1.
www.thalesgroup.com
THALES GROUP OPEN
Arcadia and Capella: As much as I can
tell and demonstrate in a bit less than
one hour, from core concepts to
advanced practices and perspectives
Stéphane Bonnet
THALES
CAPELLA DAY, MUNICH, SEPT. 16TH 2019

2.
2
THALES GROUP OPEN
A focused journey
in a Capella model
Extremely quick and simple example
to introduce both the method and the tool

3.
3
THALES GROUP OPEN
Methodology and
high level concepts
and viewpoints
Purpose-built to
provide the
notation and
diagrams fitting the
Arcadia approach
Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin
partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2015Allrightsreserved.

4.
4
THALES GROUP OPEN
Understand the customer/user need
Define and share the solution among stakeholders
Secure SYS/SW/HW engineering, prepare subcontracting
Early evaluate and justify architectural design
Prepare and master V&V

5.
5
THALES GROUP OPEN
Arcadia : A “Simple” Engineering Language
NEED
SOLUTION

6.
6
THALES GROUP OPEN
Capability
Interface
Mode State
Function
Functional
exchange
involves
Functional
Chain
Scenario
Is described by
implements Actors,
Components
Component
exchange
involves

7.
7
THALES GROUP OPEN
Bird eye view of the approach

8.
8
THALES GROUP OPEN
A1
A3
A2
Operational Analysis
WHAT THE USERS/STAKEHOLDERS
NEED TO ACCOMPLISH
Support of discussions
with the customer, objectives,
activities and processes,
pains, gains, etc.

9.
9
THALES GROUP OPEN
Not relevant here
The exact boundary of our system/product

10.
10
THALES GROUP OPEN
F2
F1
F3
F4
F5
A1
A3
A2
System Need Analysis
WHAT IS EXPECTED
FROM THE SYSTEM
Capability trade-off analysis,
system boundaries, external
interfaces, actors

11.
11
THALES GROUP OPEN
Not relevant here
Anything solution-related: how things work, which technologies, etc.

12.
12
THALES GROUP OPEN
F2
F1
F3
F4
F5
A1
A3
A2
ViewPoints
C1
C2
C3
F21
F1
F6 F3
F22
Conceptual solution
HOW THE SYSTEM WILL WORK SO
AS TO FULFIL EXPECTATIONS
High-level architecture
description, functional
refinement, architectural
drivers, functional allocation,
first trade-offs,
modes and states analysis

13.
13
THALES GROUP OPEN
Not relevant here
Which specific sensors, which command device, communication
media between the drone and the base station, detailed interfaces

14.
14
THALES GROUP OPEN
F2
F1
F3
F4
F5
A1
A3
A2
HOW THE SYSTEM WILL BE
DEVELOPED AND BUILT
Implementation constraints,
reuse, refined trade-offs,
M/T/B strategy,
finalized detailed interfaces
ViewPoints
C1
C2
C3
F21
F1
F6 F3
F22
ViewPoints
C11
C12
C1’
C2
C3
C4
F21
F1
F6 F7
F22
e.g. Processors
e.g. Buses
e.g. SW, HW
components
Finalized Architecture
HOW THE SYSTEM WILL BE
DEVELOPED AND BUILT
Implementation constraints,
reuse, refined trade-offs,
M/T/B strategy,
finalized detailed interfaces

15.
15
THALES GROUP OPEN
Not relevant here
Internal detailed design of each system constituent

16.
16
THALES GROUP OPEN
Allocation
Allocation
Allocation
Allocation Deployment
Involvement
Involvement
Involvement
Involvement
Realization
OA
SA
LA
PA
Realization
Realization
Réalisation
CAPABILITIES FUNCTIONS STRUCTURE
Description
Description
Description
Description
NEEDSOLUTION
Realization Realization Realization
Realization Realization Realization Realization
Realization Realization Realization Realization
Exploitation

17.
17
THALES GROUP OPEN
Focus on (some) key features

18.
18
THALES GROUP OPEN
1. Functional chains
4. Property Values Management Tool (add-on)
2. Replication of elements
3. Filtering (add-on)

19.
19
THALES GROUP OPEN
1. Functional chains
What?
Creation and composition of functional chains
Why?
To capture system usage examples, to enforce design
completeness and consistence, to drive engineering activities
(e.g., V&V or development strategy)

20.
20
THALES GROUP OPEN
2. Replication of elements
What?
Automated synchronization of model parts, automated
reconnections
Why?
Enabler for instance-level modeling (cloning of a prototype
instance), enabler for reuse of building blocks

21.
21
THALES GROUP OPEN
U U
UU
D
P
Prototype pattern
the « type » is also an instance
Definition and usages
« types » are defined separately

22.
22
THALES GROUP OPEN
3. Filtering (add-on)
What?
Definition of criteria on model elements, automated preview
and derivation of filtered models
Why?
Master system increments, master the data exchanged with
customer or sub-contractors, etc.

