Workpackage structure

The project aims at developing a model-based methodology and solutions, which jointly addresses safety and security aspects and their interrelation within an integrated process for networked embedded systems in multiple domains.

The organization of the project reflects the industrial applications of strategic interest to the industrial partners. The industrial domains will input the specifications and requirements to be addressed though the work packages. Building blocks, analysis techniques, methodology and tools will be developed transversally to capture the safety and security related concerns expressed by the industrial users and then be adapted to a specific industrial domain and demonstrated on a representative case study.

The core operational work packages and the dependencies among them are illustrated in the following figure, which highlights the main principles behind the approach taken.



The initial WP1 User Requirements and Use Case (UC) Specification sets the context and the focus of the project by eliciting, analysing, and consolidating the user requirements for safety and security in each of the domains represented in SESAMO Specifically, within each domain, WP1 will identify the relevant safety and security related properties and the interactions between these properties that must be expressed, verified, and manipulated in a controlled manner during system development. These requirements will be correlated with an analysis of current domain safety and security standards. It is also in this WP that the use cases to be developed in WP5 will be specified, in the following domains: Energy management, Electrical production facilities and distribution networks, Automotive, Aerospace, Metropolitan underground railway transport, Mobile Ambient Assisted Living Systems.

WP2 Mechanisms for safety and security starts early in the project and is dedicated to the identification and characterization of building blocks for ensuring safety and security, related to the types of needs expressed in the use case scenarios. The focus will be on general-purpose building blocks such as architectural design principles, communication protocol definitions, protection mechanisms and middleware functions, and wherever possible, existing mechanisms will be adapted for use in SESAMO rather than constructing new mechanisms from scratch. In a first iteration, the cross-influence of safety and security properties will be modelled and analysed, and, based on the acquired understanding of the interrelationship between these properties, enhanced building blocks will be specified that make it easier to balance security and safety requirements. However, although those building blocks will be combined in different ways within the context of the development methodology in WP4, or even the more constructive ones will modified in the development of specific use cases in WP5, it is important to keep the development of general purpose aspects of mechanisms separate (conceptually) in WP2.

WP3 Analysis and assessment techniques proceeds in parallel. Focused work is planned on advancing the state of the art on safety and security assessment techniques towards integrated methods in which trade-offs between security and safety during the development life-cycle will be considered explicitly. This initial work should build the baseline for further integration of the techniques into a common framework in WP4 for integrated assessment (including certification and accreditation) that could allow a rapid and a cost effective analysis of security and safety in given contexts. The methodologies for assessment will be based on rigorous quantitative analysis approaches, amenable to automation, with specific interest in methodologies able to scale, e.g. based on compositional analysis principles, as well as in static analysis techniques and probabilistic model checking (a la PRISM). Particular emphasis on model-based approaches for development will be considered, in order to allow the insertion of WP3 techniques in the overall SESAMO framework (WP4).

WP4 Methodology and Tool Chain starts after WP2 and WP3, and runs then in parallel to them, in order to assure that both the constructive enabling mechanisms (WP2) and analytic/assessment mechanisms (WP3) contribute to an integrated design methodology through an extensive, iterative and incremental development process. The basic integrated framework methodology and tool chain is designed and continuously detailed while incorporating feedback and results from WP2 and WP3. The methodology will guide designers through the combined use of the constructive safety and security related building blocks and analysis techniques in a cross-domain, compositional system development while guaranteeing compositionality – that is, that the resulting systems are analysable (and thus potentially amenable to formal assessment) for combined safety and security properties, and reusability. These are clearly a major milestone of the project.

WP5 Use Case Development and Evaluation consists of the instantiation and application of the methodology in the chosen domains: automotive, energy management, aerospace, mobile medicine, and metropolitan railways. This WP includes development activities for the customization of (constructive) building blocks and tool-chain for the specific domains, and evaluation of the SESAMO approach through the development of industrial use cases. The industrial evaluation of the scientific approach and the corresponding building blocks and tool-chain prototype will be performed in two steps as an incremental activity. There will be one case study per industrial domain represented in the project. The WP activity will start with the development for the industrial specific use cases, in the second part of the project. There is a strict interaction between WP1 and WP5 in that the industrial use cases should obviously address the safety and security related concerns captured in WP1. WP4 will deliver two successive increments of the methodological framework and tool-chain to this activity, integrating both the outputs from WP2 and WP3, and use case specific developments. The industrial teams will perform their first iteration of development on the initial prototype modelling framework and will return feedback and requests for fixes and improvements to the corresponding suppliers. WP4 will deliver further iterations including the tool-chain support in a manner that the industrial use cases will be able to experiment with the entire environment and return the feedback necessary for its consolidation and use in a final increment. The industrial end user partners will be the primary actors in this activity, with on-demand support from tool suppliers and from research partners who can assist with the scientific and methodological approach.

WP6 Dissemination and Exploitation is a dedicated Work Package aimed to guarantee that the results of SESAMO are appropriately disseminated and exploited.