Integrating UML/SysML and

GSN/Assurance Case:

New Tool Demonstration

Kenji Hiranabe (Change Vision, Inc)Kenji Taguchi (AIST)

Agenda

• Introduction

• Background and Goals

• Our GSN Demo

• Conclusion

• Future Ideas

Change Vision, Inc. Overview

• Founded February 22, 2006

• Representative- President and CEO : Kenji Hiranabe

• Locations– US Office

66 Front St, Berea, Ohio, 44017, USA

– HeadquartersUeno HS Building 8th floor, 2-7-7, Ueno, Taito-ku, Tokyo 110-0005 Japan

– Fukui Office3-111 Toiyacho, Fukui City, Fukui 918-8231 Japan

Fukui

Tokyo

Astah

Community

Lightweight, easy-to-use, and free UML modeler,

For free.

Astah

Professional

Full-featured edition with UML, ERD, DFD, Flowchart, CRUD,

Mind Maps and Requirements Table integrated together.

Astah

SysML

Simple SysML Edition

Astah

GSN

Simple GSN Edition (αααα)

Astah Family

June, 2013

NEW

Dec, 2013

NEW

Germany 10486

Taiwan 7480

India 5278

Poland 4505

France 4235

UK 3435

Others 50737

Japan41%

Taiwan2%

UK1%

Others14%

France1%Poland

1%India1%

USA3%China3%

Brazil30%

Germany3%

There is a big user community in Brazil .

Half of the non-JP users are in Brazil.

wide acceptance in Brazil

Our Projects

Noriaki Ando

Kenji Hiranabe

Toshihiro Okamura

Geoffrey Biggs

Kenji Taguchi

SysML to RTC

GSN/Assurance Case

Last Year

Today!

Example GSN(and Legend)

Control System is

acceptably safe to operate

G1

Operating Role and Context

C1

Control System Definition

C2

Tolerability targets (Ref Z)

C3

All identified hazards have been eliminated or sufficiently mitigated

G2

Hazards identified

from FHA (Ref Y)

C4

Argument over each identified hazards

S1

Hazard H1 has been

eliminated

G4

Probability of Hazard H2

occuring < 1x10-6 per year

G5

Formal

Verification

Sn1

A

All hazards have been identified

A1

Goal

(Claim) Context

Assumption

Solution

(Evidence)

Strategy

SupportedBy

InContextOf

Probability of Hazard H3 occuring < 1x10-3

per year

M2

Module

Astah GSN

•Conformance to “GSN COMMUNITY STANDARD V1”

•“Yorkish” style diagram

•Focus on Usability

•Multi-Platform

– Mac/Linux/Win

•Integration

with UML/SysML

•SACM XMI import/export

Demo

�Demonstrate the movements

(Spiral and Back-and-Forth) by

controlling multiple autonomous

robots from externally. Operator

can switch between the

autonomous mode and

demonstration mode.

�Hardware architecture is

already known, we use Roomba

with PC that can control it using

Wi-Fi and use Kinect to switch

the mode.

Problem Description

kinect

OperatorController PC

Receiver PC

Roomba

Wi-Fi

SysML: Overview

SysML: req [Core requirements]

SysML: req [Robot requirements]

SysML: req [Controller requirements]

SysML: bdd [Context diagram]

SysML: bdd System Struture&Interface

GSN for the system

System is acceptably safe to operate

G1

System Definition(BDD: Demo components)

C1

Argument over each component

S1

Robot is acceptably safe

Robot Module

Control System is acceptably safe

Control module

GSN – UML/SysML

Drag & Drop

UML/SysML Diagrams

on GSN Elements

You can jump to

the diagram

Module

You can create GSN

inside Modules.

Robot Module

Robot is acceptably safe

G2

Max speed is lower

than 10cm/sec

G3

Operator can stop

Robot anytime

G4

Everyone can stop

Robot by pushing the power button anytime

G5

Safety

functional requirements

Sn1

(Req: Stop immediately)

C1

Import/Export XMI

SACM ver 1.0

(Structured

Assurance Case

Metamodel)

with some

restrictions

Conclusion

• We have developed a new GSN tool.

• GSN and SysML/UML in one solution, and implemented links between each other.

• An Easy-to-use tool(Astah GSN) boosts effectiveness of assurance case modeling.

• Need standard to exchange GSN models (hope to see SACM 2.0).

Difficulties

• Relationship between GSN models and SACM’s

is not known for some elements

• Difficult to adopt SACM as the data format for

GSN tools because SACM is still under

development

• Hard part in using SACM(ARM) as GSN tools

– Can not recognize the kind of a element before

adding a relationship. (Ex. Solution)

GSN - SACM

GSN Ver. 1.0 SACM Ver1.0

Goal Claim

Context InformationElement

Strategy ArgumentReasoning

Solution InformationElement linked using

an AssertedEvidence instance

SupportedBy AssertedInference(Or

AssertedEvidence when linked

to Solution). The arrow head

attaches to the source element.

InContextOf AssertedContext. The arrow

head attaches to the source

element.

Undeveloped ToBeSupported = true

Assumption Claim linked using an XXRelation

instance?

Justification Claim linked using an

YYRelation instance?

GSN Ver. 1.0 SACM Ver1.0

Module Argumentation?

Contract ?

Away Goal CitationElement?

Away Solution CitationElement?

Away Context CitationElement?

ToBeSupporte

dByContract

?

Elements of

Argument

Patterns

?

SACM 1.0 is not ready for GSN Extensions

Future Topics

• Traceability and impact analysis from/to GSN to SysML via the tool.

• Further support for modular extensions and pattern extensions.

• SACM XMI with modular extensions

and pattern extensions.

Thank you

Kenji Hiranabe

Toshihiro Okamura

We are exhibiting the

tools. Please visit us.

Michael Jesse Chonoles

Free Trial Download:

astah.net/gsn

Free Trial Download:

astah.net/gsn