Model Driven Development for Embedded Software
eBook - ePub

Model Driven Development for Embedded Software

Application to Communications for Drone Swarm

  1. 184 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Model Driven Development for Embedded Software

Application to Communications for Drone Swarm

About this book

Model-driven Development for Embedded Software: Application to Communications for Drone Swarm describes the principles of model-oriented design used in the aeronautical field, specifically for the UAV (Unmanned Aerial Vehicle). The book focuses on designing an embedded system for drones to carry out ad hoc communication within a drone fleet. In this context, an original methodology for rapid prototyping of embedded systems is presented. This approach saves time for the verification and formal validation phases, contributing to certification of the Unmanned Aerial System (UAS).The book also addresses the more traditional verification phases that must be performed to verify accuracy of the system. This evaluation is carried out in simulation and by real experimentation. The various tools necessary for the implementation of this methodology are described to allow the reader to be able to implement independently. Finally, to illustrate the contribution of this original methodology, an example of embedded system development is presented in which the different phases of the methodology are explained to conceive, validate and test a new secure routing protocol developed for communications within a fleet of drones.- Describes the principles of model-oriented design used in the aeronautical field- Presents an original methodology of rapid prototyping of embedded systems- Presents a mode of development for embedded systems in the different phases

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Model Driven Development for Embedded Software by Jean-Aime Maxa,Mohamed Slim Ben Mahmoud,Nicolas Larrieu in PDF and/or ePUB format, as well as other popular books in Technology & Engineering & Aeronautic & Astronautic Engineering. We have over one million books available in our catalogue for you to explore.
1

State of the Art of Model-driven Development (MDD) as Applied to Aeronautical Systems

Abstract

Faced with an exponential increase in program complexity, operators in the aeronautical sector have established software-based certification procedures based on the use of model-driven methods. These methods guarantee a certain level of operational security, and in some cases make the design process easier.

Keywords

Avionics; Catastrophic; Compilation; Execution; Glue code; Hazardous; Integration; Model-driven Development; Partition; Portability; Prototyping; Unmanned aerial systems; Virtual machine

1.1 Principle of MDD

Faced with an exponential increase in program complexity, operators in the aeronautical sector have established software-based certification procedures based on the use of model-driven methods. These methods guarantee a certain level of operational security, and in some cases make the design process easier.
Generally speaking, software which is embedded in a critical system such as an airplane or other aircraft must be subject to certain certification constraints in order to be considered trustworthy. Certification implies a certain degree of confidence in the system. For software in particular, it is important to show that the design follows a development process in accordance with the state of the art in the aeronautical sector.
Most software design methods are based on UML (Unified Modeling Language) [RUM 04]. However, these methods need to be adapted to take account of the operating environment of the final system. Methods based on UML only allow high-level descriptions of a system, with no consideration for the constraints involved in its physical implementation and execution. Moreover, UML does not respond to design requirements in the aeronautical context, or in the case of drones. This is due to the fact that it does not possess the toolchains required to contribute to the validation of a critical system. In the context of designing an embedded software program for manned or unmanned aircraft, software certification must be taken into account during the design phase. This consideration implies the use of chains of design tools which contribute to the attainment of certification for the final system.
Model-driven approaches aim to generate some or all of a system through the use of high-level models. This paradigm increases productivity while also optimizing compatibility between different sub-systems, thanks to widespread reuse of normalized models. This also simplifies the software design process and facilitates model reuse due to the levels of abstraction encountered in the associated professional logic.
Model-driven approaches use models to improve the forecasting, design, implementation and modification of systems. They offer a number of advantages. First, they encourage the efficient use of high-level models in the design process. They also offer the possibility of using better design practices in system creation. The main aims of the MDD approach include portability, interoperability and reusability, via the separation of platform-dependent aspects and more abstract aspects which are not dependent on a specific application. This type of approach was introduced and defined by the OMG (Object Management Group), which aimed to develop the object-oriented approach while increasing the level of abstraction to the point of using another representation of concepts and relationships drawn from an initial specification, i.e. the model. A model is an abstract representation of the knowledge and activities which govern a domain of application, making it easier to understand the final system. This development technique allows designers to focus on desired system behaviors rather than on implementation. The partial generation of code using model specifications leads, among other things, to savings in terms of development costs.

1.2 Use in avionics

Improvements in the performance of aeronautical systems mean that it is now possible to envisage the use of new technologies in the context of embedded aeronautical systems on aircraft, along with the opening up of avionic networks, previously closed for security reasons, to public networks such as the Internet. These new technologies require new solutions in order to maintain the high levels of security required.

1.2.1 System virtualization: Integrated Modular Avionics

The first generations of avionic software systems were based on direct relationships between systems: when a captor transmitted an element of information to two on-board computers, the data was duplicated and sent over two independent communication channels, each serving a single receiver. The development of new technologies has resulted in the creation of new services for crews and in the introduction of new interactions.
A new concept, Integrated Modular Avionics (IMA), was introduced with the development of the A380. It allows several independent programs to be executed within a single hardware module. RTCA (Radio Technical Commission for Aeronautics) DO-297, the Integrated Modular Avionics Development Guidance and Certification Considerations standard of 8th November 2005, sets out a framework for the design and implementation of systems for integrated modular avionic architectures in civil aviation. Created by Special Committee 200 (SC-200), this standard defines IMA as “a shared set of flexible, reusable, and interoperable hardware and software resources that, when integrated, form a platform that provides services, designed and verified to a defined set of requirements, to host applications performing aircraft functions”. This standard defines and delimits the roles of different IMA module suppliers: application suppliers, IMA platform suppliers, system integrators and certification agents.

