ensuring consistency of critical systems in agile development · ensuring consistency of critical...
TRANSCRIPT
V1.1 | 2018-10-03
Helmut Bunge, Samir Sarkic, BoschDr. Christof Ebert, Kai Ruedele, Vector Consulting Services
Ensuring Consistency of Critical Systems in Agile Development
Some 59,0001 researchers and developers work at Bosch: at 1202 locations worldwide, in a single network.
Bosch is one of the world’s leading international providers of technology and services.
Over the past six years, Bosch has invested more than 27 billion euros in research and development.
Our objective: to develop innovative, useful, and exciting products and solutions to enhance quality of life – technology that is “Invented for life.”
Internal | C/CCB, C/CCD | December 2017© Robert Bosch GmbH 2016. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights.
1 As of 12.16 2 R&D locations with >50 associates, as of 12.16
Bosch – technology to enhance quality of life
2/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Vector Consulting Services
Transport
Automotive
Aerospace
Medical
Digital Transformation
IT & Finance
Vector is global market leader in automotive software and engineering toolchain with over 2.000 employees
Vector Consulting Services is supporting clients worldwide
Product development, IT and change management
Processes, tools, trainings, coaching transformation, interim support
Agile, cybersecurity, safety, ASPICE, requirements engineering, etc.
www.vector.com/consulting
www.vector.com/consulting-career
3/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
1.
2. Motivation
3. Ensuring Consistency in Agile Development
4. Conclusions and Outlook
Agenda
Welcome
4/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Vector Client Survey 2018: Security and Safety are Major ChallengesMotivation
Safety and Cybersecurity have arrived as major challenges – now and in future. Solution: Agile innovation
Innovation
Competences
Efficiency
FlexibilityDistributed teams
Connectivity
Safety and security
Complexity
Digital transformation
Compliance
Others0%
10%
20%
30%
40%
50%
60%
70%
80%
0% 10% 20% 30% 40% 50% 60% 70%
Mid
-ter
m c
halle
nges
Short-term challenges Vector Client Survey 2018. Details: www.vector.com/trends.
Horizontal axis shows short-term challenges; vertical axis shows mid-term challenges.
Sum > 200% due to 5 answers per question. Strong validity with >4% response rate of 2000 recipients from
different industries worldwide.
Magic Triangle
5/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
VisionSafe and secure product release within few hours with formal approval process and documentationThis allows to react fast to cybersecurity attacks with safety impact.
ChallengeFrequent and late changes in safety related product development are often hindered because they take too much effort to release with right quality level.
SolutionAgile safety analysis process supported by semi-automated tooling: Method, Organization, Tooling
Overview: Agile Safety and CybersecurityMotivation
This presentation presents the evolution path to integrate agile and safety/security.
With the growth of IoT and convergence of IT and embedded systemsit applies to practically all industries
6/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
1.
2. Motivation
3. Ensuring Consistency in Agile Development
4. Conclusions and Outlook
Agenda
Welcome
7/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Method: Model-Based Dependency Analysis (1/2)Ensuring Consistency in Agile Development
Traceability from changes based on hierarchic modelling & update of analysis and tests
SystemRequirements
Logical SystemArchitecture
ComponentArchitecture
SimulationImplementation
PowerMirrorCtrl
Type: PowerMirrorCtrl
SwitchMatrix
Type: SwitchMatrix
PowerMirrorPass
Type: PowerMirr...
PowerMirrorDriver
Type: PowerMirr...
PowerManagement
Type: PowerMan...
x+:pm_pass_x+
y+:pm_pass_y+
y-:pm_pass_y-
x-:pm_pass_x-
y+:pm_driv_y+
x+:pm_driv_x+
y-:pm_driv_y-
x-:pm_driv_x-
y:PM_y
x:PM_x
sel:PM_selection
def12:KeyIn
sel:PM_selection
x:PM_x
y:PM_y x+:pm_pass_x+
y+:pm_pass_y+
y-:pm_pass_y-
x-:pm_pass_x-
y+:pm_driv_y+
x+:pm_driv_x+
y-:pm_driv_y-
x-:pm_driv_x-
KeyIn:KeyIn Assembly Net
Assembly Net
Body Ctrl
Driver Door CtrlPass Door Ctrl
Gateway
SwtichMatrix
PassengerMirror DriverMirror
BatMng
-
-
-
-
-
-
-
-
-
DoorLIN:LIN
Ground
PowerSupply
- cv2:4w -KA_Pass Door Ctrl _0
-
-
CANPT:CANC
System FTA/FMEA
ComponentFTA/FMEA
Fault Injection /
TDD
8/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Method: Model-Based Dependency Analysis (2/2)Ensuring Consistency in Agile Development
Simplified Example: Activity Diagram (SysML) helps to investigate impact of changes
Based on this “effect chain analysis” the related tasks for safety analysis update can be identified (e.g. are safety related operations affected by change)
Scenario: “small change” leads to negative impact on safety
Challenge: early detection of safety impact
Target: “Continuous” Safety Analysis
9/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Method: Continuous Regression TestingEnsuring Consistency in Agile Development
Similar to Safety, Security needs to be an integrated part of the development process. For efficient and fast ramp-up, connect security with existing safety governance.
?
