Multi-Concerns Interactions System Engineering (MERgE)

The MERgE project is driven by two business critical problems that software system developers are struggling with: (1) effectively coping with complex combinations of safety, availability, and security constraints (e.g., to support diverse standards and norms), and (2) efficiently tailoring a software system in different variants (e.g., to target different customers). Many system engineering companies are looking for tool support to minimize the software design-time and cost for each variant of a product, while guaranteeing the expected quality level related to safety, availability as well as security. Developers of highly critical software systems (e.g., control systems for automotive, avionics, telecommunications, or healthcare) must handle strict safety, availability, and security concerns in order to comply with domain-specific standards. Depending on the application domain, different concerns may be applied to the same or very similar base models. This results in multiple variants that target, for example, customers with different safety concerns, a product line with different levels of quality (e.g., SIL - Safety Integrity Level), or different application domains with different safety standards (e.g., ISO26262 - functional safety in automotive electric/electronic systems, and IEC61508 - functional safety of electrical/electronic/programmable electronic safety-related systems).

Although many engineering methods, tools, and architectural solutions exist to deal with individual safety, availability, or security concerns, the challenge remains how to combine them (as so-called multi-concerns) and manage inconsistencies or dependencies between them.

From a design and analysis perspective, MERgE addresses the following research questions:
- Cost-efficient tailoring of a product blueprint in multiple variants
    o How to formalize and model safety, availability, and security concerns as expressed in various standards (e.g. ISO26262 and IEC61508)?
    o How to add or integrate a concern in a structured way, i.e., without having to repeat the whole design cycle?
    o How to consistently apply trade-offs between safety, availability, and security concerns throughout the design process?
- Multi-concern assessment of the quality level for each variant
    o How to automate the validation of safety, availability and security concerns?
    o How to prevent or handle interference between concerns?
    o How to express dependencies and inconsistencies between safety, availability and security concerns?

DistriNet will contribute by investigating the inefficiency and ineffectiveness of current software engineering practices and tools. The inefficiency refers to the cost and time required to develop a software system; the ineffectiveness relates to the lack of domain-specific support to handle redundant or contradictory safety, availability, and security engineering concerns. MERgE will develop tool support to minimize the software design-time and cost for each variant of a product, while guaranteeing the expected quality level related to safety, availability as well as security. The MERgE tool chain will help software engineers (in automotive and avionics) to considerably improve the efficiency and effectiveness of the design process by
o    specifying domain-specific safety, availability and security concerns,
o    identifying dependencies, conflicts, and synergies between concerns,
o    providing domain-specific blueprints from which multiple variants can be derived.

DistriNet will closely collaborate with Melexis , Space Applications Services , E2S ,
and a European consortium, consisting of, among others, three divisions of the Thales Group (R&D, Global Services, and Communications & Security) , Obeo , INRIA , University of Oulu , and Codenomicon.

The MERgE project is supported by ITEA2  and funded by IWT.