No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Aligning Architecture with Business Goals in the Automotive Domain
... To achieve the vision, researchers may in the future make use of existing methods from fields like model-driven engineering (MDE, e.g., [33,34]) or process mining [35], as we discuss toward the end of this chapter. In line with this work, the work in [36] proposes a method to align and realign business goals and the architecture in just-in-time architecting contexts. ...
Oftentimes, architectural information is not well-maintained, while software is developed and thus is out of sync with the product. Development of architectural models and documentation is therefore frequently done (i) before development starts and quickly becomes outdated, or (ii) as an afterthought or step taken when, e.g., significant refactoring becomes necessary, or (iii) a combination of the two. In order to resolve this dilemma and maintain better clarity and reasoning on the system, we propose to ensure continuous alignment between software architecture design and the development process itself, by suitable extension and use of CI/CD pipelines. Specifically, methods from architecture recovery should serve as a good basis for achieving such continuous alignment, e.g., when focused or projected on specific critical user journeys. The alignment will also allow the detection of architectural decay and deviation from targeted non-functional properties. In this chapter, we outline the vision and open research topics toward continuous alignment.
... Bellomo et al. (2015) summarize the experiences of applying ATAM across several decades and hundreds of projects, finding maintainability to be a key concern, as was the case for SKAO. Several experience reports describe how large-scale systems are analyzed, such as Rueckert et al. (2019), which looked at decision forces on the architecture of a large industrial control system, and Bucaioni et al. (2021), explaining how to align business goals and quality attributes for over the air updates of automotive software. Closely related to this study is the report from Cadavid et al. (2022), which explores system of systems issues in a different component of the SKA telescopes. ...
Software is a critical aspect of large-scale science, providing essential capabilities for making scientific discoveries. Large-scale scientific projects are vast in scope, with lifespans measured in decades and costs exceeding hundreds of millions of dollars. Successfully designing software that can exist for that span of time, at that scale, is challenging for even the most capable software companies. Yet scientific endeavors face challenges with funding, staffing, and operate in complex, poorly understood software settings. In this paper we discuss the practice of early-phase software architecture in the Square Kilometre Array Observatory's Science Data Processor. The Science Data Processor is a critical software component in this next-generation radio astronomy instrument. We customized an existing set of processes for software architecture analysis and design to this project's unique circumstances. We report on the series of comprehensive software architecture plans that were the result. The plans were used to obtain construction approval in a critical design review with outside stakeholders. We conclude with implications for other long-lived software architectures in the scientific domain, including potential risks and mitigations.
... In turn, a common terminology would improve interoperability, "otherwise each organisation makes its own solution and definition, that makes interoperability very difficult!". However, some respondents and experts had doubts about the current recommendation of the standard about the implementation of all the FEs: "standards are absolutely essential to guide the industry [ VI. RELATED WORK Aligning software architectures with, e.g., business goals [32], existing standards, is pivotal, and even mandatory, in several domains, such as automotive and other safety-critical ones. This need has been recently discussed in a work by Shahrokni et al. focusing on the importance of compliance with safety and security standards, e.g., ASPICE, in the automotive domain [33]. ...
... Because of its role, the architecture must be of "good quality". The work in [1] discusses various possible meanings of good quality, including: (i) the alignment of the architecture with stakeholder concerns and business goals [3], (ii) alignment, over time, of architecture descriptions with the implementation [4], and (iii) completeness of the architecture description with respect to stakeholder concerns [5]. ...
... responsibility for the software that is more critical. Interested readers can find a comprehensive discussion on business goals and technology drivers in automotive in [5]. ...
... The importance to shift towards more in-house software development is highlighted also in [35], where the authors identify in increased flexibility and ability to quickly relate to changes the most important benefits of this shift. The work in [67] highlights, among the main business goals of automotive OEMs, the opening of their platforms to third-party companies with little to no knowledge of automotive systems. This would lead to the creation of a software ecosystem, similar to what we can observe in the smartphones domain. ...
In order to increase the ability to build complex, software-intensive systems, as well as to decrease time-to-market for new functionality, automotive companies aim to scale agile methods beyond individual teams. This is challenging, given the specifics of automotive systems that are often safety-critical and consist of software, hardware, and mechanical components. This paper investigates the concrete reasons for scaling agility beyond teams, the strategies that support such scaling, and foreseeable implications that such a drastic organizational change will entail. The investigation is based on a qualitative case study, with data from 20 semi-structured interviews with managers and technical experts at two automotive companies. At the core of our findings are observations about establishing an agile vehicle-level feedback loop beyond individual teams. (I) We find that automotive OEMs aim to decrease lead-time of development. (II) We also identify 7 strategies that aim to enable scaled-agile beyond teams. (III) Finally, we extract 6 foreseeable implications and side-effects of scaling agile beyond teams in automotive. By charting the landscape of expected benefits, strategies, and implications of scaling agile beyond teams in automotive, we enable further research and process improvements.