1.2.2 MILS: divide and conquer to ensure security

The segregation of participants which occurs in virtualization solutions makes it useful for increasing the security of sensitive applications. This observation led to the gradual development of the concept of Multiple [and] Independent Levels of Security[/Safety] (MILS) architectures. Based on John Rushby’s work on micro-kernel separation, MILS architectures guarantee a high level of security for the execution of multiple programs in a single infrastructure.
The division of a complex task into several simpler tasks is a fundamental principle of engineering. In computing, this equates to decomposing or dividing a program into modules. This simplifies security assessments, as the evaluator does not need to evaluate a whole, monolithic system, but rather a set of smaller, distinct modules and pairings.
Virtualization solutions may be implemented for developing a support for MILS architecture on the condition that they guarantee respect for the four intrinsic properties of MILS:
  • the solution must be impossible to circumvent, i.e. no entity may communicate with the system without passing the security checks imposed by the host system;
  • it must be possible to evaluate the solution, with formal proof that the virtualization system (and thus the host) operates in a correct and valid fashion;
  • the solution must always be active: all communications are monitored, not just the first messages exchanged;
  • the solution must be resistant to alteration, preventing any modification without explicit authorization.
These properties are guaranteed via an evaluation of the security of the solution. Even for “small” systems, this evaluation is complex; it is only achievable for minimalist systems (microsystems) intended for system virtualization and separation, known as separation microkernels. Separation microkernels ensure the implementation of concepts of temporal and spatial separation between programs, while monitoring information flows. The kernel ensures that each program and its virtual machine (VM) are able to use hardware resources during their assigned times. A program cannot hinder the operation of another program, “stealing” its operating time; there is thus a temporal separation between the two VMs. The kernel also guarantees that a hardware resource will not be simultaneously assigned to two virtual machines. The addressing spaces in the memory and input/output channels are shared out during configuration of the separation kernel: this is known as partitioning the addressing space.
Each instance of execution at each access point is checked by the kernel to ensure that the address accessed by the real machine is that which has been assigned to it. The kernel will block any access attempts which do not fulfill this condition, ensuring the spatial separation of VMs. Similarly, VMs may make use of specific channels to communicate with each other, which are also managed by the separation kernel (rather than operating directly through the subjacent electronics). The kernel thus monitors the form of communications, checking the maximum length of sent messages, authorizing access, stamping received messages, etc. In an MILS system, each virtual machine operates independently of its counterparts. From the perspective of the host separation kernel, each VM has its own dedicated addressing sub-space. The set of these sub-spaces is a partition (in the mathematical sense of the term) of the host’s full addressing space. Each VM has specific assigned time slots within a cycle, and these slots make up a time partition. In the context of an MILS architecture, the term “partition” therefore relates to the temporal and spatial resources associated with a virtual machine. During system execution, the separation kernel acts as a partition scheduler and as a compulsory point of passage to access resources.
An MILS system needs to guarantee certain properties:
  • in terms of inter-partition information flows, only authorized sources should be able to generate information, and information should only be delivered to specified, authorized recipients;
  • data in a partition should only be accessible to programs associated with the partition in question, and should be isolated from data from other partitions. Private data remains private, with no possibility of infiltration (reading from another partition) or exfiltration (writing data to another partition). This means that each partition must have a dedicated addressing space, in which addresses only have meaning for the partition which uses that space;
  • the processor itself must not allow information to travel from one partition to another, whether through material caches or even in measures of processing time. For example, a form of attack exists which involves analyzing processing cycle counters to extract information relating to cryptographic keys, as discussed in (Kocher, 1996). MILS systems must be as resistant as possible to attacks of this kind;
  • operating errors in one partition should not have an impact on the other partitions, and should be detected, contained and corrected. MILS systems, used in military and civil information systems, have attracted growing interest in the aeronautical sector. However, virtualization is already used in this area, with a slightly different goal - that of enabling hardware sharing while maintaining high levels of security (operational safety), as we saw in the case of IMA. The current aim in aeronautics is to allow these two aspects (security and safety) to be treated together, as we will see in the following section.

1.2.3 Combined treatment of safety and security considerations

The development of embedded systems in aircraft is subject to significant constraints, both in terms of operational safety and security. In aeronautics, the term “safety” is used to denote both the security and the operational safety of systems, i.e. the intrinsic properties of systems which make them resistant to operating errors. The term “security” relates to the ability of aeronautical systems to resist deliberate attacks (pirating, etc.).
The safety constraints encountered in the domain of avionics hav...

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Preface
  6. Introduction and Approach
  7. 1: State of the Art of Model-driven Development (MDD) as Applied to Aeronautical Systems
  8. 2: Original Rapid Prototyping Method for Embedded Systems for UAVs
  9. 3: Application to Communications in a Drone Fleet
  10. Conclusions and Perspectives
  11. Bibliography
  12. Index