The document discusses the importance of dependability in embedded systems and systems of systems. It notes that modern society relies on interconnected critical systems like power grids, transportation, and healthcare. Ensuring the safety, reliability, and security of these complex, life-critical systems is paramount but also challenging given the scale and integration involved. The document advocates for model-based systems engineering approaches using high-fidelity modeling to facilitate requirements management, architecture design, and dependability analysis through techniques like fault tree analysis, security analysis diagrams, and automated reporting. This helps deliver functionality while addressing concerns of safety, performance, integration and certification early in the development process.

1. ®
IBM Software Group
Embedded Ubiquity and the Exigency of
Dependability
Designing systems as if our lives depend on them
Dr. Bruce Powel Douglass, Ph.D.
Chief Evangelist, IBM Rational
Bruce.Douglass@us.ibm.com
Twitter: @BruceDouglass
Yahoo: http://tech.groups.yahoo.com/group/RT-UML
IBM: www-01.ibm.com/software/rational/leadership/thought/brucedouglass.html
Innovation for a smarter planet © 2012 IBM Corporation

2. IBM Software Group | Rational software
Triathlon – A life without embedded devices?
 Individual sport composed of
 Swimming
 Bicycling
 Running
 And, occasionally, throwing up
 You against the course, mano a mano
 A sport of grit, determination, endurance,
and pain tolerance
 Surely this has nothing to do with
embedded systems
Innovation for a smarter planet 2

3. IBM Software Group | Rational software
A day in the (embedded) life of a triathlete
Yes, I am wearing devil horns –
That’s the way I roll …
Innovation for a smarter planet 3

4. IBM Software Group | Rational software
Embedded Systems for Triathletes?
Bike computer
Bike power meter
GPS Sports Watch w/ HR, cadence, computer interface
Race timing system
Innovation for a smarter planet 4

5. IBM Software Group | Rational software
What about the stuff around the triathlete?
Innovation for a smarter planet 5

6. IBM Software Group | Rational software
What about the stuff around the triathlete?
Innovation for a smarter planet 6

7. IBM Software Group | Rational software
What about the stuff around the triathlete?
Innovation for a smarter planet 7

8. IBM Software Group | Rational software
Healthcare is deeply electronically-interconnected
Primary Care
Specialists Physician
Electronic Personal
Health Health Record Health Record
Plans
Patient
Pharmacy /
Surgery
Labs
Employers Care Emergency
Providers Department
Medical Devices
Imaging, Pumps,
Robotics
Remote Emergency
Monitoring Services
State & Central
Programs Remote Telehealth
Data Diagnosis Consultation
Innovation for a smarter planet 8

9. IBM Software Group | Rational software
We live in a deeply electronically-interconnected world
 Each subject area is rich with embedded systems closely interconnected
 All subject areas interconnect with others providing and using data and services
 This interconnection provides the basis for a technology-centric society
Water Treatment,
Power Generation Water management, sewer
Communications Pharmacy /
Generation and distribution Phone, Radio, TV Labs
Emergency
Transportation Health Care Department
Planes, Trains & Autos Imaging, Pumps,
Robotics
Innovation for a smarter planet 9

10. IBM Software Group | Rational software
Are we ready to develop these systems?
Are we ready?
• To deliver the functionality?
• To deliver the performance?
• To integrate dozens to hundreds of complex systems?
• To deliver the system with adequate security?
• To deliver the system with adequate safety?
Innovation for a smarter planet 10

11. IBM Software Group | Rational software
Are we ready to develop these systems?
Are we ready?
• To deliver the functionality?
• To deliver the performance?
• To integrate dozens to hundreds of complex systems?
• To deliver the system with adequate security?
• To deliver the system with adequate safety?
Malware implicated in fatal Spanair
plane crash
- msnbc.com August 23, 2010
Innovation for a smarter planet 11

12. IBM Software Group | Rational software
Are we ready to develop these systems?
Nuclear plant in Georgia forced into
emergency shutdown due to
unintentional “cyber-incident”
- Washington Post, June 5, 2008
Are we ready?
• To deliver the functionality?
• To deliver the performance?
• To integrate dozens to hundreds of complex systems?
• To deliver the system with adequate security?
• To deliver the system with adequate safety?
Malware implicated in fatal Spanair
plane crash
- msnbc.com August 23, 2010
Innovation for a smarter planet 12