... The importance to shift towards more in-house software development is highlighted also in [35], where the authors identify in increased flexibility and ability to quickly relate to changes the most important benefits of this shift. The work in [67] highlights, among the main business goals of automotive OEMs, the opening of their platforms to third-party companies with little to no knowledge of automotive systems. This would lead to the creation of a software ecosystem, similar to what we can observe in the smartphones domain. ...
In order to increase the ability to build complex, software-intensive systems, as well as to decrease time-to-market for new functionality, automotive companies aim to scale agile methods beyond individual teams. This is challenging, given the specifics of automotive systems that are often safety-critical and consist of software, hardware, and mechanical components. In this article, we investigate the concrete reasons for scaling agility beyond teams, the strategies that support such scaling, and the foreseeable implications that such a drastic organizational change will entail. The investigation is based on a qualitative case study, with data from 20 semistructured interviews with managers and technical experts at two automotive companies. At the core of our findings are observations about establishing an agile vehicle-level feedback loop beyond individual teams. First, we find that automotive original equipment manufacturers aim to decrease the lead time of development. Second, we also identify seven strategies that aim to enable scaled-agile beyond teams. Finally, we extract six foreseeable implications and side effects of scaling agile beyond teams in automotive. By charting the landscape of expected benefits, strategies, and implications of scaling agile beyond teams in automotive, we enable further research and process improvements.
Current trends forecast that Over-the-Air (OTA) software updates will be highly significant for future connected vehicles. The OTA update will enable upgrading the vehicle functionalities or bug fixations in the embedded software installed on its Electronic Control Units (ECUs) remotely. The introduction of OTA updates in the automotive industry has brought many advantages for both the Original Equipment Manufacturer (OEM) and the driver/owner. However, in terms of security, OTA updates are highly critical as they need complete access to the in-vehicle communication network.
This survey highlights and discusses OTA software updates in the automotive sector, mainly from the security perspective. The major objective of this survey is to deliver a comprehensive outline of various research directions and approaches in OTA update technologies in vehicles. At first, we discuss the connected vehicle technology and then integrate the relationship of OTA update features with the connected vehicle. We further discuss both promising and secure OTA update approaches, that have gained a lot of attention recently. Furthermore, we present a comprehensive comparative study of the existing OTA update approaches on the basis of strengths, weaknesses and evaluation setup. The survey also focuses on the existing vehicle features that support OTA updates, and customer satisfaction and usability. Finally, we identify possible future research directions of OTA updates for automobiles, particularly in the area of security.
Software in modern vehicles consists of multi-criticality functions, where a function can be safety-critical with stringent real-time requirements, less critical from the vehicle operation perspective, but still with real-time requirements, or not critical at all. Next-generation autonomous vehicles will require higher computational power to run multi-criticality functions and such a power can only be provided by parallel computing platforms such as multi-core architectures. However, current model-based software development solutions and related modelling languages have not been designed to effectively deal with challenges specific of multi-core, such as core-interdependency and controlled allocation of software to hardware. In this paper, we report on the evolution of the Rubus Component Model for the modelling, analysis, and development of vehicular software systems with multi-criticality for deployment on multi-core platforms. Our goal is to provide a lightweight and technology-preserving transition from model-based software development for single-core to multi-core. This is achieved by evolving the Rubus Component Model to capture explicit concepts for multi-core and parallel hardware and for expressing variable criticality of software functions. The paper illustrates these contributions through an industrial application in the vehicular domain.
In the last decade, Enterprise Architecture (EA) has been proposed to have the potential to improve and support strategic alignment between business and IT. This paper reviews the literature on cross-domain strategic alignment, as well as on Enterprise Architecture, and presents a new model to depict strategic alignment between business and IT by augmenting the widely cited Strategic Alignment Model (SAM) with an Enterprise Architecture framework, The Open Group Architecture Framework (TOGAF). The contribution of this paper is that it intends to present a holistic, generic model by synthesizing the SAM with the constructs of TOGAF to present a more comprehensive technique of modelling strategic alignment of business and IT. Also, the model illustrates this using Enterprise Systems as the chosen IT platform. Subsequently, the proposed model will be tested using empirical data from case studies and the results will be presented in another paper.
