Conference PaperPDF Available

DESIGN20 - METHOD FOR 3D-ENVIRONMENT DRIVEN DOMAIN KNOWLEDGE ELICITATION AND SYSTEM MODEL GENERATION

Authors:

Abstract and Figures

The development of cyber-physical systems requires close cooperation between stakeholders from different disciplines. Model-based systems engineering support this by the design of a system model. Non-identified domain knowledge by the stakeholders is a challenge when creating the system model. The CONSENS 3D-Modeling Method supports the domain-independent elicitation of domain knowledge using a 3D environment and enables the derivation of a SysML system model. We applyed the method by implementing a prototype, called 3D Engineer, to an application example from the automotive industry.
Content may be subject to copyright.
DESIGN SUPPORT TOOLS 197
INTERNATIONAL DESIGN CONFERENCE DESIGN 2020
https://doi.org/10.1017/dsd.2020.41
METHOD FOR 3D-ENVIRONMENT DRIVEN DOMAIN KNOWLEDGE
ELICITATION AND SYSTEM MODEL GENERATION
S. Japs , L. Kaiser and A. Kharatyan
Fraunhofer IEM, Germany
sergej.japs@iem.fraunhofer.de
Abstract
The development of cyber-physical systems requires close cooperation between stakeholders from
different disciplines. Model-based systems engineering support this by the design of a system
model. Non-identified domain knowledge by the stakeholders is a challenge when creating the
system model. The CONSENS 3D-Modeling Method supports the domain-independent elicitation
of domain knowledge using a 3D environment and enables the derivation of a SysML system
model. We applyed the method by implementing a prototype, called 3D Engineer, to an application
example from the automotive industry.
Keywords: 3D modelling, virtual engineering (VE), model-based engineering, cyber-physical
systems, systems modeling language
1. Introduction
The development of intelligent technical systems, such as autonomous vehicles, is characterised by
close cooperation between mechanical engineering, electrical engineering and software engineering.
The interdisciplinary and complexity of these systems leads to an increasing challenge for an effective
and efficient development. Model-based Systems Engineering (MBSE) addresses these challenges by
methods for the development of a common system model involving different stakeholders.
The precise and early elicitation of the domain knowledge of the stakeholders constitutes a challenge
for the development of the system model. Missing domain knowledge within the system model is a
risk for the discipline-specific development regarding development costs and development time.
There are several approaches (Coulin and Zowghi, 2005; Asger and Yousuf, 2015) that address the
elicitation of domain knowledge, such as the requirement elicitation techniques interview or
brainstorming. However, these techniques are aimed for textual elicitation of requirements and not for
the creation of a system model. In particular, interviews lead to ambiguous requirements (Alessio et al.,
2016). Conversely, MBSE approaches such as CONSENS (Gausemeier et al., 2014) provide a method
for developing a system model, but do not help to elicitate the domain knowledge of stakeholders.
The theory of situational cognition postulates that the elicitation of associated knowledge is more
successful when people are placed in a situational context (Brown et al., 1989). For example, if one stands
on the side of the road and watches the traffic, more safety-critical situations come to mind than if one were
standing in front of a whiteboard. There are already a number of approaches that support the elicitation of
domain knowledge using 3D environments (Florides et al., 2015; Bhimani and Spolentini, 2017; Bhimani,
2017; Brown et al., 2015; Brown et al., 2017). 3D environments allow e.g. the playful interaction with 3D
198 DESIGN SUPPORT TOOLS
objects inside the 3D environment as well as the change of the perspective. However, these approaches can
only be applied domain-specific. Another problem with these approaches is that after the knowledge has
been elicitated, it is necessary to transfer it manually to an MBSE software tool. The approach (Brown et
al., 2015) allows additionally deriving models, but is domain-specific.
In this paper we introduce the CONSENS 3D-Modeling Method, which is domain-independent and,
using 3D environments, improves the elicitation of domain knowledge.
In order to reduce the modeling effort, the CONSENS 3D Modeling Method enables the automatic
derivation of a system model. For this we extend the CONSENS method for use in 3D environments. The
CONSENS method has been applied in numerous industrial projects in the product conception phase, e.g.
to develop smart home products (UNITY Innovation Alliance, 2020) or as a general method for designing
mechatronic products (Smart Mechatronics, 2020). We use SysML (OMG, 2015) as modeling language,
since SysML is the de-facto modeling language for systems engineering (Dori, 2016).
We illustrate our approach with the application example Platooning. Platooning is a method for
driving a group of vehicles autonomously together. Here we illustrate a safety hazard by the
occurrence of an obstacle in front of the platoon. Furthermore we illustrate a safety critical security
threat by the manipulation of sensor data to manipulate the platoon behavior via a fake obstacle.
We structure this work as follows: First, in Section 2, the necessary foundations for our approach will
be established. For this purpose the MBSE method CONSENS is presented, on which our approach is
based. Furthermore, a classification of related work and a delimitation will be performed. In section 3,
we introduce the CONSENS 3D Modeling Method, which allows the application of the existing
CONSENS method for the use in a 3D environment and ensures an automatic derivation of a SysML
system model. Section 4 presents the application of the method using the platooning example. For this
we present a general software architecture for a tool implementation. Furthermore, we show the
application of our method by means of a prototypical implementation by our tool 3D Engineer.
Finally, a discussion, summary and an outlook are presented.
2. Fundamentals and related work
In this section we present the fundamentals of the CONSENS 3D-Modeling Method presented in
section 3 and delimit it from relevant existing approaches.
