2022 Research Review / DAY 2
Maturing Assurance Contracts in Model-Based Engineering
Architectural models and analyses using the Architecture Analysis and Design Language (AADL) have proven very useful in discovering and correcting problems with early design decisions that can be very costly if discovered late. For example, the Army Software Engineering Directorate Software Airworthiness and Safety Lab utilized a model-based requirement verification technique with AADL on the Apache Flight Management Computer Obsolescence software and discovered 16 issues linked to 103 individual requirements [Feiler 2012]. The report of this work estimated that the corrections of each issue could cost $10k during architectural design as opposed to $3M if discovered during flight test.
Highlighting the SEI’s expertise in model-based systems engineering, Maturing Assurance Contracts in Model-Based Engineering uses mathematically sound formalisms internally to ensure users make their models analyzable.Dr. Dionisio de Niz
As these models continue to be used and refined with additional analyses applied, their benefits multiply, leading to implementations that avoid catastrophic cost and schedule increases. However, while AADL architectural models raise the level of abstraction to simplify early design decisions, the consequences of these decisions can be complex. Furthermore, the algorithms used to analyze these consequences to ensure the system exhibit the necessary characteristics make complex assumptions about the model that can invalidate the analysis results if not properly validated. This creates a fundamental transition barrier that inhibits the DoD’s digital engineering strategy, emphasizing the use of models and analyses in the design and engineering of new capabilities and systems.
This project proposes to make analysis assumption verification technology transition ready by developing the infrastructure to support analysis assumption verification and correction throughout the modeling process. That is, it will be ready (1) before we run an analysis to verify that the model conforms with the assumptions necessary to run the model successfully, (2) when we use early models with incomplete information to allow it to defer the verification of some assumptions, and (3) when we verify that the implementation matches the model and its assumptions.
More concretely, we will develop a contacts framework that can
- describe and enforce assumptions of 75% more analyses than the known state of the art
- incrementally refine and enforce assumptions of 75% more analyses than the known state of the art
- validate the conformance of 70% more assumptions in a system implementation than the known state of the art
Highlighting the SEI’s expertise in model-based systems engineering, Maturing Assurance Contracts in Model-Based Engineering uses mathematically sound formalisms internally to ensure that users make their models analyzable. At the end of the first year, this project has created the core infrastructure to validate assumptions, providing assistance to the designer to correct the assumptions and look for analysis alternatives.
This FY2022–24 project
- builds on SEI expertise in model-based systems engineering and complements additional efforts currently underway focused on tool usability, training, and diffusion
- aligns with the CMU SEI technical objective to reduce and make predictable the cost of acquisition and operations, despite increased capability, and provides a cost advantage over our adversaries
- aligns with the CMU SEI technical objective to make the cadence of acquisition, delivery, and fielding responsive to and anticipatory of the operational tempo of DoD warfighters so that the DoD is able to field these new software-enabled systems and their upgrades faster than our adversaries
Mentioned in this Article
Feiler, Peter H.; Hudak, John; & Meyers, B. Craig. An Architecture-Centric Analysis of the Apache FMCO: Final Report. CMU/SEI-2012- SR-012. Software Engineering Institute, Carnegie Mellon University. September 2012. Not publicly available.