Because of the dynamic environments of business and IT, achieving any alignment between the two fields has become challenging. In view of its multiple viewpoints and artifacts, the discipline of Enterprise Architecture (EA) is often regarded as an effective methodology to deal with BITA issues, and thus has attracted plenty of research. This article conducts a systematic literature review of BITA research using EA. Six questions are answered through 5W1H (When, Who, What, Why, Where, How) analysis; these questions aim to acquire a thorough understanding of BITA from the perspective of EA, to discover weak points in the status quo, and to identify future research directions.
The vehicular industry has exploited model-based engineering for design, analysis, and develop of single-core vehicular systems. Next generation of autonomous vehicles will require higher computational power, which can only be provided by multi-core platforms. Current model-based solutions and related modelling languages, originally conceived for single-core, can not effectively deal with multi-core specific challenges, such as core-interdependency and allocation of software to hardware. In this paper, we propose an extension to the Rubus Component Model, core of the Rubus model-based approach, for the modelling, analysis, and development of vehicular systems on multi-core. Our goal is to provide a lightweight transition of a model-based approach from single-core to multi-core, without disrupting the current technological assets in the vehicular domain
Figure 1 A future smart vehicle utilizing a wireless vehicle interface (WVI) to interconnect the vehicle and its vehicular bus systems to the Internet. Future smart vehicles will be part of the Internet of Things to offer beneficial development opportunities for both end users as well as the automotive industry. This will potentially expose smart vehicles to a range of security and privacy threats such as tracking or hijacking a vehicle while driving. A comprehensive security architecture for automotive systems is required to allow the development of new services while protecting the vehicles from attacks and ensuring the privacy of the end users. In this paper we argue that BlockChain (BC), a disruptive technology that has found many applications from cryptocurrency to smart contracts, is a potential solution to automotive security and privacy challenges. We propose a BC-based architecture to protect the privacy of the users and to increase the security of the vehicular ecosystem. Wireless remote software updates and other emerging services in the automotive world such as dynamic vehicle insurance fees, are used to illustrate the utilization of the proposed security architecture. We also provide discussions on the security of the architecture against important attacks.
Achieving business-IT alignment (BITA) as a long-term and appraising management issue can be accomplished in a few ways, enterprise architecture (EA) being one of them. This paper attempts to give a critical understanding of the effects of performing EA on different aspects of BITA maturity through a global survey. A total of 236 respondents from 60 countries, a relatively large response for a survey, were selected. The main purpose of the research is to examine these impacts and to identify directions for innovative practices in the future, the unique contributions of this work. A questionnaire designed on the Luftman’s maturity model as well as various other statistical methods, including PLS path modeling, Wilcoxon matched-pairs signed-ranks test and Mann–Whitney U test, are applied to understand how the EA can deliver benefits. The implications of our findings in this study as well as its limitations are discussed from different viewpoints to enable both academics and practitioners to detect the flaws in the existing EA frameworks and propose improvements.
The importance of architectural knowledge (AK) management for software development has been
highlighted over the past ten years, where a significant amount of research has been done. Since the
first systems using design rationale in the seventies and eighties to the more modern approaches using
AK for designing software architectures, a variety of models, approaches, and research tools have
leveraged the interests of researchers and practitioners in AK management (AKM). Capturing, sharing,
and using AK has many benefits for software designers and maintainers, but the cost to capture this
relevant knowledge hampers a widespread use by software companies. However, as the improvements
made over the last decade didn’t boost a wider adoption of AKM approaches, there is a need to identify
the successes and shortcomings of current AK approaches and know what industry needs from AK.
Therefore, as researchers and promoters of many of the AK research tools in the early stages where AK
became relevant for the software architecture community, and based on our experience and
observations, we provide in this research an informal retrospective analysis of what has been done and
the challenges and trends for a future research agenda to promote AK use in modern software
development practices.
Background
Electric vehicles have been identified as being a key technology in reducing future emissions and energy consumption in the mobility sector. The focus of this article is to review and assess the energy efficiency and the environmental impact of battery electric cars (BEV), which is the only technical alternative on the market available today to vehicles with internal combustion engine (ICEV). Electricity onboard a car can be provided either by a battery or a fuel cell (FCV). The technical structure of BEV is described, clarifying that it is relatively simple compared to ICEV. Following that, ICEV can be ‘e-converted’ by experienced personnel. Such an e-conversion project generated reality-close data reported here.
