by John Fitzgerald, Steve Riddle, Paolo Casoto and Klaus Kristensen

In many areas of life, from buying holidays to organising the national defence, we are coming to depend on systems that are composed of several independently owned and managed, pre-existing systems. How can we engineer such Systems of Systems (SoSs) so that they merit the trust we place in them? A consortium of European and Brazilian researchers and practitioners are developing semantically sound languages and tools for Model-based SoS Engineering, integrated with well-established systems engineering practice. Industry case studies in areas including smart homes and emergency response have driven the requirements for our methods and tools, and have provided a basis for their evaluation.

Systems of Systems (SoSs) are synergistic collaborations between separately owned and managed systems that together deliver an emerging behaviour on which people come to rely. For example, the collective response of the emergency services in responding to a natural disaster comes as a result of the co-working of authorities that are normally – sometimes fiercely – independent. As we come to depend on the collective behaviour of these SoSs, we need to engineer them so that reliance on them is justified, even in the face of their capacity to change goals and functions.

Comprehensive Modelling for Advanced Systems of Systems (COMPASS) is an EU FP7 ICT project, now in its third year. Our vision is providing systems engineers with well-founded engineering notations, methods and tools that allow them to build models of SoSs and analyse their collective properties well ahead of commitments to costly design decisions.

Figure 1: The COMPASS Toolset.

Figure 1: The COMPASS Toolset.

Three specific challenges must be addressed to achieve the benefits of SoS engineering [1] :

  • Verification of emergent behaviour. We do not assume that emergent behaviour is unanticipated: it may be the intended outcome of building the SoS. Verification requires the composition of Constituent System (CS) properties.
  • Collaboration through contracts. Full information about each CS is unlikely to be visible to the SoS engineer. The CS must agree a contract specifying the range of behaviours that each CS can rely on (and guarantee). We need to be able to verify CS behaviour conforms to the contract.
  • Semantic heterogeneity. CSs may have a combination of components that are specified with discrete or continuous state or time, or at different levels of abstraction. This heterogeneity must be addressed in order to be able to verify emergent properties.

Throughout the project, there has been close collaboration between the technology developers and case study owners. This co-operative development has improved the COMPASS tool chain maturity and the industrial deployability of COMPASS technology.

An emergency response case study is developed by project partner INSIEL, who observe: “The COMPASS project is going to provide INSIEL several benefits from both methodological and technological points of view, the most significant being the ability to model, by means of executable CML models, properties emerging from the architecture of our System of Systems. Such requirement is, in fact, really critical for the specific domain where INSIEL's products work; each product needs to satisfy a set of constraints concerning quality of service and response time. In particular, by means of model checking, fault tolerance modelling and CML execution INSIEL will be able to evaluate if constraints will be respected at design time. CML modelling also allows us to analyze how SoSs will behave when a different context appears, or when the topology of the SoS may change.”

A smart homes audio/video case study is developed by project partner Bang & Olufsen (B&O), who observe: “Significant results have been achieved in the field of SoS requirements engineering, SoS architectural level modelling and SoS model simulations. The requirements engineering methods and techniques have improved requirement consistency and stakeholder impact analysis for B&O’s development organisation. A Streaming Architectural Framework (SAF) has been produced, which has enabled communication regarding integration challenges of the different CS’s streaming architectures in the B&O SoS.

As part of early verification improvements, a formal CML (COMPASS Modelling Language) model for a new B&O distributed Leadership algorithm was developed. The algorithm enables desired emergent properties in the SoS. The correctness of the algorithm is vital for the end-users’ experience in an SoS multi-product setup. B&O was able to find errors by analyzing the model, and correct the C++ implementation, before the algorithm was deployed in the products.”

The identified specific challenges will continue to be the focus of further work in Cyber-Physical Systems of Systems.

Project partners are Newcastle University, UK; Aarhus University, Denmark; University of York, UK; Bremen University, Germany; Universidade Federal de Pernambuco, Brazil; Bang & Olufsen, Denmark; Insiel, Italy; Atego, UK


[1] John Fitzgerald et al,"Model-based Engineering for Systems of Systems: the COMPASS Manifesto". COMPASS Technical Report, 2013,

Please contact:
Steve Riddle
Newcastle University, UK
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Next issue
April 2018
Next special theme:
Autonomous Vehicles
Call for the next issue
Image ERCIM News 97 epub
This issue in ePub format
Get the latest issue to your desktop
RSS Feed