23.
23
THALES GROUP OPEN
V1 V2 V3
Internal
SubA
Sub B
Overall need solution model

24.
24
THALES GROUP OPEN
V1 V2 V3
Internal
SubA
Sub B
V1 and V2 for Sub A

25.
25
THALES GROUP OPEN
4. Property Values Management Tool (add-on)
What?
Easy creation of model extensions and customization of
diagram graphical rendering
Why?
Charactization of models with meaningful, domain-specific
information, instant perception of added-value for models

26.
26
THALES GROUP OPEN
Augmenting requirements
with models
to improve the articulation between engineering levels
and optimize verification and validation activities

27.
27
1. Model elements ARE requirements

28.
28
Textual
requirements
are at the heart of
the current
engineering
practices
Solution model
helps validate
feasibility,
elicit/justify new
requirements for the
system/subsystems
Need model
helps formalize and
consolidate
customer and
system requirements

29.
29
Capability
Interface
Mode State
Function
Functional
exchange
involves
Functional
Chain
Scenario
Is described by
implements Actors,
Components
Component
exchange
involves

30.
30
Visualize data in live during flight
Display acquired HD video in live
Display multi-spectral image in live
Display thermal image in live
Visualize all collected mission data
Visualize substance level in live

31.
31
Models add rigor to need expression / solution description
Models enable automated processing

32.
32
R
R
Requirements Model elements
R

33.
33
Textual
Requirements
Model elements
Requirements
R
R
R

34.
34
A model requirement can formalize a textual requirement
and explicit its effects and ramifications

35.
35
Some expectations (environmental, regulations, etc. )
are easier to express with textual descriptions.

36.
36
Some expectations on a model element at a given engineering level do
not require a formal modeling (which is left to subsystem design)

37.
37
2. Contracts between
engineering levels: workflow

38.
38
Solution
NeedSolution
Textual
Requirements
Direct
allocation
LevelN

39.
39
Solution
Textual
Requirements
NeedSolution
Direct
allocation
1
1.
Elicitation of model
and textual
requirements on the
system
LevelN

40.
40
Solution
Textual
Requirements
Direct
allocation
1
2
2.
Architecture description
specifies with the
adequate level of detail
how the system works and
what is expected from
each constituent
The goal here is to prepare
the contracts for all
subsystems and guarantee
their proper integration.
LevelN
NeedSolution

41.
41
Solution
NeedSolution
Textual
Requirements
Direct
allocation
LevelN 1
2
C11
F21
F1
F6
Textual
Requirements
3 4
Need
LevelN+1
4.
Textual requirements are
created when needed, in
addition to the model
requirements: legal, non-
functional, additional
specification of internal
expected behaviour
3.
The context of a given system
constituent is entirely
computed (anything
contributing to the definition of
this constituent including
allocated Functions,
interfacing Components, etc.)

42.
42
Tablet is a
constituent of a
drone-based
system
Tablet is the
(sub)system
of interest
3

43.
43
Model-based workflow favors
co-engineering over the
traditional differentiation
between “customer”
requirements and “system”
requirements

44.
44
3. (Happy) consequences
on V&V and incremental
development strategy

45.
45
Textual
Requirements
Model
Requirements
R
R
R
(Derived,
reconstructed link)
IVV
Version
(RV/DV)
Verification and
validation

46.
46
System-level V&V procedures
Visualize data in live during flight
Display acquired HD videoin live
Display multi-spectral image in live
Display thermal image in live
Visualize all collected mission data
Visualize substance level in live
Subsystems, software, etc.
System architectural design
R R
Vertical slices of architectural design
across need and solution models
Definition of increments with expected
functional chains (user stories)
INC 1
INC 2

47.
47
Instanciated workflow
Two years, 30 persons

48.
48
THALES GROUP INTERNAL
Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin
partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved.
System Engineering data package
SYSTEM BLACK
BOX
SYSTEM
GLASS BOX
Sub-System Engineering data package
SUB-SYSTEM
BLACK BOX
SUB-SYSTEM
GLASS BOX
System delivery
Sub-System delivery
SUB-SYSTEM
COMPONENTS
SYSTEM
VERIFIED
SYSTEM
INTEGRATED
SUB-SYSTEM
VERIFIED
SUB-SYSTEM
INTEGRATED
x8
Classical scheme, rolled out by increments

