The special theme section “Trustworthy Systems of Systems” has been coordinated by Poul Heegaard, NTNU and Erwin Schoitsch, AIT.

Safety & Security Co-engineering

by Poul Heegaard and Erwin Schoitsch

In a highly interconnected world, a finite number of independently operable and manageable systems are networked together to achieve a higher goal as constituent systems of a ‘System-of-Systems’ (SoS), also referred to as a ‘Digital Ecosystem’. Systems of Systems - characterized by self-organization, autonomous constituent systems, continuous evolution, scalability and sustainability - provide both economic and social value. Examples of SoS include: the smart power grid with power plants and power distribution and control, smart transport systems (rail, traffic management with V2V and V2I facilities for highly automated or autonomous driving, air traffic control systems), advanced manufacturing systems (industry 4.0), mobile co-operating autonomous robotic systems or vehicles, health-care systems, smart buildings and neighbourhoods - from local communities through to smart cities.

by Andreas Wild

Less than one year since its inception, the ECSEL (Electronic Components and Systems for European Leadership) Joint Undertaking (JU) is launching six research and innovation actions and six innovation actions arising from its 2014 calls, investing €708 million in electronic components and systems. The ECSEL JU is established by the European Council with the aim to keep “Europe at the forefront of technology development, bridging the gap between research and exploitation, strengthening innovation capabilities and creating economic and employment growth in the Union”.

by Michel A. Reniers, Sebastian Engell and Haydn Thompson

The CPSoS project ( is developing a European roadmap for future research activities in Cyber-Physical Systems of Systems (CPSoS), which are large complex physical systems that interact with and are controlled by a considerable number of distributed and networked computing elements and human users [1]; see Figure 1. Examples include automotive systems [2], rail systems, electric grids, smart buildings, and large production facilities.

by Flavio Oquendo, Axel Legay and Khalil Drira

This French initiative in the framework of the CNRS GDR GPL establishes an open research network for tackling the emerging domain of software-intensive systems-of-systems. It focuses on bringing together researchers and practitioners, in a national effort, to discuss and enable the development of novel and sound theories, languages, methods, processes, and tools for architecting and engineering trustworthy software-intensive systems-of-systems.

by Costas Kalogiros, Vasilis Tountopoulos, Sotiris Ioannidis, Sebastien Keller and Pascal Bisson

OPTET introduces a trustworthiness-by-design methodology for the development of socio-technical systems. It defines a unified model of trust and trustworthiness to describe the processes of such systems, and delivers a set of generic enablers on trustworthiness that will complement large-scale ICT platforms and contribute to achieve better trust distribution.

by Tiago Amorim, Daniel Schneider, Viet Yen Nguyen, Christoph Schmittner and Erwin Schoitsch

Cyber-Physical Systems (CPS) offer tremendous promise. Yet their breakthrough is stifled by deeply-rooted challenges to assuring their combined safety and security. We present five major reasons why established engineering approaches need to be rethought.

by Christoph Schmittner, Zhendong Ma and Thomas Gruber

Networked cyber-physical systems introduce new challenges for safety, security, and dependability of such systems. Addressing them requires unified approaches towards safety and security co-analysis, design, implementation and verification in a holistic way. The researchers and engineers at the Austrian Institute of Technology develop concepts, techniques and tools for combining safety and security engineering for different domains.

by Markus Tauber, Christian Wagner and Andreas Mauthe

In the frame of the European ARTEMIS (Advanced Research and Technology for Embedded Intelligence and System) Innovation Pilot Project “Arrowhead” we address safety and security analysis methods as a part of ‘safety and security co-engineering’. This is being combined with other research activities in e.g. the FP7 Project SECCRIT (Secure Cloud Computing for Critical Infrastructure IT) in which we investigate how to assure security properties in complex (cloud based) systems which are derived from safety and security analysis results. The goal is to create a uniform point of view for Systems-of-Systems high-level security properties and assurance.

by Maurice ter Beek, Josep Carmona and Jetty Kleijn

Society is still trying to catch up with technology in the wake of the digital revolution of the last twenty years. Current systems need to be both heterogeneous and able to deal with enormous volumes of data coming from uncertain environments; consequently it is essential to be able to automatically assess the correctness of interactions. To guarantee that a system of systems, comprising a conglomerate of cooperating reactive components, can be trusted, and that the system as a whole behaves as intended, requires a thorough understanding of its communication behaviour. Once local interactions are identified, abstractions can support the identification of incompatibility of systems that should cooperate within a larger system.

