Browsing by Keyword "Certification"
Now showing 1 - 5 of 5
Results Per Page
Sort Options
Item AMASS: A Large-Scale European Project to Improve the Assurance and Certification of Cyber-Physical Systems: A Large-Scale European Project to Improve the Assurance and Certification of Cyber-Physical Systems(Springer Nature, 2019) de la Vara, Jose Luis; Parra, Eugenio; Ruiz, Alejandra; Gallina, Barbara; Franch, Xavier; Männistö, Tomi; Martínez-Fernández, Silverio; QuantumMost safety-critical systems must undergo assurance and certification processes. The associated activities can be complex and labour-intensive, thus practitioners need suitable means to execute them. The activities are further becoming more challenging as a result of the evolution of the systems towards cyber-physical ones, as these systems have new assurance and certification needs. The AMASS project (Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems) tackled these issues by creating and consolidating the de-facto European-wide open tool platform, ecosystem, and self-sustainable community for assurance and certification of cyber-physical systems. The project defined a novel holistic approach for architecture-driven assurance, multi-concern assurance, seamless interoperability, and cross- and intra-domain reuse of assurance assets. AMASS results were applied in 11 industrial case studies to demonstrate the reduction of effort in assurance and certification, the reduction of (re)certification cost, the reduction of assurance and certification risks, and the increase in technology harmonisation and interoperability.Item Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems.(Springer International Publishing, 2016-09-01) Ruiz, Alejandra; Gallina, Barbara; de la Vara, Jose Luis; Mazzini, Silvia; Espinoza, Huascar; Guiochet, Jérémie; Schoitsch, Erwin; Bitsch, Friedemann; Skavhaug, Amund; Quantum; Tecnalia Research & InnovationUnlike practices in electrical and mechanical equipment engineering, Cyber-Physical Systems (CPS) do not have a set of standardized and harmonized practices for assurance and certification that ensures safe, secure and reliable operation with typical software and hardware architectures. This paper presents a recent initiative called AMASS (Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems) to promote harmonization, reuse and automation of labour-intensive certification-oriented activities via using model-based approaches and incremental techniques. AMASS will develop an integrated and holistic approach, a supporting tool ecosystem and a self-sustainable community for assurance and certification of CPS. The approach will be driven by architectural decisions (fully compatible with standards, e.g. AUTOSAR and IMA), including multiple assurance concerns such as safety, security and reliability. AMASS will support seamless interoperability between assurance/certification and engineering activities along with third-party activities (external assessments, supplier assurance). The ultimate aim is to lower certification costs in face of rapidly changing product features and market needs.Item Enabling Identity for the IoT-as-a-Service Business Model(2021-11) de Diego, Santiago; Regueiro, Cristina; Macia-Fernandez, Gabriel; CIBERSEC&DLTThe IoT-as-a-Service (IoTaaS) business model has already been identified by some people from both industry and academia, but has not been formally defined. IoTaaS offers IoT devices on demand, with considerable cost savings and resource optimization. In addition, it enables different applications to reuse the existing devices. However, this business model is associated with different technological challenges that need to be addressed, one of which is the identity problem. Focusing on this, self-sovereign identity (SSI) schemes have proven to provide better privacy and scalability than traditional identity paradigms, which is especially important in the IoT owing to its characteristics. In this paper, we formally analyze an IoTaaS business model, identifying and detailing its main technological challenges. In addition, we tackle the identity problem of this business model and propose an SSI-based identity management system, which is compliant with the existing standards from the W3C, and include a performance evaluation.Item A Harmonized Compositional Assurance Approach for Safety-Critical Systems(Universidad de Deusto, 2015-12-16) Ruiz, Alejandra; Espinoza, Huascar; Kelly, TimSafety-critical systems, those whose failure could end up in loss or injuries to people or the environment, are required to go through laborious and expensive certification processes. These systems have also increased their complexity and as it has already been done in other domains, they have applied component-based system developments to deal with complexity. However, components are difficult to assess as certification is done at system level and not at component level. Compositional certification approach proposes to get incremental credit by accepting that a specific component complies with specific standard’s requirements and it is correctly integrated. The objective is to support integration of new components while the previously integrated components do not need to work for re-acceptance. We propose (1) the use of assurance modelling techniques to provide us the mechanism to understand the common basis of standards shared by different domains such as the avionics, automotive and the medical devices design. We propose (2) an assurance decomposition methodology offering guidance and modelling mechanisms to decompose the responsibilities associated with the life-cycle of safety-critical components. This methodology ensures a hierarchy of assurance and certification projects where the responsibilities and project tasks can be specified and its accomplishment can be assessed to determine the compliance of functional safety standards. Assurance decomposition supports the reuse of components as it guides us not just for standards compliance but specifically on the understanding and tailoring of those standards for component assurance and support when those components are integrated into the final system. We propose (3) a contract-based approach to support the integration of reused components and at the same time, the proposal supports the identification of assumptions, a very laborious and time consuming task. Assurance Contracts are defined to ensure incremental compliance once the components are integrated. The objective of this assurance contracts is to ensure the overall compliance of the system with the selected standards and reference documents such as guidelines or advisory circulars. The defined approach to assurance contracts specification attempts to balance the need for unambiguity on the composition while maintaining the heterogeneity of the information managed. The claims classification offers an easy method to support the assessment of contract completeness and the structured expressions provide a semi-formal language to specify the assumptions and guarantees of a component. This work has been mainly framed in a European collaborative research projects such as OPENCOSS a Large-scale integrating project (IP) with 17 partners from 9 countries to develop a platform for safety assurance and certification of safety-critical systems (compliance with standards, robust argumentation, evidence management, process transparency), SAFEADAPT an FP7 project with 9 partners and RECOMP an ARTEMIS project.. The results of this work have been presented to the standardization group of the Object Management Group responsible for the SACM (Structured Assurance Case Metamodel) standard specification, which currently discusses its inclusion in future versions. The (4) tools presented and used in this work have been included in the results of an open tool platform developed within the OPENCOSS project that is being released in PolarSys. PolarSys is an Eclipse Industry Working Group created by large industry players and by tools providers to collaborate on the creation and support of Open Source tools for the development of embedded systems.Item Recent Advances towards the Industrial Application of Model-Driven Engineering for Assurance of Safety-Critical Systems(SciTePress, 2018-01) de la Vara, Jose Luis; Ruiz, Alejandra; Espinoza, Huascar; Hammoudi, Slimane; Pires, Luis Ferreira; Selic, Bran; Quantum; Tecnalia Research & InnovationSafety-critical systems are typically subject to assurance processes as way to ensure that they do not pose undue risks to people, property, or the environment, usually in compliance with assurance standards. The planning, execution, and management of assurance processes can be a complex activity in practice because of issues in the application of the standards, the large amount of information to handle, and the need for providing convincing justifications of assurance adequacy, among other difficulties. As a solution, many authors have argued that the use of Model-Driven Engineering principles and techniques can facilitate and improve assurance of safety-critical systems. This paper presents some of the latest advances that have been and are being made towards the use of these principles and techniques in industry. Although models have been used for assurance of safety-critical systems for many years, e.g. to specify safety cases, it has only been recently when the full potential of Model-Driven Engineering has started to be more widely exploited. This includes aspects such as the specification of metamodels and domain specific languages for assurance, the extension and application of UML, and the use of model transformations.