Conference Paper

Decision support methodology for evolutionary embedded system design

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... In the early phase of the systems life cycle, system engineers explore feasible concepts and make design decisions. The decisions made in this phase have a significant impact on the resulting system design and realization [1]. As the cost of change becomes increasingly expensive as the system design matures, making the correct design decisions in the early phase is key to making the system development viable [2], [3]. ...
... A similar architectural framework for analyzing spatial and temporally distributed resource extraction systems is given by Alikbargolkar and Crawley, using the offshore production field as an example. Bijlsma et al. give an overview of quantitative reasoning methodologies to support architectural decisions [1]. They state that these approaches often are focus on software. ...
... The company's overall key drivers are to utilize the company's preferred solution to standardize their deliveries across the project portfolio and secure contracts. The projectspecific drivers are the availability of workover equipment 1 and tooling 2 synergies, as the use of legacy equipment will position the company to be the service provider through the life of field. ...
Conference Paper
Full-text available
This paper shows how conceptual models can support the reasoning during early-phase concept evaluation in the subsea domain. Proposing concepts that are fit for purpose requires subsea companies to carefully balance conflicting needs in a complex system of systems. To support this balancing, there is a need to improve the understanding of how the needs affect the system through its life cycle. Through a retrospective case, the paper demonstrates how the visualization of dynamic behavior supports engineers in reasoning about the impact of the key driver and design decisions. In this case, we use concept mapping to visualize the customer and subsea company drivers. We identify the key drivers and the tensions between them from the mapping. Furthermore, we use abstract workflows combined with timelines to explore how the design concepts will affect the key drivers throughout the systems life cycle. The lead engineer responsible for the study appreciated our approach to supporting reasoning during concept evaluation. He claimed that the conceptual models communicated what he had used more than 40 slides to explain to the company’s management to get a decision. We conclude that this approach and models are well suited for internal communication and support a common understanding across the organization.
... We characterize the focus of methodologies by assessing their coverage of privacy principles (GDPR and PbD) and to what extent methodologies are connected to concerns of system developers. To this end, we rely on specialized frameworks like CAFCR [33] and Daarius [5], which provide structures to assist system developers by differentiating between different levels of system design concerns. Arguably, methodologies that consider such levels can be easier adopted by the system developers due to their roots in system standards like ISO 42010 [22]. ...
... To ensure a solution addresses all needs, developers need to structurally trace relations between stakeholders, concerns, views, and building blocks of the system. In this work, we rely on the levels of system design concerns defined by CAFCR [33] and Daarius [5] as these systemlevel approaches provide a framework able to assist developers in mapping and managing the complexity of intra-and cross-quality aspects, including GDPR principles, through the entire development lifecycle of high-tech systems. CAFCR interrelates a number of views, namely Customer, Application ("why" of the product), Functional ("what" of the product), Conceptual, and Realization views, which are logically connected with each other to enable traceablility of design decisions. ...
Conference Paper
Full-text available
The processing of personal data is becoming a key business factor, especially for high-tech system industries such as automotive and healthcare service providers. To protect such data, the European Union (EU) has introduced the General Data Protection Regulation (GDPR), with the aim to standardize and strengthen data protection policies across EU countries. The GDPR defines stringent requirements on the collection and processing of personal data and imposes severe fines and penalties on data controllers and processors for non-compliance. Although the GDPR is enforce since 2018, many public and private organizations are still struggling to fully comply with the regulation. A main reason for this is the lack of usable methodologies that can support developers in designing of GDPR-complaint high-tech systems. This paper examines the growing literature on methodologies for the design of privacy-aware systems , and identifies the main challenges to be addressed in order to facilitate developers in the design of such systems. In particular, we investigate to what extent existing methodologies (i) cover GDPR and privacy-by-design principles, (ii) address different levels of system design concerns, and (iii) have demonstrated their suitability for the purpose. Our literature study shows that the domain landscape appears to be heterogeneous and disconnected, as existing method-ologies often focus only on subsets of the GDPR principles and/or on specific angles of system design. Based on our findings, we provide recommendations on the definition of comprehensive methodologies tailored to designing GDPR-compliant high-tech systems. CCS CONCEPTS • Software and its engineering → Software design engineering ; • Security and privacy → Software security engineering; Privacy protections.