by Jakob Axelsson

The introduction of systems-of-systems (SoS) necessitates the revision of common practices for safety analysis. In the case of vehicle platooning, for instance, this means that an analysis has to be carried out at the platoon level to identify principles for the safety of the SoS, and these principles then have to be translated to safety goals and requirements on the individual trucks.

by John Krogstie, Dirk Ahlers and Bjarne Helvik

Digital ecosystems encompass both ICT services and digital infrastructures, and their interactions with their surroundings. Prime challenges in such systems are the lack of coordinated engineering and management which, if not properly handled, can threaten the trustworthiness of the overall system. A holistic view of services and infrastructures is required, focusing on the relationships and dependencies between communication networks, data storage, service provisioning, and management of services and infrastructure.

by Flavio Oquendo and Axel Legay

Over the last 20 years, considerable research effort has been put into conceiving Architecture Description Languages (ADLs), resulting in the definition of different languages for formal modelling of static and dynamic architectures of single systems. However, none of these ADLs has the expressive power to describe the architecture of a trustworthy System-of-Systems (SoS). SosADL is a novel ADL specifically conceived for describing the architecture of Software-intensive SoSs. It provides a formal language that copes with the challenging requirements of this emergent class of complex systems that is increasingly shaping the future of our software-reliant world.

by Tesfaye A. Zerihun, Bjarne E. Helvik, Poul E. Heegaard and John Krogstie

In a world where ICT systems are everywhere and are critical for the well being, productivity and in fact the survivability of our society, it is crucial that they are resilient to all kinds of undesired events, random failures, mistakes, incompetence, attacks, etc. To deal with this challenge, a thorough understanding of the nature of their complexity and inter-dependencies is needed. A quantitative model of a digital ecosystem can offer insights into how management and operations can be conducted within, and coordinated across the different autonomous domains that constitute the global, complex, digital ecosystems.

by Christoph Schmittner, Egbert Althammer and Thomas Gruber

Certification and Qualification are important steps for safety- and security-critical systems. In Cyber-Physical Systems (CPS), connected Systems of Systems (SoS) and Internet of Things (IoT), safety and security certification should be done in a holistic and unified way. Assurance that a system is safe needs to include evidence that the system is also secure. WEFACT is a workflow tool originally developed for guidance through the safety certification and testing process, which is now extended towards holistic safety and security assurance.

by Jonas Wäfler and Poul E. Heegaard

The increased use of information and communication technology in the future power grid can reduce the most frequent types of failure and minimize their impacts. However, the added complexity and tight integration of an automated power grid brings with it new failure sources and increased mutual dependencies between the systems, opening the possibility for more catastrophic failures.

by Emanuele Carlini, Patrizio Dazzi, Alessandro Lulli and Laura Ricci

The Telos framework eases the transition to a vertex-centric approach in the high performance and distributed programming of BigData analytics targeting large graphs. Telos represents a paradigm shift, from ‘think like a vertex’ to ‘think like a network’.

by Maria Bartnes Line and Nils Brede Moe

Recent attacks and threat reports show that industrial control organizations are attractive targets for attacks. Emerging threats create the need for a well-established capacity for responding to unwanted incidents. Such a capacity is influenced by organizational, human, and technological factors. A response team needs to include personnel from different functional areas in the organization in order to perform effective and efficient incident response. Such a cross-functional team needs to be self-managing and develop a shared understanding of the team’s knowledge.

by Christophe Ponsard, Philippe Massonet and Jean-Christophe Deprez

Reasoning about Systems of Systems has proved difficult, not only because it is difficult to combine heterogeneous system models, but more fundamentally because of complex interactions that make it difficult to exactly predict the emerging behaviour. Goal-oriented requirements engineering techniques can help to drive the analysis and design of systems-based techniques, combining semi-formal reasoning with more focused quantified analysis carried out through the filter of specific goals.

Next issue: July 2018
Special theme:
Human-Robot Interaction
Call for the next issue

Image ERCIM News 102 epub
This issue in ePub format

Get the latest issue to your desktop
RSS Feed