Program for 2nd Annual IEEE Systems Conference

Competency models are now in common usage in business organizations such as Human Resources (HR), finance, business development and program management. The methods for developing the models are well known and have been applied to practice. These methods include the definition of competency model frameworks. However, to date there have been only a limited number of applications of competency models to engineering and no integrated approach for developing engineering competency models that includes a complete framework has been reported. The generation of competency models has typically been performed using a top down method that starts by defining roles and then associating the competencies with the specific roles. This approach has led to many unique competencies that are not well aligned between organizations and different disciplines, despite the fact that numerous areas of commonality should exist across organizations and disciplines. Engineering is a very diverse and specialized profession. This results in a broad range of capabilities and competency models within a large engineering organization. Designing and building complex engineering systems requires many engineering disciplines such as; electrical, mechanical, and software. Engineers apply these disciplines to a broad range of products and over time become specialized in areas that are peculiar to the products being developed. The knowledge and skills needed to create the electrical systems on a space vehicle, for example, are very different from those required for home electronics. Further the application of a single discipline to a particular product results in specialists that concentrate on a particular aspect of the development, such as requirements definition or product test. These diverse and specialized aspects of the engineering competency require a framework that organizes the competencies and provides consistency across the many shared competencies. This paper presents a multi-dimensional hierarchal engineering competency model framework that can be used to create consistent, role-specific engineering competency models. The framework enables a process that organizes the creation of engineering competency models. The resulting competency models can employed within a Human Resources (HR) talent management system. The framework can also be used by individuals to characterize their capabilities independent of a specific role. The individual can use this characterization to compare their capabilities with many roles. Summing competencies of the individuals within an organization and comparing the result to an organizational competency model provides a means of examining the total capabilities of an organization and a means of identifying organizational capability gaps. The model framework was derived using a bottoms-up approach. All of the applicable knowledge, skills, abilities and attitudes (KSAA) are organized in a multidimensional and hierarchal manner. The multi-dimensional aspect allows organizations to add or subtract dimensions depending on the breadth of activities performed by the particular organization. The model framework is easy to use and to implement in a web based computer database program. The mechanization compliments existing HR systems, provides individuals with a method of self assessment and provides engineering managers with an approach for evaluating the total organization. This model framework adapts the past work and provides a simple framework for the large numbers of KSAA that the superset of engineers, in general, must possess. The framework recognizes that engineers must possess many competencies that are common with other disciplines, such as finance, business development and program management. A layered framework architecture is used to enable this commonality across disciplines and to separate the common competencies from the engineering unique competencies. The paper reviews the general attributes of an engineering competency model, discusses the layers and dimensions of the KSAA and how these are organized into a complete framework. Then the application of the model framework to the individual is presented along with the advantages of using the framework to characterize the individual, compared to role specific evaluations of the individual. This is followed by the methods used to define specific engineering roles and to create role specific competency models. These competency models form a database that an organization can use to characterize each of their existing and future roles. The competency models created can then be used in any one of the commercially available Human Resource talent management software packages.

Introduction. A key challenge for designers is to create systems that stakeholders will perceive as delivering sustained value over the life of the system. It is the creation of value that motivates the design effort, without which, systems face failure and developers face the consequences of that failure. The perceived value of a system by its stakeholders changes over time as a result of many different factors such as experience with use of the system, changes within the regulatory environment or marketplace, availability of new technologies, participation in a system of systems, and other emergent needs. Instead of resisting the inevitable change in stakeholder value expectations, system designers can proactively embrace the possibilities of change by building into the system the ability to provide future value. The concept of attribute classes is introduced as a framework for thinking about actual and potential value perception by stakeholders. Approach. Value can be defined as relative worth, utility, or importance; it is the quality of a thing considered in respect of its power and validity for a specified purpose or effect. The concept of value is at once abstract and yet pervasively accessible. The pursuit of value motivates exchange in markets, both formal and informal, as well as impacting the discipline of system design. Communication, or articulation, of value is a core concept in the design process, often represented as “needs identification” in traditional system development processes. During the concept phase, designers elicit stakeholder needs and desired system attributes though various methods, yet there is often significant unarticulated or latent value that remains uncovered until later in the lifecycle. The use of attribute classes can aid the system designer in understanding perceived value in context of an overall value spectrum. Desired system attributes are characterized using several value classes including: articulated value, free latent value, cheap latent value, accessible value and inaccessible value. The distinguishing characteristic that determines an attribute classification is the cost to “display” or “activate” an attribute when a stakeholder desires to see such an attribute. Unarticulated value, that which is not explicitly communicated, perhaps because it is unrecognized, can be explicitly managed through the attribute classification system by increasing the potential for a system to meet needs as they become expressed. As the cost to redesign a system increases, the importance increases for a designer to be able to anticipate and design in latent value that will increase the likelihood of sustaining system success through continued perception of delivering value to stakeholders. The ultimate goal of design using attribute classes is to be able to match dynamic system characteristics to dynamic value expectations. Contemporary requirements elicitation processes, while sound, frequently do not adequately uncover unarticulated or latent value attributes during concept development. The designer’s challenge is to anticipate the emergent needs of stakeholders. In some cases, the designer will be able to foresee future needs and provide free or cheap latent value as needs change. It will often be the case that the designer will also need to enhance the product or system in order to access new value. Bearing costs of latent value is an issue that the designer will need to consider. Difficult strategic business decisions will need to be made to consider the worth of investing in attributes to deliver future value. The cost of hiding and strategies for hiding presently unnecessary functionality must be considered, along with the costs that will be needed to turn on this functionality at a time when stakeholders articulate the need for this. The cost of designing in future value and the cost of activating, adding, deactivating, and subtracting attributes needs to be considered in trade studies and system architecture strategy. Results. The paper will discuss how the proposed framework is used for identifying attributes classes to uncover latent value. Illustrative case-based examples are presented to demonstrate how this method aids the designer in a deeper exploration of attributes to uncover latent value during the conceptual design phase. Implications for improving the overall design process are discussed, including strategies for bearing costs of latent value, relevance to current systems practices, and future directions toward improving practice.

