Videos

Getting Started

SysML to AADL Bridge Tool

Demos

Systems Engineering Safety and Security Analysis Framework (SESSAF)

Additional Resources

• Paper: Applying ACVIP for Verification by Analysis during Airworthiness Qualification

• Paper: ACVIP Reduces Risk to Aviation MOSA

• Paper: Airworthiness Qualification of ACVIP Tools

• Register for the Software Engineering Institute (SEI) online course, Modeling System Architectures Using the Architecture Analysis and Design Language (AADL)

• Publication: ACVIP: A Key Component of the DoD Digital Engineering Strategy

• ACVIP Modeling & Analysis Handbook

• Authoritative Source of Truth Study (ASoT Study)

• Tools, Training, and Reference Materials for the FACE™ Technical Standard

• 2018 Article: System Architecture Virtual Integration Nets Significant Savings, Software Engineering Institute, Carnegie Mellon University

• Use Case: Joint Common Architecture Demonstration

• Original 2017 Press Release Introducing the CAMET® Library

• Third Party AADL Resources

Overview

CAMET® (pronounced "camay") stands for Curated Access to Model-based Engineering Tools. The CAMET Library provides system engineers with practical and powerful analysis tools to support Model-based DevOps, Digital Engineering, and the Architecture Centric Virtual Integration Process (ACVIP), and other modern development methodologies.

Challenge

As modern cyber-physical systems grow in scope and complexity, embedded software is responsible for the vast majority of the system’s functionality. Typically, testing and analysis for system-level requirements for embedded systems is not done until later stages of development when the cost to fix problems is orders of magnitude higher than fixing them in the earlier phases. These system-level requirements involve critical trade-offs between size, weight, power budgets, bandwidth and CPU utilization, which have significant ramifications on timing, as well as safety and security.

Solution

Galois’s CAMET® Library of model-based engineering tools helps system engineers and architects improve system capabilities and reduce the risk of cost and schedule overruns. CAMET supports the delivery of highly reliable, highly functional, safe and secure cyber-physical systems.

The CAMET® Library was created to analyze and detect flaws in complex systems early on, during the requirements and design phases. CAMET’s powerful tools were developed with the support of SBIR awards from multiple agencies.

Phase III SBIR support from the Army has matured them for use on the Future Vertical Lift program, one of the Army’s top modernization priorities.

Key Features

• Tools that support continuous integration and testing for model-based engineering and analysis

• Subscribers have access to all CAMET Library tools, software, models, and other materials

• Each subscription provides access for up to five users

• User guides, example models, and instructional videos help new users get up and running

• The CAMET Library analysis tools operate as plugins to the Open Source AADL Tool Environment (OSATE)

• Selected CAMET Library tools operate as standalones via a standard Java API for use in any Java-friendly environment

Subscription

Tools, Training, and Reference Materials for the FACE™ Technical Standard

The Architecture and Analysis Design Language (AADL) is an SAE International aerospace standard (AS) system model specification language (AS5506C) that supports various types of performance and safety analysis.

The Future Airborne Capability Environment (FACE) Technical Standard defines a Reference Architecture intended for the development of portable software components targeted for general purpose, safety, and/or security purposes. The AADL Annex for the FACE Technical Standard Edition 3.0 (AS5506/4) provides guidelines for the integrated use of AADL and FACE Technical Standard data specifications and components.

Overview

The tools listed below have been designed to meet the complex demands of a modern model-based digital engineering environment, namely:

• Integration of multiple analyses into a shared workflow.

• Continuous virtual integration with mixed developer models.

• Automated model verification, report generation, and code generation.

CAMET Base Pack

The CAMET Base Pack bundles the most-used CAMET Library tools in one download to simplify initial installation and use. It includes example models and full tool documentation.

Safety and Security Analysis

RMF: Risk Management Framework

(Model Format: AADL)

The RMF Analysis tool analyzes models to reduce the risk that systems will fail certification under DoDI 8510.01 Risk Management Framework for DoD Information Technology (IT). The analysis answers the following questions:

1. Does the architecture isolate information flows with different criticalities?

2. Does the architecture place security controls everywhere they are needed?

3. Are the controls enforced as intended (non-bypassable and tamper-resistant)?

For demonstrations please see these videos:

MILS: Multiple Independent Levels of Security

(Model Format: AADL)

The MILS tool analyzes AADL models to reduce the risk that systems will fail certification under DoDI 8540.01 Cross Domain Policy. It verifies that connected components operate at the same security level and that different security levels are separated with a protective measure like an air gap or an approved cross domain solution.

To learn more, explore the following videos:

SESSAF: Systems Engineering Safety and Security Analysis Framework

(Model Format: AADL)

SESSAF incorporates a top down analysis methodology aimed at identifying complex, multi-factor safety and security hazard scenarios, particularly in software reliant systems. It guides safety experts through a structured conversation, helping them methodically apply their domain knowledge to a specific system design. Using a wizard interface, the experts answer questions about safety and security concerns specific to the system design. Using the expert’s responses, SESSAF updates the AADL based system model which is then used by system engineers to address the findings and to generate customized reports.

For demonstrations, please see these videos:

MADS: Multiple Analysis for Domain Separation

(Model Format: AADL)

The MADS tool helps engineers detect faults by assessing domain isolation in AADL system architecture models. Analyzing multiple classes of domain isolation simultaneously, developers can identify defects arising in one class due to model changes associated with a different class.

