Embed Size (px)
Citation preview
3. Juni 2010
1
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
Version 1.0 - 3. Juni 2010
-1-
Model Based System Engineering for Safety and Security Aspects
Rudolf Hauber
HOOD GmbHBüro MünchenKeltenring 782041 OberhachingGermany
Tel: 0049 89 4512 53 0www.HOOD-Group.com
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-2-
Version 1.0 - 3. Juni 2010
Content
Using SysML Safety & Security Enhancement
SysML Safety & Security Viewpoint
HOOD Group1
3
4
5 SysML Support for Safety & Security Engineering
6 Summary
2 SysML out-of-the-box
3. Juni 2010
2
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-3-
Version 1.0 - 3. Juni 2010
Our Business
The usage of Requirements Management & Engineering (RM&E) and continuous process improvement initiatives like CMMI or SPICE are an essential part for big and world wide organisations to develop complex products, services and systems.
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-4-
Version 1.0 - 3. Juni 2010
Our Customers
� Automotive Manufacturer� Adam Opel GmbH� Audi AG� BMW AG� Daimler AG � Volkswagen AG
� Automotive Supplier� Hella KGaA Hueck& Co� Robert Bosch GmbH� TRW
� Logistic � Deutsche Bahn AG� Schenker Logistics� Siemens Mobility
� Aerospace Industry� EADS
� Medical Industry� Drägerwerk AG & Co. KGaA� Siemens Healthcare
� Telecommunication� Alcatel-Lucent� NetCologne Gesellschaft für
Telekommunikation mbH � O2 Germany GmbH & Co. OHG� Vodafone
� Banking and Insurance� AXA Konzern AG� BMW Bank GmbH � Interpolis
3. Juni 2010
3
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-5-
Version 1.0 - 3. Juni 2010
Our Expertise
ChangeManagement
VersionManagement
TestManagement
RequirementsDevelopment
ConfigurationManagement
RiskManagement
QualityManagement
ProjectManagement
Requirements Management is the interface between Re quirements Development and all other Systems Engineering Proce sses
Requirements Management
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-6-
Version 1.0 - 3. Juni 2010
Model Based Systems Engineering (MBSE) Expertise
� Modelling is a central element in the HOOD Requirements Specification Process and in the derivation of requirements
� HOOD actively works on INCOSE “Model Based System Engineering vision 2020”
Mod
ellin
g
Mod
ellin
g
<<protocol>>HDLCRS 2321..*
Zentralrechner
TCP/IP<<protocol>>
Deploys
Aufzugsteueru
ng
Aufzug
<<PC>>Operator
Speed = 32 MHzRAM = 64 KB
Stockwerkportal
:System
1: evCommandIBIT ()
2.1.1: evDisplayIBITResult
1.1: evCommandIBIT()
2.1: evDisplayIBITResult
Maintainer:SNMP Agent
:System
1: evCommandIBIT ()
2.1.1: evDisplayIBITResult
1.1: evCommandIBIT()
2.1: evDisplayIBITResult
MaintainerMaintainer:SNMP Agent
:SNMP Agent
Customer Requirements Specification
System Requirements
System DesignCustReqSpec
Subsystem Requirements
Subsystem Design
Implementation
3. Juni 2010
4
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-7-
Version 1.0 - 3. Juni 2010
HOOD Guideline: Structure of ChangeProcess Improvement is not just a technical challen ge.
