The continued maturation of industry standard architecture description languages is providing a foundation for more sophisticated analyses earlier in the system engineering process. The Architecture Analysis and Design Language (AADL) and its supporting annotation sub-languages provide the ability to model system hardware/software components as well as information flows within the system. Such flows include conventional notions of data/control flows, security-oriented information flows, and fault/error propagation paths supported by the AADL Error Modeling Annex (EMv2)—all of which are central to engineering safety/security-critical systems. In this paper, we describe Awas-an open-source framework for reachability analysis on AADL models annotated with flow annotations at varying degrees of detail. The framework provides highly scalable interactive flow visualizations with dynamic querying capabilities. To assist the user, we provide a simple domain-specific language to check safety and security properties. To evaluate Awas, we apply it to a collection of industrial models of safety/security-critical systems from the medical and avionics domains.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Price includes VAT (USA)
Tax calculation will be finalised during checkout.
Awas means “caution” in Indonesian.
The simple UAS is adapted from an example used by the Collins Aerospace team on DARPA Cyber-Assured Systems Engineering (CASE) project—the authors are part of the Collins team on DARPA CASE.
Carpenter T, Hatcliff J, Vasserman EY (2017) A reference separation architecture for mixed-criticality medical and IOT devices. In: Proceedings of the ACM workshop on the internet of safe things (SafeThings). ACM
Delange J, Feiler P (2014) Architecture fault modeling with the AADL error-model annex. In: 2014 40th EUROMICRO conference on software engineering and advanced applications. IEEE, pp 361–368
Falessi D, Nejati S, Sabetzadeh M, Briand L, Messina A (2011) Safeslice: a model slicing and design safety inspection tool for sysml. In: Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering, pp 460–463
Gacek A, Backes J, Cofer D, Slind K, Whalen M (2014) Resolute: an assurance case language for architecture models. ACM SIGAda Ada Lett 34(3):19–28
Hatcliff J, Larson B, Carpenter T, Jones P, Zhang Y, Jorgens J (2019) The open PCA pump project: an exemplar open source medical device as a community resource. SIGBED Rev. pp 8–13
Hatcliff J, Wassyng A, Kelly T, Comar C, Jones PL (2014) Certifiably safe software-dependent systems: challenges and directions. In: Proceedings of the on future of software engineering (ICSE FOSE), pp 182–200 (2014)
Horwitz S, Reps T, Binkley D (1990) Interprocedural slicing using dependence graphs. ACM Trans Program Lang Syst (TOPLAS) 12(1):26–60
Jackson D, Rollins EJ (1994) Chopping: a generalization of slicing. Carnegie-Mellon Univ pittsburgh pa Dept of Computer Science. Technical report
Kildall GA (1973) A unified approach to global program optimization. In: Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on principles of programming languages. ACM, pp 194–206
Larson B, Chalin P, Hatcliff J (2013) BLESS: formal specification and verification of behaviors for embedded systems with software. In: Proceedings of the 2013 NASA formal methods conference. Lecture notes in computer science, vol 7871. Springer, pp 276–290
Larson B, Hatcliff J, Fowler K, Delange J (2013) Illustrating the AADL error modeling annex (v.2) using a simple safety-critical medical device. ACM SIGAda Ada Lett 33(3):65–84
Larson B, Jones P, Zhang Y, Hatcliff J (2017) Principles and benefits of explicitly designed medical device safety architecture. Biomed Inst Technol 51(5):380–389
Ranganath VP, Hatcliff J (2007) Slicing concurrent java programs using Indus and Kaveri. STTT 9(5–6):489–504
Rasmussen S, Kingston D, Humphrey LR (2018) A brief introduction to unmanned systems autonomy services (UXAS). In: 2018 international conference on unmanned aircraft systems (ICUAS), pp 257–268
Reps T, Horwitz S, Sagiv M (1995) Precise interprocedural dataflow analysis via graph reachability. In: Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM, pp 49–61
Roudier Y, Apvrille L (2015) Sysml-sec: a model driven approach for designing safe and secure systems. In: 2015 3rd international conference on model-driven engineering and software development (MODELSWARD). IEEE, pp 655–664
SAE AS-2C architecture description language subcommittee: SAE architecture analysis and design language (AADL) annex volume 3: annex E: error model language. Technical report, SAE Aerospace
Thiagarajan H, Hatcliff J. Awas user documentation. https://awas.sireum.org
Thiagarajan H, Hatcliff J, Belt J, Robby (2012) Bakar Alir: supporting developers in construction of information flow contracts in SPARK. In: 2012 IEEE 12th international working conference on source code analysis and manipulation, pp 132–137
Thiagarajan H, Larson B, Hatcliff J, Zhang Y (2020) Model-based risk analysis for an open-source PCA pump using AADL error modeling. In: Proceedings of the international conference on model-based safety analysis (2020)
Wallace M (2005) Modular architectural representation and analysis of fault propagation and transformation. Electron Notes Theor Comput Sci 141(3):53–71
Weiser M (1981) Program slicing. In: Proceedings of the 5th international conference on Software engineering. IEEE Press, pp 439–449
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This work is supported in part by the US Army, by the DARPA CASE program, and by Software Engineering Institute.
About this article
Cite this article
Thiagarajan, H., Hatcliff, J. & Robby Awas: AADL information flow and error propagation analysis framework. Innovations Syst Softw Eng (2021). https://doi.org/10.1007/s11334-021-00410-w
- Dependence analysis
- Reachability analysis
- Unmanned aerial vehicle
- Model visualization
- Error propagation
- Domain-specific query language