Complexity science holds great promise for the engineering of complex systems. There are classes of system engineering problems for which our current set of systems engineering techniques are inadequate. These include 1. Situations in which the full set of requirements are unknown or unknowable, or when an ever-changing enterprise environment reacts to reinforce or conflict with design decisions, e.g., systems that are needed to support global business operations and also counter-insurgency warfare. 2. Situations in which local behavior can only be evaluated based on global results, e.g., systems providing services in a service oriented architecture (SOA), network centric operations, and joint and coalition warfare. These are akin to food networks (generalized predator-prey ecologies) and team sports. 3. Systems embedded in a socio-cultural enterprise where people acting on their own behalf take actions that cannot be precisely predicted as in economies and organizations. In particular, when the social network is neither so large and loosely coupled that averaging obtains, nor so small and tightly coupled that individual behavior predominates, variety and feedback can generate and lock in unpredictable novelty. 4. Problems for which an enumeration of the end-to-end performance of candidate designs grows at least exponentially with the number of nodes in the enterprise network and there is no known analytic method to determine the best candidate. These problems arise in software assurance of SOA’s and in the best case may be reducible to the Traveling Salespersons problem. Clearly, there are problems where complexity science does not inform systems engineering, i.e., whenever the design can be reduced into independent parts without nonlinear dynamic behaviors. This paper examines how known elements of complexity theory can apply to systems engineering with a view to informing future applications. The combination of people, processes and technology are cast as autonomous agents in a complex adaptive system, and the critical relationship between design and fitness is discussed. Self-organization, co-evolution, learning and adaptation are defined as core processes in the development of systems. The phenomena of emergence and phase change are presented in the context of the whole enterprise. The relevance of insights from game theory, including the Tragedy of the Commons, The Minority Game and the Iterated Prisoners’ Dilemma, are discussed. The application of complexity science to systems engineering reveals some new research gaps. However, for the most part, there is no impediment to applying what is known now about complexity science to systems engineering, except that developing new tools and methods to engineer complex systems is itself a research topic. In this paper we propose a research agenda to ground applications of complexity theory in systems engineering practice, offering practical solutions to complex problems.

There is a diversity of frameworks and methodologies for enabling architecture developments. Static representation frameworks provide a standardized way to communicate the architecture to stakeholders, but do not provide means to analyze the system states and emergent behavior. Therefore, there is a need to convert static representation frameworks to executable models. The aim of this paper is to present Artificial Life approaches as a methodology for understanding behavior of System of Systems. For this, an Artificial Life based framework for modeling System of Systems is presented. The framework comprises cognitive architectures embedded in multi-agent models. Financial markets are selected as an analysis domain to demonstrate the framework since they are a good example of self-organizing systems that are nonproprietary and exhibit System of Systems characteristics, specifically emergence on a grand scale. From the Artificial Life framework a trader-based architecture is formulated as a model to analyze system level behavior. The Artificial Life based framework developed provides a flexible way of modeling sub-systems of System of Systems and it captures the adaptive and emergent behavior of the system.

This paper presents a way to model systems, and to study their fault-tolerance properties analytically and by simulation. We take an algebraic view of fault tolerance, based on its composition. The basic notion is that every system of any significant size is created by composition from smaller sub-systems or components. Composition of components to create a larger system is considered to happen in two ways: direct sum, denoted \(+\), and direct product, denoted \(\times\). This is then used to describe an arithmetic on systems. Using this as a basis, a partial ordering of systems by fault tolerance is given. The analysis of systems with dependent components allows us to model more realistically and come up with conditions for redundancy to be successfully applied. The final consideration is about simulations of systems with dependent components. Such systems are simulated using a graphical model, in the following way: suppose there is a directed graph \(G = (V, E)\). All vertices are initially colored blue. All edges are directed, and some may be bidirectional. An edge from a vertex $v_1$ to a vertex $v_2$ means that $v_1$ ``depends upon'' $v_2$ in the following sense---if $v_2$ turns red, then so must $v_1$. Each vertex may have edges directed to multiple other vertices, and multiple edges from other vertices. This idea also nicely captures the notion of \emph{coupling} that is described in informal terms by system designers and others.

An enterprise architecture for the Earth Science activities of the National Aeronautics and Space Administration (NASA) was developed to assist in assessing the capacity of scientific instruments in meeting the needs of society. It can also help them develop the right investment strategies and help scientists and engineers in their planning for system development, especially for complex space-based environmental sensors. This architecture model can be easily extended to the Global Earth Observation System of Systems (GEOSS). In fact, it was constructed with GEOSS in mind to ensure that NASA’s observation systems can be readily mapped into the GEOSS structure. The architecture contains about 3000 elements that are involved in earth science research: observation sources, sensors, environmental parameters, data products, mission products, observations, science models, predictions, and decision-support tools. The science models use observations from the space-based instruments to generate predictions about various aspects of the environment. These predictions are used by decision-makers around the world to help minimize property damage and loss of human life due to adverse conditions such as severe weather storms. The architecture is developed using both traditional and non-traditional SE tools and techniques. This paper will describe additional methods needed for the SE toolbox.

