Efficiently deploying safety-critical applications onto open integrated architectures

Open integrated architectures such as AUTOSAR or IMA offer an increased modularity and flexibility over more established federated architectures. Using such a design, system developers can reuse and exchange applications and execution platforms more flexibly, as costs for migration and integration decrease. However, when developing systems that are safety-critical, the traditionally monolithic approach of safety engineering poses threats to the modularity that comes with the new architecture. In fact, the safety has to be re-evaluated and argued whenever the system changes. As a consequence, significant costs are incurred every time a component is reused or replaced, which decreases the desired flexibility of the open integrated architecture. To address this problem, this thesis introduces a technique that allows for the partial automation of the safety-related integration process. The technique is built of three components: The foundation of our approach is a model-based specification language allowing developers to define the conditions for the valid integration of platforms and applications. Our language follows a modular, contract based approach for the specification of demands and guarantees, which together form a safety interface between application and platform. The demands are specified by the application developer and define the safety-related behavior of the platform as required for the safe execution of the application. The guarantees, on the other hand, are specified by the platform developer and define the actual safety-related capabilities of the platform at hand. Based on this language, we define a mediation algorithm that is capable of automatically checking if the conditions specified in the safety interfaces are met for a given application-platform deployment. This automation decreases the effort for integrating safety-critical applications and platforms, which sustains the flexibility of the design. However, in order to perform the automated integration check, our mediation algorithm requires the deployment of applications and platforms as an input. To assist the integrator in identifying a valid deployment, we present an objective function for evaluating safety related deployment criteria as a third and final component of our solution approach.