... The domain models link to aspect models that enable analysis of particular aspects of design alternatives. For performance architecting, domain models (PA2) and aspect models (PA3) should make performance aspects explicit, including their relation to other system-level concerns [6,16,78,81]. ...
Chapter
Creating modern safe automated systems like vehicles demands making them secure. With many diverse components addressing different needs, it is hard to trace and ensure the contributions of components to the overall security of systems. Principles, as high-level statements, can be used to reason how components contribute to security (and privacy) needs. This would help to design systems and products by aligning security and privacy concerns. The structure proposed in this positioning paper helps to make traceable links from stakeholders to specific technologies and system components. It aims at informing holistic discussions and reasoning on security approaches with stakeholders involved in the system development process. Ultimately, the traceable links can help to assist in aligning developers, create test cases, and provide certification claims - essential activities to ensure the final system is secure and safe.
Conference Paper
Full-text available
In the design of many of the complex products we encounter today it is important to remain focused on the essential customer objectives, which can be captured in terms of customer key drivers. In order to obtain a successful product these key drivers need to be related to the system requirements. A structured overview of the relationships between key drivers and system requirements is an effective means to support the design. This paper proposes the key driver technique and its use to create such an overview that is also highly convenient in requirements tracing. A stepwise approach is presented together with guidelines on how to obtain a key driver model. An industrial case study for a high-volume copier demonstrates the application and serves as a proof-of-concept for the key driver technique. The benefits, limitations and lessons learned are presented.
Article
Full-text available
Software analysis and evaluation becomes a well-established practice inside the architecting community of the software systems. The development effort, the time and costs of complex systems are considerably high. In order to assess system's quality against the requirements of its customers, the architects and the developers need methods and tools to support them during the evaluation process. Different research groups have taken such initiatives and are proposing various methods for software architecture quality evaluation.
Article
Full-text available
The large variety of architectural dimensions in automotive electronics design, for example, bus protocols, number of nodes, sensors and actuators interconnections and power distribution topologies, makes architecture design task a very complex but crucial design step especially for OEMs. This situation motivates the need for a design environment that accommodates the integration of a variety of models in a manner that enables the exploration of design alternatives in an efficient and seamless fashion. Exploring these design alternatives in a virtual environment and evaluating them with respect to metrics such as cost, latency, flexibility and reliability provide an important competitive advantage to OEMs and help minimize integration risks later in the design cycle. In particular, the choice of the degree of decentralization of the architecture has become a crucial issue in automotive electronics. In this paper, we demonstrate how a rigorous methodology (Platform-Based Design) and the Metropolis framework can be used to find the balance between centralized and decentralized architectures.
Article
Full-text available
Although the growth of complexity during evolution seems obvious to most observers, it has recently been questioned whether such increase objectively exists. The present paper tries to clarify the issue by analysing the concept of complexity as a combination of variety and dependency. It is argued that variation and selection automatically produce differentiation (variety) and integration (dependency), for living as well as non-living systems. Structural complexification is produced by spatial differentiation and the selection of fit linkages between components. Functional complexification follows from the need to increase the variety of actions in order to cope with more diverse environmental perturbations, and the need to integrate actions into higher-order complexes in order to minimize the difficulty of decision-making. Both processes produce a hierarchy of nested supersystems or metasystems, and tend to be self-reinforcing. Though simplicity is a selective factor, it does not tend to arrest or reverse overall complexification. Increase in the absolute components of fitness, which is associated with complexification, defines a preferred direction for evolution, although the process remains wholly unpredictable.
Chapter
Full-text available
Embedded systems architectures are increasingly becoming programmable, which means that an architecture can execute a set of applications instead of only one. This makes these systems cost-effective, as the same resources can be reused for another application by reprogramming the system. To design these programmable architectures, we present in this article a number of concepts of which one is the Y-chart approach. These concepts allow designers to perform a systematic exploration of the design space of architectures. Since this design space may be huge, it is narrowed down in a number of steps. The concepts presented in this article provide a methodology in which architectures can be obtained that satisfies a set of constraints while establishing enough flexibility to support a given set of applications.