2.1. CONSENS method and SysML4CONSENS-profile
As the fundamental approach we use the CONSENS method (Gausemeier et al., 2014). CONSENS is
a Model-based Systems Engineering (MBSE) approach and designed for the interdisciplinary design
of complex intelligent technical systems. The method defines, centrally for an MBSE approach, based
on a modeling language the design of a system model in the concept phase. The CONSENS method
requires the design of different partial models for the different aspects of a technical system. The
Environment Model views the system as a black box in the context of its environment. In this model,
interactions between environmental elements and the system are modelled. Application Scenarios
describe a situation-specific view of the described system. The partial model Requirements comprises
a structured collection of requirements for the system. The partial model Functions allows a
hierarchical breakdown of the functionality of the system. In the System Structure, the components of
the system and the relationships between the components are modelled. In the partial model Behavior,
the system behavior is modeled by activities, states or sequences. The partial model Shape, addresses
the early definition of the shape of the system. By means of cross-relationships, the different partial
models can be connected with each other. Relationships within these models are distinguished
according to the following relationship types: information, energy, substance and if unclear logical
relationship. While CONSENS defines its own modeling language, we use the modeling language
SysML (OMG, 2015). This defines a requirements diagram and several structure and behavior
diagrams. In order to be able to use the CONSENS method in combination with SysML, we use a
corresponding SysML profile (Dumitrescu et al., 2013). Profiles allow the modelling language to be
extended by adding further stereotypes. E.g. the stereotype “information” (see Figure 4), allows the
relationship Manipulated data between the environmental element hacker and the system car to
be categorized as an information relationship.
DESIGN SUPPORT TOOLS 199
2.2. Classification of related work and delimitation
We have examined a number of approaches that support system design and allow to derive a system
model in a modeling language. We exclude approaches like (Atukorala and Chang, 2018), which are
very formal and can only be understood by discipline experts, or approaches that do not use an
established modelling language. For this purpose, we consider the requirement elicitation and
documentation as an early form of system design. For this we have created a classification (see Figure
1). We distinguish between approaches which support domain-dependent and independent system
design. Furthermore, we distinguish between approaches which additionally allow a derivation of a
system model or not. We illustrate the classification in Figure 1, exemplarily on the basis of
approaches that compete with our approach or are relevant to it. The Driving Simulator based method
(Florides et al., 2015) supports the elicitation of requirements for the automotive industry by means of
a simulation-based 3D environment. The approach does not deal with the derivation of requirements
or a system model. The Business Process Modeling Method (Brown et al., 2015) supports the
identification of business processes through a 3D environment in the form of an office complex. Here
the determined business processes are automatically created in the form of BPMNs. Both approaches
are not independently applicable to domains.
Figure 1. Classification of MBSE approaches
An example for the domain independent system design is the CONSENS method (Gausemeier et al.,
2014) (cf. Section 2.1). The method helps to create the system model by means of different partial
models. The system aspect shape can be linked with other Partial models by cross-relationships.
However, this aspect is not methodically addressed in order to support the design of the individual
partial models. In particular, CONSENS offers no automatic derivation of a system model. Techniques
for the elicitation of requirements such as interviews or document analysis can be used independently
of domains. However, these do not support the automatic derivation of requirements of a system
model. Design thinking refers to the cognitive, strategic and practical processes by which design
concepts are developed. According to (Brenner and Uebernickel, 2016), design thinking contains
phases which are run iteratively to develop specific and stepwise more detailed prototypes. (Tomita et
al., 2017; Lewrick et al., 2018; Tekaat et al., 2019) are showing the feasibility and potentials of
combining design thinking with systems engineering. The creation of prototypes in design thinking
approaches harmonizes with approaches that use 3D objects as system representatives. However, we
did not find any approach that allows the automatic generation of a system model. The Audio
Recordings based method (Abad et al., 2018) is domain independent. By analyzing audio recordings
through e.g. interviews, requirements can be automatically recorded in text form and be categorized.
No support in the elicitation of these requirements is considered in this method.
Based on our literature analysis, we did not find approaches that simultaneously improve the
elicitation of domain knowledge, can be applied domain-independently and allow the automatic
derivation of a system model to reduce the manual modeling effort. We fill this research gap with the
CONSENS 3D-Modeling Method (cf. Section 3).
200 DESIGN SUPPORT TOOLS
3. CONSENS 3D-Modeling Method
In this section we present the CONSENS 3D-Modeling Method. By using 3D environments, this
method enables the playful elicitation of requirements and design of an informal system model.
Furthermore, the method allows the automatic derivation of a SysML system model.
The method generally consists of four process steps (see Figure 2). The first step consists of the
definition of the general use case, here platooning. This is followed by the application of the CONSENS
3D analysis phase (see Section 3.1) and the application of the CONSENS 3D synthesis phase (see
Section 3.2). The existing CONSENS analysis and synthesis phase was extended for use in 3D
environments. The last step is the automatic derivation of a SysML system model based on the steps
performed in the analysis and synthesis phase. For this purpose, a meta model is used which defines the
mapping between text, elements of the 3D environment and SysML elements (see Section 3.1).
Figure 2. Method overview
3.1. Meta model
The meta model shown in Figure 3 is fundamental for the CONSENS 3D analysis and synthesis phase
and the derivation of SysML system models. This defines the mapping between text elements,
elements of the 3D environment and SysML elements. Stereotypes allow the specific distinction
between the respective elements. Furthermore, by noting the position sequence, it is possible to
capture the motions of 3D objects.
Figure 3. Meta model
Figure 3 shows the application of the meta model to the function brake car. The text element of the
function can be allocated via the trace-relationship directly to the SysML element brake car with the
stereotype function. In addition, car can be assigned to a 3D and SysML element with the
stereotype bdd. A SysML Block Definition Diagram (bdd) represents system elements as black-
boxes. Vehicle movements are captured using the position sequence. Since there is a relationship
between the function brake car and a specific car, this is annotated accordingly.
3.2. CONSENS 3D-analysis phase
For the application of the CONSENS method using a 3D environment, an extension or adaptation of the
method is necessary. In this section we introduce the 3D analysis phase, which is based on the existing
CONSENS analysis phase. The 3D analysis phase consists of three sub-processes (see Figure 4).
DESIGN SUPPORT TOOLS 201
Figure 4. CONSENS 3D-analysis phase overview
The first sub-process, design of an environmental context, is new and precedes the previous analysis
phase. For the general use case, here platooning, an environmental context in the 3D environment has
to be designed. The environmental context provides the foundation for situational cognition in the 3D
environment. For platooning we choose a major city as the environmental context.
The second sub-process uses the environmental context in order to design the general system and its
direct environment, supported by the use of 3D objects. In this sub-process a boundary is defined
between the system under design and its direct environment. In addition, relationships shall be
established between the system and the environmental elements. We define the individual vehicle in
the platoon as the system. The situational cognition is reinforced by the environmental context and
enables the derivation of environmental elements for the system out of the environmental context.