The RailCab project envisions autonomous railway vehicles which drive in convoy without mechanical coupling. The RailCabs can dynamically and autonomously build and dissolve convoys. This enables an on-demand use of these vehicles while retaining the cost and ecological advantages of public transport. The development of such system has to be rigorous with respect to safety issues in order to avoid loss of lives and other damages. In this paper we present an overview about the system architecture of the RailCab prototype on the test track as well as the actions to be taken to ensure safe operation.

The FAA's Next Generation Air Transportation System (NextGen) will rely increasingly on automated tools in order to aid air traffic controllers in managing the increased volume of flights expected by 2025. Previous approaches for handling greater traffic are no longer scalable to handle the expected volumes. Roles and responsibilities will need to change for pilots and controllers. New automation tools will need to be invented. Rather than addressing the technology of the system of systems to transform the National Airspace System, this paper concentrates on system engineering specialties that will need to be employed in order to adequately address the safety impacts of radically increasing the reliance on automation. From a human factors perspective, the controller's job will change, requiring not only attention to computer-human interaction but also how attention spans are affected, ability to recover from automation errors or outages - and the ability to be aware that an error or outage has occurred, changed working relationships with other members of the air traffic control and traffic management team, and situational awareness. Would the changes affect the safety culture? Existing trajectory projection algorithms may need to be improved, requiring analysis of new algorithms, modelling, and validation of the algorithms. Software implementing the algorithms will need to be rigorously verified. Depending on the level of traffic and complexity of algorithms, it may be necessary to use multi-core processors, thus requiring multi-threaded algorithms. Safety risk management will need to consider the impacts of the automation on the humans, in addition to the usual identification of hazards in the end-to-end system. Mitigation needs to be identified early in order to be reflected in requirements documents. The paper examines the systems engineering processes that will need to be engaged across this system of systems in order to achieve the desired capacity increased while maintaining the necessary levels of safe operation.

We spend much time these days focusing on the maturity of our engineering processes and heralding process maturity ratings such as those associated with the CMMI and ISO 9000 as indicators of our ability to deliver quality products – products that meet the customer’s expectations and that continue to do so throughout their life cycle. What our customers have found, however, is that often process maturity does not guarantee product quality. This is especially true for the highly software intensive systems we now build, where performance, dependability, and failure modes are less well understood. If we are to be successful in delivering systems that meet customer expectations, we must start as early as possible in the design process to understand the extent to which those expectations might be achieved. As we develop candidate system architectures and perform our architecture trade-offs, it is imperative that we define and use a set of quantifiable systems attributes tied to customer expectations, against which we can measure success. This paper addresses the use of quality attributes as a mechanism for making objective decisions about architectural trade-offs and for providing reasonably accurate predictions about how well candidate architectures will meet customer expectations. Typical quality attributes important to many current systems of interest include: performance, dependability, security, and safety. We begin with an examination of some the seminal work in the area of quality attributes and a survey of the current standards addressing product quality and evaluation. We then explore the implications for both the customer and the system developer, of employing a quality-attribute-based approach to architecture definition and trade-off. Lastly, we discuss the relationship of a architectural quality-attribute-based approach to engineering process and process maturity.

System of Systems Architecture Generation And Evaluation Using Evolutionary Algorithms Joseph Simpson, Missouri University of Science and Technology Dr. Cihan H. Dagli, Missouri University of Science and Technology Evolutionary computation and evolutionary algorithms represent a developing science and technology that can be effectively applied to the generation and evaluation of system of systems architectures. A general technique used by systems engineering professionals is a binary matrix representation of a system or system of systems. The specific meaning and semantics of the binary relationship depends of the type of representation used. Typical representations are, “N squared”, design structure matrix, dependency structure matrix, and implication matrix. A key feature of these typical representations is their direct relationship to the structure required in an evolutionary computational approach. Evolutionary algorithms can be applied to the evaluation and optimization of these matrix structures. A new evolutionary algorithm has been developed that applies specifically to the generation and evaluation of systems and system of systems. This new evolutionary algorithm incorporates a fuzzy inference system in the calculation of the best fit evaluation. The current industrial and social environment is populated with a vast array of existing and developing systems. Any new system must take this context into account. Formal concept analysis has been used to specify each given context and interface as a binary matrix. Evolutionary computation is applied to assist the system architect and engineer in the evaluation of these complex configurations and interface sets. The new evolutionary computing techniques are applied to system of systems architecting tasks using a well defined set of measures of effectiveness (MOE). The systems architecting task is divided into three general areas organized around the roles and responsibilities associated with, the system architect, the system customer and the system engineer. The system architect is responsible for the complete system operation and MOE balance, focused on life-cycle cost and risk. The customer is responsible for the mission profile and mission functions. Operational effectiveness and operational suitability areas are the responsibility of the systems engineers. Affordability, risk, operational effectiveness and operational suitability are the four MOE components used to evaluate the candidate system of systems architectures. A primary concept in this type of design and evaluation is the real world system relationship that is expressed in the binary mathematical relation. Six fundamental relationships have been identified to represent a given system. The complete system description approach is based on six abstract relation types: context, concept, functions, requirements, architecture, and test. Formal concept analysis is a well defined mathematical technique that is used to organize and represent the system of systems components in a manner that translates directly to the mathematical form required by evolutionary computation and evolutionary algorithms. When combined with digraphs and other graphical representations of the matrix form, this technique provides a powerful tool for the communication of complex system interactions to large system design and evaluation teams. The ever increasing availability and cost effectiveness of computing capability adds additional motivation for the exploration and development of evolutionary computation in system of systems architecting, design and evaluation. These techniques will be applied to an example system architecture evaluation in the paper. In summary, evolutionary computation is a technology that has a solid scientific foundation and is well placed to provide the system of systems architect a powerful design and evaluation tool.