Results
Practicability of today's BEV is discussed, revealing that particularly small-size BEVs are useful. This article reports on an e-conversion of a used Smart. Measurements on this car, prior and after conversion, confirmed a fourfold energy efficiency advantage of BEV over ICEV, as supposed in literature. Preliminary energy efficiency data of FCV are reviewed being only slightly lower compared to BEV. However, well-to-wheel efficiency suffers from 47% to 63% energy loss during hydrogen production. With respect to energy efficiency, BEVs are found to represent the only alternative to ICEV. This, however, is only true if the electricity is provided by very efficient power plants or better by renewable energy production. Literature data on energy consumption and greenhouse gas (GHG) emission by ICEV compared to BEV suffer from a 25% underestimation of ICEV-standardized driving cycle numbers in relation to street conditions so far. Literature data available for BEV, on the other hand, were mostly modeled and based on relatively heavy BEV as well as driving conditions, which do not represent the most useful field of BEV operation. Literature data have been compared with measurements based on the converted Smart, revealing a distinct GHG emissions advantage due to the German electricity net conditions, which can be considerably extended by charging electricity from renewable sources. Life cycle carbon footprint of BEV is reviewed based on literature data with emphasis on lithium-ion batteries. Battery life cycle assessment (LCA) data available in literature, so far, vary significantly by a factor of up to 5.6 depending on LCA methodology approach, but also with respect to the battery chemistry. Carbon footprint over 100,000 km calculated for the converted 10-year-old Smart exhibits a possible reduction of over 80% in comparison to the Smart with internal combustion engine.
Conclusion
Findings of the article confirm that the electric car can serve as a suitable instrument towards a much more sustainable future in mobility. This is particularly true for small-size BEV, which is underrepresented in LCA literature data so far. While CO2-LCA of BEV seems to be relatively well known apart from the battery, life cycle impact of BEV in categories other than the global warming potential reveals a complex and still incomplete picture. Since technology of the electric car is of limited complexity with the exception of the battery, used cars can also be converted from combustion to electric. This way, it seems possible to reduce CO2-equivalent emissions by 80% (factor 5 efficiency improvement).
This is one of several reports that provide the current status on the work being done by the Software Engineering Institute (SEIsm) to understand the relationship between quality requirements and architectural design. The ultimate objective of this work is to provide analysis-based guidance to designers so that the quality attributes of generated designs are more predictable and better understood. Currently, four distinct problems must be solved to achieve that objective: (1) the precise specification of quality attribute requirements, (2) the enumeration of architectural decisions that can be used to achieve desired quality attribute requirements, (3) a means of coupling one quality attribute requirement to the relevant architectural decisions, and (4) a means of composing the relevant architectural decisions into a design. Embodying the solutions to these four problems into a design method that is sensitive to business priorities is an additional problem. This report deals with the third problem-coupling one quality attribute requirement to architectural decisions that achieve it. This report provides initial evidence that there is, in fact, a systematic relationship between general scenarios, concrete scenarios, architectural tactics, and design fragments. It examines, in detail, two concrete scenarios for performance and one for modifiability-and describes how to move from each scenario, through tactics, to design fragments that satisfy the scenario.
Methods of representing and capturing design rationale have been studied in past years. Many meta-models, methods and techniques have been proposed. Are these software engineering methods sufficient to help designers make logical and appropriate design decisions? Studies have shown that people make biased decisions, software designers may also be subjected to such cognitive biases. In this paper, I give an overview of how cognitive biases and reasoning failures may lead to unsound design decisions. I conjecture that in order to improve the overall quality of software design, we as a community need to improve our understanding and teaching of software design reasoning.
Architectural knowledge consists of architecture design as well as the design decisions, assumptions, context, and other factors
that together determine why a particular solution is the way it is. Except for the architecture design part, most of the architectural
knowledge usually remains hidden, tacit in the heads of the architects. We conjecture that an explicit representation of architectural
knowledge is helpful for building and evolving quality systems. If we had a repository of architectural knowledge for a system,
what would it ideally contain, how would we build it, and exploit it in practice? In this paper we describe a use-case model
for an architectural knowledge base, together with its underlying ontology. We present a small case study in which we model
available architectural knowledge in a commercial tool, the Aduna Cluster Map Viewer, which is aimed at ontology-based visualization.
Putting together ontologies, use cases and tool support, we are able to reason about which types of architecting tasks can
be supported, and how this can be done.
