Composition of proof-carrying architectures for cyber-physical systems

Abstract

The Internet of Things (IoT) integrates a variety of cyber-physical systems; systems that are safety-critical and those that are not. Each of these systems is composed from assets that may have been intended to integrate successfully, but they have not necessarily been verified as doing so before the product is instantiated. Because assets are commonly shared among a family of cyber-physical products, Software Product Line (SPL) methods are crucial for the success of these systems if they are to be built economically without compromise to safety. Verification of the SPL architectures will help to ensure the safety of these systems is not compromised by any of the numerous assets that can be swapped in and out as new products are configured. The contribution of this work is an illustration of how software architectures might be annotated embedding verification information of the architecture supporting a compositional approach to verification. In order for verification of the SPL to be successful, the verification properties of one asset must seamlessly integrate with the verification properties of other assets in the SPL family. We introduce a method using two languages which are annexes of the Architecture Analysis & Description Language (AADL), AGREE and Resolute, that can be used to verify a variety of properties of the system described by the AADL model. Our technique allows for definition of constraints that can be proven as being met when the products are instantiated, however, the languages are not entirely sufficient. Our work shows both working cases and the limitations of verification of the architecture.