Examples would be other vehicles in the platoon, the roadway and obstacles that could be located in
the major city. The detection of obstacles corresponds to a CONSENS information relationship
between obstacle and vehicle. The braking of the vehicle on the road represents an energy relationship.
In addition, the environmental element hacker can be derived for the environmental context of major
cities. The hacker could be in a house or café close to the roadway in order to manipulate vehicle
sensor data or the communication between vehicles in the platoon.
The third sub-process deals with the definition of user stories. This sub-process corresponds with the
creation of an application scenario in CONSENS. User stories are short requirements formulated in
common language. In the context of the 3D analysis phase, user stories are used to describe what is to
be modelled and what has already been modelled in the 3D environment. User stories are linked with
environmental elements and the general system from the 3D environment. They can also be linked to
each other. The modeled relationships between the 3D objects and the modeled behavior (see section
3.3) provide potential for the automatic generation of user stories.
An example is the following user story: If the vehicle detects a sudden appearing obstacle, it must
perform an emergency braking. In order to increase precision and avoid ambiguities, a connection is
established between the specific vehicle and the obstacle with the corresponding 3D elements. In
contrast to the existing CONSENS analysis phase, the use of user stories represents a simplification
and serves as a basis for the formulation of requirements.
202 DESIGN SUPPORT TOOLS
Based on the process steps of the 3D analysis phase, SysML models can be derived from Section 3.1
using the meta model. Figure 4 shows a CONSENS environment model for the Platooning application
example in the form of a SysML-BDD. The user stories from the 3D environment are presented in the
form of SysML requirements. Cross-referencing of user stories with each other is also done for
SysML requirements. Since user stories are linked with 3D elements, a link is set between the SysML
requirements and the SysML-BDD. This is used to formulate precise requirements.
3.3. CONSENS 3D-synthesis phase
In this section we introduce the 3D synthesis phase, which is based on the existing CONSENS
synthesis phase. The 3D synthesis phase consists of three sub processes (see Figure 5).
The first sub process deals with the design of system functions. System functions are initially
independent of solutions and can be implemented in different ways. They are defined in CONSENS
by a subject + verb combination. The extension consists of linking subjects of a function with 3D
elements. For example, for the function Detect obstacle a link from obstacle to the representing
3D element is created. If there is a hierarchical relationship between functions, this is also captured.
The function Detect obstacle, for example, requires the function Brake car.
Figure 5. CONSENS 3D-synthesis phase overview
The second sub-process deals with the design of system components and their relationships to each
other. Using 3D objects, system components can be placed relative to each other in the general system
and can be connected to each other. The modelled artefacts environment model, user stories and
functions serve as a basis. In the context of the application example, a sensor component is required
for the detection of obstacles. A security unit has to analyze the sensor data in case of external attacks.
There is an information relationship between the sensor component and the security unit.
The third process step deals with the design of the system behavior using the 3D environment. The
system behavior can be modelled on two different levels. On the one hand on level of the general
system and its environment and on level of the system components. The artifacts that have already
been created in previous process steps serve as a basis. An important aid is the positioning of 3D
elements in the 3D environment. Analogous to the procedure in SysML, modeling can be condition-
DESIGN SUPPORT TOOLS 203
based, activities-based and interaction-based, depending on the behavior focus. Figure 5 shows an
interaction-based sequence within the 3D environment. Because an interaction represents a
relationship between two 3D elements, it can be differentiated by a relationship type. If an obstacle
is detected, the vehicle should then brake and finally warn other vehicles. Based on the process steps
of the 3D synthesis phase, SysML models can be derived from Section 3.1 using the meta model.
Figure 5 shows SysML models for functions, the system architecture, and a sequence diagram for
system behavior. If a SysML model element occurs within another SysML model element, it is
linked to other model elements to avoid ambiguities. For example, the function “Brake car” appears
in the sequence diagram as an interaction message. Here, “car” refers to the vehicle that first
recognized the obstacle.
4. Application of the method and prototypical implementation of 3D
Engineer
In this section we introduce the application of the CONSENS 3D-Modeling Method. First, a general
software architecture for tool support is discussed, then a prototypical implementation of our tool - 3D
Engineer (Japs, 2020) - will be presented.
Figure 6 shows the general architecture of 3D Engineer. 3D Engineer requires a 3D model library. For
this we use the Unity Asset Store (Unity, 2019a), which contains more than 31000 3D object packages
and is continuously extended. Most object packages contain several 3D objects up to over 100. 3D
Engineer extends a 3D engine by the process steps of the CONSENS 3D analysis and synthesis phase.
The 3D engine we use is Unity (Unity, 2019b), one of the most commonly used development
environments for 3D games. Part of 3D Engineer is the generation of SysML models. A Model-based
Systems Engineering Environment is required for further processing of the SysML models. For this
we used the CAMEO Systems Modeler (CMS) (NoMagic, 2019). For the model import we developed
our own CMS plugin.
Figure 6. Software architecture overview
Figure 7 shows the prototype implementation of 3D Engineer. We used the CONSENS 3D method for
the general Use Case Platooning using 3D Engineer. We created an environment model in 3D
Engineer and automatically generated a SysML-BDD (see Figure 8). Furthermore, we modelled two
interaction sequences in 3D Engineer (see Figure 7) and automatically generated two sequence
diagrams (see Figure 9).
The application of the method is described in detail below (see Figure 7). During the analysis phase, an
environmental context was created for the general use case. For the environmental context “Major City”,
we used Windridge City from the Unity Asset Store, which is often used in the scientific community.
We used 3D objects from the Asset Store to model the general system and the environment.
The general system is the front vehicle. As environmental elements we use a woman as a hacker, a
box as an obstacle and a rear vehicle as another vehicle in the platoon. Relationships are established
between the general system and the environmental elements and differentiated according to
relationship types. We have indicated a possible automatic text recognition by speech input by the
microphone symbol.
In play mode, requirements are determined in a playful way by touch gestures by placing 3D objects,
changing perspectives and moving objects. The Specification Mode is used to intuitively design the
system model. In order to keep up the modeling flow, dummy objects are used, here the box. These
boxes can potentially be identified by a label.