Conference Paper
Full-text available
This paper presents the Architecture Tradeoff Analysis Method (ATAM), a structured technique for understanding the tradeoffs inherent in the architectures of software-intensive systems. This method was developed to provide a principled way to evaluate a software architecture's fitness with respect to multiple competing quality attributes: modifiability, security, performance, availability, and so forth. These attributes interact-improving one often comes at the price of worsening one or more of the others-as is shown in the paper, and the method helps us to reason about architectural decisions that affect quality attribute interactions. The ATAM is a spiral model of design: one of postulating candidate architectures followed by analysis and risk mitigation, leading to refined architectures
Conference Paper
Full-text available
In the field of software architecture, there has been a paradigm shift from describing the outcome of architecting process mostly described by component and connector (know-what) to documenting architectural design decisions and their rationale (know-how) which leads to the production of an architecture. This paradigm shift results in emergence of various models and related tools for capturing, managing and sharing architectural design decisions and their rationale explicitly. This paper analyzes existing architectural design decisions models and provides a criteria-based comparison on tools that support these models. The major contribution of this paper is twofold: to show that all of these models have a consensus on capturing the essence of an architectural design decision; and to clarify the major difference among the tools and show what desired features are missing in these tools.
Conference Paper
Full-text available
Embedded systems architectures are increasingly becoming programmable, which means that an architecture can execute a set of applications instead of only one. This makes these systems cost-effective, as the same resources can be reused for another application by reprogramming the system. To design these programmable architectures, we present in this article a number of concepts of which one is the Y-chart approach. These concepts allow designers to perform a systematic exploration of the design space of architectures. Since this design space may be huge, it is narrowed down in a number of steps. The concepts presented in this article provide a methodology in which architectures can be obtained that satisfies a set of constraints while establishing enough flexibility to support a given set of applications.
Article
Full-text available
This thesis describes the CAFCR method for embedded systems architecting. Embedded systems are software and technology intensive systems. Typical examples of software and technology intensive products are televisions, DVD-players, MRI scanners, and printers. The creation of these products is a multi-disciplinary effort by hundreds of engineers. The method is based on multiple views that are integrated by qualities and architectural reasoning. Story telling is used as complementary submethod to gather requirements and to make specification and design discussions specific. The architecting method is applied in retrospect on the development of a Medical ImagingWorkstation. The Medical ImagingWorkstation case is used to evaluate the method. The thesis is structured in four parts: Introduction, Architecting method, Medical Imaging Workstation case, and Evaluation and Conclusions. The first part articulates the research question and the hypothesis. The last part assesses the hypothesis by evaluating the use of the method in the case.
Conference Paper
Full-text available
Architecting distributed software applications is a complex design activity. It involves making decisions about a number of inter-dependent design choices that relate to a range of design concerns. Each decision requires selecting among a number of alternatives; each of which impacts differently on various quality attributes. Additionally, there are usually a number of stakeholders participating in the decision-making process with different, often conflicting, quality goals, and project constraints, such as cost and schedule. To facilitate the architectural design process, we propose a quantitative quality-driven approach that attempts to find the best possible fit between conflicting stakeholders' quality goals, competing architectural concerns, and project constraints. The approach uses optimization techniques to recommend the optimal candidate architecture. Applicability of the proposed approach is assessed using a real system.
Conference Paper
Full-text available
Software architecture evaluation has been proposed as a means to achieve quality attributes such as maintainability and reliability in a system. The objective of the evaluation is to assess whether or not the architecture lead to the desired quality attributes. Recently, there have been a number of evaluation methods proposed. There is, however, little consensus on the technical and nontechnical issues that a method should comprehensively address and which of the existing methods is most suitable for a particular issue. We present a set of commonly known but informally described features of an evaluation method and organizes them within a framework that should offer guidance on the choice of the most appropriate method for an evaluation exercise. We use this framework to characterise eight SA evaluation methods.