Both practitioners and researchers put forward enterprise architecture management as a mean for achieving success with information technology. Many arguments have been put forward to support the benefits claimed to arise from mature enterprise architecture management and a considerable amount of literature describes the components of mature (successful) enterprise architecture management. However, few studies have empirically tested whether the enterprise architecture management activities impact organizations' success with information technology. This paper tests the relationship between organizations' success with information technology and enterprise architecture management activities. Significant correlations are found between these variables.
Beyond the initial focus on vehicular safety application, there is considerable scope for the development of other information-rich applications, which can provide convenience and comfort features to drivers and passengers. We argue that an Internet-like end-to-end networking framework might not always be the best fit for the unique nature of vehicular application - spatially and temporally localized, dynamic, and data-intensive. In this research challenge article, we propose a top-down framework called Information- Centric Networking on Wheels to develop a generic network architecture supporting futuristic information-rich VANET applications, ranging from location-based services to real-time audio/video transfer. The key design philosophy of our proposed framework is that VANET communication is scoped by three key characteristics of information relevance: space, time, and user interest. Using this philosophy, we advocate the development of protocols for information dissemination and management that allow for localized in-network operations. An important feature of the proposed IC NoW framework is that protocols and applications are implemented in a distributed manner using local decision rule sets, taking into account fresh local information. We also pay special attention to ensure the proposed framework is easy to interface with existing cellular infrastructure, whenever needed. This framework enables modular design, facilitating easy application development and creating a smooth migration path during the deployment evolution path.
Software architectures have high costs for change, are complex, and erode during evolution. We believe these problems are partially due to knowledge vaporization. Currently, almost all the knowledge and information about the design decisions the architecture is based on are implicitly embedded in the architecture, but lack a first-class representation. Consequently, knowledge about these design decisions disappears into the architecture, which leads to the aforementioned problems. In this paper, a new perspective on software architecture is presented, which views software architecture as a composition of a set of explicit design decisions. This perspective makes architectural design decisions an explicit part of a software architecture. Consequently, knowledge vaporization is reduced, thereby alleviating some of the fundamental problems of software architecture.
Two paradigms characterize much of the research in the Information
Systems discipline: behavioral science and design science. The behavioral-science
paradigm seeks to develop and verify theories that explain or predict
human or organizational behavior. The design-science paradigm seeks
to extend the boundaries of human and organizational capabilities
by creating new and innovative artifacts. Both paradigms are foundational
to the IS discipline, positioned as it is at the confluence of people,
organizations, and technology. Our objective is to describe the performance
of design-science research in Information Systems via a concise conceptual
framework and clear guidelines for understanding, executing, and
evaluating the research. In the design-science paradigm, knowledge
and understanding of a problem domain and its solution are achieved
in the building and application of the designed artifact. Three recent
exemplars in the research literature are used to demonstrate the
application of these guidelines. We conclude with an analysis of
the challenges of performing high-quality design-science research
in the context of the broader IS community.
vii 1 Introduction 1 1.1 What is the Purpose of the ATAM? 2 2 The Underlying Concepts 5 3 A Brief Introduction to the ATAM 7 4 Quality Attribute Characterizations 9 5 Scenarios 13 5.1 Types of Scenarios 13 5.2 Eliciting and Prioritizing Scenarios 16 5.3 Utility Trees 16 5.4 Scenario Brainstorming 18 6 Attribute-Based Architectural Styles 19 7 Outputs of the ATAM 21 7.1 Risks and Non-Risks 21 7.2 Sensitivity and Tradeoff Points 22 7.3 A Structure for Reasoning 23 7.4 Producing ATAM's Outputs 23 8 The Steps of the ATAM 25 8.1 Step 1 - Present the ATAM 25 8.2 Step 2 - Present Business Drivers 26 8.3 Step 3 - Present Architecture 27 8.4 Step 4 - Identify Architecture Approaches 29 8.5 Step 5 - Generate Quality Attribute Utility Tree 29 ii CMU/SEI-2000-TR-004 8.6 Step 6 - Analyze Architecture Approaches 29 8.7 Step 7 - Brainstorm and Prioritize Scenarios 33 8.8 Step 8 - Analyze Architecture Approaches 36 8.9 Step 9 - Present Results 37 9 The Two Phases of ATAM 39 9.1 Phase 1 Activit...