204 DESIGN SUPPORT TOOLS
Figure 7. Implementation of 3D Engineer
Figure 8. Generated system environment model
During the synthesis phase, system components and their relationships are designed. For this purpose,
the implementation of the general system and its environment could be reused. For the design of the
system behavior, we focused on the realization of the interaction behavior (see Figure 7). For this
purpose, a sequence of interactions between 3D elements is formed and described textually. In order to
differentiate more precisely, each interaction relationship is assigned to one of the four relationship
types of CONSENS (see Section 2.1). Figures 8 and 9 show an environment model and a behaviour
model. Both models were designed using 3D Engineer and the CONSENS 3D-Modeling Method and
were automatically generated in the form of SysML models. For this purpose 3D Engineer generates a
file. This file is processed using the CMS plugin we developed, so that SysML models are automatically
created from it.
Figure 9. Generated behavior diagrams
DESIGN SUPPORT TOOLS 205
5. Discussion
In this paper, we have presented an requirements engineering approach which simultaneously improve
the elicitation of domain knowledge, can be applied domain-independently and allow the automatic
derivation of a system model to reduce the manual modeling effort.
We have identified the following challenges: The initial effort for our approach is relatively high. For
preparation, a suitable selection of 3D models must be determined. Missing models must be created
manually or represented by dummy objects. Furthermore computer hardware like tablets is necessary.
The use in an industrial environment requires the exact knowledge of the corresponding license for
free 3D objects. For example, in design thinking, sticky notes, pens and cardboard are sufficient. For
using CONSES, a whiteboard and pens are sufficient. Classical elicitation techniques such as
interviews or questionnaires require only a written preparation.
We have identified the following benefits: Compared to CONSENS, our approach supports the
elicitation of the stakeholders’ domain knowledge through an interactive visualization in a 3D
environment. Furthermore, the additional manual effort of digitizing domain knowledge in the form of
digital models is not required. Created digital models and relationships can be reused in 3D Engineer
regardless of location and in subsequent projects. In contrast, analog approaches such as design
thinking or CONSENS. Here, the extracted domain knowledge for example only exists in the form of
labeled whiteboards, walls with sticky notes or in the form of cardboard prototypes. The consolidation
of the domain knowledge in the form of digital models is still necessary in this context. Especially the
creation of digital models based on design thinking results requires additional cognitive effort.
The direct creation of SysML models saves preparation effort, but the situational cognition regarding
elicitation of domain knowledge from the stakeholders is not addressed. In particular, our approach
enables the elicitation of domain knowledge without requiring detailed SysML knowledge from the
stakeholders.
6. Conclusions and future work
The development of intelligent technical systems requires the cooperation of stakeholders from
different disciplines. Model-based Systems Engineering (MBSE) addresses this challenge through
methods like CONSENS for the creation of a common system model. The precise and early elicitation
of the domain knowledge of the stakeholders represents a challenge for the creation of the system
model and, in the negative case, poses risks for the discipline specific design.
The CONSENS 3D-Modeling Method addresses this challenge. Compared to existing approaches, this
method is domain independent. For this purpose, in order to increase the situational cognition of
stakeholders, the method provides a relation to 3D environments. To ensure consistency in
engineering, the method allows an automatic derivation of a SysML system model. We have
illustrated our approach by means of the platooning application example. For this purpose, we applied
the method on the basis of the platooning example by our prototypical implementation - 3D Engineer.
Part of future work is the validation of the method and evaluation of other application examples like
robot production cell. For this purpose, a comparison with two groups of people is suitable, in which
one group uses e.g. established approaches of requirement engineering and the other group uses the
CONSENS 3D method. In order to increase situational cognition, the use of the CONSENS 3D
method in combination with virtual reality will be investigated.
Acknowledgement
I like to thank my students Oliver von Heißen and Sebastian Schmidt for they support in implementing 3D Engineer.
This research was funded by the German Federal Ministry of Education and Research (BMBF) in the project
SecForCARs, grant number 16KIS0790. The contents of this publication are the sole responsibility of the authors.
References
Abad, Z.S.H. et al. (2018), ELICA: An Automated Tool for Dynamic Extraction of Requirements Relevant
Information”, Proceedings of 5th International Workshop on Artificial Intelligence for Requirements
Engineering (AIRE), Banff, AB, pp. 8-14. https://doi.org/10.1109/AIRE.2018.00007
206 DESIGN SUPPORT TOOLS
Alessio, F., Gnesi, S. and Spoletini, P. (2016), “Ambiguity and tacit knowledge in requirements elicitation interviews”,
Requirements Engineering, Vol. 21 No. 3, pp. 333-355. https://doi.org/10.1007/s00766-016-0249-3
Asger, M. and Yousuf, M. (2015), “Comparison of Various Requirements Elicitation Techniques”, International
Journal of Computer Applications, Vol. 116 No. 4, pp. 8-15. https://doi.org/10.5120/20322-2408
Atukorala, N.L. and Chang, C.K. (2018), Situation-Oriented Software Requirements Specification and Model
Generation, Iowa State University, Iowa, USA.
Bhimani, A. and Spolentini, P. (2017), “Empowering Requirements Elicitation for Populations with Special
Needs by Using Virtual Reality”, ACM SE ‘17 Proceedings of the SouthEast Conference, Kennesaw, GA,
USA, April 13-15, 2017, ACM, New York, pp. 268-270. http://doi.acm.org/10.1145/3077286.3078467
Bhimani, A. (2017), Feasibility of Using Virtual Reality in Requirements Elicitation Process, [Master Thesis],
Kennesaw State University.
Brenner, W. and Uebernickel, F. (2016), Design Thinking for Innovation: Research and Practice, 1st ed.,
Springer International Publishing, Cham.