Conference Paper
Full-text available
While software architecture has become an increasingly important research topic in recent years, insufficient attention has been paid to methods for evaluation of these architectures. Evaluating architectures is difficult for two main reasons. First, there is no common language used to describe different architectures. Second, there is no clear way of understanding an architecture with respect to an organization's life cycle concerns -software quality concerns such as maintainability portability, modularity, reusability, and so forth. We address these shortcomings by describing three perspectives by which we can understand the description of a software architecture and then proposing a five-step method for analyzing software architectures called SAAM (Software Architecture Analysis Method). We illustrate the method by analyzing three separate user interface architectures with respect to the quality of modifiability
Conference Paper
To architect and design a system, the stakeholder needs have to be satisfied by technical solutions, for which decisions on trade-offs have to be made. A trend is that the number of functions, components, and interfaces in systems increase, often by an order of magnitude or more, such that reasoning about the impact of a decision becomes increasingly hard and tracing its impact throughout the system is crucial. Therefore, we decompose a system in areas of knowledge and information, which we call knowledge domains. Architecting means taking decisions, for which the impact on knowledge domains and their explicit relations are required. Existing approaches that reason across systems either do not make explicit relations between knowledge domains, or perform a quantitative computation instead of reasoning, where for both it is difficult to trace the impact of decisions. In this paper, we present an architecture reasoning structure with which knowledge domains from different disciplines can be explicitly related, which enables system wide reasoning and decision making. With just eight language elements, a system can be described in an information structure. By applying a knowledge domain pattern, the essential information of knowledge domains is captured. Via relations, both qualitative and quantitative reasoning can be performed to trace the impact of decisions. An example is used to illustrate the approach, for which the tension for a decision is shown by tracing its impact via quantitative and qualitative relations. The approach was investigated and validated in the industrial context of Océ professional printing systems.
Conference Paper
Abstract—Truck platooning for which multiple trucks follow at a short distance is considered a near-term truck automation opportunity, with the potential to reduce fuel consumption. Short following distances and increasing automation make it hard for a driver to be the backup if the system fails. The EcoTwin consortium successfully demonstrated a two truck platooning system with trucks following at 20 meters distance at the public road, in which the driver is the backup. The ambition of the consortium is to increase the truck automation and to reduce the following distance, which requires a new fail-operational truck platooning architecture. This paper presents a level 2+ platooning system architecture, which is fail-operational for a single failure, and the corresponding process to obtain it. First insights in the existing two truck platooning system are obtained by analyzing its key aspects, being utilization, latency, reliability, and safety. Using these insights, candidate level 2+ platooning system architectures are defined from which the most suitable truck platooning architecture is selected. Future work is the design and implementation of a prototype, based on the presented level 2+ platooning system architecture.
Article
The ilities are properties of engineering systems that often manifest and determine value after a system is put into initial use (e.g. resilience, interoperability, flexibility). Rather than being primary functional requirements, these properties concern wider system impacts with respect to time and stakeholders. Over the past decade there has been increasing attention to ilities in industry, government and academia. Our research suggests that investigating ilities in sets may be more meaningful than study of single ilities in isolation. Some ilities are closely related and do in fact form semantic sets. Here, we use two methods to investigate over twenty ilities in terms of their prevalence and their interrelationships. We look for trends related to ilities of interest in relation to system type and an understanding of their collective use. First, we conducted a prevalence analysis of 22 ilities using both the internet as well as the Compendex/Inspec database as a source. We found over 1,275,000 scientific articles published between 1884 and 2010 and over 1.9 billion hits on the internet, exposing a clear prevalence-based ranking of ilities. Two questions we seek to address are: why and how are the ilities related to one another, and what can we do with this information. Initial steps to answer the first question include a 2-tupel-correlation matrix analysis that exposes the strongest relationships amongst ilities based on concurrent usage. Moreover, we conducted some preliminary experiments that indicate that a hierarchy of ilities with a few major groupings may be most useful. The overall objective for this research is to develop a formal framework and prescriptive guidance for effectively incorporating sets of ilities into the design of complex engineering systems.