We present a novel way of modeling Interactive Image Guided Surgery (IIGS) systems as a process control problem. We introduce a notation and a software architecture for a tool to assist in the modeling and the safety analysis of these IIGS systems. The notation helps to identify the real-time and quality of service segments of the IIGS system which is built as a system of systems. We discuss the results obtained during the modeling and the analysis of IIGS systems currently in use.

The increasing availability of a variety of wireless access technologies provides users with access to critical content and applications. In medical applications, reliability and ubiquity must be guaranteed by new communication technologies in order to favour their adoption. Ensuring a satisfactory quality of service and a high degree of availability requires a reliable delivery system that optimally brings together several wireless access systems and medical-based platforms into an efficient trial product to satisfy operational needs. This paper proposes a novel system architecture to support adaptive real-time medical applications, possibly multimedia-based, over various wireless technologies. The system addresses several issues associated with the successful operation of applications running over heterogeneous networks. First, it defines a layer of abstraction to isolate the applications from the actual transport system. Second, it uses a message-based protocol to improve the reliability and security of the communications over different access systems. Finally, it includes adaptation mechanisms for various system statuses. A real-life healthcare application capable of transmitting voice, video and medical data simultaneously is used for validation. Experimental results are reported that demonstrate the viability of the approach. The paper begins with a brief introduction to the architecture and the communication model that address issues related to integration and selection of access systems and adaptation to support robustness of real-time medical applications. Related work in the area is then presented where possible comparisons and contrasts are drawn from approaches suggested by other researchers. Next, the paper describes the communication model then the system architecture. The communication model consists in a hierarchy of communication abstractions defined to adequately support the needs of real-time applications. It is specifically adapted to an environment where several mobiles can communicate simultaneously with a distant base receiver and where communications are usually exposed to fading and outage. Therefore, a multi-layered communication structure is chosen to manage the connectivity and guarantee the reliability of the system. The first layer is built on top of the physical access systems to build a communication abstraction for all application components (e.g. video, voice, image or life sign exchanges). It is a recurrent process that tries to bring heterogeneous access interfaces up and to monitor their status. The second layer intends to ensure robustness, typically by tracking the existence of an alternate access system in standby, which could be used in case of failure of the active connection. The third layer creates a virtual communication channel that will be used to handle temporary disconnections. It multiplexes all communications over a single connection and integrates reliability features through a message-based protocol. Beyond connectivity and reliability, this level is also used to handle critical issues such as security – more specifically authentication and confidentiality – transparently for applications. State machine diagrams are illustrated and analyzed for different layers. The system architecture is presented showing the functional entities that implement the finite state machines introduced in the communication model. Interfaces are introduced in order to monitor and control physical access systems. Managing entities are responsible for different abstraction levels, to ease control of different layers. The entities can interact with each other by probing their states, or by subscribing to be notified when a change of state occurs in order to enable the whole system to work effectively. System switch-over and recovery are handled by special procedures that enable the resynchronization of both sides and the recovery of lost information after communication failure. This aims to ensure reliability and no loss of information during access system switching and temporary disconnections. The message-based approach is also described for reliable communication handling. Finally, for system verification and validation, the paper presents the validation results of exploiting a medical emergency response application which provides a full range of real-time bidirectional communication services. The application is capable of sending vital signs and also supports the transmission of audio data, high quality traumatic still-images and real-time video streaming. Several operational scenarios and use-cases were identified and tests were carried on commercial third generation systems under real-life conditions. The application performance and adaptation trade-offs were analyzed as well as the system overhead for different scenarios. The results showed the effectiveness of the proposed system making it viable option available to healthcare professionals. Compared with other proposed approaches, our solution does not require the introduction of specific network infrastructures. It also ensures security, robustness and flexible connectivity and, therefore, targets more specifically embedded applications having a medical purpose.

The 21st century is an exciting time for the field of systems engineering. Advances in our understanding of the traditional discipline are being made. At the same time new modes of systems engineering are emerging to address the engineering challenges of systems-of-systems (SoS) and enterprise systems. Even at this early point in their evolution, these new modes are evincing their own principles, processes and practices. Some are different in degree than engineering at the system level while others are different in kind. While it is impossible to predict how the traditional and new forms of systems engineering will evolve, it is clear even now that there is a long and robust future for all three. Increases in technology complexity have led to new challenges in architecture, networks, hardware and software engineering, and human systems integration. At the same time, the scale at which systems are engineered is exceeding levels that could have been imagined only a short time ago. As a consequence, all three forms of systems engineering will be needed to solve the engineering problems of the future, sometimes separately but increasingly in combination. This paper defines three modes of systems engineering, discusses the challenge space each addresses, describes how they differ from and complement each other. It asks and starts to answer the question of how to enable the development of enterprise systems engineering in a defense department.

