Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems

Embedded systems have significantly increased in technical complexity towards open, interconnected cyber-physical systems (CPS), exacerbating the problem of ensuring several dependability concerns such as safety and security. AMASS has created and consolidated a multi-concern assurance and certification open tool platform, ecosystem and self-sustainable community spanning the largest CPS vertical markets.
European society will benefit from the use of CPS with a higher confidence on their dependability. OEMs and Component suppliers will increase CPS design efficiency, ease innovation, and reduce certification risks. Tool vendors will extend their products with new features and integrate them with the AMASS tools. Research partners will be able to reach a leading position in research on CPS assurance and certification.
The project goals are to demonstrate a potential gain for design efficiency of complex CPS by reducing their assurance and certification effort; to demonstrate a potential reuse of assurance results, leading to cost reductions for product (re)certification activities; to demonstrate a potential raise of technology innovation led by reduction of assurance and certification risks of new CPS products; and to demonstrate a potential impact in CPS industry by increasing the harmonization and interoperability of tool technologies.
AMASS has validated its results in eleven industrial case studies from six application domains, dealing with a variety of system types and with some of the most novel characteristics and most recent assurance needs of CPS. To keep the innovations from the project alive, a Community has been created in Polarsys/Eclipse, managing project outcomes for maintenance, evolution and industrialization.

Among the major activities and results achieved, the project has provided a common architecture specified in the ARTA (AMASS Reference Tool Architecture) and the CACM (Common Assurance and Certification Metamodel). Some methodological guidelines about the global AMASS methodology and the usage of the Platform have been released. A dashboard was designed to improve dealing with the complexity of the tools, and a proof of concept implemented.
The design and implementation of the advanced functionalities for the AMASS Platform was addressed together with the related methodological guidelines. The CHESS system component specification tool was complemented including the contract-based design allowing contract refinement, contract-based verification, parametrizing architectures, architectural patterns support and safety analysis. Co-analysis starting from the same system model was achieved by means of ConcertoFLA, Papyrus SSE, Safety Architect and FMVEA. Variability approaches were used to perform the dependability co-assessment focussing on the process. The automatic generation of process and product-based arguments was achieved. Reuse functions by means of searching and support and collaborative model’s edition support were also developed. Finally, the interoperability with different tools from the AMASS ecosystem was developed.
The achievement of the project goals has been quantified by means of a benchmarking process that was applied on the eleven industrial Case Studies.
The AMASS Open Platform, composed of OpenCert, CHESS and EPF Composer and hosted by Polarsys/Eclipse, has continued its development and has been published. The coordination with the EAB (External Advisory Board) has continued its mentoring work and 2 workshops have been organized in Trento (IT) and Vasteras (SE), both collocated with the SafeComp Conference.
AMASS has been engaged in several activities and events to increase the visibility of the project and make third parties aware of the project. Numerous scientific publications were accepted, and several means were deployed for both internal and external communication, such as AMASS website, wiki, project newsletters and a YouTube channel. Several training actions on the Prototype functionalities have been organized, including a final workshop opened to external audience.
Finally, the analysis of the trends and market needs that the project intends to address has been updated for exploitation-targeted purposes, and contributions to several functional safety standards and their related complementary cybersecurity standards have been made for standardisation.

Progress beyond the state of the art:
• For Architecture-Driven Assurance, the new features of the AMASS Prototype P2 aim to ensure that the provided functionalities include support for both (1) the left-hand side of the V-model at high- and low-level design and (2) the corresponding V&V activities on the right-hand based on modelling technologies for model checking and simulation. For example, extended support was provided for nominal and fault behavioural components specification, and to trace the elements of the architecture to assurance cases and to evidence and process data.
• Multi-Concern Assurance new results include extensions concerning the automatic generation of argument fragments for dependability assurance, the integration of safety and security analysis tools for system dependability co-analysis and co-assessment, and the management of multi-concern argument fragments for contract-based multi-concern assurance.
• Seamless Interoperability has been improved by largely extending the set of tools with which the AMASS Tool Platform can exchange data with, including commercial tools commonly used in CPS engineering and covering tools from practically all CPS lifecycle phases, and by providing secured access management and data management to the platform while enhancing collaborative work.
• Regarding Cross- and Intra-Domain Reuse, reuse assistance now exploits data mining and semantic technologies to identify reusable assets, new features have extended the available support for automatic argument generation and for product-, process-, and argument-related reuse via management of variability, and compliance checking uses formal approaches for compliance analysis of processes against standards.

Progress regarding our strategic expected impacts:
1. Improving design efficiency of complex CPS. Improve exchange between multidisciplinary teams for complex design decisions (Papyrus and CHESS), during assurance and certification processes (OpenCert). More efficient exchange of design assets by using standards for system architecture (SysML), assurance cases (GSN and SACM) and process languages (SPEM).
2. Reducing Recurring Certification/Qualification Costs of Products certified/qualified before. Reduce costs and time for recertification of new versions of existing systems by using the proposed contract-based approach for design and assurance. By using EPF Composer for process modelling, integrated with OpenCert, users are able to reuse process specifications across domains, company departments, practices and projects.
3. Increasing Openness and Interoperability of assurance and certification/qualification tool technologies. AMASS promotes an open and collaborative approach to the development of core technologies by embracing the open-source philosophy for the AMASS platform. The developments are being hosted by the Eclipse community, as part of the OpenCert, CHESS and EPF Eclipse projects.