Brown, R. et al. (2015), “Virtual Business Role-Play: Leveraging Familiar Environments to Prime Stakeholder
Memory During Process Elicitation”, 27th International Conference, CAiSE 2015, Stockholm, Sweden, June
8-12, 2015, Springer International Publishing, pp. 166-180. https://doi.org/10.1007/978-3-319-19069-3_11
Brown, R., Harman, J. and Johnson, D. (2017), Improved Memory Elicitation in Virtual Reality: New
Experimental Results and Insights”, 16th IFIP TC 13 International Conference, Mumbai, India, September
25-29, 2017, Springer International Publishing, pp. 128-146, https://doi.org/10.1007/978-3-319-67684-5_9
Brown, J.S., Collins, A. and Duguid, P. (1989), “Situated Cognition and the Culture of Learning”, Sage
Journals, Vol. 18 No. 1, p. 11. https://doi.org/10.3102/0013189X018001032
Coulin, C. and Zowghi, D. (2005), “Requirements Elicitation: A Survey of Techniques, Approaches, and Tools”,
Engineering and Managing Software Requirements, Springer, Berlin Heidelberg, pp. 19-46. https://doi.org/
10.1007/3-540-28244-0_2
Dumitrescu, R. et al. (2013), Automatic Verification of Modeling Rules in Systems Engineering for
Mechatronic Systems”, ASME International Design Engineering Technical Conferences & Computers and
Information in Engineering Conference, Portland, Oregon, USA, August 4-7, 2013, ASME, New York, p. 9.
https://doi.org/10.1115/DETC2013-12330
Dori, D. (2016), Model-Based Systems Engineering with OPM and SysML, Springer, New York. https://doi.org/
10.1007/978-1-4939-3295-5
Florides, C. et al. (2015), “Driving simulator for discovering requirements in complex systems”, SummerSim ‘15
Proceedings of the Conference on Summer Computer Simulation, Illinois, Chicago, July 26-29, 2015, pp. 1-10.
Gausemeier, J., Ramming, F.J. and Schäfer, W. (2014), Design Methodology for Intelligent Technical Systems:
Develop Intelligent Technical Systems of the Future, Springer, Berlin/Heidelberg. https://doi.org/10.1007/
978-3-642-45435-6
Japs, S. (2020), Prototypical implementation of 3D Engineer, [online] Japs, S. Available at: https://gitlab.cc-
asp.fraunhofer.de/mbseguy/3d_engineer (accessed 10.02.2020).
Lewrick, M., Patrick, L. and Leifer, L. (2018), The Design Thinking Playbook: Mindful Digital Transformation
of Teams, Products, Services, Businesses and Ecosystems, John Wiley and Sons, Hoboken, New Jersey.
No Magic (2019), Cameo Systems Modeler, [online] No Magic. Available at: https://www.nomagic.com/
products/cameo-systems-modeler (accessed 02.11.2019).
OMG (2015), System Modeling Language V.1.4, OMG, Object Management Group, Needham, Massachusetts,
USA.
Smart Mechatronics (2020), CONSENS, [online] Smart Mechatronics. Available at: https://smartmechatronics.
de/consens (accessed 30.01.2020).
Tekaat, J. et al. (2019), Potentials for the Integration of Design Thinking along Automotive Systems Engineering
Focusing Security and Safety”, Proceedings of the 22nd International Conference on Engineering Design
(ICED19), Delft, The Netherlands, 5-8 August 2019. https://doi.org/10.1017/dsi.2019.295
Tomita, Y. et al. (2017), Applying design thinking in systems engineering process as an extended version of
DIKW model”, Proceedings of the 27th Annual INCOSE International Symposium (IS 2017), Adelaide,
Australia, July 15-20, 2017.
UNITY Innovation Alliance (2020), Project References of the UNITY Innovation Alliance, [online] UNITY
Innovation Alliance, available at: https://www.unity-innovation-alliance.com/en/ (accessed 30.01.2020).
Unity Technologies (2019a), Unity Asset Store, [online] Unity Technologies. Available at: https://assetstore.
unity.com (accessed 02.11.2019).
Unity Technologies (2019b), Unity Game Engine, [online] Unity Technologies. Available at: https://unity.com
(accessed 02.11.2019).
... Considerable attention has been paid to the construction of monitoring networks of watershed water environments (Karamouz et al., 2009;Menon, Divya, & Ramesh, 2012;Varekar, Karmakar, Jha, & Ghosh, 2015;Verma & Chaudhary, 2012;Zennaro et al., 2009) and the 3D visualization of multisource watershed data (Bhimani & Spolentini, 2017;Harman, Brown, & Johnson, 2017;Harman, Brown, Johnson, Rinderle-Ma, & Kannengiesser, 2015;Japs, Kaiser, & Kharatyan, 2020;Schito, Jullier, & Raunal, 2019). To efficiently describe the spatial distribution characteristics of the watershed water environment, more attention has been paid to the design and optimization schemes of monitoring networks, determining both the numbers and locations of monitoring sites on the basis of basic characteristics of watersheds (Karamouz et al., 2009) (e.g., point and diffuse pollution sources ;Varekar et al., 2015). ...
... Past research has indicated that people can obtain more knowledge from 3D simulation scenes than traditional 2D scenes (Bhimani & Spolentini, 2017;Harman et al., 2015Harman et al., , 2017Japs et al., 2020;Schito et al., 2019). For example, if one is in a virtual simulation scene, the impact of climate change can be understood more intuitively than from reading newspapers or watching TV programs. ...
... LOD and CR are adopted in this work as optimization methods for the efficient improvement of 3D model data loading. LOD technology is an effective method to accelerate graphics generation (Japs et al., 2020) and is a good balance between limited computer hardware resources and high-quality 3D scenes. Furthermore, CR technology is helpful for accelerating the rendering process of 3D scenes and can exclude objects out of visual range of the camera from being rendered. ...
Article
Full-text available
There are limitations to traditional digital watershed platforms in terms of realistic visualization of geospatial elements and powerful decision support for watershed management. To advance the status quo, a web‐based digital twin is designed and implemented in this article that can: (1) realize virtual simulation of geographic elements on the browser side; (2) present the current situation and excessive information of the watershed water environment; and (3) provide decision support for integrated watershed management. Multiple 3D modeling methods are adopted cooperatively for total‐factor virtual simulation of geographic elements, and a browser‐side data loading scheme is designed for dynamic loading and cull rendering of 3D models. Additionally, schemes for spatiotemporal modeling of multisource data, analysis of multitype data, and scientific computation of mathematical models are proposed to support precise watershed management, making the platform practical. The implemented digital twin is applied in the Chaohu Lake Watershed, demonstrating that it can realize both stunning visual effects and practical decision‐support functions.
... Status [24] Initial approach Published [25] Elicicitation of stakeholders domain knowledge using a 3D environment Published [26] Identification of safety-relevant security threats in a system model Accepted [27] Resolution of safety-relevant security threats in a system model using design patterns Accepted In [24] I have developed an initial method. This method combines the activities of requirements engineering with MBSE and extends them so that security threats can be identified. ...