Douglas O. Norman and Brian E. White The MITRE Corporation In this paper we take some ideas from the realm of complexity theory, the study of complex systems science, etc., and apply this learning to a purported way of improving the practice of systems engineering. We choose one of the very challenging domains that we facethe acquisition of electronic systems that will add significant improvements in military mission capability. We have benefited from the active exploration, presentation, and debate of ideas and methods beyond the boundaries where systems engineering is currently defined, and more importantly, practiced. Most notably, the ideas that seem to offer the most value are being taken from what is sometimes called “complexity science,” and in a language of conception and expression with which many systems engineers are not very familiar. Furthermore, many systems engineers are uncomfortable with adopting a broader perspective of systems engineering and trying to adopt and formalize complementary techniques that may help greatly in practicing systems engineering in the real-life areas within which we are being asked to work. Therein lies the challenge, because at the heart of the matter is the need for ideas, concepts, mechanisms, and processes, in a language that is relevant to systems engineers. Then we are better able to produce useful results at the considerable scales with which we are asked to work. So, we will attempt to explain our suggestions in terms that acquisition professionals will receive with interest. Systems engineers are being asked to apply their engineering acumen in larger and more complex (a term that will be explained in the paper) contexts. As these contexts expand, the (mostly unstated) assumptions of the application of our systems engineering practice are violated more and more. Thus the ideas, methods, and tools, previously unquestioned, have hit some limits, and many complex system failures that have happened can be traced to shortcomings of (traditional or conventional) systems engineering. We offer some principles of a complementary approach, called complex systems engineering, which show considerable promise in helping us cope with what seem to be intractable or even unsolvable problems. The paper focuses on ensuring that our most important system elements are composable (capable of being integrated adaptively) with other such elements to satisfy emergent needs and new operational understandings not previously envisioned. This is quite different from our present acquisition process and, along with complexity principles, usually doesn’t communicate very well with a typical program’s chief engineer, who often asks the key question: “So, what do I go do?” In attempting to answer this question in the paper, we make some observations of what is done today and what we might do differently. From a chief engineer’s point of view, we suggest (and in the paper will explain) four heuristics that can turn our concepts into operational practice to mitigate the insularity issues often found in systems development. 1) Focus on the fundamental unique value (an entity that will be explained in depth in the paper) your system offers to the enterprise. 2) Develop and use “casual” technical composition mechanisms first. 3) Know how you will offer access to your elements of fundamental unique value; and what interaction models will be proffered. 4) Provide a mechanism for reducing the integration barrier such as putting in place a developers’ network, “points-of-presence” with offered functionality exposed as live services. The paper will also address a large unmet challenge. We will have made a case for why and how to accelerate useful progress technically and operationally, and what one might tell a chief engineer. However, we’re not so sanguine to believe these aims will be achieved on a large scale anytime soon since the economic and business structures really don’t support them well. To see what might improve, we will elaborate a little more in the paper on the difficulties within our present acquisition culture, and from where would derive the incentives to change things. We think an answer may lie in presenting collections of composable elements of valuable functionality that create new opportunities for the end users, in particular, and we’ll explain why. We will also discuss possible ways forward that might involve a new way of doing business. There is still a need to develop a system of revenue flow which rewards actual use in addition to or instead of paying only for development.

The US Department of Defense builds and fields large numbers of war fighting systems to support operations across the globe. These systems are employed by regional combatant commanders in different configurations to address military threats. The military Services by statute are responsible for training and equipping the military forces and equipment acquisition is a core Service function. Acquisition has traditionally been based on development of systems to meet identified user needs. In the past five years, there has been a shift in the Department approach to defining user needs to focus on capability needs and gaps as the basis for acquisition. Capabilities require a mix of material and non-material assets, which must work together to meet capability objectives. To a large degree, the acquisition process has retained its focus on system development, and the war fighter has been responsible to integrate the available systems to meet their needs. With the advent of networked systems, and widening ranges of sensors and weapons, it is no longer possible to continue to develop systems independently, hand these over to end users and expect that they will be able to create a cohesive war fighting ensemble to meet their operational needs. This paper will discuss how the Defense enterprise is addressing this situation and the implications for systems engineering. A review of a set of ongoing efforts to engineer ‘systems of systems’ provides the basis for understanding various ways the Defense Department is currently approaching the need to provide coherent end to end support for user capabilities and how systems engineering is being applied. These SoS are overlays on existing systems which were developed and are being used in contexts which differ from the context of the new capability needs. Acquisition management structures are hierarchical within the military services; many DoD SoS cross service lines and any SoS management approach coexists with independent management approaches of the systems which comprise the SoS. Systems engineering approaches have focused on supporting the system lifecycle with structured sequential phases of design, development, implementation, fielding, maintenance and disposal. Incremental approaches to development supported by increments or spirals have adapted this to address need for more agility and changing needs. In the SoS case, while the systems may have lifecycles, the SoS is typically an evolution of the set of existing and new systems which become components of the larger SoS, calling for a new ways to apply systems engineering processes. This paper will provide a review of the ways that SoS efforts have been structured and approached from a systems engineering perspective. In particular the paper will examine core elements of systems engineering in an SoS environment and how the current SE process support these elements. It will address the particular challenges the SoS environment poses for the systems engineer at both the SoS and system levels. Finally, the paper will suggest some areas for further investigation to address key issues as systems engineering takes up the challenge of these changes in the interdependent networked environment of the future battle space.

This paper describes AGSOA, an Agile Governance for Service Oriented Architectures (SOAs) that is intended to address many of the inherent challenges faced by implementing the DoD’s 21st Century agile net-centric warfare systems using SOAs. The complex interdependencies within SOA-based systems, when combined with DoD’s desired agile change capabilities, creates a very complex and open-ended system of systems environment that cannot simply modeled, simulated, verified and/or validated. The AGSOA framework is designed to blend elements of proven agile-style project management methodologies with contemporary SOA governance strategies used in other, less complex industries to yield a more appropriate governance strategy for life- and mission-critical DoD SOA projects.

