Embedded Software System Development

The CAMET® Library supports a range of modeling methodologies and technical standards throughout a project life-cycle, from system requirements through system integration.

The tools listed below have been designed to meet the complex demands of a modern model-based digital engineering environment, namely:

  • Integration of multiple analyses into a shared workflow.
  • Continuous virtual integration with mixed developer models.
  • Automated model verification, report generation, and code generation.

CAMET Base Pack

The CAMET Base Pack bundles the most-used CAMET Library tools in one download to simplify initial installation and use. It includes example models and full tool documentation.

For an example view of CAMET tools deployed on OSATE (Open Source AADL Tool Environment), watch Getting Started with AADL Analysis Tools (YouTube). To see how the SysML to AADL Bridge Tool allows SysML modelers to generate AADL for  analysis, integration, and verification tasks in OSATE, watch How to Translate from SysML to AADL (YouTube).

Safety and Security Analysis

RMF: Risk Management Framework 

(Model Format: AADL)

The RMF Analysis tool analyzes models to reduce the risk that systems will fail certification under DoDI 8510.01 Risk Management Framework for DoD Information Technology (IT). The analysis answers the following questions:

  1. Does the architecture isolate information flows with different criticalities?
  2. Does the architecture place security controls everywhere they are needed?
  3. Are the controls enforced as intended (non-bypassable and tamper-resistant)?

For demonstrations please see these videos:
RMF Mixed Criticality Analysis
RMF Step 4 Analysis

MILS: Multiple Independent Levels of Security

(Model Format: AADL)

The MILS tool analyzes AADL models to reduce the risk that systems will fail certification under DoDI 8540.01 Cross Domain Policy. It verifies that connected components operate at the same security level and that different security levels are separated with a protective measure like an air gap or an approved cross domain solution. 

For a demonstration, please see this video:
MILS Security Analysis Tool for AADL

SESSAF: Systems Engineering Safety and Security Analysis Framework

(Model Format: AADL)

SESSAF incorporates a top down analysis methodology aimed at identifying complex, multi-factor safety and security hazard scenarios, particularly in software reliant systems. It guides safety experts through a structured conversation, helping them methodically apply their domain knowledge to a specific system design. Using a wizard interface, the experts answer questions about safety and security concerns specific to the system design. Using the expert’s responses, SESSAF updates the AADL based system model which is then used by system engineers to address the findings and to generate customized reports.

For demonstrations, please see these videos:
How to Conduct a Safety Analysis
How to Install SESSAF
How to Create an AADL Model
How to Add Flows to an AADL Model

MADS: Multiple Analysis for Domain Separation

(Model Format: AADL)

The MADS tool helps engineers detect faults by assessing domain isolation in AADL system architecture models. Analyzing multiple classes of domain isolation simultaneously, developers can identify defects arising in one class due to model changes associated with a different class.

Schedule Analysis and Generation

FASTAR™ Compositional Schedulability Analysis

(Model Format: AADL)

FASTAR applies timing and resource analysis tools that support multiple scheduling methods and different types of equipment in order to provide end-to-end, system-wide analysis results. Supports MAST for distributed priority-scheduled systems, and SPICA for ARINC 653 scheduled systems.

For a demonstration, please see this video:
Framework for Analysis of Schedulability, Timing and Resources

FASTAR™ Scheduler

(Model Format: AADL)

FASTAR generates schedules from a model of real-time embedded software systems. Schedules address thread and connection timing, demand requirements, and constraints on specified end-to-end flow latencies. Generates ARINC 653 schedules.

RTOS: Real-Time Operating System Configuration

(Model Format: AADL)

RTOS generates RTOS-specific schedule configuration from an architecture model of the software components to be integrated in the target execution environment. The configuration is generated from a model that has already undergone analysis and verification using other tools. Supports LynxOS-178 RTOS.

For a demonstration, please see this video:
AADL Tools for Software/System Integration: ARINC 653 Schedules and RTOS Configuration Files

SPICA: Separation Platform for Integrating Complex Avionics

(Model Format: AADL)

SPICA has two core capabilities: schedule simulation and schedule generation. Specifically, it provides tools to generate ARINC653 partition schedules, and to analyze the timing of ARINC653 standard schedules. SPICA can be invoked on AADL models using either FASTAR or the Continuous Virtual Integration Toolkit.