... In [25] I have developed an approach that allows modeling of use cases and threat cases using a 3D environment and 3D objects. This increases the creativity process of the stakeholders. ...
Conference Paper
Full-text available
Abstract—Cyber-physical systems (CPS), such as autonomous vehicles, are intelligent and networked. Close collaboration between stakeholders from different disciplines is necessary right from the start of development. In the automotive sector in particular, the collaboration of the car manufacturer extends to several suppliers. The increasing complexity in the design of such CPSs makes interdisciplinary and cross-company collaboration more difficult. Here, requirements specifications serve as a support for communication. A lack of overall understanding of such CPSs and their numerous interfaces jeopardizes the assurance of safety-relevant security. ISO/SAE 21434, which applies to the automotive industry, requires the creation of a cybersecurity concept at the beginning of the product development process. The problem is that ISO/SAE 21434 only prescribes WHAT must be done, but does not define HOW this is supposed to be done methodically. Existing methods are not applicable to the concept phase without extensive tailoring, according to the challenges I identified in this paper and the literature review I conducted. Furthermore, I present four papers I have written and four papers I plan to write, which serve as building blocks for the required overall method. Finally, I explain how I plan to evaluate my approach.
... Approaches like [17,18] use models, but do not use SysML. Approaches like CONSENS 3D [15] and Security by MBRE [23] use SysML within the context of MBSE. However, a concrete method for the identification of security hazards is missing. ...
... Different means can be used for visualization. Like drawing on a (digital) whiteboard or using a 3D environment like 3D Engineer [15] to visualize the initial situation by using 3D objects. Based on the visualized initial situation, user stories are derived. ...
Conference Paper
Full-text available
Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified security threats & safety hazards, resulting in high costs in product development. In particular, a lack of an integrative consideration of security threats & safety hazards can compromise safety compliance for CPS. Model-based systems engineering (MBSE) improves the understanding of systems between stakeholders by additionally creating supporting models. However, MBSE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches either are only applicable to specific disciplines or only partially consider security threats & safety hazards. In this paper we present a method that enables the early identification of safety relevant security threats. The method is designed to be applied in workshops with an interdisciplinary team of stakeholders and is used to determine initial results for the system architecture design phase. We illustrate our approach with the example of the automotive sector. To build a realistic system architecture we identified 18 architectural vehicle components including relevant architectural constraints. Finally, we present an evaluation of the method, based on a workshop with 30 master students.
... This section introduces the approach CONSENS 3D which describes the 3D environment driven elicitation of stakeholders domain knowledge regarding security & safety that was developed in [18]. The result of this approach is an initial security & safety system model (cf. Figure 4). ...
... None of the approaches fully meets the criteria (cf. [18] for a detailed analysis). Based on the literature analysis, no approaches were found that simultaneously improve the elicitation of domain knowledge, can be applied domain-independently (C 5 ) and allow the automatic derivation of a system model (C 6 ) to reduce the manual modeling effort. ...
Conference Paper
Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified security threats & safety hazards in requirements engineering, resulting in high costs in product development. In particular, a lack of an integrative consideration of security threats & safety hazards can compromise safety compliance for CPS. Model-based requirements engineering (MBRE) improves the understanding of systems between stakeholders by additionally creating supporting models to system requirements. However, MBRE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards. Overall, existing approaches do not fully cover the MBRE process. In the context of this paper, the results of three scientific papers are consolidated with the aim to create a basis for a holistic MBRE approach, which considers security threats & safety hazards integratively. In each of the papers, sub-criteria of the holistic MBRE approach are presented. Furthermore, elaborated and planned tools for the individual process steps are presented.
... Digital watershed technology has been considered the most powerful means for modern watershed planning and management. It can collect, represent and manage all kinds of watershed information by adopting synthetically several modern technologies, such as geographic information system (GIS), remote sensing (RS), virtual reality (VR), high-performance computing (HPC) [1][2][3][4], etc. Plenty of research has indicated that people can obtain more knowledge in 3D simulation scenes than in traditional 2D scenes [5][6][7][8][9]. For example, if one is in a virtual simulation scene, the impact of extreme weather can be understood more intuitively than if one were reading newspapers or watching TV programs. ...
Article
Full-text available
Oblique photography technology based on UAV (unmanned aerial vehicle) provides an effective means for the rapid, real-scene 3D reconstruction of geographical objects on a watershed scale. However, existing research cannot achieve the automatic and high-precision reconstruction of water regions due to the sensitivity of water surface patterns to wind and waves, reflections of objects on the shore, etc. To solve this problem, a novel rapid reconstruction scheme for water regions in 3D models of oblique photography is proposed in this paper. It extracts the boundaries of water regions firstly using a designed eight-neighborhood traversal algorithm, and then reconstructs the triangulated irregular network (TIN) of water regions. Afterwards, the corresponding texture images of water regions are intelligently selected and processed using a designed method based on coordinate matching, image stitching and clipping. Finally, the processed texture images are mapped to the obtained TIN, and the real information about water regions can be reconstructed, visualized and integrated into the original real-scene 3D environment. Experimental results have shown that the proposed scheme can rapidly and accurately reconstruct water regions in 3D models of oblique photography. The outcome of this work can refine the current technical system of 3D modeling by UAV oblique photography and expand its application in the construction of twin watershed, twin city, etc.
... For this purpose, tools for visualizing the damage scenarios can be used. In the workshop, 3D Engineer [28] was used. ...
Article
Full-text available
ISO/SAE 21434 "Road vehicles - Cybersecurity engineering" is a standard for cyber security, which has been published since August 2021. The standard covers the concept phase. The concept phase is characterized by the cooperation of various mostly high-level stakeholders from different disciplines, departments and possibly companies. The cooperation takes place mainly in workshops. ISO/SAE 21434 requires a Threat and Risk Assessment (TARA) to be carried out for the concept phase. Within TARA, damage scenarios are to be identified for the vehicle/components to be developed. Furthermore, the effects of these damage scenarios are to be assessed. In this context, ISO/SAE 21434 refers to the risk classification scheme ASIL of ISO 26262, which is established in the automotive industry. For the effective application of these schemes, expert knowledge is necessary on the one hand, and verified data on accident types and accident causes are required on the other hand. Access to this data is often difficult and the data itself is not suitable for direct use in workshops. In this paper we present tools for the assessment of damage scenarios. For this purpose, we use data from the Federal Statistical Office (StBA) with over 2 million registered traffic accidents in Germany per year. We have analyzed the StBA data and evaluated them according to their usefulness for workshops. The result of this work are several concrete ASIL tables which address different types of accidents and causes of accidents. In two workshop with 17 experts from the automotive sector and with experts from product development, we applied the elaborated tables to evaluate different damage scenarios.