Very large-scale systems are difficult to analyze let alone engineer. Once the components of such systems become systems themselves the difficulties increase greatly. Often, standard, unimodal, analytic techniques are insufficient to understand these systems of systems. Finally, humans are usually a key component of these systems; thus, further complicating the analysis. Unfortunately, it has become clear that the ability to analyze and engineer these systems is critical. Given this, we now use an integrated modeling framework for analysis and engineering of these systems. This framework includes agent-based models to represent the humans within the system and physics based models to represent key physical characteristics of the system, such as sensor performance. This framework can be coupled with heuristic search techniques to explore optimization problems. This paper will use a case study to explain these tools and explore these techniques. The case study used for our experimental test bed is one of large venue protection. More specifically: what are the most effective sensor placements and what are the most effective tactics to be employed by security personnel to protect a large public venue. An agent-based model is used to represent the environment, crowd movement, “bad actor” behavior, and security personnel. High fidelity models of infrared sensors, passive millimeter wave sensors, active millimeter wave sensors and sensors that detect anomalous behaviors are used for sensor performance within the environment. The scenario is as follows: a very small percentage of bad actors, carrying explosive devices and firearms, seek to move through the venue to either attack good actors moving through the system or transit the entire venue. Security guards attempt to use the sensor information to interdict the bad actors without interfering with the flow of good actors. General measures of effectiveness for the system include, inter alia, crowd throughput, the number of “bad actors” caught, and the number of “bad actors” that get into the venue. We illustrate the methodology above by searching for the optimal combination of security guard behavior in conjunction with sensor placement balanced against a wide variety of bad actor behaviors and overall crowd flow and throughput. This search is performed with a simple genetic algorithm utilizing a nearly orthogonal latin hypercube to sample the vast parameter space associated with the simulations. A genetic algorithm was chosen as it produces a population of solutions. Use of a genetic algorithm necessitates the creation of a fitness function. This function will be created from general measures of effectiveness combined with utility functions and risk profiles of the decision-maker involved with system design and evaluation. We show how the modeling of the preferences for various measures of effectiveness will significantly affect the solution population generated by the genetic algorithm. We further demonstrate how this approach provides a population of solutions that optimize both security personnel tactics and sensor mixes and placements. The paper concludes with a discussion of the implications of this approach. We examine the issue of verisimilitude; specifically how increasing the realism of the sensors affected the results of the simulation. We further expand upon the utility of developing a population of solutions and then testing the solutions against a wide variety of threats. Lastly, we draw conclusions as to the extensibility of this approach to other large scale enterprise systems.

This paper proposes an executable system architecting paradigm for discrete event system modeling and analysis through integration of a set of architecting tools, executable modeling tools, analytical tools, and visualization tools. The essential step is translating SysML-based specifications into Colored Petri Nets (CPNs) which enables rigorous static and dynamic system analysis as well as formal verification of the behavior and functionality of the SysML-based design. A set of tools have been studied and integrated that enable a structured architecture design process. Some basic principles of executable system architecture for discrete event system modeling that guide the process of executable architecture specification and analysis are discussed. This paradigm is aimed at general system design. Its feasibility was demonstrated with a C4-type network centric system as an example. The simulation results was used to check the overall integrity and internal consistency of the architecture models, refine the architecture design, and, finally, verify the behavior and functionality of the system being modeled.

The Automatic Identification System (AIS) is an important component of maritime navigation systems. It is used to improve safety on ship navigation in the sea. In this paper we propose to design and implement the AIS link layer. Specification and Description Language (SDL), with its Real Time extension (SDL-RT) is chosen to design this complex and critical layer.Indeed, SDL-RT allows hierarchical architecture definition, graphical presentation and detailed description of the system which facilitates the management of the system’s complexity and allows the functional testing. Moreover, it introduces several real time concepts, like semaphores and task priority and replaces abstract data types (ADT) language of SDL by the embedded C-language constructs so that the generated code from the system design is optimized.The designed model was then tested in order to verify the overall system operation. Once all tests were successful, we proceeded to the automatic C-code generation. This code was then adapted to the targeted Blackfin 533 digital signal processor (DSP), and tested on its real-time embedded operating system.

Survivability, the ability of a system to minimize the impact of a finite-duration disturbance on end-user value delivery, is increasingly recognized beyond military contexts as an enabler of maintaining system performance in operational environments characterized by dynamic disturbances. Seventeen general design principles are proposed to inform concept generation of survivable system architectures. Six of these design principles focus on a survivability strategy of susceptibility reduction: (1.1) prevention, (1.2) mobility, (1.3) concealment, (1.4) deterrence, (1.5) preemption, and (1.6) avoidance. Eleven of the principles focus on vulnerability reduction: (2.1) hardness, (2.2) redundancy, (2.3) margin, (2.4) heterogeneity, (2.5) distribution, (2.6) failure mode reduction, (2.7) fail-safe, (2.8) evolution, (2.9) containment, (2.10) replacement, and (2.11) repair. In this paper, the completeness, taxonomic precision, and domain-specific applicability of the design principle framework is empirically tested through case applications to survivability features of the F-16C combat aircraft and Iridium satellite system. Integrating results of these two tests with previous tests (e.g., UH-60A Blackhawk helicopter, A-10A aircraft), the validity of the design principle framework for aerospace systems is demonstrated.

