At OMG meeting on Dec. 12, 2014, we presented astah GSN. We have been developing a new GSN(Goal Structuring Notation) tool on top of our UML/SysML tool "Astah" to covert both system's Design Model(as UML/SysML) and Assurance Case Model(as GSN) together. In this session, we will demonstrate and explain how we have integrated the two models in the same user interface.

1. Integrating UML/SysML and
GSN/Assurance Case:
New Tool Demonstration
Kenji Hiranabe (Change Vision, Inc)
Kenji Taguchi (AIST)

2. Agenda
• Introduction
• Background and Goals
• Our GSN Demo
• Conclusion
• Future Ideas

3. Change Vision, Inc. Overview
• Founded February 22, 2006
• Representative
- President and CEO
: Kenji Hiranabe
• Locations
– US Office
66 Front St, Berea, Ohio, 44017, USA
– Headquarters
Ueno HS Building 8th floor, 2-7-7, Ueno, Taito-ku, Tokyo
110-0005 Japan
– Fukui Office
3-111 Toiyacho, Fukui City, Fukui 918-8231 Japan

4. Fukui
Tokyo

5. Astah Family
Astah
Community
Astah
Professional
Astah
Lightweight, easy-to-use, and free UML modeler,
For free.
Full-featured edition with UML, ERD, DFD, Flowchart, CRUD,
Mind Maps and Requirements Table integrated together.
Simple SysML Edition
June, 2013
SysML
Astah
GSN
NEW
Simple GSN Edition (α)
α
NEW
Dec, 2013

6. wide acceptance in Brazil
Germany
Taiwan
India
Poland
France
UK
Others
10486
7480
5278
4505
4235
3435
50737
France
Poland 1%
1%
India
1%
Germany
3%
Others
14%
UK
1%
Taiwan
2%
USA
3%
China
3%
Brazil
30%
There is a big user community in Brazil .
Half of the non-JP users are in Brazil.
Japan
41%

7. Our Projects
Kenji Taguchi
GSN/Assurance Case
Today!
Kenji Hiranabe
Noriaki Ando
SysML to RTC
Last Year
Toshihiro Okamura
Geoffrey Biggs

8. Example GSN(and Legend)
Goal
(Claim)
InContextOf
G1
C1
C2
Control System is
acceptably safe to
operate
Operating Role
and Context
Context
Control System
Definition
SupportedBy
C3
G2
Tolerability
targets (Ref Z)
All identified hazards
have been eliminated or
sufficiently mitigated
Assumption
C4
Hazards identified
from FHA (Ref Y)
Strategy
A1
S1
All hazards have
been identified
Argument over each
identified hazards
A
Module
G4
G5
Hazard H1 has been
eliminated
Probability of Hazard H2
occuring < 1x10-6 per
year
Sn1
Formal
Verification
Solution
(Evidence)
M2
Probability of Hazard
H3 occuring < 1x10-3
per year

9. Astah GSN
•Conformance to “GSN COMMUNITY STANDARD V1”
•“Yorkish” style diagram
•Focus on Usability
•Multi-Platform
– Mac/Linux/Win
•Integration
with UML/SysML
•SACM XMI import/export

10. Demo

11. Problem Description
Demonstrate the movements
(Spiral and Back-and-Forth) by
controlling multiple autonomous Controller PC
kinect
robots from externally. Operator
can switch between the
autonomous mode and
demonstration mode.
Wi-Fi
Hardware architecture is
already known, we use Roomba Receiver PC
with PC that can control it using
Wi-Fi and use Kinect to switch
the mode.
Operator
Roomba

12. SysML: Overview

13. SysML: req [Core requirements]

14. SysML: req [Robot requirements]

15. SysML: req [Controller requirements]

16. SysML: bdd [Context diagram]

17. SysML: bdd System Struture&Interface

18. GSN for the system
C1
G1
System is acceptably
safe to operate
S1
Argument over each
component
Robot Module
Control module
Robot is acceptably
safe
Control System is
acceptably safe
System Definition
(BDD: Demo
components)

19. GSN – UML/SysML
Drag & Drop
UML/SysML Diagrams
on GSN Elements
You can jump to
the diagram

20. Module
You can create GSN
inside Modules.

21. Robot Module
G2
Robot is acceptably
safe
G3
G4
Max speed is lower
than 10cm/sec
Sn1
Safety
functional
requirements
Operator can stop
Robot anytime
G5
C1
(Req: Stop immediately)
Everyone can stop
Robot by pushing the
power button anytime

22. Import/Export XMI
SACM ver 1.0
(Structured
Assurance Case
Metamodel)
with some
restrictions

23. Conclusion
• We have developed a new GSN tool.
• GSN and SysML/UML in one solution, and
implemented links between each other.
• An Easy-to-use tool(Astah GSN) boosts
effectiveness of assurance case modeling.
• Need standard to exchange GSN models (hope
to see SACM 2.0).

24. Difficulties
• Relationship between GSN models and SACM’s
is not known for some elements
• Difficult to adopt SACM as the data format for
GSN tools because SACM is still under
development
• Hard part in using SACM(ARM) as GSN tools
– Can not recognize the kind of a element before
adding a relationship. (Ex. Solution)

25. GSN - SACM
GSN Ver. 1.0
SACM Ver1.0
GSN Ver. 1.0
SACM Ver1.0
Goal
Claim
Module
Argumentation?
Context
InformationElement
Contract
?
Strategy
ArgumentReasoning
Away Goal
CitationElement?
Solution
InformationElement linked using
an AssertedEvidence instance
Away Solution CitationElement?
Away Context
CitationElement?
SupportedBy
AssertedInference(Or
AssertedEvidence when linked
to Solution). The arrow head
attaches to the source element.
ToBeSupporte ?
dByContract
InContextOf
AssertedContext. The arrow
head attaches to the source
element.
Elements of
Argument
Patterns
Undeveloped
ToBeSupported = true
Assumption
Claim linked using an XXRelation
instance?
Justification
Claim linked using an
YYRelation instance?
?
SACM 1.0 is not ready for GSN Extensions

26. Future Topics
• Traceability and impact analysis from/to
GSN to SysML via the tool.
• Further support for modular extensions
and pattern extensions.
• SACM XMI with modular extensions
and pattern extensions.

27. Thank you
We are exhibiting the
tools. Please visit us.
Kenji Hiranabe
Toshihiro Okamura
Free Trial Download:
astah.net/gsn
Michael Jesse Chonoles