Ludovic Apvrille

TURTLE: a real-time UML profile supported by a formal validation toolkit

We present a UML 1.5 profile named TURTLE (Timed UML and RT-LOTOS Environment) endowed with a formal semantics given in terms of RT-LOTOS. TURTLE relies on UMLs extensibility mechanisms to enhance class and activity diagrams. Class diagrams are extended with specialized classes named Tclasses, which communicate and synchronize through gates. Also, associations between Tclasses are attributed by a composition operator (Parallel, Synchro, Invocation, Sequence, or Preemption) which provides them with a formal semantics. TURTLE extends UML activity diagrams with synchronization actions and temporal operators (deterministic delay, nondeterministic delay, time-limited offer, and time-capture). The real-time dimension of TURTLE has been further improved by the addition of two composition operators, periodic and suspend, as well as suspendable delay, latency, and time-limited offer operators at the activity diagram level. Core characteristics of TURLE are supported by TTool - the TURTLE toolkit - which includes a diagram editor, a RT-LOTOS code generator and a result analyzer. The toolkit reuses RTL, a RT-LOTOS validation tool offering debug-oriented simulation and exhaustive analysis. TTool hides RT-LOTOS to the end-user and allows him/her to directly check TURTLE modeling against logical errors and timing inconsistencies. Besides the foundations of the TURTLE profile, this paper also discusses its application in the context of space-based embedded software.

Security requirements for automotive on-board networks

This paper considers security requirements for automotive on-board networks and describes the processes used for identifying and prioritizing such requirements. The security engineering process starts from use cases for automotive onboard networks that require wireless communication interfaces and involves an investigation of security threat scenarios and the assessment of the relative risks associated with the threats.

TEPE: a SysML language for time-constrained property modeling and formal verification

Using UML or SysML models in a verification-centric method requires a property expression language, a formal semantics, and a tool. The paper introduces TEPE, a graphical TEmporal Property Expression language based on SysML parametric diagrams. TEPE enriches the expressiveness of other common property languages in particular with the notion of physical time and unordered signal reception. TEPE is further instantiated in the AVATAR real-time UML profile. TTool, an open-source toolkit, implements a press-button approach for the formal verification of AVATAR-TEPE properties with UPPAAL. An elevator system serves as example

A UML-based Environment for System Design Space Exploration

The increasing complexity of System-on-Chip (SoC) and time-to-market constraints raise new methodological issues. To address these issues, this paper introduces a UML-based SoC modeling approach mixing simulation and formal verification techniques. A UML profile called DIPLODOCUS has been specified. Transformation rules were defined for generating from UML models either a SystemC model or a formal specification given in LOTOS. Thus, relying on SystemC or LOTOS tools the profile allows fast simulation or formal verification techniques to be used over the UML modeling. A toolkit supporting this profile has been implemented. The overall approach is experimented for the design of a telecommunication system.

AVATAR: A SysML Environment for the Formal Verification of Safety and Security Properties

Critical embedded systems - e.g., automotive systems - are now commonly distributed, thus exposing their communication links to attackers. The design of those systems shall therefore handle new security threats whilst maintaining a high level of safety. To address that issue, the paper introduces a SysML-based environment named AVATAR. AVATAR can capture both safety and security related elements in the same SysML model. TTool [1], an open-source UML toolkit, provides AVATAR editing capabilities, and offers a press-button approach for property proof. Indeed, after having modeled an abstract representation of the system and given a description of the safety and security properties, the designer may formally and directly verify those properties with the well established UPPAAL and ProVerif toolkits, respectively. The applicability of our approach is highlighted with a realistic embedded automotive system taken from an ongoing joint project of academia and industry called EVITA [2].

Autonomous drones for assisting rescue services within the context of natural disasters

Information plays a key role to correctly handle consequences resulting from natural disasters. Discharging rescue teams from gathering that information, and automatically guiding rescue teams to most urgent sub-situations is an open issue in which mini-drones can be useful. Yet, the control of such vehicles is not straight forward to users and can be time consuming. Thus, our contribution is to bring autonomy to drones: to fly autonomously, e.g., scanning and covering a given area, and to realize some tasks (e.g., identifying groups of disabled persons). Last but not least, autonomous drones shall be able to perform both outdoor and indoor missions.

Specifying Fractal and GCM Components with UML

UML 2 has introduced new diagrams for expressing hierarchical structures and their assembly, and has brought some new features to the behaviour-oriented diagrams (activities and state machines), that help modelling component systems. However, UML leaves many semantic decisions opened, and various emerging component frameworks also have features that cannot be directly expressed using UML 2 concepts. In this paper we present an approach for modelling two different component frameworks using UML 2 diagrams. First we define a mapping between the Fractal component model and UML 2 diagrams, and we describe CTTool, that allows to edit and model-check diagrams for Fractal components. Then we propose an extension of this work for the Grid Component Model, that is an extension of Fractal providing asynchronous, collective, and autonomic features for distributed component systems.

A New UML Profile for Real-Time System Formal Design and Validation

UML solutions in competition on the real-time system market share three common drawbacks: an incomplete formal semantics, temporal operators with limited expression and analysis power, and implementation-oriented tools with limited verification capabilities. To overcome these limitations, the paper proposes a UML profile designed with real-time system validation in mind. Extended class diagrams with associations attributed by composition operators give an explicit semantics to associations between classes. Enhanced activity diagrams with a deterministic delay, a non deterministic delay and a timelimited offering make it possible to work with temporal intervals in lieu of timers with fixed duration. The UML profile is given a precise semantics via its translation into the Formal Description Technique RT-LOTOS. A RT-LOTOS validation tool generates simulation chronograms and reachability graphs for RT-LOTOS specifications derived from UML class and activity diagrams. A coffee machine serves as example. The proposed profile is under evaluation on a satellite-based software reconfiguration system.

Car2X Communication: Securing the Last Meter - A Cost-Effective Approach for Ensuring Trust in Car2X Applications Using In-Vehicle Symmetric Cryptography

The effectiveness of Car2X communication strongly relies on trust in received data. Securing in-vehicle communication is an essential yet so far overlooked step to achieve this objective. We present an approach based on the use of symmetric key material protected with inexpensive hardware. We modeled the involved cryptographic and network protocols, showed their applicability to automotive bus systems and conclude about their soundness with analytical and simulation methods. A prototype realization in real vehicles is envisaged as part of an ongoing project.

Evaluation of ASIPs Design with LISATek

This paper evaluates an ASIP design methodology based on the extension of an existing instruction set and architecture described with LISA 2.0 language. The objective is to accelerate the ASIPs design process by using partially predefined, configurable RISC-like embedded processor cores that can be quickly tuned to given applications by means of ISE (Instruction Set Extension) techniques. A case study demonstrates the methodological approach for the JPEG algorithm.