Article
Decision makers are often faced with several conflicting alternatives [1]. How do they evaluate trade-offs when there are more than three criteria? To help people make optimal decisions, scholars in the discipline of multiple criteria decision making (MCDM) continue to develop new methods for structuring preferences and determining the correct relative weights for criteria. A compilation of modern decision-making techniques, Multiple Attribute Decision Making: Methods and Applications focuses on the fuzzy set approach to multiple attribute decision making (MADM). Drawing on their experience, the authors bring together current methods and real-life applications of MADM techniques for decision analysis. They also propose a novel hybrid MADM model that combines DEMATEL and analytic network process (ANP) with VIKOR procedures.
Article
High-tech mechatronic system design, such as that required for tools for oil-well drilling and exploitation, requires that engineers from multiple domains concur on architectural solutions due to a large number of interdependent system performance criteria and design parameters that are shared across architecture interfaces. Supporting designers in envisioning probable challenges in architectures early in design is of utmost importance to ensure project quality while minimising costs and delays. In this paper, we present the multiple-domain design scorecard method to facilitate architecture generation and assessment through architecture interface characterisation as well as to support design process management. We propose to semantically enrich the design structure matrix, domain mapping matrix and quality function deployment representations to capture project data and expertise related to concept generation. In addition, we propose six types of design assessment cards that both support design space exploration and highlight design challenges of potential system architecture. The proposed approach is being implemented and tested in an industry context. A case study in the oil industry brings to the fore some of the advantages and challenges in the implementation process.
Article
Most professionals, actively engaged in design, live in a world of trade-offs. The most typical compromise is that reducing the cost of design causes quality to suffer, but there are many others as well. This paper summarizes current use of one of the most popular approaches to improving the new offering development process: design reuse. In the present study 42 companies were surveyed, of which 23 were in manufacturing and 19 were in services—but all were actively engaged in technology and design reuse in new offerings. It was hypothesized that policies for design reuse and internal sourcing would promote the complexity and breadth of reuse (here the combination of modular and architectural substitution), which, in turn would dampen the percentage of substitution and reduce the negative impact on innovativeness of new offerings. These predictions were generally supported. Adoption of policies for encouragement or to mandate design reuse were significantly correlated with the extent of reuse (application of both architectural and modular design vs. just one or the other) among manufacturers but not services firms in the sample. Internal sourcing of ideas for design reuse was significantly correlated with extent of reuse for the total sample, and especially for services. Design reuse percentage and extent of design reuse were significantly and inversely associated for manufacturing, as predicted, but not for services. Novelty of new offerings was significantly and inversely related to percentage of reuse, as predicted, for manufacturing, but not for services. It was found that sector also makes a difference in likelihood of adopting higher levels of reuse with service company respondents reporting significantly higher levels (average of 42% reuse for services and 28% for manufacturing applications). Perhaps one of the most interesting preliminary findings to emerge was that the tipping point of negative impact from design reuse percentage on innovativeness for all firms in the sample of new offerings was 43%, beyond which novelty suffers. For manufacturing, the tipping point was lower: Novelty begins to suffer after 33% design reuse, which has important management implications. The conclusion was drawn, based on these preliminary results, that much can be done to relieve some of the negative consequences of the typical trade-offs commonly encountered in development programs for new offerings, especially when cost, timing, and innovation are the target goals. However, services and manufacturing are quite different in their approach to design reuse and substitution. Further development of the concept of design reuse strategy appears to be warranted based on these preliminary findings. The findings raise the distinct possibility that mesolevel strategic aggregation issues might lead research into areas that help explain how complex systems realize their full self-organizing potential and why corporate strategy considerations, alone, have failed to explain the success and failure of organizations coping in rugged landscapes.
Conference Paper
Architectural quality constitutes a critical factor for contemporary software systems, especially because of their size and the needs for frequent, quick changes. For success-critical business systems, architectural decisions are of high risk for the market share and even for the existence of enterprises. These decisions are important for design processes as well as for refactoring. Because of the complexity of the decisions, e.g., uncertain, contradicting goals, unknown effects and risky conditions, decision-making is a difficult and risky task. Risks can be minimized if the decisions are made systematically. In an earlier paper, we intro- duced methods of Decision Theory to perform such decisions in a rational way. This paper introduces a method for evaluating alternatives of architectural decisions, for both architectural design and refactor- ing. This method adopts elements of the scenario- based evaluation method ALMA (1). A practical ex- ample illustrates the application of the improved deci- sion process.