An Implementation of GSN
Community Standard
(Preliminary Version)
The University of
Electro-Communications
Yutaka Matsuno
matsuno@is.uec.ac.jp
Nagoya University
Shuichiro Yamamoto
yamamotosui@icts.nagoya-u.ac.jp
ⓒ 2013 UEC Tokyo.
Contents
• DEOS and D-Case Editor
• Purposes
• D-Case Editor Implementation
– Patterns and Modules
• Concluding Remarks
ⓒ 2013 UEC Tokyo.
No.2
DEOS and D-Case
DEOS (Dependable Embedded Operating
System) project funded by Japan Science and
Technology Agency (2006.10 – 2014.3)
•D-Case project, a sub project for assurance
cases (2010.4-)
– Tool Implementation: D-Case Editor,
D-Case/Agda, etc, …
– Lectures, meetings, assurance case experiments
with Japanese industries
ⓒ 2013 UEC Tokyo.
No.3
D-Case Meetings
• 2012.9.14(Nagoya), 12.20(Nagoya),
2013.4.19(Tokyo)
Discussions
Introduction of assurance cases in industries
Use in ISO26262
Visibility of GSN, etc
Participants
Toyota、Yokogawa Electronics、IBM、
Ogis RI、NTT Data、Denso Create、
Fuji Xerox, etc
http://www.dcase.jp (sorry, only in Japanese)
ⓒ 2013 UEC Tokyo.
No.4
D-Case Editor
• A Free Eclipse based GSN editor (2010.4-)
– http://www.dependable-os.net/tech/DCaseEditor/D-Case_Editor.html ,
or google “D-Case Editor”
• Purposes
– Writing, presenting, sharing GSN
• A few hundred downloads, tested by D-Case meeting
participants and researchers in world
– Prototyping research outcomes, e.g., DCase/Agda, parameterised GSN patterns,
Monitoring, …
ⓒ 2013 UEC Tokyo.
No.5
D-Case Editor Snapshot
GSN
nodes
Eclipse
Workspace
Projects
D-Case
extensions
Canvas
ⓒ 2013 UEC Tokyo.
No.6
D-Case Editor Functions
Requirements from Industry
Functions
Editing and Viewing
Graphical Editing
Focusing
Automatic Sub tee constructions
Maintenance
Module/Pattern, Word dictionary
Change management
Consistency Checking, Evaluation
Simple type check
D-Case/Agda
Conversion to other formats
Excel/PowerPoint
OMG ARM
Sharing among stakeholders
D-Case Server
Tool Chains
Benchmark tools
SysML/UML Tools
Monitoring Tools
ⓒ 2013 UEC Tokyo.
Today’s topic
Already implemented
Partly implemented
No.7
Contents
• DEOS and D-Case Editor
• Purposes
• D-Case Editor Implementation
– Modules and Patterns
• Concluding Remarks
ⓒ 2013 UEC Tokyo.
No.8
Purposes of this work
• Compliant to standards is also important
– OMG ARM, SACM at system assurance task force
– GSN Community Standard v1.0 (2011)
• When implementing GSN Community
Standard, we have several design choices
• By showing our design choices, we hope to
contribute to facilitate assurance case tool
implementation
– There are not so much assurance case tools yet
(before coming to ASSURE2013)
ⓒ 2013 UEC Tokyo.
No.9
Contents
• DEOS and D-Case Editor
• Purposes
• D-Case Editor Implementation
– Patterns and Modules
• Concluding Remarks
ⓒ 2013 UEC Tokyo.
No.10
GSN Community Standard v1.0
• Part 0 Introduction and Concepts
• Part 1 Definition of GSN
• Annexes to Part 1
– Extension to GSN to support argument patterns
– Modular extensions to GSN
• Part 2 Guidance on the development and
evaluation of goal structures
• Annexes to Part 2
ⓒ 2013 UEC Tokyo.
No.11
GSN Modules
B1.3.2.3 Contract modules can be
used in the support relationship
between modules to aid decoupling
as shown in Figure 32.
This de-coupling permits argument
module construction in cases
where the eventual source of
support for an argument is unknown at
the time of authoring or can be
changed for example through re-use
or planned product improvement or
reconfiguration.
(GSN Standard, p23)
Current
Implementation
ⓒ 2013 UEC Tokyo.
No.12
GSN Patterns
We focus on
parameters
ⓒ 2013 UEC Tokyo.
No.13
Design Choices for Modules
(GSN Standard, p.17)
• What is module?
“module” is not
so clearly defined
– Interpret module as
“a GSN tree with one top goal”
Argument =
GSN?
• Away goals, solutions, contexts, …
ⓒ 2013 UEC Tokyo.
We do not want to
introduce “away”
nodes for each
kind of GSN nodes
(too many kinds of
nodes)
No.14
Design Choices for Modules
(GSN Standard p.17)
• Away goals by color change
Referring node as
green
Referred node as
orange
ⓒ 2013 UEC Tokyo.
No.15
Inter-Module notation
• Automatically generate inter-module notation
GSN Community Standard, P23
ⓒ 2013 UEC Tokyo.
No.16
Snapshot of GSN modules for
LAN device monitoring
Some issues in Parameters
We focus on
parameters
How to define parameters?
What is the scope of parameters?
In {System X}, what is “System”?
ⓒ 2013 UEC Tokyo.
No.17
Design Choices for Patterns
• Use context nodes to define parameters
• Scope is subtree of goal of the context
• Introduce types for parameters
– Currently Int, double, string, enum
ⓒ 2013 UEC Tokyo.
No.18
A Snap Shot of Parameter
Definition of
Availability
Definition of
SIL
Scope of
SIL
Scope of
Availability
ⓒ 2013 UEC Tokyo.
No.19
Further Issue Example
Should Parameters and other information
traverse across modules?
If away goal is a reference to the source module, it should not.
Source
x: int
Module
Away
Goal
G1
If source module is a local module, it should
x: int
…x…
ⓒ 2013 UEC Tokyo.
Source
Module
No.20
Publically available tools
we have tested
Tool Name
Platform
Notations
GSN Modules
GSN Patterns
ASCE
(Adelard)
None
(Windows XP
or later)
GSN, CAE
Partly?
Not yet?
Visio Plug-in
(York)
Visio
GSN
Not yet?
Not yet?
CertWare
(NASA)
Eclipse
GSN, CAE, etc
Not yet
Not yet
GSN Editor
Web browser
GSN
Not yet
Not yet
Eclipse
GSN
Partly
(Contract nodes
are not done)
Partly
(Dependable Computing
LLC)
D-Case Editor
(DEOS)
Waiting for AdvoCATE to be released as open/free source!
I will also try AutoFOCUS3
ⓒ 2013 UEC Tokyo.
No.21
Concluding Remarks
• Prototype implementation of GSN community
standard v1.0, to facilitate tool
implementation
Tool
Implementation
Standardization
Use in industries
ⓒ 2013 UEC Tokyo.
No.22
D-Case Server
• Integration of D-Case Editor and Alfresco
D-Case
Editor
D-Case
Editor
Users at Nagoya
(Shuichiro and students)
D-Case
Editor
Users at Nara
D-Case Server at
Akihabara, Tokyo
Version Control,
User Management, etc
using Alfresco.
open and free content
management system
http://www.alfresco.com
User at Tokyo
(Yutaka)
….
If you are interested
in using D-Case Editor,
please let me know 