The United States Air Force (USAF) is implementing an integrated net-centric system of systems for airborne operations in support of the global war on terror (GWOT). The GWOT demands that a successful architecture framework transforms and delivers net-centric assets to the war-fighter in a timely manner. A critical component of this implementation is the transformation of legacy military air platforms into net-centric air power assets operating within a system of systems. The Enterprise Architectural (EA), Zachman, System Architectural (SA), and the Department of Defense (DoD) Architectural frameworks are ways of managing complexity and organizing information within a system of systems network. Frameworks provide the organization with a common understanding for comparing and integrating architectures; and they also provide a method of achieving a higher level of customer satisfaction while establishing lower cost. This paper will explore and compare several architectural frameworks; show examples used in a system of systems network; and illustrate how the Department of Defense architectural framework (DoDAF) can successfully define the transformation of a legacy military air weapon system into a net-centric asset.

A major component of the system development cycle is the requirements analysis. For complex projects, this involves many stakeholders with different perspectives on the product and with different background and skills. Great effort is spent describing in detail the product and making sure the specification is complete and free of consistency errors. Mistakes and omissions made in requirements documents may lead to wrong interpretation by engineers and, by domino effect, to errors that trickle down in design and implementation. In this paper we describe a methodology for requirements specification that aims to alleviate the above issues and that produces models for functional requirements that can be automatically validated for completeness and consistency. This methodology is part of the Requirements Driven Design Automation framework (RDDA) whose overall architecture is described in [1]. The RDDA framework uses an ontology-based language for semantic description of a) functional product requirements, b) UML/SysML structure diagrams, and c) component constraints and Quality of Service. Our system has the objective to close the current semantic gap between requirements, components, and system architecture that is prone to omission and ambiguous interpretation. The RDDA framework can be integrated with the plugin architecture of leading UML/SysML modelers, such as Rhapsody from Telelogic. This paper is focused on the requirements component of the RDDA architecture. We present the metamodel ontology of the OPP Design Language used for requirements specification, that covers aspects such as of high-level product structure, features, capabilities, system resources, constraints, Quality of Service, as well as authoring and versioning. An ODL requirements document is presented as a set of OWL ontology files, but the front end method for user requirements specification is the SysML editor in Rhapsody. The specification is validated for completeness and consistency with a ruled-based system implemented in Prolog. With our methodology, omission errors and several types of consistency errors present in the requirements specification are detected early on, before the design stage. One of the consistency errors that are detected occurs when a product component is assigned by different requirements statements with incompatible capabilities. Another type of error detected is caused by conflicting numeric constraints from disparate statements referring to the same system performance parameter. These errors are caught in seconds. Otherwise, without a formalized requirements model, these type of errors require a detailed review with cross-referencing, which makes them expensive and difficult to fix. We demonstrate the RDDA methodology for requirements capture and validation with the design of a GPS-based location-based cell-phone application. The proposed system faces several challenges. Building a metamodel for the requirements specification requires up-front effort by domain experts. User-friendly modeling tools will have to be developed for users not familiar with the RDDA ontology-based metamodel. The current SysML front end still requires systems engineering skills. As an alternative to visual requirements modeling we will investigate the possibility to extract the requirements semantic models from requirements described in natural language. Related Work Current commercial products for requirements management for software systems have extensive focus on configuration management. The application domain for most requirements systems is opaque to the tool. In contrast, Ravenflow [2] introduced in their requirements modeling tool, RAVEN, techniques using natural language processing and domain restricted grammars that compile model. RAVEN generates visual models for business flows similar to UML activity diagrams that can be validated for consistency. RAVEN does not derive a product functional model and does not address constraints and QoS. Several academic research projects have looked in the problem of requirements modeling. Kaiya and Saeki [3] have developed an ontology-based specification method for software application requirements and a validation technique for detecting errors. Their work does not extend into verification of QoS and resource constraints. SoftWiki [4] takes a different approach. It adapts the proven Wiki platform for collaborative authoring for the purpose of “collaboratively specify, structure, query and rearrange requirements” in large groups, supporting semantically structured annotations. References [1] I. Cardei, M. Fonoage, R. Shankar, “Framework for Requirements-Driven System Design Automation”, the 1st IEEE Systems Conference, Honolulu, Hawaii, April 2007 [2] Ravenflow, http://www.ravenflow.com/products/index.php [3] Haruhiko Kaiya and Motoshi Saeki. “Ontology based requirements analysis: Lightweight semantic processing approach.” In Fifth International Conference on Quality Software (QSIC 2005), 2005. [4] Soren Auer, Klaus-Peter Fähnrich, and Thomas Riechert. “SoftWiki – Agiles Requirements-Engineering fur Softwareprojekte mit einer großen Anzahl verteilter Stakeholder.” In GeNeMe’ 06 – Gemeinschaft in neuen Medien, 2006.

This paper takes a biologically inspired approach towards the operating systems. It views the DNA through a “system software microscope”. It discusses related issues, examples being file system, program preparation, and it’s parallel and distributed features, including inter-process communication. Our work explores the analogy between the computer operating systems and the molecular biology control systems, concerning the issues of improving the computer operating systems and its parallel and distributed capabilities.

Nowadays, most mechanical engineering products rely on the close interaction of mechanics, electronics, control engineering and software engineering, which is aptly expressed by the term mechatronics. The development of mechatronic systems starts with the domain-spanning conceptual design phase, i.e. the specification of the principle solution of the system. Every technical expert in the development team must be able to understand this jointly developed principle solution, as it forms the basis for the subsequent design concretizations in the participating domains. We developed a set of semiformal specification techniques to describe the principle solution of mechatronic systems. The domain-spanning specification of the principle solution not only leads to the betterment of product design, but also the efficiency of the product development processes and the product development organization. In collaboration with UNITY AG, we investigate the usefulness of the specification technique in enterprises with their core businesses in the development of cutting-edge mechatronic technology. In this context, we attempt to align the product development processes and the organizational structure with the specification technique describing the principle solution of mechatronic systems. Some benefits are, for instance, increased transparency of design modularization during the introduction of new mechatronic products, as well as more effective technical communication between the different departments responsible for developing the system.

