TOGAF™ to the Platform: Developing Dependability Cases, 2011 RTESF San Diego Meeting

By G. Edward Roberts, Elparazim

The Open Group RTES (Real Time Embedded Systems) Forum has embarked on a project to define a RTES version of TOGAF™.  To accomplish this task, the Forum has looked at technologies and techniques that represent the “best-of-breed” practices in the industry. So far, the Forum has studied the Modeling side of development with AADL (Architecture and Analysis and Design Language) standard from the SAE (Society of Automotive Engineers), SysML (Systems Modeling Language) and MARTE (Modeling and Analysis of Real-Time and Embedded Systems) from the OMG (Object Management Group).  These technologies and their use will definitely be in the guidelines being added into this vertical domain instance of TOGAF™.

On this afternoon’s session of the Forum during The Open Group Conference, San Diego, there will be a continuation of a discussion started in a webinar from September 2010. That webinar outlined certain proposals by some of the members on what they thought could be accomplished by the Forum in the area of the development of Dependability Cases for systems. One interesting proposal was the development of a multi-level taxonomy/ontology of Assurance attributes that would need to be captured by any tools supporting the development of Dependability Cases.  These discussions will help shape the roadmap for the Forum’s work in this area.

At this Conference, the RTES Forum will start to examine the technologies and techniques in the industry surrounding the development of Dependability Cases.  Many systems lack dependability (aka Assurance) in certain areas, e.g. MILS, security, deadlock avoidance, due to the lack of detailed development resulting in a failure to detect flaws (assumptions, missing data, lack of testing) in ones design of a Real-Time and/or Embedded System. In the past, systems desiring to be at a high level of Assurance in some area had to be formally (i.e. mathematically) proved for correctness (called ‘Formal Methods’).  This was an extremely costly endeavor. The industry has recognized this dilemma and showed that a somewhat lesser degree of Assurance could be obtained by making a formal structured argument about the system meeting certain requirements, i.e. a Dependability Case, which would keep track of the details of what one has to provide as evidence to prove the case. This technique has the ability to represent formal methods as well as these lesser Assurance arguments.

On Tuesday during the Conference, there will be a set of presentations on Dependability Cases technologies and the processes needed to develop them. First, I will present an update to the Forum on the work being done current on this project. Included with this report is the work being done in modeling TOGAF™ and its importance to the RTES effort. The second presentation will be a look at the technologies surrounding Dependability Cases: ARM (Argumentation Metamodel)  and SAEM (Software Assurance Evidence Metamodel) from the SysA group in the OMG, soon to be combined together into a single standard, SACM (Structured Assurance Case Metamodel), the GSN (Goal Structuring Notation) and a general discussion of the work of Steven Toulmin’s reasoning model with which these technologies have been influenced.

The third lecture, by Rance DeLong of Lynux Works, will deal with some of the theory and practice of building Dependibility Cases using his recent work on MILS Protection Profiles. This lecture will deal with how one does Compositional Certification, that is, given components that have some level of Assurance, how does one combine them to develop systems that are assured.  Also included in this lecture will be a discussion on the Common Criteria Authoring Environment and new MILS research directions.

The fourth and final presentation on this topic, will be right after lunch on Tueday at 1:30pm, and will be presented by Dr. Matsuno of the University of Tokyo on D-Case technology.  This is a process and soon to be released tool on the eclipse platform to develop Dependability Cases for systems.  The forum is excited to have Dr. Matsuno present and hopes that this will open up a process description that will be part of the RTES plugin to TOGAF™.

G. Edward Roberts is owner of Elparazim, a consulting company on Enterprise/Software Architecture and Development. Edward holds degrees in Electrical Engineer and Mathematics, and worked for most of his professional life, as an Advanced Technology Researcher for the US Navy. He is currently working with the Real-Time Embedded Systems Forum, of which he is a member, to develop a domain specific TOGAF™ for that sector and the Architecture Forum (also a member) to model TOGAF 9.  Edward is a TOGAF™ 9 Certified Architect and certified Professional Engineer in EE.