... In addition, 10 demonstrators and 5 specifically implemented solutions were developed, which we cannot list in this abstract for space reasons. In the following, we will present examples of these results starting with M1: Use case & threat case analysis [3] [4] [5] in conjunction with the demonstra-torD1: 3D Engineer [6]. According to ISO/SAE 21434 the item definition is required for the creation of the cybersecurity concept as the result of the concept phase. ...
Conference Paper
Full-text available
The SecForCARs project started in 2018 with the aim to investigate the specific security challenges of connected, automated vehicles. It is co-funded by the German Federal Ministry for Education and Research and includes a total of fourteen partners from industrial and academic research and development. 4 While previous research provided a detailed understanding of securing traditional and connected vehicles, connected, automated vehicles expose a broader attack surface, attack impact can be substantially greater, and mitigation and reaction to attacks lies mostly unexplored.[1] This was the starting point in 2018 when fourteen partners from industry and academia led by Infineon and Ulm University started to investigate the particular security aspects of connected, automated driving. Being stripped of a driver and its eyes and attention (esp. in the case of autonomous driving in level 5), a connected, automated car relies to a much larger extent on input from its local sensors, but also on information communicated by other vehicles and infrastructure. Therefore, understanding sensor and data manipulation attacks, their impact on an automated car, but also design potential detection mechanisms and countermeasures are one focus of SecForCARs. One example of such attacks include attacks on RADAR systems where Sec-ForCARs partners investigate novel and stealthy RADAR attacks and mitiga-tions. Testing and analysis tools for safety and security analysis comprise another area of SecForCARs' research and the project's partners came up with a number of concrete tools to simplify the life of a security analyst or pentester and to come up with more accurate results. Once such vulnerabilities and attacks have been found, there lies the challenge how to report these to appropriate channels in automotive industry. The project thus also investigates how the topic of automotive responsible disclosure processes. Regarding constructive security design, the research in SecForCARs also includes finding security design patterns for security architectures for connected, automated cars, approaches for securing sensors, secure on-board and off-board 4 see Acknowledgement section for full list
... Unfortunately, the approach does not consider security & safety. The CONSENS 3D approach [10] uses a 3D environment to visualize security & safety related use cases and allows the derivation of SysML models (RQ 1 ). Unfortunately, the approach does not support the derivation of SRSR (RQ 2 ). ...
Conference Paper
Cyber-physical systems, like autonomous vehicles, are intelligent and networked. The development of such systems requires cooperation between different stakeholders. A lack of system understanding can lead to unidentified (safety relevant) security requirements (SRSR) in early engineering. This can increase product development costs or compromise system safety compliance. Model-based systems engineering (MBSE) improves the system understanding by using models. Conducting workshops in the context of MBSE promotes interaction between stakeholders so that confusion regarding SRSR can be resolved already in the workshop. Using the models created, requirements can be derived in the workshop. However, established security & safety approaches are not specifically designed to be used in conjunction with MBSE and requirements engineering. In this paper, we present an extension of our previously developed SAVE approach. This extension supports a team of stakeholders in workshops to derive SRSR using MBSE. We illustrate our approach with an example from the automotive domain and present an initial field study of the application of our approach, based on a 2-month student project.
Conference Paper
Full-text available
The development of technical systems requires close cooperation of stakeholders from different disciplines. This collaboration takes place in workshops. Driven by digitalization and by the current pandemic such workshops take place primarily online. Suitable collaboration tools and methods are crucial to success. At the beginning of such workshops, use and damage scenarios are identified. In this paper, we presented a method and tool for identifying and modeling use and damage scenarios, which we evaluated in 14 online workshops with a total of 118 participants over a period of almost 3 years.
Conference Paper
Full-text available
Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems and its components requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified and unresolved security threats & safety hazards in early engineering phases, resulting in high costs in product development and potentially compromises compliance with the safety of CPS. Model-based systems engineering (MBSE) improves the system understanding between stakeholders by using models. However, MBSE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards. In the context of this paper we present a method for the resolution of safety relevant security threats in the system architecture design phase using design patterns. We illustrate our approach with the example of the automotive sector. Finally, we present an evaluation of the method, based on an 8 week project with 67 master students.
Article
Full-text available
The increasingly intelligent, highly complex, technical systems of tomorrow - for instance autonomous vehicles - result in the necessity for a systematic security- and safety-oriented development process that starts in the early phases of system design. Automotive Systems Engineering (ASE) as one approach is increasingly gaining ground in the automotive industry. However, this approach is still in a prototype stage. The consideration of security and safety within the early stages of systems design leads to so- called ill-defined problems. Such are not covered by ASE, but can be addressed by means of Design Thinking. Therefore we introduce an approach to combine both approaches. Based on this combination, we derive potentials in the context of the consideration of security and safety. Essential advantages are the possibility to think ahead of threat scenarios at an early stage in system design. Due to an incomplete database, this is not supported or only partially supported by conventional approaches. The resulting potentials are derived based upon a practical example.
Article
Full-text available
Interviews are the most common and effective means to perform requirements elicitation and support knowledge transfer between a customer and a requirements analyst. Ambiguity in communication is often perceived as a major obstacle for knowledge transfer, which could lead to unclear and incomplete requirements documents. In this paper, we analyze the role of ambiguity in requirements elicitation interviews, when requirements are still tacit ideas to be surfaced. To study the phenomenon, we performed a set of 34 customer–analyst interviews. This experience was used as a baseline to define a framework to categorize ambiguity. The framework presents the notion of ambiguity as a class of four main sub-phenomena, namely unclarity, multiple understanding, incorrect disambiguation and correct disambiguation. We present examples of ambiguities from our interviews to illustrate the different categories, and we highlight the pragmatic components that determine the occurrence of ambiguity. Along the study, we discovered a peculiar relation between ambiguity and tacit knowledge in interviews. Tacit knowledge is the knowledge that a customer has but does not pass to the analyst for any reason. From our experience, we have discovered that, rather than an obstacle, the occurrence of an ambiguity is often a resource for discovering tacit knowledge. Again, examples are presented from our interviews to support this vision.
