarter planet
Are we ready to develop these systems?
Are we ready?• To deliver the functionality?• To deliver the performance?• To integrate dozens to hundreds of complex systems? • To deliver the system with adequate security? • To deliver the system with adequate safety?
Malware implicated in fatal Spanair plane crash
- msnbc.com August 23, 2010
Nuclear plant in Georgia forced into emergency shutdown due to
unintentional “cyber-incident”- Washington Post, June 5, 2008
IBM Software Group | Rational software
13Innovation for a smarter planet
Are we ready to develop these systems?
Are we ready?• To deliver the functionality?• To deliver the performance?• To integrate dozens to hundreds of complex systems? • To deliver the system with adequate security? • To deliver the system with adequate safety?
Malware implicated in fatal Spanair plane crash
- msnbc.com August 23, 2010
Nuclear plant in Georgia forced into emergency shutdown due to
unintentional “cyber-incident”- Washington Post, June 5, 2008
Braking software glitch contributes to recall of hundreds of thousands of
vehicles worldwide- Associated Press, 2010
IBM Software Group | Rational software
14Innovation for a smarter planet
Are we ready to develop these systems?
Are we ready?• To deliver the functionality?• To deliver the performance?• To integrate dozens to hundreds of complex systems? • To deliver the system with adequate security? • To deliver the system with adequate safety?
Malware implicated in fatal Spanair plane crash
- msnbc.com August 23, 2010
Nuclear plant in Georgia forced into emergency shutdown due to
unintentional “cyber-incident”- Washington Post, June 5, 2008
Braking software glitch contributes to recall of hundreds of thousands of
vehicles worldwide- Associated Press, 2010
Siemens SCADA system breached by weaponized computer virus
- ComputerWorld July 17, 2010
IBM Software Group | Rational software
15Innovation for a smarter planet
Systems Engineering – the solution to all our problems….?
IBM Software Group | Rational software
16Innovation for a smarter planet
State of the Practice for Systems Development Systems and Software Engineering Environment in general
Are document-centric
Require huge investment in planning that doesn’t reflect actual project execution
Have difficulty adapting to change.
Require expensive and error-prone manual review and update processes.
Require long integration and validation cycles
Are difficult to maintain over the long haul
Additional standards constraints (eg DO-178B, ISO26262, AUTOSAR, DoDAF) add to the challenge Tooling Selection
Dependability engineering
Safety
Reliability
Security
System certification
IBM Software Group | Rational software
17Innovation for a smarter planet
Modern Processes and Practices are Evolving
Past Future
Model-Based Engineering
Defect Avoidance
Defensive Design
Continuous Integration
Risk Management
Project Governance
Dynamic Planning THE AGILE MODEL
RequirementsDefinition &Management
Analysis & Design
Quality Management
Build & Release
Management
Construction
Configuration & Change
Mgmt
Asset Management
& Reuse
Production
Moving from waterfall “ballistic” planning to incremental, adaptive approach
IBM Software Group | Rational software
18Innovation for a smarter planet
High-Fidelity Modeling for Systems Engineering
Hi-MBE brings to engineering Precision
Executability
Stakeholder/Analysis-relevant viewpoints at any desired level of abstraction e.g.
Functionality
State-based behavior
Algorithmic/control behavior
Structure and Architecture
Integration of engineering work, e.g.
Functional requirements
Dependability analysis
– Safety
– Reliability
– Security/Information Assurance
Architectural structure, behavior, and allocation
Control analysis
IBM Software Group | Rational software
19Innovation for a smarter planet
Models and Viewpoints in Model-Based Systems Engineering
Functional Model
Executable use casesFunctional and
QoS requirements
DependabilityModel
Safety, reliability,and security analysisFTA, FMEA, FEMCA,Asset Diagram, SAD
ControlModel
Control algorithms,mathematical models
ArchitecturalModel
Subsystems, interfaces, Subsystem use cases/
Requirements
Model-based
handoff
SubsystemModel(s)
Mechanical Specification
ElectronicSpecification
SoftwareSpecification Model and text
Model and text
Model and text
IBM Software Group | Rational software
20Innovation for a smarter planet
Dependability == ∑ Safety, Reliability, and Security
Cyberphysical systems and system of systems exist today that create and manage society-supporting services and systems, including Power grids
Transportation (air, ground, and sea)
Emergency response
Water and sewage
Communications
… to name just a few
Cyberphysical systems and systems of systems have the potential for extremely impactful consequences in terms of safety, reliability, and security
It is crucial that we can reason appropriately about these concerns early and not rely on ex post facto analyses
IBM Software Group | Rational software
21Innovation for a smarter planet
Model-Based Dependability Analysis
IBM Software Group | Rational software
22Innovation for a smarter planet
Model-Based Threat Analysis
Security Analysis Diagram (SAD) is like a Fault Tree Analysis (FTA) but for security, rather than safety It looks for the logical relation
between assets, vulnerabilities, attacks, and security violations
Permits reasoning about security
What kind?