13. IBM Software Group | Rational software
Are we ready to develop these systems?
Nuclear plant in Georgia forced into
emergency shutdown due to
unintentional “cyber-incident”
- Washington Post, June 5, 2008
Are we ready?
• To deliver the functionality?
• To deliver the performance?
• To integrate dozens to hundreds of complex systems?
• To deliver the system with adequate security?
• To deliver the system with adequate safety?
Braking software glitch contributes to
recall of hundreds of thousands of
vehicles worldwide
- Associated Press, 2010
Malware implicated in fatal Spanair
plane crash
- msnbc.com August 23, 2010
Innovation for a smarter planet 13

14. IBM Software Group | Rational software
Are we ready to develop these systems?
Nuclear plant in Georgia forced into
emergency shutdown due to
unintentional “cyber-incident”
- Washington Post, June 5, 2008
Are we ready? Siemens SCADA system breached by
• To deliver the functionality?
weaponized computer virus
• To deliver the performance?
• To integrate dozens to hundreds of complex systems?
- ComputerWorld July 17, 2010
• To deliver the system with adequate security?
• To deliver the system with adequate safety?
Braking software glitch contributes to
recall of hundreds of thousands of
vehicles worldwide
- Associated Press, 2010
Malware implicated in fatal Spanair
plane crash
- msnbc.com August 23, 2010
Innovation for a smarter planet 14

15. IBM Software Group | Rational software
Systems Engineering – the solution to all our problems….?
Innovation for a smarter planet 15

16. IBM Software Group | Rational software
State of the Practice for Systems Development
 Systems and Software Engineering Environment in general
 Are document-centric
 Require huge investment in planning that doesn’t reflect actual project execution
 Have difficulty adapting to change.
 Require expensive and error-prone manual review and update processes.
 Require long integration and validation cycles
 Are difficult to maintain over the long haul
 Additional standards constraints
(eg DO-178B, ISO26262, AUTOSAR,
DoDAF) add to the challenge
 Tooling Selection
 Dependability engineering
 Safety
 Reliability
 Security
 System certification
Innovation for a smarter planet 16

17. IBM Software Group | Rational software
Modern Processes and Practices are Evolving
Past Future
Model-Based Engineering Analysis &
Design
Defect Avoidance Requirements
Definition &
Management
Construction
Configuratio
Defensive Design n & Change
Mgmt
Build &
Release
Continuous Integration Management
Quality
Asset
Management
& Reuse
Management
Risk Management Production
Project Governance
Dynamic Planning THE AGILE MODEL
Moving from waterfall “ballistic” planning to incremental, adaptive approach
Innovation for a smarter planet 17

18. IBM Software Group | Rational software
High-Fidelity Modeling for Systems Engineering
 Hi-MBE brings to engineering
 Precision
 Executability
 Stakeholder/Analysis-relevant viewpoints at any desired level of abstraction e.g.
 Functionality
 State-based behavior
 Algorithmic/control behavior
 Structure and Architecture
 Integration of engineering work, e.g.
 Functional requirements
 Dependability analysis
– Safety
– Reliability
– Security/Information Assurance
 Architectural structure, behavior, and allocation
 Control analysis
Innovation for a smarter planet 18

19. IBM Software Group | Rational software
Models and Viewpoints in Model-Based Systems Engineering
Subsystems, interfaces, Mechanical
Subsystem use cases/ Specification Model and text
Functional Requirements
Model
Model-
bas ed
Executable use cases
Architectural handof f
Functional and
QoS requirements Model
Subsystem Electronic
Model(s) Specification
Dependability Model and text
Model
Safety, reliability,
Control
and security analysis Model
FTA, FMEA, FEMCA,
Software
Asset Diagram, SAD Control algorithms, Specification Model and text
mathematical models
Innovation for a smarter planet 19