Article
Contemporary Virtual Reality (VR) technologies offer an increasing number of functionalities including head-mounted displays (HMD), haptic and sound feedback, as well as motion tracking. This gives us the opportunity to leverage the immersive power offered by these technologies in the context of requirements elicitation, especially to surface those requirements that cannot be expressed via traditional techniques such as interviews and focus groups. The goal of this thesis is to survey uses of VR in requirements engineering, and to describe a method of elicitation using VR as a tool. To validate the methodology, a research plan is developed with a strong empirical focus. According to this plan, after an identification of VR technologies in the market, the most appropriate hardware and software is selected for experimentation based on the degree of immersion. An experiment is designed and conducted for gathering landmarks for a navigational system (e.g., buildings, point of interest,), in addition to distance and time, to provide directions to users. The experiment aims to: gather these tacit components of the navigational system, and gather the usability of VR methodology compared to other traditional elicitation methods. Overall, this research will clarify and understand the usability of VR in a requirements elicitation setting. The methodology will be useful when highly immersive VR technologies - currently expensive for consumers - will become available at limited costs, and a more widespread exploitation will be possible for requirements elicitation.
Book
Intelligent technical systems, which combine mechanical, electrical and software engineering with control engineering and advanced mathematics, go far beyond the state of the art in mechatronics and open up fascinating perspectives. Among these systems are so-called self-optimizing systems, which are able to adapt their behavior autonomously and flexibly to changing operating conditions. Self-optimizing systems create high value for example in terms of energy and resource efficiency as well as reliability. The Collaborative Research Center 614 "Self-optimizing Concepts and Structures in Mechanical Engineering" pursued the long-term aim to open up the active paradigm of self-optimization for mechanical engineering and to enable others to develop self-optimizing systems. This book is directed to researchers and practitioners alike. It provides a design methodology for the development of self-optimizing systems consisting of a reference process, methods, and tools. The reference process is divided into two phases the domain-spanning conceptual design and the domain-specific design and development. For the conceptual design a holistic approach is provided. Domain-specific methods and tools developed especially for the design and development of self-optimizing systems are described and illustrated by application examples. This book will enable the reader to identify the potential for self-optimization and to develop self-optimizing systems independently.
Book
This book presents the full scope of Design Thinking in theory and practice, bringing together prominent opinion leaders and experienced practitioners who share their insights, approaches and lessons learned. As Design Thinking is gaining popularity in the context of innovation and information management, the book elaborates the specific interpretations and meanings of the concept in different fields including engineering, management, and information technology. As such, it offers students and professionals a sourcebook revealing the power of Design Thinking, while providing academics a roadmap for further research.
Book
Model-Based Systems Engineering (MBSE), which tackles architecting and design of complex systems through the use of formal models, is emerging as the most critical component of systems engineering. This textbook specifies the two leading conceptual modeling languages, OPM-the new ISO 19450, composed primarily by the author of this book, and OMG SysML. It provides essential insights into a domain-independent, discipline-crossing methodology of developing or researching complex systems of any conceivable kind and size. Combining theory with a host of industrial, biological, and daily life examples, the book explains principles and provides guidelines for architecting complex, multidisciplinary systems, making it an indispensable resource for systems architects and designers, engineers of any discipline, executives at all levels, project managers, IT professional, systems scientists, and engineering students. © Springer Science+Business Media New York 2016. All rights reserved.
Conference Paper
Eliciting accurate and complete knowledge from individuals is a non-trivial challenge. In this paper, we present the evaluation of a virtual-world based approach, informed by situated cognition theory, which aims to assist with knowledge elicitation. In this approach, we place users into 3D virtual worlds which represent real-world locations and ask users to describe information related to tasks completed in those locations. Through an empirical A/B evaluation of 62 users, we explore the differences in recall ability and behaviour of those viewing the virtual world via a virtual reality headset and those viewing the virtual world on a monitor. Previous results suggest that the use of a virtual reality headset was able to meaningfully improve memory recall ability within the given scenario. In this study, we adjust experiment protocol to explore the potential confounds of time taken and tool usability. After controlling for these possible confounds, we once again found that those given a virtual reality headset were able to recall more information about the given task than those viewing the virtual world on a monitor.
Conference Paper
Systems engineering methodology has expanded its application fields such as to create innovation and to design societal systems. In the present age where everything has increased its complexity, systems engineers are challenged to solve ill-defined problems to create innovation and to design societal systems. Design thinking has attracted attention as a methodology for solving ill-defined problems. However, design thinking cannot create innovation nor design societal systems by itself. It is effective when it is applied to systems engineering process and embedded in its processes. This paper proposes advantages of both Design Thinking and Systems Engineering to build Structured Design Thinking Framework as an extension of the DIKW model. The framework has integrated the non-structured design thinking process and the structured systems engineering process. We used this framework to redesign the local community in Japan and to design a new concept of an aquarium, and confirmed that this Framework works.
Conference Paper
Requirements elicitation is the process of discovering requirements for a system by accessing available knowledge sources and communicating with stakeholders who have a direct or indirect influence on such requirements. Although requirements elicitation is by no means a new concept and many techniques are available for this activity (e.g., interviews, observations, focus groups, questionnaires), there is no silver bullet which guarantees collecting a set of complete and correct requirements. When software is being developed for a special needs population, individuals with mental or physical impairments, the task becomes even tougher. In this scenario, techniques other than the traditional ones must be used to support the elicitation process. To ease the task of collecting requirements from special needs populations, we propose the use of Virtual Reality (VR) environments as elicitation technique. Our research is not to propose that VR is the silver bullet for collection of requirements; however, VR can definitely complement other elicitation techniques to develop a complete set of requirements specification. The following proposal explains the benefits of VR, why it can be useful with elicitation activities, how it can benefit special needs population, and what it can contribute towards the requirements process.