Hazard and Risk Assessment
Safety Goals
Functional Safety-Concept
Features and Operation Scenarios
Technical Safety-Concept
Implement. of Safety
Mechanisms
Verify Safety Mechanisms
Test Safety Mechanisms
Validate Safety Assumptions
Safety Case
Safety ActivitySafety Verification on
Unit Level
Assets andAttack
Potentials
Threat and Risk Assessment
Security Goals
Security Architecture
Technical Security Concept
Implement. of Security
Mechanisms
Verify Security Mechanisms
Test Security Mechanisms,
Pen Tests
Validate Security
Assumptions
Security Case
Security Activity
Security Verification on
Unit Level
Safe / Secure Implementation of Nominal Functions
Safety Operations
Security Operations
10/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Organization: Scaled Agile with Safety integrationEnsuring Consistency in Agile Development
Coordinate safety via “Scrum Of Scrums” focus on safety impact coordination
Coordinate “change waves” e.g. update of HW leads to significant SW and Safety update
Semi-automated safety analysis to detect unexpected side-effects
Testing Team
HW TeamSW Team 2SW Team 1
Scrum of Scrums
Location 1
Location 1Location 2
Location 2 Location 3
Challenge: Manage dependencies between teams in case of safety related changes
11/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Organization: Test-oriented Requirements Engineering (TORE) with Agile TeamsEnsuring Consistency in Agile Development
Agile teams clarify initially the test set-up based on hierarchic requirements and models
LegendSW Lead Team 1SW Lead Team 2Technical Lead Testing
Team MemberHardware LeadMechanical Lead
Chief Technical Lead
Kanban Board
Testing Team
HW TeamSW Team 2SW Team 1 Mechanical Team
Scrum of Scrums
Location 1 Location 1
Location 1Location 2
Location 2 Location 3
Safety Manager
Safety Engineering
12/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Why is the tooling important?
Safety Analysis depends on Respective scope, i.e. System-,
SW-, HW-Design Specific safety requirements Dependencies from cybersecurity
threat analysis
Tools: Integrated Safety ToolsEnsuring Consistency in Agile Development
Architecture + Design
Safety Analysis
3 Improve
2 Analyse
1 Develop
Requirements
Interface Design to Safety Analysis
Changes have complex dependencies and interactions across work products.Tooling is mandatory for efficient and consistent change handling.
13/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Tools: Support for Consistency in Agile DevelopmentEnsuring Consistency in Agile Development
Benefits from automated tools Maintaining the continuous
safety-case with necessary documentation in agile incremental deliveries of critical systems
Efficient implementation of cybersecurity and functional safety during changes
Full Life-Cycle support from requirements to concept, design, test and after-sales
Traceability and governance Support for heterogeneous
environments Evolution to automated
generation of Safety Analysis based on detailed modeling of static and dynamic aspects
Continuous Safety Case
Vector SafetyCheck / SecurityCheck
PREEvision Safety support
Bosch DASP Workbench
14/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
1.
2. Motivation
3. Ensuring Consistency in Agile Development
4. Conclusions and Outlook
Agenda
Welcome
15/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Integration of safety and cybersecurity in agile projects is possible and has benefits…
…if the following conditions are fulfilled
Methods> Consistency across work products from HARA/TARA to safety/security goals and requirements to design,
implementation, (regression) test and safety/security case documentation
Organization> Safety team is integrated in agile team (safety manager / safety engineer). > Agile team has necessary safety and security competences.
Tools> Sufficient tool based traceability (requirements, architecture, tests, change sets..) is established.> Safety tooling supports interfaces to design tools (System, SW, HW).
Conclusion: Safety/Security are Possible in Agile DevelopmentConclusions and Outlook
Safety and cybersecurity engineering must be integrated with software development.Systematic integration ensures efficient and robust development in agile context
16/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Evolution: Critical Systems Demand Agility ScalingConclusions and Outlook
High
HighLow
RiskCriticality
Governance
Flexibility, Continuity
Source: Ebert, Requirements
Engineering, 2018
Vector ACE
Agility for safety and cybersecurity needs profound methodology and guidance17/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Mobility: From driving to multi-modal mobility services and sharing culture
Business Models: From incumbent tiered supply-chain to flexible new players from IT industry
E/E architecture: From distributed electronic controllers to standardized three-tier architecture
IT architecture: From proprietary building blocks to open IT systems with off-the-shelf components and adaptive SOA.
Development lifecycle: From the classic V model with rather heavy release cycles to agile DevOps-like approach.
Governance: From encapsulated safety-critical functions to interwoven quality assurance for liability, safety, cyber-security, privacy.
Culture: From R&D vs. IT separation to convergence.
Competences: From automotive embedded electronics to IT as a core competence of all engineers.
Further Information: Automotive E/E TrendsConclusions and Outlook
Contact Vector for white papers, technical benchmarks and consulting
Source: IEEE Software May 2017 (Vector Guest Edited)www.vector.com/consulting-mediacenter
18/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Agile in PracticeConclusions and Outlook
Vector Forum 2019
The Agile Organization -Adaptive, Distributed, Scaling Agile for Critical Systems
27. June 2019 in Stuttgart
Practical experiences from global leaders, across industries
Enhance your competences
Grow your networks
Details…
www.vector.com/forum19
19/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Vector:
www.vector.com/consulting
@VectorVCS
More InformationConclusions and Outlook
Bosch:
www.bosch-mobility-solutions.com
20/21
© 2018. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.1 | 2018-10-03
Thank you for your attention.For more information please contact us.
Passion. Partner. Value.
Vector Consulting Services
@VectorVCS
www.vector.com/[email protected]: +49-711-80670-0