How much?
Where?
When?
Risk assessments
IBM Software Group | Rational software
23Innovation for a smarter planet
Model-Based Threat Analysis An Asset Diagram looks at
the semantic relations between roles, authentication, vulnerabilities, and countermeasures. It is a way of representing the security-relevant design elements. Here it is shown with
traceability links to requirements
Assets can be Physical
Informational
Currency
Resource
Security
Services
IBM Software Group | Rational software
24Innovation for a smarter planet
Auto-generation of dependability-relevant summary data
Fault Source Matrix, Fault Detection Matrix, Fault-Requirement Matrix, FMEA, FMCA, Hazard Analysis…Fault Source Matrix, Fault Detection Matrix, Fault-Requirement Matrix, FMEA, FMCA, Hazard Analysis…
• Traceability improves your ability to make your safety/security case
Dependability metadata guides- System requirements- Downstream engineering work- Regulatory approval submissions
• Traceability improves your ability to make your safety/security case
Dependability metadata guides- System requirements- Downstream engineering work- Regulatory approval submissions
IBM Software Group | Rational software
25Innovation for a smarter planet
Design for Dependability
Requirements Analysis:• Functional and Non-Functional
Requirements• Safety Requirements• Business and Regulatory
Requirements
Requirements Analysis:• Functional and Non-Functional
Requirements• Safety Requirements• Business and Regulatory
RequirementsARP-4754
Systems Eng.
SoftwareDeveloper
System and Software Design:• Structural• Behavioral• Temporal
• …
System and Software Design:• Structural• Behavioral• Temporal
• … DO-178BIEC 62304
Safety Eng.
Dependability Analysis:• Fault Tree Analysis (FTA)• Fault Means and Effective
Analysis (FMEA)• Hazard Analysis• Security Analysis Diagram• Asset Diagram
Dependability Analysis:• Fault Tree Analysis (FTA)• Fault Means and Effective
Analysis (FMEA)• Hazard Analysis• Security Analysis Diagram• Asset Diagram
ARP-4761ISO
26262IEC 61508
IBM Software Group | Rational software
26Innovation for a smarter planet
Systems Engineering Workflows (e.g. Safety Analysis)
Harmony/SESystems Engineering:
Requirements Analysis
IBM Software Group | Rational software
27Innovation for a smarter planet
Harmony/SE: Design Synthesis
IBM Software Group | Rational software
28Innovation for a smarter planet
Update Safety Analysis Task
IBM Software Group | Rational software
29Innovation for a smarter planet
Achieve “quality by design” with an integrated, automated
testing process
Manage all system requirements with full traceability across
the lifecycle
Use modeling to validate requirements, architecture and design throughout the development process
Architecture & DesignRational Rhapsody
Quality ManagementRational Quality Manager
Requirements ManagementRational DOORS
Tooling automates best practice workflows
Practices
and Process
Collaborate across diverse engineering disciplines and development teams
Achieve common goals by optimizing how people work
Increase efficiency and predictability by integrating workflows
COLLABORATEContinuously improve
by measuring and reporting progress
REPORTAUTOMATE
CollaborationRational Team Concert
IBM Software Group | Rational software
30Innovation for a smarter planet
Designing systems as if our lives depend on them
Our society is only sustainable with technological assistance Reliable, safe, and secure delivery of services
Productivity of agriculture and industry
Unbroken distribution chains
Low cost of energy
Balancing dwindling resources
Innovation in production
The systems we create today are absolutely crucial in supporting our society, health, and well-being
(Hard) Each individual system must be designed to be reliable, safe, and secure
(Harder) The totality of systems acting in concert must be reliable, safe and secure
This can be done by innovatively supporting systems development with Intelligence
Best Practices
Tooling
IBM Software Group | Rational software
31Innovation for a smarter planet
Thank you very much!