Source: Colin Hood 1997Model of change based on work by Lewin 1947 and Schein 1961-1965
Bar
riers
Learning
Unfreezing
Refreezing
Thinkingdifferently
Progress of change
Recognising the barriers to change and helping people to
overcome their anxiety, is necessary for successful
change
� Lack of discomfort/anxiety with present system
� Ignoring information that does not fit with the past
� Lack of psychological safety in the change, fear of loss of identity or integrity
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-8-
Version 1.0 - 3. Juni 2010
Services - Overview
Process-Development
& Optimisation
Establish a Competence Center
Tool-Evaluation
Pilot Projects & Roll-Out
Workshops & Training
Software-Development
& Customisation
Key People Education
CoachingRM&E-
Assessment
Initialise
Implement
Operate
Communication, Motivation, Education and Acceptance
3. Juni 2010
5
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-9-
Version 1.0 - 3. Juni 2010
HOOD- Excellence in Requirements
ReConf
SubConf
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-10-
Version 1.0 - 3. Juni 2010
The benefits of working with HOOD
Complete Spectrum of Services
InnovationLeader in RM&E
Many Years ofExperience in morethan 150 RM&EProjects
Industry specificTraining
HighlyqualifiedConsultants
Network ofPartners
ProofenQuality ImprovementApproach
Industry specificKnow-How
3. Juni 2010
6
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-11-
Version 1.0 - 3. Juni 2010
HCMs – Requirements Management & Definition
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-12-
Version 1.0 - 3. Juni 2010
Content
Using SysML Safety & Security Enhancement
SysML Safety & Security Viewpoint
HOOD Group1
3
4
5 SysML Support for Safety & Security Engineering
6 Summary
2 SysML out-of-the-box
3. Juni 2010
7
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-13-
Version 1.0 - 3. Juni 2010
SysML TrainingCopyright © 2008 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-13-
Version – 2008-04-25
Motivation
System- and Software-Development is not easy!
� Using models for problem area
and solution area
� reduces complexity
� facilitates communication
� eases re-use
� Modeling is well-established engineering technique
� Benefits for different stakeholders
� Customer� Project management� Development� Quality assurance
� Other stakeholders(Von Rational Websources)
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-14-
Version 1.0 - 3. Juni 2010
Views, models and diagrams
� Different types of diagrams show different aspects of the system
� Aspects complement and overlap one another
� Architecture frameworks guide the creation of models
� Consistency of the model must be established<<protocol>>
HDLCRS 2321..*
Zentralrechner
TCP/IP<<protocol>>
DeploysAufzugste
uerung
Aufzug
<<PC>>Operator
Speed = 32 MHzRAM = 64 KB
Stockwerkportal
: Rufelement Stw5 : Stockwerk
: Zentralsteuerung
FA5 : Fahrtauftrag
B : Aufzug
gedrückt(Richtung) Aufzug
anfordern (Richtung)
gib Status()
Aufzug ermitteln()
E: erzeuge(Richtu
ng ) Fahre zu Stockwerk(F A5)
klingeln klingelnTür öffnen
Tür öffnenzerstören
Aufzug anfordern
(Richtung)
E
Türen müssen synchron aufgehen
Status
Fahrt zu Zielstockwer
k
:Benutzer
Requirements View
Safety View
Functional View Physical View
Timing ViewBehaviour View
Operational View
SecurityView
3. Juni 2010
8
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-15-
Version 1.0 - 3. Juni 2010
Why UML/SysML
� UML/SysML includes:� notation (graphical), concepts and semantics, guidelines
� Aims:� mature notation on formal basis� extensible (stereotypes) � support for established well-tried concepts
� i.e. state charts, message sequence charts,...
� Advantages� Well-known� Simple to understand� Standardized, state-of-the-art
� Not included:� Method � Safety modeling elements� Security modeling elements
(from SysML Spec)
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-16-
Version 1.0 - 3. Juni 2010
Content
Using SysML Safety & Security Enhancement
SysML Safety & Security Viewpoint
HOOD Group1
3
4
5 SysML Support for Safety & Security Engineering
6 Summary
2 SysML out-of-the-box
3. Juni 2010
9
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-17-
Version 1.0 - 3. Juni 2010
Safety Viewpoint
<<viewpoint>>
SysML Safety Viewpoint
� Properties� hazard severity� hazard likelihood� failure mode� failure impact� SW criticality level (DAL)
� Stereotypes� Class <<Hazard>>� Class <<Failure>>� ….
� Views� System hazards and risks� Safety mechanisms� (Fault Tree Analysis)� (FMEA)
Stakeholders = ”Chief Engineer, Lead Architect, Safety Engineer, Risk Manager, Test Manager”
Concerns = “All safety-relevant aspects”Purpose = “This viewpoint addresses all safety
relevant aspects of the system; i.e.• identify objectives related to IT and product
safety,• analyse hazards of the product, • derive safety requirements from hazards,
refine safety requirements to technical requirements on the system and subsystem in accordance with legal rules / laws,
• develop safety strategy and safety model for proving the safety requirements fulfillment
• justify system measures and measures in the system environment covering the safety requirements”
Languages = “SysML, UML, textual description”
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-18-
Version 1.0 - 3. Juni 2010
Security Viewpoint
<<viewpoint>>
SysML Security Viewpoint
� Properties� threat severity� damage impact� security level� risk severity� risk likelihood� encryption method� ….