The automotive domain is rapidly changing in the last years. Among the different challenges OEMs (i.e. the vehicle manufacturers) are facing, vehicles are evolving into systems of systems. In fact, over the last years vehicles have evolved from disconnected and “blind” systems to systems that are (i) able to sense the surrounding environment and (ii) connected with other vehicles, the city, pedestrians, cyclists, etc. Future transportation systems can be seen as a System of Systems (SoS). In an SoS, constituent systems, i.e. the units that compose an SoS, can act as standalone systems, but their cooperation enables new emerging and promising scenarios. While this trend creates new opportunities, it also poses a risk to compromise key qualities such as safety, security, and privacy.
In this paper we focus on the automotive domain and we investigate how to engineer and architect cars in order to build them as constituents of future transportation systems. Our contribution is an architectural viewpoint for System of Systems, which we demonstrate based on an automotive example. Moreover, we contribute a functional reference architecture for cars as constituents of an SoS. This reference architecture can be considered as an imprinting for the implementations that would be devised in specific projects and contexts. We also point out the necessity for a collaboration among different OEMs and with other relevant stakeholders, such as road authorities and smart cities, to properly engineer systems of systems composed of cars, trucks, roads, pedestrians, etc. This work is realized in the context of two Swedish projects coordinated by Volvo Cars and involving some universities and research centers in Sweden and many suppliers of the OEM, including Autoliv, Arccore, Combitech, Cybercom, Knowit, Prevas, ÅF-Technology, Semcom, and Qamcom.
Every day, more and more Automated Vehicles (AVs) are introduced to the roads, where they need to efficiently and safely coexist with other motorized and non-motorized traffic
participants. In the long run, AVs are expected to help in significantly reducing traffic injuries and improving road safety. However, to be able to achieve this goal, AVs themselves as well as their interactions with other road users must be safe and secure.
In our earlier work, we proposed an approach, CESAM&SSM, for modeling safe and secure Cooperative Intelligent Transport Systems (C-ITS). C-ITS include cooperating AVs and road infrastructure. This paper extends our earlier work and proposes an approach for designing safe and secure mixed traffic systems, which include AVs, infrastructure, and non-automated road users, such as pedestrians, bicyclists, and conventional vehicles.
The applicability of the proposed approach is demonstrated using a typical situation of AV interaction with pedestrians at crossings without traffic lights.
The ultimate goal of next-generation vehicle-toeverything (V2X) communication systems is enabling accident-free, cooperative automated driving that uses the available roadway efficiently. To achieve this goal, the communication system will need to enable a diverse set of use cases, each with a specific set of requirements. We discuss the main usecase categories, analyze their requirements, and compare them against the capabilities of currently available communication technologies. Based on the analysis, we identify a gap and indicate possible system designs for the fifth-generation (5G) V2X that could close the gap. Furthermore, we discuss an architecture of the 5G V2X radio access network (RAN) that incorporates diverse communication technologies, including current and cellular systems in centimeter wave (cm-wave) and millimeter wave (mm-wave), IEEE Standard 802.11p [1], and vehicular visible light communications (VVLC). Finally, we discuss the role of future 5G V2X systems in enabling more efficient vehicular transportation: from improved traffic flow and reduced intervehicle spacing on highways to coordinated intersections in cities (the cheapest way to increasing the road capacity) to automated smart parking (no more visits to the parking garage!), all of which will ultimately enable seamless end-to-end personal mobility.
Future smart vehicles will employ automotive over-the-air updates to update the soft ware in the embedded electronic control units. The update process can affect the safety of the involved users, thus requires a comprehensive and elaborate security architecture ensuring the confidentiality and the integrity of the exchanged data, as well as protecting the privacy of the involved users. In this paper, we propose an automotive security architecture employing Blockchain to tackle the implicated security and privacy challenges. We describe our proof-of-concept implementation of a Blockchain-based software update system, use it to show the applicability of our architecture for automotive systems, and evaluate different aspects of our architecture.
The automotive domain is living an extremely challenging historical moment shocked by many emerging business and technological needs. Electrification, autonomous driving, and connected cars are some of the driving needs in this changing world. Increasingly, vehicles are Becoming software-intensive complex systems and most of the innovation within the automotive industry is based on electronics and software. Modern vehicles can have over 100 Electronic Control Units (ECUs), Which are small computers, together executing gigabytes of software. ECUs are connected to each other through Several networks within the car, and the car is increasingly connected with the outside world. These novelties ask for a change on how the software is engineered and produced and for a disruptive renovation of the electrical and software architecture of the car. In this paper, we describe the current investigation of Volvo Cars to create an architecture framework able to cope with the complexity and needs of present and future vehicles. Specifically, we presented scenarios that describe demands for the architectural framework and introduce three new viewpoints that need to be taken into account for future architectural decisions: Continuous Integration and Deployment, Ecosystem and Transparency, and car as a constituent of a System of Systems. Our results are based on a series of focus groups with experts in automotive engineering and architecture from different companies and universities.