49.
49
THALES GROUP INTERNAL
Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin
partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved.
IVV procedure
Functional chain RequirementsFunctional Chains list Functional Chains release definition
IVV Test Suite Repository

50.
50
THALES GROUP INTERNAL
Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin
partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved.
Requirements
SA functional
chains
SA Functions &
exchanges
System
Context
SYSTEM BLACK BOX
System
Context
SYSTEM GLASS BOX
satisfies
LA functional
chains
LA functions &
exchanges
15 leaf components
402 leaf-functions
1856 funct. exchanges
1676 requirements
Domain
knowledge
Logical (LA)
components
Requirements
Interface & Data
6 capabilities
198 funct. Chains
24 leaf-functions
458 funct. exchanges
641 requirements

51.
51
THALES GROUP INTERNAL
Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin
partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved.
SUB-SYSTEM BLACK BOX
SYSTEM GLASS BOX
System Logical
Architecture
LA functional chains System Internal Data
Sub-system Context
Requirements
Requirements
SA functional chains External Data
READ ONLY input contract

52.
52
THALES GROUP INTERNAL
Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin
partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved.
VERIFICATION ACTIVITIES
SYSTEM BLACK BOX
Defects
System FC status
Requirements
SA functional
chains
SA Functions &
exchanges
System
Context
SYSTEM BLACK BOX
Test results
Enhanced monitoring of progress and verification

53.
53
THALES GROUP INTERNAL
Thisdocumentmaynotbereproduced,modified,adapted,published,translated,inanyway,inwholeorin
partordisclosedtoathirdpartywithoutthepriorwrittenconsentofThales-©Thales2016Allrightsreserved.
SYSTEM BLACK BOX
Test suites
SA functional chains
Impact analysis
Requirements
LA functions & exchanges
Check of consistency
with specification Specification Defects
Component Defects Component Evolution
Test results, model facilitates analysis

54.
54
THALES GROUP OPEN
Updates and perspectives
Sneek peak on 2 evolutions, global orientations

55.
55
THALES GROUP OPEN
Refactoring of the modeling of actors

56.
56
THALES GROUP OPEN
Assets & Threats Modeling for supporting cyber security risk management
Describe the threats, threat
sources, primary assets being
threatened
Identify the critical data and the
functions and components
manipulating this data
Identify the trust boundaries
Visualize the security levels of
the solution (Confidentiality,
Integrity, Availability and
Traceability security levels

57.
57
THALES GROUP OPEN
Assets & Threats Modeling for supporting cyber security risk management
Describe the threats, threat
sources, primary assets being
threatened
Identify the critical data and the
functions and components
manipulating this data
Identify the trust boundaries
Visualize the security levels of
the solution (Confidentiality,
Integrity, Availability and
Traceability security levels

58.
58
THALES GROUP OPEN
Assets & Threats Modeling for supporting cyber security risk management
Describe the threats, threat
sources, primary assets being
threatened
Identify the critical data and the
functions and components
manipulating this data
Identify the trust boundaries
Visualize the security levels of
the solution (Confidentiality,
Integrity, Availability and
Traceability security levels

59.
59
THALES GROUP OPEN
A place to share open source
prototypes, experiments, small
non-industrialized developments.
Coming soon…
(hopefully by the end of 2019)

60.
60
Resources

61.
61
THALES GROUP OPEN
https://polarsys.org/fo
rums/index.php/f/10/
https://www.youtube.com/pl
aylist?list=PLfrEYVpSGVLxEFR
ODSWUTP8N5i3NTG4o-

62.
62
THALES GROUP OPEN
https://polarsys.org/capella/index.html

63.
63
THALES GROUP OPEN
September 19th , 2019
4 PM - 5 PM (Paris / Berlin local time)
http://bit.ly/Registration_CapellaWebinar19_5

64.
www.thalesgroup.com
THALES GROUP INTERNAL
Thank You! Questions?
Capella website:
http://www.polarsys.org/capella/
LinkedIn
https://www.linkedin.com/groups/8605600
Twitter
https://twitter.com/capella_arcadia
Arcadia forum:
https://polarsys.org/forums/index.php/f/12/
Capella forum:
https://polarsys.org/forums/index.php/f/13/
IFE model & doc.:
http://www.polarsys.org/capella/start.html