20. IBM Software Group | Rational software
Dependability == ∑ Safety, Reliability, and Security
 Cyberphysical systems and system of systems exist today that create and manage
society-supporting services and systems, including
 Power grids
 Transportation (air, ground, and sea)
 Emergency response
 Water and sewage
 Communications
 … to name just a few
 Cyberphysical systems and systems of systems have the potential for extremely
impactful consequences in terms of safety, reliability, and security
 It is crucial that we can reason appropriately about these concerns early and not
rely on ex post facto analyses
Innovation for a smarter planet 20

21. IBM Software Group | Rational software
Model-Based Dependability Analysis
Innovation for a smarter planet 21

22. IBM Software Group | Rational software
Model-Based Threat Analysis
 Security Analysis Diagram (SAD)
is like a Fault Tree Analysis (FTA)
but for security, rather than safety
 It looks for the logical relation
between assets, vulnerabilities,
attacks, and security violations
 Permits reasoning about security
 What kind?
 How much?
 Where?
 When?
 Risk assessments
Innovation for a smarter planet 22

23. IBM Software Group | Rational software
Model-Based Threat Analysis
 An Asset Diagram looks at
the semantic relations
between roles,
authentication,
vulnerabilities, and
countermeasures. It is a
way of representing the
security-relevant design
elements.
 Here it is shown with
traceability links to
requirements
 Assets can be
 Physical
 Informational
 Currency
 Resource
 Security
 Services
Innovation for a smarter planet 23

24. IBM Software Group | Rational software
Auto-generation of dependability-relevant summary data
Fault Source Matrix, Fault Detection Matrix, Fault-Requirement Matrix, FMEA, FMCA, Hazard Analysis…
• Traceability improves your ability to
make your safety/security case
Dependability metadata guides
- System requirements
- Downstream engineering work
- Regulatory approval submissions
Innovation for a smarter planet 24

25. IBM Software Group | Rational software
Design for Dependability
Dependability Analysis:
• Fault Tree Analysis (FTA)
• Fault Means and Effective
Analysis (FMEA)
• Hazard Analysis Safety Eng.
• Security Analysis Diagram ARP-4761
• Asset Diagram ISO
26262
IEC 61508
Requirements Analysis:
• Functional and Non-Functional
Requirements
• Safety Requirements Systems Eng.
• Business and Regulatory
ARP-4754
Requirements
System and Software Design:
• Structural
• Behavioral Software
Developer
• Temporal
DO-178B
• … IEC 62304
Innovation for a smarter planet 25

26. IBM Software Group | Rational software
Systems Engineering Workflows (e.g. Safety Analysis)
Harmony/SE
Systems Engineering:
Requirements Analysis
Innovation for a smarter planet 26

27. IBM Software Group | Rational software
Harmony/SE: Design Synthesis
Innovation for a smarter planet 27

28. IBM Software Group | Rational software
Update Safety Analysis Task
Innovation for a smarter planet 28

29. IBM Software Group | Rational software
Tooling automates best practice workflows
Use modeling to validate requirements, architecture
and design throughout the development process
Practices
Architecture & Design
Rational Rhapsody and Process
Requirements
Management Quality Management
Rational Quality Manager
Rational DOORS
Manage all system requirements Achieve “quality by design”
with full traceability across Collaboration with an integrated, automated
the lifecycle Rational Team Concert testing process
Collaborate across diverse engineering
disciplines and development teams
COLLABORATE AUTOMATE REPORT
Achieve common Increase efficiency Continuously improve
goals by optimizing and predictability by by measuring and
how people work integrating workflows reporting progress
Innovation for a smarter planet 29

30. IBM Software Group | Rational software
Designing systems as if our lives depend on them
 Our society is only sustainable with technological assistance
 Reliable, safe, and secure delivery of services
 Productivity of agriculture and industry
 Unbroken distribution chains
 Low cost of energy
 Balancing dwindling resources
 Innovation in production
 The systems we create today are absolutely crucial in supporting our society, health,
and well-being
 (Hard) Each individual system must be designed to be reliable, safe, and secure
 (Harder) The totality of systems acting in concert must be reliable, safe and secure
 This can be done by innovatively supporting systems development with
 Intelligence
 Best Practices
 Tooling
Innovation for a smarter planet 30

31. IBM Software Group | Rational software
Thank you very much!
Innovation for a smarter planet 31