� Stereotypes� Class <<Threat>>� Node <<Firewall>>� …..
� Views� System Threats and risks� IT security measures� Role concept� Intrusion prevention
Stakeholders = ” Chief Engineer, Lead Architect, Security Engineer, Risk Manager, Test Manager”
Concerns = “All security-relevant aspects”Purpose = “This viewpoint addresses all security relevant
aspects of the system; i.e. • analyse threats and risks for the security, • derive security requirements from threats and risks, • refine security requirements to technical
requirements on the system and subsystem in accordance with legal rules / laws,
• develop security strategy and security model for proving the security requirements fulfillment
• justify system measures and measures in the system environment covering the security requirements”
Languages = “SysML, UML, textual description”
3. Juni 2010
10
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-19-
Version 1.0 - 3. Juni 2010
Content
Using SysML Safety & Security Enhancement
SysML Safety & Security Viewpoint
HOOD Group1
3
4
5 SysML Support for Safety & Security Engineering
6 Summary
2 SysML out-of-the-box
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-20-
Version 1.0 - 3. Juni 2010
Using UML/SysML for Safety & Security Aspects
� Same examples of SysML capabilities to capture safety & security aspects
� Along the V-Model System development process
� SD-1.3 „Definition of Criticality and Quality Requirements “
� SD-1.6 „Threat and Risk Analysis “: Consider safety & security aspects
<<hazard>> UnintenionalMissleLaunch{ severity = Catastrophic }
<<block>> Launcher
<<endangers>>
<<block>>FireControlManager{ criticality = high }
<<block>> MissionPlanManager
{ criticality = low }
SE 8
SE 9
SE 4
SE 5
SE 6
SE 7
SE 1
SE 2
SE 3
3. Juni 2010
11
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-21-
Version 1.0 - 3. Juni 2010
Using UML/SysML for Safety & Security Aspects
V-Model SD-2.1 „Describe the system“: Consider security aspects
� Examples for encryption mechanisms
� Examples of access rules and role concept
<<block>>Server TCP
{encryption = SSL }
<<block>>Radar
<<service>> createNewCustomer ( ){access=Admin}
<<service>> getCustomerProfile ( ){access=ERG User}
<<Subsystem>>CustomerManagement
create ERG
access ERG information
ERG User
Adminmodify ERG
NormalUser
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-22-
Version 1.0 - 3. Juni 2010
Content
Using SysML Safety & Security Enhancement
SysML Safety & Security Viewpoint
HOOD Group1
3
4
5 SysML Support for Safety & Security Engineering
6 Summary
2 SysML out-of-the-box
3. Juni 2010
12
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-23-
Version 1.0 - 3. Juni 2010
Ideal Safety Engineering Practice
Analyse early system design
Propose safety requirements and design changes
Analyze changed system design Assess safety requirements satisfaction
Early system design
Safety issues
Changed system design
Approved system design
MBSE Design model
MBSE Design model
MBSE Design model
Failures allocated to model elements
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-24-
Version 1.0 - 3. Juni 2010
<<block>>Missile
Fault Tree Analysis
Fault Tree Analysis (FTA) to model and analyse failure processes 1. undesired effect is taken as root ('top event')2. each situation that could cause that effect is added as series of logic expressions3. trees are labeled with failure probabilities 4. calculate failure probabilities from fault trees
(from http://en.wikipedia.org)
missile pre-launch phase
missile launch phase
missile in flight phase
«Exception»Position Info
Lost
launched
No PositionInfo
<<Event>>evNoPositionInfo
3. Juni 2010
13
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-25-
Version 1.0 - 3. Juni 2010
Failure Modes and Effects Analysis
1. Identify system components/ structure
• Exists in IBDs of DoDAF SV-1
