CSD&M Program
Presentations abstracts
Property verification on event driven systems

Nowadays most systems can communicate with each other. As a general approach, a communicating system is an event driven system. The behaviour is based on state machines triggered by messages exchanged between remote entities, execution of the different agents is asynchronous, and there is a lot of data being transferred. The combination of concurrent entities and the possible values of the data exchanged generate a massive number of execution paths. For these different reasons, the verification of properties on such systems is a challenge. Existing model checkers are based on their own modeling languages that have been made up for the purpose of exploration, not for the purpose of modeling a communicating system. Now the best modeling notation to describe communicating systems in a detailed and precise way is SDL which is standardized by ITU-T for that matter. Not only SDL is used for telecommunication systems but also in the aerospace and automotive domains. Verifying properties on SDL systems is of great interest. After four years of collaboration on several industrial projects ENSTA Bretagne and PragmaDev came up with a new approach to property verification. In this paper we will present the result of this work. It combines four main ideas: 1) use an execution engine which is natively based on SDL 2) restrict the possible input values without modifying the system itself 3) reduce the system state 4) use the PSC (Property Sequence Chart) to write the property and pass it along to the model checker.

Emmanuel Gaudin

Emmanuel Gaudin

Modelling AADL with SysML v2

Several SysML v1 to AADL model transformation tools have been implemented to make the path between system engineering and software engineering activities more seamless. The arrival of SysML v2 brings a set of new attractive features to improve this process. Own their own, the three following changes represent a significant positive move to better reach the goal of making SysML to AADL model interchange easier: a textual syntax, the support of instance models and the extension by Domain Libraries instead of UML Profiles. This article proposes a solution conducted internally at Ellidiss of a conceptual mapping between AADL v2 and SysML v2 modelling elements and its implementation under the form of a SysML v2 Domain Library. Such a Domain Library is expressed in SysML v2 itself and is thus supposed to be portable across any SysML v2 compliant tools.

Jean-Charles Roger

Jean-Charles Roger
Software Engineer,

Pierre Dissaux

Pierre Dissaux

Towards a security-by-design approach enabling automated validation in automotive architectures

Securing automotive architectures against cyber-attacks is a challenging task, especially if function and safety have to be considered and the overhead of the security engineering process has to be minimal. Security-by-design will become a necessary property of automotive architectures in the future, because of rising vehicle interconnection and the associated risks. ThreatGet already provides an approach for automated threat analysis and risk assessment in this field. Nevertheless, there is still a lack of automation in the area of cybersecurity risk remediation and subsequent result validation or verification. Therefore, this paper combines the security pattern engineering process with ThreatGet and the \ac{ARAM} Framework to provide a multi-layered top-down approach to consider the parallel development of the function, safety, and security in automotive architectures according to ISO-21434.

Boris Branković

Boris Branković
Junior Researcher,
Fachhochschule Salzburg

Common Language & Semantic Distance – The efficient solution to federate models at scale

As an interdisciplinary domain, complex systems draws contributions from transverse engineering fields, such as aircraft. Herein, plenty of data is managed under different environmental and economical constraints that became increasingly important and challenging. Consequently, there is a crucial need to manipulate, manage, understand and concisely define more and more data with a common reference since there are different authors of these data. To do so, a common language is introduced and aligned with the fundamental engineering systems methodologies. In order to define a semantic model of the systems elements – as governed and designated by ISO/IEC 81346 – the tags generated by the common language are combined with the associated aeronautical domain knowledge by an ontology for defining links between different concepts. Once the common language ontology is built, it seems crucial to federate knowledge at enterprise level. Hence, a method for calculating semantic distance between two ontologies is presented for approximating concepts and/or models, similarity retrieval purposes… etc

thomas_barre (1)

Thomas Barre
Semantic mapping leader,

Safran Landing Systems MBSE deployment feedback

Safran Landing Systems transformation from a legacy requirement based engineering framework to an integrated model based systems engineering framework, based on state of the art tools and practices:
– Presentation of the SLS context.
– Feedback of better innovation, better integration with our customers frameworks and better design validation illustrated with actual research development projects
– Focus on the tools used
– Way forward


Nicolas Gueit
Model-Based Systems Engineering Framework Referent,