search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

quotes
2022 Research Review / DAY 2

Maturing Assurance Contracts in Model-Based Engineering

Architectural models and analyses using the Architecture Analysis and Design Language (AADL) have proven very useful in discovering and correcting problems with early design decisions that can be very costly if discovered late. For example, the Army Software Engineering Directorate Software Airworthiness and Safety Lab utilized a model-based requirement verification technique with AADL on the Apache Flight Management Computer Obsolescence software and discovered 16 issues linked to 103 individual requirements [Feiler 2012]. The report of this work estimated that the corrections of each issue could cost $10k during architectural design as opposed to $3M if discovered during flight test.

Highlighting the SEI’s expertise in model-based systems engineering, Maturing Assurance Contracts in Model-Based Engineering uses mathematically sound formalisms internally to ensure users make their models analyzable.

 Dr. Dionisio de Niz
Technical Director Dionisio de Niz, Principal Investigator

As these models continue to be used and refined with additional analyses applied, their benefits multiply, leading to implementations that avoid catastrophic cost and schedule increases. However, while AADL architectural models raise the level of abstraction to simplify early design decisions, the consequences of these decisions can be complex. Furthermore, the algorithms used to analyze these consequences to ensure the system exhibit the necessary characteristics make complex assumptions about the model that can invalidate the analysis results if not properly validated. This creates a fundamental transition barrier that inhibits the DoD’s digital engineering strategy, emphasizing the use of models and analyses in the design and engineering of new capabilities and systems.

This project proposes to make analysis assumption verification technology transition ready by developing the infrastructure to support analysis assumption verification and correction throughout the modeling process. That is, it will be ready (1) before we run an analysis to verify that the model conforms with the assumptions necessary to run the model successfully, (2) when we use early models with incomplete information to allow it to defer the verification of some assumptions, and (3) when we verify that the implementation matches the model and its assumptions.

More concretely, we will develop a contacts framework that can

  • describe and enforce assumptions of 75% more analyses than the known state of the art
  • incrementally refine and enforce assumptions of 75% more analyses than the known state of the art
  • validate the conformance of 70% more assumptions in a system implementation than the known state of the art
A formal argumentation structure was developed and refined to prove how the system designer's verification results guarantee assurance claims. A formal argumentation structure was developed and refined to prove how the system designer's verification results guarantee assurance claims.

Highlighting the SEI’s expertise in model-based systems engineering, Maturing Assurance Contracts in Model-Based Engineering uses mathematically sound formalisms internally to ensure that users make their models analyzable. At the end of the first year, this project has created the core infrastructure to validate assumptions, providing assistance to the designer to correct the assumptions and look for analysis alternatives.

In Context

This FY2022–24 project

  • builds on SEI expertise in model-based systems engineering and complements additional efforts currently underway focused on tool usability, training, and diffusion
  • aligns with the CMU SEI technical objective to reduce and make predictable the cost of acquisition and operations, despite increased capability, and provides a cost advantage over our adversaries
  • aligns with the CMU SEI technical objective to make the cadence of acquisition, delivery, and fielding responsive to and anticipatory of the operational tempo of DoD warfighters so that the DoD is able to field these new software-enabled systems and their upgrades faster than our adversaries
PRINCIPAL INVESTIGATOR

Dr. Dionisio de Niz
Technical Director

SEI COLLABORATORS

Dr. Bjorn Andersson
Principal Researcher

Dr. Jerome Hugues
Senior Researcher

Dr. Sam Procter
Senior Researcher

John Hudak
Principal Engineer

Sholom Cohen
Principal Engineer

Lutz Wrage
Senior Researcher

Dr. Aaron Greenhouse
Senior Researcher

Dr. Ruben Martins
Assistant Research Professor

Dr. Gabriel Moreno
Principal Researcher

Joseph Seibel
Software Engineer

Mentioned in this Article

[Feiler 2012]
Feiler, Peter H.; Hudak, John; & Meyers, B. Craig. An Architecture-Centric Analysis of the Apache FMCO: Final Report. CMU/SEI-2012- SR-012. Software Engineering Institute, Carnegie Mellon University. September 2012. Not publicly available.

More from Day 2 of Research Review 2022

Chain Games: Powering Autonomous Threat Hunting

Principal Investigator Phil Groce

Safety Analysis and Fault Detection Isolation and Recovery Synthesis for Time-Sensitive Cyber-Physical Systems

Principal Investigator Dr. Jerome Hugues