The connected car-A vehicle capable of accessing to the Internet, of communicating with smart devices as well as other cars and road infrastructures, and of collecting real-Time data frommultiple sources-is likely to play a fundamental role in the foreseeable Internet Of Things. In a context ruled by very strong competitive forces, a significant amount of car manufacturers and software and hardware developers have already embraced the challenge of providing innovative solutions for new-generation vehicles. Today's cars are asked to relieve drivers from the most stressful operations needed for driving, providing them with interesting and updated entertainment functions. In the meantime, they have to comply with the increasingly stringent standards about safety and reliability. The aim of this article is to provide an overview of the possibilities offered by connected functionalities on cars and the associated technological issues and problems, as well as to enumerate the currently available hardware and software solutions and their main features.
As the Technology Readiness Levels (TRLs) of self-driving vehicles increase, it is necessary to investigate the Electrical/Electronic(E/E) system architectures for autonomous driving, beyond proof-of-concept prototypes. Relevant patterns and anti-patterns need to be raised into debate and documented. This paper presents the principal components needed in a functional architecture for autonomous driving, along with reasoning for how they should be distributed across the architecture. A functional architecture integrating all the concepts and reasoning is also presented.
Two paradigms characterize much of the research in the Information Systems discipline: behavioral science and design science. The behavioral-science paradigm seeks to develop and verify theories that explain or predict human or organizational behavior. The design-science paradigm seeks to extend the boundaries of human and organizational capabilities by creating new and innovative artifacts. Both paradigms are foundational to the IS discipline, positioned as it is at the confluence of people, organizations, and technology. Our objective is to describe the performance of design-science research in Information Systems via a concise conceptual framework and clear guidelines for understanding, executing, and evaluating the research. In the design-science paradigm, knowledge and understanding of a problem domain and its solution are achieved in the building and application of the designed artifact. Three recent exemplars in the research literature are used to demonstrate the application of these guidelines. We conclude with an analysis of the challenges of performing high-quality design-science research in the context of the broader IS community.
It is cleaaar that eventhough information technology (I/T) has evolved form its traditional orientation of administrative support toward a more strategic role within an organization, there is still a glaring lack of fundamental frameworks within which to understand the potential of I/T for tomorrow's organizations. In this paper, we develop a model for conceptualizing and directing the emerging area of strategic management of information technology. This model, termed the Strategic Allgnment Model, is defined in terms of four fundamental domains of strategic choice: business strategy, information technology strategy, organlzational infrastructure and processes, and information technology Infrastuvture and processes--each with its own underlying dimenslons. We illustrate the power of this model in terms of two fundamental characteristics fo strategic management: strategic fit (the interrelationships between external and internal components) and functional Integration (integration between business and functional domains). More specifically, we derive foru perspectives for gulding management practice in this Important area.
Architectures come about through forces and needs other than those captured in traditional requirements documents. A business goal expresses why a system is being developed and what stakeholders in the developing organization, the customer organization, and beyond aspire to achieve through its production and use. Business goals can provide the rationale for requirements and help identify missing or superfluous requirements. Business goals can also influence architectures directly, even without affecting requirements at all. A business goals viewpoint can help architects and organizations capture their business goals in a precise and unambiguous form, which in turn will help architects design systems that are more responsive to organizational needs.
As the rates of business and technological changes accelerate, misalignments between business and IT architectures are inevitable. Existing alignment models, while important for raising awareness of alignment issues, have provided little in the way of guidance for actually correcting misalignment and thus achieving alignment. This paper introduces the BITAM (Business IT Alignment Method) which is a process that describes a set of twelve steps for managing, detecting and correcting misalignment. The methodology is an integration of two hitherto distinct analysis areas: business analysis and architecture analysis. The BITAM is illustrated via a case study conducted with a Fortune 100 company.
This paper presents a quality-driven approach to embodying non-functional requirements (NFRs) into software architecture using architectural tactics. Architectural tactics are reusable architectural building blocks, providing general architectural solutions for common issues pertaining to quality attributes. In this approach, architectural tactics are represented as feature models, and their semantics is defined using the Role-Based Metamodeling Language (RBML) which is a UML-based pattern specification notation. Given a set of NFRs, architectural tactics are selected and composed, and the composed tactic is used to instantiate an initial architecture for the application. The proposed approach addresses both the structural and behavioral aspects of architecture. We describe the approach using tactics for performance, availability and security to develop an architecture for a stock trading system. We demonstrate tool support for instantiating a composed tactic to generate an initial architecture of the stock trading system.