2. Define functions of components
• Exists as result of DoDAF SV-10c
3. Analysis failures
a. Allocate possible failure to components
b. Analyse failure impact based on data/material flows
• DoDAF SV-10c + DoDAF SV11
4. Asses risks
1. Failure impact
2. Failure occurance probability
3. Failure detection probability
� Risk priority number (RPN)
5. Improve system design
� Model based
: Rufelement Stw5 : Stockwerk
: Zentralsteuerung
FA5 :
Fahrtauftrag
B : Aufzug
gedrückt(Richtung)
Aufzug anfordern (Richtung)
gib Status()
Aufzug ermitteln()
E: erzeuge(Richtung )
Fahre zu Stockwerk(F A5)
klingeln
klingeln
Tür öffnen
Tür öffnen
zerstören
Aufzug anfordern (Richtung)
E
Türen müssen synchron aufgehen
Status
Fahrt zu Zielstockwer k
:Benutzer
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-26-
Version 1.0 - 3. Juni 2010
Reliability Availability Maintainability Sustainabi lity (RAMS)
Identify system items failures/ out of order � IBDs of physical architecture/ deployment diagrams
1. Identify local impact� Collaboration of physical items
2. Identify site impact
3. Identify impact on overall system functionality
4. Check reliability/ availability requirements
5. Calculate RAMS based on� Mean Time Between Failure (MTBF)� Cycle replacement time� …
Mission Control
SINA-Box
encryption HW
C&C Server
: Rufelement Stw5 : Stockwerk
: Zentralsteuerung
FA5 : Fahrtauftrag
B : Aufzug
gedrückt(Richtung)Aufzug
anfordern (Richtung)
gib Status()
Aufzug ermitteln()
E: erzeuge(Richtun
g )Fahre zu Stockwerk(F A5)
klingeln klingeln
Tür öffnenTür öffnen
zerstören
Aufzug anfordern (Richtung)
E
Türen müssen synchron aufgehen
Status
Fahrt zu Zielstockwer k
:Benutzer
3. Juni 2010
14
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-27-
Version 1.0 - 3. Juni 2010
Safety Criticality Analysis
1. Identify safety critical system components
• Based on system structure
2. Analyze „propagation“ of safety critical parts
• Model based Analysis
3. System design improvement under safety aspects
:PathController
:GyroMeterControl
:FinControl
:AccelerationMeter
Control�
�
:DownLinkManager
�
finPositionAltitude
Acceleration
:GPSControl Position
downLink
finCommand
:EngineCommander
engineCommand
�
�
�
:ControlUnit
ibd Missile
:Gyrometer :Path
Controller
{safetyCritical}:Fin
Control
:Accelerationmeter
�
�
�
�
:DownLink
Fin position
Altitude
Acceleration
:GPS
Position
downLink
finCommand
:Engine
engineCommand
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-28-
Version 1.0 - 3. Juni 2010
Content
Using SysML Safety & Security Enhancement
SysML Safety & Security Viewpoint
HOOD Group1
3
4
5 SysML Support for Safety & Security Engineering
6 Summary
2 SysML out-of-the-box
3. Juni 2010
15
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-29-
Version 1.0 - 3. Juni 2010
Summary
� MBSE SysML out of the box: No specific safety & security view
� Enhancement of SysML by safety & security profile� Viewpoint, stereotypes, properties, etc.
� Process: embedded in overall engineering process
� SysML can be used for capturing of security and safety aspects
� SysML can be used in an MBSE approach for � Hazard analysis � Fault tree analysis � Failure mode and effects analysis (FMEA)� Criticality assessment� Risk assessment and risk management � Probabilistic Risk Assessment
� SysML Safety & Security profile should be standardized
� Tool-interfaces should be standardized
Model-based Safety & Security EngineeringCopyright © 2009 HOOD Group.http://www.HOOD-Group.com Vertraulich. Alle Rechte vorbehalten. Weitergabe oder Vervielfältigung ohne vorherige schriftliche Zustimmung der HOOD Group verboten.
-30-
Version 1.0 - 3. Juni 2010
Discussion
Thanks for your attention!
Questions & Discussion
Dr. Rudolf HauberSenior Consultant HOOD GroupResponsible for Aerospace and [email protected]+49 173 394 1162
Please contact me:
