Embed Size (px)
Citation preview
An Implementation of GSN Community Standard(Preliminary Version)
The University of Electro-Communications
Yutaka [email protected]
Nagoya UniversityShuichiro Yamamoto
ⓒ 2013 UEC Tokyo.
No.2 ⓒ 2013 UEC Tokyo.
Contents
• DEOS and D-Case Editor• Purposes• D-Case Editor Implementation
– Patterns and Modules
• Concluding Remarks
No.3 ⓒ 2013 UEC Tokyo.
DEOS and D-Case
DEOS (Dependable Embedded Operating System) project funded by Japan Science and Technology Agency (2006.10 – 2014.3)•D-Case project, a sub project for assurance cases (2010.4-)
– Tool Implementation: D-Case Editor, D-Case/Agda, etc, …
– Lectures, meetings, assurance case experiments with Japanese industries
No.4 ⓒ 2013 UEC Tokyo.
D-Case Meetings
• 2012.9.14(Nagoya), 12.20(Nagoya), 2013.4.19(Tokyo)
http://www.dcase.jp (sorry, only in Japanese)
DiscussionsIntroduction of assurance cases in industriesUse in ISO26262Visibility of GSN, etc
ParticipantsToyota 、 Yokogawa Electronics 、 IBM 、Ogis RI 、 NTT Data 、 Denso Create 、Fuji Xerox, etc
No.5 ⓒ 2013 UEC Tokyo.
D-Case Editor
• A Free Eclipse based GSN editor (2010.4-)– http://www.dependable-os.net/tech/D-CaseEditor/D-
Case_Editor.html ,or google “D-Case Editor”
• Purposes– Writing, presenting, sharing GSN
• A few hundred downloads, tested by D-Case meeting participants and researchers in world
– Prototyping research outcomes, e.g., D-Case/Agda, parameterised GSN patterns, Monitoring, …
No.6 ⓒ 2013 UEC Tokyo.
D-Case Editor Snapshot
EclipseWorkspaceProjects
Canvas
GSNnodes
D-Caseextensions
No.7 ⓒ 2013 UEC Tokyo.
D-Case Editor Functions
Requirements from Industry Functions
Editing and Viewing Graphical EditingFocusingAutomatic Sub tee constructions
Maintenance Module/Pattern, Word dictionaryChange management
Consistency Checking, Evaluation Simple type checkD-Case/Agda
Conversion to other formats Excel/PowerPointOMG ARM
Sharing among stakeholders D-Case Server
Tool Chains Benchmark toolsSysML/UML ToolsMonitoring Tools
Already implementedPartly implemented
Today’s topic
No.8 ⓒ 2013 UEC Tokyo.
Contents
• DEOS and D-Case Editor• Purposes• D-Case Editor Implementation
– Modules and Patterns
• Concluding Remarks
No.9 ⓒ 2013 UEC Tokyo.
Purposes of this work
• Compliant to standards is also important– OMG ARM, SACM at system assurance task force– GSN Community Standard v1.0 (2011)
• When implementing GSN Community Standard, we have several design choices
• By showing our design choices, we hope to contribute to facilitate assurance case tool implementation– There are not so much assurance case tools yet
(before coming to ASSURE2013)
No.10 ⓒ 2013 UEC Tokyo.
Contents
• DEOS and D-Case Editor• Purposes• D-Case Editor Implementation
– Patterns and Modules
• Concluding Remarks
No.11 ⓒ 2013 UEC Tokyo.
GSN Community Standard v1.0
• Part 0 Introduction and Concepts• Part 1 Definition of GSN• Annexes to Part 1
– Extension to GSN to support argument patterns– Modular extensions to GSN
• Part 2 Guidance on the development and evaluation of goal structures
• Annexes to Part 2
No.12 ⓒ 2013 UEC Tokyo.
GSN Modules
B1.3.2.3 Contract modules can be used in the support relationship between modules to aid decoupling as shown in Figure 32. This de-coupling permits argument module construction in cases where the eventual source of support for an argument is unknown at the time of authoring or can be changed for example through re-use or planned product improvement or reconfiguration. (GSN Standard, p23)
CurrentImplementation
No.13 ⓒ 2013 UEC Tokyo.
GSN PatternsWe focus onparameters
No.14 ⓒ 2013 UEC Tokyo.
Design Choices for Modules(GSN Standard, p.17)
• What is module?
– Interpret module as “a GSN tree with one top goal”
• Away goals, solutions, contexts, …
“module” is notso clearly defined
Argument =GSN?
We do not want tointroduce “away”nodes for each kind of GSN nodes(too many kinds of nodes)
No.15 ⓒ 2013 UEC Tokyo.
Design Choices for Modules(GSN Standard p.17)
• Away goals by color change
Referring node as green
Referred node asorange
No.16 ⓒ 2013 UEC Tokyo.
Inter-Module notation
• Automatically generate inter-module notation
GSN Community Standard, P23
Snapshot of GSN modules for LAN device monitoring
No.17 ⓒ 2013 UEC Tokyo.
Some issues in ParametersWe focus onparameters
How to define parameters?What is the scope of parameters?In {System X}, what is “System”?
No.18 ⓒ 2013 UEC Tokyo.
Design Choices for Patterns
• Use context nodes to define parameters• Scope is subtree of goal of the context• Introduce types for parameters
– Currently Int, double, string, enum
No.19 ⓒ 2013 UEC Tokyo.
A Snap Shot of Parameter
Scope of SIL
Scope of Availability
Definition of Availability
Definition of SIL
No.20 ⓒ 2013 UEC Tokyo.
If away goal is a reference to the source module, it should not.
If source module is a local module, it should
Further Issue Example
Should Parameters and other information traverse across modules?
Away GoalAway Goal
x: intx: int
G1G1
…x……x…x: intx: int
SourceModule
SourceModule
No.21 ⓒ 2013 UEC Tokyo.
Publically available toolswe have tested
Tool Name Platform Notations GSN Modules GSN Patterns
ASCE(Adelard)
None(Windows XPor later)
GSN, CAE Partly? Not yet?
Visio Plug-in(York)
Visio GSN Not yet? Not yet?
CertWare(NASA)
Eclipse GSN, CAE, etc Not yet Not yet
GSN Editor(Dependable Computing LLC)
Web browser GSN Not yet Not yet
D-Case Editor(DEOS)
Eclipse GSN Partly(Contract nodes are not done)
Partly
Waiting for AdvoCATE to be released as open/free source! I will also try AutoFOCUS3
No.22 ⓒ 2013 UEC Tokyo.
Concluding Remarks
• Prototype implementation of GSN community standard v1.0, to facilitate tool implementation
Tool Implementation
Use in industriesStandardization
D-Case Server
• Integration of D-Case Editor and Alfresco
D-Case Server at Akihabara, Tokyo
Version Control,User Management, etcusing Alfresco. open and free content management systemhttp://www.alfresco.com
D-Case Editor
D-Case Editor
D-Case Editor
User at Tokyo(Yutaka)
Users at Nagoya(Shuichiro and students)
Users at Nara
….
If you are interestedin using D-Case Editor, please let me know