We compare five industrial software architecture design methods and we extract from their commonalities a general software architecture design approach. Using this general approach, we compare across the five methods the artifacts and activities they use or recommend, and we pinpoint similarities and differences. Once we get beyond the great variance in terminology and description, we find that the five approaches have a lot in common and match more or less the “ideal” pattern we introduced. From the ideal pattern we derive an evaluation grid that can be used for further method comparisons.
Organizations in virtually every industry are facing unprecedented pressures from many external forces. In an environment characterized by more regulatory mandates, more customer demands for better products and services, and an accelerated pace of technological change, some executive teams are turning to enterprise architecture (EA) to help their organizations better leverage their IT investments. The results of our study show there is a positive relationship between the stage of EA maturity and three areas of IT value: (1) ability to manage external relationships, (2) ability to lower operational costs, and (3) strategic agility. We also found positive relationships between EA maturity and improved business-IT alignment and risk management. Although these findings are based on responses from 140 CIOs working in a single industry that has been slower than others to leverage IT (U.S. hospitals), we believe they provide useful guidelines to help organizations in all industries increase the value from their IT investments.
Developer's thought processes are a fundamental area of concern. Cognitive scientist have discovered that people's intiative inferences and probality judgments do not strictly conform to the laws of logic or mathematics, and that people are willing to provide plausible explanations for random events. This article examines the role these phenomena might have in software development, ultimately concluding that what are cast as one-sided software development guidelines often can be recast beneficially as two-sided trade-offs.
Windows of opportunity and product life cycles have been
shortening, placing pressure on firms to stay competitive. Many firms
have responded to this pressure by setting goals of reducing new product
development (NPD) cycle time and/or improving product performance, often
by setting up fuzzy gates between stages, cross-functional teams, or
both. This study examines the tradeoff between product performance and
time to market, focusing on the effect of overlapping stages during
which marketing, design, and manufacturing engineering are jointly
working on performance improvement, An NPD process model comprising a
design stage, a process stage, and an intermediary overlap stage
representing the interaction between design and process personnel is
developed. Key findings include the following. (1) Overlapping stages
reduces time to market, but the marginal returns to lengthening the
overlap stage yield progressively smaller improvements in time to
market. (2) The longer the market window is open, the less is the
pressure to rush the product to market, and product performance can be
further improved by leaving the product longer in development. (3) It is
better to keep the product longer in development rather than accelerate
time to market if the base product performance is low. (4) If the
productivity of the overlap stage is increased, it is more profitable to
keep the product in development longer and boost product performance at
launch than to rush the product to market quicker. (5) The greater the
market power the firm possesses, the faster it should bring the product
to market, as long as product performance and sustainability of market
power are not substantially reduced. A set of propositions is derived
from the model, and is tested in a small-scale empirical study on firms
in the automobile and automotive supply industry. The results are
largely supportive of the propositions. Management implications and
recommendations for further research are presented
Software-Over-The-Air (SOTA): An Automotive Accelerator
- S Penthin
S. Penthin, "Software-Over-The-Air (SOTA): An Automotive
Accelerator," https://www.bearingpoint.com/en-se/our-success/thoughtleadership/software-over-the-air-sota-an-automotive-accelerator/.
Autosar techincal overview, version 4.3
- T A Consortium
T. A. Consortium, "Autosar techincal overview, version 4.3." (2016),
http://autosar.org.
Free-fall: Hacking tesla from wireless to can bus
- S Nie
- L Liu
- Y Du
S. Nie, L. Liu, and Y. Du, "Free-fall: Hacking tesla from wireless to
can bus," Briefing, Black Hat USA, vol. 25, pp. 1-16, 2017.
Trade-offs and conflicts between quality attributes
- K Henningsson
K. Henningsson, "Trade-offs and conflicts between quality attributes,"
2001.
SSA 07 -Architecture Styles and Pattern
- A Morgenstern
A. Morgenstern, "SSA 07 -Architecture Styles and Pattern,"
http://wwwagse.informatik.uni-kl.de/teaching/sads/material/SSA
2018 Pattern.pdf, 2018.
Understanding Automotive OTA (Over-the-Air Update), howpublished
- agarwal
How to design secure ota firmware and software updates for modern vehicles)
- agarwal
Free-fall: Hacking tesla from wireless to can bus
- nie