Schedule Analysis and Generation

FASTAR™ Compositional Schedulability Analysis

(Model Format: AADL)

FASTAR applies timing and resource analysis tools that support multiple scheduling methods and different types of equipment in order to provide end-to-end, system-wide analysis results. Supports MAST for distributed priority-scheduled systems, and SPICA for ARINC 653 scheduled systems.

For a demonstration, please see this video:

FASTAR™ Scheduler

(Model Format: AADL)

FASTAR generates schedules from a model of real-time embedded software systems. Schedules address thread and connection timing, demand requirements, and constraints on specified end-to-end flow latencies. Generates ARINC 653 schedules.

RTOS: Real-Time Operating System Configuration

(Model Format: AADL)

RTOS generates RTOS-specific schedule configuration from an architecture model of the software components to be integrated in the target execution environment. The configuration is generated from a model that has already undergone analysis and verification using other tools.

Supports LynxOS-178 RTOS.

For a demonstration, please see this video:

SPICA: Separation Platform for Integrating Complex Avionics

(Model Format: AADL)

SPICA has two core capabilities: schedule simulation and schedule generation. Specifically, it provides tools to generate ARINC653 partition schedules, and to analyze the timing of ARINC653 standard schedules. SPICA can be invoked on AADL models using either FASTAR or the Continuous Virtual Integration Toolkit.

Behavioral Modeling

SLICED: State Linked Interface Compliance Engine for Data

(Model Formats: AADL, FACE, and SysML implemented in MagicDraw)

SLICED allows system engineers to conduct behavioral analysis of models to detect errors in messaging patterns/paradigms, sampling rates, and latency requirements in embedded systems software. It combines timing analysis and Future Airborne Capability Environment (FACE™) data models with descriptions of the state of a software Unit of Portability (UoP).

For demonstrations, please see these videos:

Workflow Automation

SysML to AADL Bridge Tool

(Model Format: SysML, Enterprise Architect, and MagicDraw/Cameo supported)

The System Modeling Language (SysML) was developed for Model-Based Systems Engineering (MBSE). It has a broad scope that encompasses a range of systems, from civil engineering projects to organization operations. The Architecture Analysis and Design Language (AADL) was developed for embedded computer systems architectures and associated equipment. AADL provides standard semantics within the embedded computing domain, while SysML does not.

Using AADL standard semantics in models enables a variety of existing computer system architecture analysis, integration, and testing tools to be applied to models. The SysML-to-AADL translation tool allows them to be used together in a collaborative and synergistic way: The strengths of SysML for overall systems engineering can be combined with the strengths of AADL for specifying and analyzing embedded computer subsystems within an overall system.

DSI: Design Space Investigator

(Model Format: AADL)

DSI provides provides an infrastructure, automation tools, and visualization tools that allow trade space analysis to be performed continuously as models are updated.

DSI combines systems architecture specification and analysis technologies to support least commitment design of complex systems such as aircraft and spacecraft. When applied to system design, a least commitment approach helps developers avoid making premature design decisions that must later be retracted, thereby reducing or eliminating re-work costs. DSI helps developers make design decisions when necessary by automatically and continuously evaluating design alternatives throughout the development process.

CVIT: Continuous Virtual Integration Toolkit

CVIT Applies the software engineering concepts of continuous integration and testing to model-based engineering and analysis. CVIT allows users to stand up a server at their facility that automatically executes scripts for integration, analysis, and report generation of system models. Most CAMET Library analysis tools support CVIT, and instructions are included for adapting other tools to use CVIT.

INDIGO: INsight to Diverse Information Using Graphs and Ontologies

(Model Format: Web Ontology Language (OWL))

INDIGO provides capabilities to access multiple models and domain ontologies and explore relationships within sets of models developed in different languages using different tools. An enhanced browser recognizes access protocols and data in RDF formats to create a library of sources. Users select sets of models, interactively build queries supported by automated reasoning, with results displayed by choices of viewers.

System Architecture and Implementation

ISOSCELES™: Intrinsically Secure, Open, and Safe Control of Essential LayErS

ISOSCELES is a reference architecture and set of development tools that enables developers to create safe and secure products, including Industrial Internet of Things (IIoT) systems, medical devices, and other embedded systems connected to a network, e.g., the Internet. Developers are able to focus on the functionality of their product with ISOSCELES providing the surrounding safety and security. ISOSCELES is compliant with cyber security best practices, FDA approval guidelines and security requirements, and California's IoT law effective January 2020. The reference architecture and documentation is open source and the development tools are available to sponsors of Adventium's CAMET Library. Support is available separately to integrate ISOSCELES into the system development workflow of its users.

Further information:

Requesting Access to CAMET

Please contact us at to become a subscriber to Galois's CAMET® Library. At this time, subscriptions are only available to verified US-based organizations.

Each subscription provides access to all CAMET Library tools, software, models, and other materials for the term selected.

Enterprise Support, as well as new tools or functionality improvements, can be contracted separately. See below for Enterprise Support plans.

Government users, as well as academic institutions that plan to use the library in course curriculum and teaching, can apply for no cost access. Academic subscriptions require a professor or instructor of the academic institution as the primary point of contact.

By purchase of the CAMET subscription, the Buyer agrees in full to the terms and conditions of the CAMET Library Terms of Use, and the End User License Agreements of the individual CAMET Library Software Tools. Upon receipt of the completed form, the buyer will be sent an invoice, payable by check or credit card. Upon receipt of payment, Galois will provide instructions for access to CAMET library.

Subscription Levels

Awesome Feature Two

Get amazing things done with awesome feature two. But remember that awesome feature one and three exist too. In fact, Awesome Product is full of awesome features.