You are here: The Open Group > The Open Group Conference, San Francisco 2012 > Proceedings

Real-Time & Embedded Systems Forum

Objective of Meeting

The primary objective of Monday’s Open Track sessions on Dependability was to look at a variety of new approaches – from Dependable Embedded Open Systems (DEOS) to the use of safety cases and assurance cases – as well as looking at the use of industry tools and techniques and modeling languages that can be used to enable the various approaches. The secondary objective was to provide a good look at the MILS™ approach and what that does differently than traditional approaches in the higher assurance space.


Jack Fujieda, The Open Group/ReGIIS

Jack Fujieda provided a very good introduction to the presenters and introduced the topic by laying the groundwork for the challenges of Open Systems and the rewards if you can meet the challenge successfully.

Open Systems Dependability – A New Approach for Huge and Complex Software Systems
Dr. Mario Tokoro, President, Sony R&D

DEOS and D-Case for Open Systems Dependability
Dr. Yutaka Matsuno, University of Tokyo

Dr. Tokoro and Dr. Matsuno provided excellent presentations on how to increase the dependability of Open Systems through the (DEOS) approach.  Instead of using the typical formal methods approach, which they believe assumes a closed system, they advocate for an approach where the level of dependability should be agreed by stakeholders with the help of assurance cases in the design and operational phases. And based on assurance cases they have started to develop D-Case which is a method and tool for dependability agreement among stakeholders. They also discussed a graphical notation, the Goal Structuring Notation (GSN), which is a safety argument notation. Additionally, they covered the level of risk or dependability, which can be determined by introducing a monitor into the system to gather evidence on the system’s dependability. The presentation introduced their demo of a D-Case system and discussed their plans for standardization as follows: D-Case/Agda available in March 2012 as open source, and plans for a Dependability plug-in for TOGAF®, which could be an instantiation of the DEOS Process.

Panel Discussion
Moderated by Dave Lounsbury (CTO, The Open Group) with Dr. Tokoro, Dr. Matsuno, Dr. Yamamoto (Nagoya University), Jack Fujieda, and Ed Roberts (Elparazim)

Dr. Tokoro’s and Dr. Matsuno’s presentations were followed by a panel of subject matter experts with some very intriguing questions from the moderator Dave Lounsbury – and some very interesting responses from the panel. There was a good mix of business and technical discussion. The enthusiasm for this new direction was quite evident and contagious.

There were no additional presentations during the panel session.

Enforcing Security Policies with a MILS Architecture
Dylan McNamee, Galois Inc.

Dylan McNamee provided a very good presentation on MILS, reinforcing the idea that MILS is a robust security architecture that is useful for enforcing a wide range of policies. He covered the following areas: security policy and policy enforcement mechanisms, a comparison between the traditional approaches to policy enforcement, and the MILS approach to enforcing security policy. The traditional approach, revealing many gaps in achieving high assurance security, is in stark contrast to MILS, which offers physically separate systems and separation kernels and can offer a higher degree of assurance that a system will maintain its integrity. Dylan reinforced the idea that, although MILS is a flexible architecture that enables sufficient evidence for assurance and is a building block for trustworthy systems, it is not a panacea.

Assurance Cases: Motivations, Technologies, Development
Ed Roberts, Elparazim

Ed Roberts provided a very informative presentation on assurance cases – starting with a description of how and why assurance cases have been evolving – and how the industry has been moving away from formal methods as the only new approaches that support using assurance cases – one of the newly evolving paradigms is a “Safety Case”. Ed offered a look at several technologies in his presentation: Stephen Toulmin’s Model, ARM (Argumentation Metamodel), SAEM (Software Assurance Evidence Metamodel), SACM (Structured Assurance Case Metamodel), GSN (Goal Structured Notation) and CAE (Claim, Argument, Evidence Notation), DIOS and D-CASE, and others.


Outputs are reflected in Presentations and Next Steps – please refer to the sessions above and below.

Next Steps

The Real-Time and Embedded Systems Forum will look further at where they can continue the good work started by SONY, the University of Tokyo, and Elparazim in the use of DEOS and D-Cases.

Assurance Cases in general is an ongoing topic in the Forum and one next step is to decide what type of assurance case the Forum will develop for MILS – this effort is being spear-headed by Dylan McNamee.


See above.

   |   Legal Notices & Terms of Use   |   Privacy Statement   |   Top of Page   Return to Top of Page