Mehrdad Saadatmand

Design of adaptive security mechanisms for real-time embedded systems

Introducing security features in a system is not free and brings along its costs and impacts. Considering this fact is essential in the design of real-time embedded systems which have limited resources. To ensure correct design of these systems, it is important to also take into account impacts of security features on other non-functional requirements, such as performance and energy consumption. Therefore, it is necessary to perform trade-off analysis among non-functional requirements to establish balance among them. In this paper, we target the timing requirements of real-time embedded systems, and introduce an approach for choosing appropriate encryption algorithms at runtime, to achieve satisfaction of timing requirements in an adaptive way, by monitoring and keeping a log of their behaviors. The approach enables the system to adopt a less or more time consuming (but presumably stronger) encryption algorithm, based on the feedback on previous executions of encryption processes. This is particularly important for systems with high degree of complexity which are hard to analyze statistically.

An automated round-trip support towards deployment assessment in component-based embedded systems

Synergies between model-driven and component-based software engineering have been indicated as promising to mitigate complexity in development of embedded systems. In this work we evaluate the usefulness of a model-driven round-trip approach to aid deployment optimization in the development of embedded component-based systems. The round-trip approach is composed of the following steps: modelling the system, generation of full code from the models, execution and monitoring the code execution, and finally back-propagation of monitored values to the models. We illustrate the usefulness of the round-trip approach exploiting an industrial case-study from the telecom-domain. We use a code-generator that can realise different deployment strategies, as well as special monitoring code injected into the generated code, and monitoring primitives defined at operating system level. Given this infrastructure we can evaluate extra-functional properties of the system and thus compare different deployment strategies.

OSLC Tool Integration and Systems Engineering -- The Relationship between the Two Worlds

OSLC is a new standard for the integration of tools used in different phases of software development. It enables to establish relations among different data artifacts throughout the life cycle of an application. OSLC aims to provide seamless integration of life cycle management tools and it enables to have explicit relationships among data artifacts from the early development phases, i.e., Requirements. This helps to gain a better holistic view over the development of software as a system development activity. Systems engineering is in essence an interdisciplinary approach to understand, design, and manage the complexity of different projects and phenomena throughout their life cycle. In this context, to have a holistic view of the system is not a desirable, but a fundamental prerequisite. In this work, we i) investigate how OSLC can strengthen a systemic view in tool integration scenarios and ii) discuss also how systems engineering concepts and principles can be relevant to describe such scenarios. This is done by identifying the relationships among systems engineering and OSLC core concepts. Finally, we show, as a proof of concept, a concrete application of OSLC in building an integrated tool chain.

A Model-Based Testing Framework for Automotive Embedded Systems

Architectural models, such as those described in the east language, represent convenient abstractions to reason about automotive embedded software systems. To enjoy the fully-fledged advantages of reasoning, EAST-ADL models could benefit from a component-aware analysis framework that provides, ideally, both verification and model-based test-case generation capabilities. While different verification techniques have been developed for architectural models, only a few target EAST-ADL. In this paper, we present a methodology for code validation, starting from EAST-ADL artifacts. The methodology relies on: (i) automated model-based test-case generation for functional requirements criteria based on the EAST-ADL model extended with timed automata semantics, and (ii) validation of system implementation by generating Python test scripts based on the abstract test-cases. The scripts represent concrete test-cases that are executable on the system implementation. We apply our methodology to analyze the ABS function implementation of the Brake-by-Wire system prototype.

On Combining Model-Based Analysis and Testing

Testing a computer system is a challenging task, both due to the large number of possible test cases and the limited resources allocated for testing activities. This means that only a subset of all possible test cases can be chosen to test a system, and therefore the decision on the selection of test cases becomes important. The result of static analysis of a system can be used to help with this decision, in the context of model-based development of systems, this means that the analysis performed on a system model can be used to prioritize and guide the testing efforts. Furthermore, since models allow expression of non-functional requirements (such as performance, timing and security), model-guided testing can be used to direct testing towards specific parts of the system which have large impact on such requirements. In this paper, we focus on modeling and trade-off analysis of non-functional requirements and how static analysis helps to identify problematic parts of a system and thus guide the selection of test cases to target such parts.

Monitoring capabilities of schedulers in model-driven development of real-time systems

Model-driven development has the potential to reduce the design complexity of real-time embedded systems by increasing the abstraction level, enabling analysis at earlier phases of development, and automatic generation of code from the models. In this context, capabilities of schedulers as part of the underlying platform play an important role. They can affect the complexity of code generators and how the model is implemented on the platform. Also, the way a scheduler monitors the timing behaviors of tasks and schedules them can facilitate the extraction of runtime information. This information can then be used as feedback to the original model in order to identify parts of the model that may need to be re-designed and modified. This is especially important in order to achieve round-trip support for model-driven development of real-time systems. In this paper, we describe our work in providing such monitoring features by introducing a second layer scheduler on top of the OSE real-time operating systems scheduler. The goal is to extend the monitoring capabilities of the scheduler without modifying the kernel. The approach can also contribute to the predictability of applications by bringing more awareness to the scheduler about the type of real-time tasks (i.e., periodic, sporadic, and aperiodic) that are to be scheduled and the information that should be monitored and logged for each type.

Modeling Security Aspects in Distributed Real-Time Component-Based Embedded Systems

Model Driven Engineering (MDE) and Component Based Software Development (CBSD) are promising approaches to deal with the increasing complexity of Distributed Real-Time Critical Embedded Systems. On one hand, the functionality complexity of embedded systems is rapidly growing. On the other hand, extra-functional properties (EFP) must be taken into account and resource consumption must be optimized due to limited resources. However, EFP are not independent and impact each other. This paper introduces concepts and mechanisms that allow to model security specifications and derive automatically the corresponding security implementations by transforming the original component model into a secured one taking into account sensitive data flow in the system. The resulted architecture ensures security requirements by construction and is expressed in the original meta model, therefore, it enables using the same timing analysis and synthesis as with the original component model.

Dynamic Integration Test Selection Based on Test Case Dependencies

Prioritization, selection and minimization of test cases are well-known problems in software testing. Test case prioritization deals with the problem of ordering an existing set of test cases, typically with respect to the estimated likelihood of detecting faults. Test case selection addresses the problem of selecting a subset of an existing set of test cases, typically by discarding test cases that do not add any value in improving the quality of the software under test. Most existing approaches for test case prioritization and selection suffer from one or several drawbacks. For example, they to a large extent utilize static analysis of code for that purpose, making them unfit for higher levels of testing such as integration testing. Moreover, they do not exploit the possibility of dynamically changing the prioritization or selection of test cases based on the execution results of prior test cases. Such dynamic analysis allows for discarding test cases that do not need to be executed and are thus redundant. This paper proposes a generic method for prioritization and selection of test cases in integration testing that addresses the above issues. We also present the results of an industrial case study where initial evidence suggests the potential usefulness of our approach in testing a safety-critical train control management subsystem.

Towards Earlier Fault Detection by Value-Driven Prioritization of Test Cases Using Fuzzy TOPSIS

Software testing in industrial projects typically requires large test suites. Executing them is commonly expensive in terms of effort and wall-clock time. Indiscriminately executing all available test cases leads to sub-optimal exploitation of testing resources. Selecting too few test cases for execution on the other hand might leave a large number of faults undiscovered. Limiting factors such as allocated budget and time constraints for testing further emphasizes the importance of test case prioritization in order to identify test cases that enable earlier detection of faults while respecting such constraints. This paper introduces a novel method prioritizing test cases to detect faults earlier. The method combines TOPSIS decision making with fuzzy principles. The method is based on multi-criteria like fault detection probability, execution time, or complexity. Applying the method in an industrial context for testing a train control management subsystem from Bombardier Transportation in Sweden shows its practical benefit.

Runtime verification of state machines and defect localization applying model-based testing

In this paper we introduce a method for runtime verification of the behavior of a system against state machines models in order to identify inconsistencies between the two. This is achieved by tracking states and transitions at runtime and comparing with the expected behavior of the system captured in the form of state machine models. The goal is to increase our confidence that the order of states at runtime matches what is specified by the models. The method also provides for defect localization by identifying that in the transition between which states a deviation from the expected behavior has occurred. The necessity and importance of the method lies in the fact that in model-based development, models are also used to perform analysis. Therefore, if there is any discrepancy between the behavior of the system at runtime and the models, then the result of model-based analyses which are performed may also be invalid and not applicable for the system anymore. For this purpose, in our method we create executable test cases from state machine models to test the runtime behavior of the system.