Behavioral Modeling

SLICED: State Linked Interface Compliance Engine for Data

(Model Formats: AADL, FACE, and SysML implemented in MagicDraw)

SLICED allows system engineers to conduct behavioral analysis of models to detect errors in messaging patterns/paradigms, sampling rates, and latency requirements in embedded systems software. It combines timing analysis and Future Airborne Capability Environment (FACE™) data models with descriptions of the state of a software Unit of Portability (UoP).

For demonstrations, please see these videos:
Example use of SLICED for Behavior Analysis
Installation of SLICED in OSATE

Workflow Automation

SysML to AADL Bridge Tool

(Model Format: SysML, Enterprise Architect, and MagicDraw/Cameo supported)

The System Modeling Language (SysML) was developed for Model-Based Systems Engineering (MBSE). It has a broad scope that encompasses a range of systems, from civil engineering projects to organization operations. The Architecture Analysis and Design Language (AADL) was developed for embedded computer systems architectures and associated equipment. AADL provides standard semantics within the embedded computing domain, while SysML does not. Using AADL standard semantics in models enables a variety of existing computer system architecture analysis, integration, and testing tools to be applied to models. The SysML-to-AADL translation tool allows them to be used together in a collaborative and synergistic way: The strengths of SysML for overall systems engineering can be combined with the strengths of AADL for specifying and analyzing embedded computer subsystems within an overall system.

Overview Video: Automating the translation of SysML into AADL for Analysis
Demonstration Video (external link): How to Translate from SysML to AADL

DSI: Design Space Investigator

(Model Format: AADL)

DSI provides provides an infrastructure, automation tools, and visualization tools that allow trade space analysis to be performed continuously as models are updated.

DSI combines systems architecture specification and analysis technologies to support least commitment design of complex systems such as aircraft and spacecraft. When applied to system design, a least commitment approach helps developers avoid making premature design decisions that must later be retracted, thereby reducing or eliminating re-work costs. DSI helps developers make design decisions when necessary by automatically and continuously evaluating design alternatives throughout the development process.

CVIT: Continuous Virtual Integration Toolkit

CVIT Applies the software engineering concepts of continuous integration and testing to model-based engineering and analysis. CVIT allows users to stand up a server at their facility that automatically executes scripts for integration, analysis, and report generation of system models. Most CAMET Library analysis tools support CVIT, and instructions are included for adapting other tools to use CVIT.

For a demonstration, please see this video:
Continuous Virtual Integration Server

INDIGO: INsight to Diverse Information Using Graphs and Ontologies

(Model Format: Web Ontology Language (OWL))

INDIGO provides capabilities to access multiple models and domain ontologies and explore relationships within sets of models developed in different languages using different tools. An enhanced browser recognizes access protocols and data in RDF formats to create a library of sources. Users select sets of models, interactively build queries supported by automated reasoning, with results displayed by choices of viewers.

System Architecture and Implementation

ISOSCELES™: Intrinsically Secure, Open, and Safe Control of Essential LayErS

ISOSCELES is a reference architecture and set of development tools that enables developers to create safe and secure products, including Industrial Internet of Things (IIoT) systems, medical devices, and other embedded systems connected to a network, e.g., the Internet. Developers are able to focus on the functionality of their product with ISOSCELES providing the surrounding safety and security. ISOSCELES is compliant with cyber security best practices, FDA approval guidelines and security requirements, and California's IoT law effective January 2020. The reference architecture and documentation is open source and the development tools are available to sponsors of Adventium's CAMET Library. Support is available separately to integrate ISOSCELES into the system development workflow of its users.

Further information:
DHS Award Announcement Press Release
Star Tribune Article on Cyber-Vulnerability of Medical Devices
A Reference Architecture for Secure Medical Devices: ISOSCELES overview published in the Fall 2018 issue of Biomedical Instrumentation & Technology