The emphasis on sustainability suggests that what is needed is a policy effort aimed at making these developmental achievements last well into the future. Pearce et. al [1] suggest a simple definition of sustainable development as a vector of development of desirable social objectives; that is, it is a list of attributes which society seeks to achieve or maximize. The elements of this vector might include: • Increase in real income per capita; • Improvement in health and nutritional status; • Educational achievements; • Access to resources; • A ‘fairer’ distribution of resources. A minimum conditions for developments to be sustainable, is the requirement that the natural capital stock should not decrease over time. Natural capital stock, in this context, is the stock of all environmental and natural resource assets, from oil in the ground to the quality of soil and groundwater, from the stock of fish in the oceans to the capacity of the globe to recycle and absorb carbon. The conservation of the existing stock of natural assets should be the goal of sustainable development. The presumption that sustainability has something to do with non-depreciation of the natural stock is explicit in the Brundtland report, which says, ‘If needs are to be met on a sustainable basis the Earth’s natural resource base must be conserved and enhanced’ [2]. Existing natural stocks would generally be regarded as being below sustainability level in many developing countries. For some Sahelian countries, for example, they are significantly below ‘sustainability’, in that desertification and deforestation actually threaten livelihoods [3]. Conserving the natural capital stock and even improving it will serve the following goals which would command wide, though maybe not universal, acceptance by achieving the following: • Justice in respect of the socially disadvantaged; • Justice between generations; • Justice to nature; • Aversions to risks (such as droughts, severe weather conditions etc.) which may arise if the environment is left for degradation. It may not be too unfair to suggests that the past models of the development process have tended to assume that the ‘future will look after itself’, whereas, the sustainable development approach acknowledges that the ability of the future to do this can be seriously impaired by actions taken now. It is because of this, the practice of discounting the future, a standard feature of the economic approach to inter-temporal decision-making, is discussed critically in this paper and is most relevant to the system approach. References: [1] Pearce, D., Barbier, E. and Markandya, A. (1994), Sustainable Development: Economics and Environment in the Third World, London: Earthscan Publications Ltd. [2] World Commission on Environment and Development (1987), Our Common Future (The ‘Brundtland Report’), Oxford University Press. [3] Falloux, F. and Mukendi, A. (eds) (1988), Desertification Control and Renewable Resource Management in the Sahelian and Sudanian Zones of West Africa, World Bank Technical Paper No. 70, World Bank, Washington DC.

Within the next several years, integrated systems of systems that had previously been the subject of futuristic speculation will begin to be developed. For example, the U.S. government is considering the development of an intelligence transportation network, with the first elements of that network in place by 2011. Consider one possible scenario for this intelligent network: You are driving down a suburban street, following another car at normally safe distance. Electronic sensors in the car ahead of you recognize a slippery patch of ice not noticeable to the driver. Automatically, computers in the lead car activate the traction control system, and at the same time, alert other neighboring cars, including yours, about the danger. Your car displays a warning light and activates your traction control. When you attempt to change lanes, your car warns you of another vehicle in your blind spot. Finally, when your car detects an imminent collision, it tightens your seat belt, pulls your headrest into a safe position, and inflates the air bags at the moment of impact. After the crash, systems in both cars automatically inform emergency services. This example may seem highly futuristic, but it is based on technology that is either already commercially available or is being readied for deployment in automobiles. For example, Volvo already installs a collision warning systems on some cars. Four million GM cars use its OnStar system to communicate with an operator who can perform functions like unlocking Tiger Wood’s Buick. Motorola has a contract with the Michigan Department of Transportation to test a system that connects cars to the roadside and to each other. A fundamental requirement for enacting this scenario and similar scenarios from healthcare, process control, defense, and other domains is the need to integrate heterogeneous systems created and controlled by different parties in a highly dynamic, interoperating system of systems. These scenarios share several characteristics: • They are highly networked (in our example from car to car and from car to environment) • They operate in real time to make critical, often safety-related decisions • The technical problems for each participant are hard, but solving the complete end to end problem is an even more complex task. • The participants have a purpose of their own; and some part of their functionality is used in system of system threads We believe that the engineering community must begin to think differently in order to build and sustain this new class of system of systems. For such systems of systems, technology will continue to change at all levels; the scale of integrated solutions and the level of sophistication required of the integration itself will continue to grow. This will be coupled with increasing variability of user expectations. Unfortunately, we have extensive evidence that existing system engineering practices cannot provide solutions fast enough to address these rapidly changing expectations, and the problem is getting worse because the rate of change is increasing. What is needed is an engineering process that can: • Build new components that are sufficiently flexible to be reused in multiple systems of systems contexts • Develop infrastructure that supports integration and monitoring • Provide suitable mechanisms to compose components to meet the rapidly changing demands. This engineering process must support: • Single system development cycles that produce components with sufficient granularity to be composable while still satisfying requirements of the single system users. An overall goal of these processes is to populate a pool of reusable components. • Composition cycles that combine components from the pool to address particular user demands. This technical composition is one aspect of a larger orchestration process that can also involve aligning social and cognitive factors such as organization, training, and processes. The cycle must respond to dynamic user demand as rapidly as possible. Ideally, this process would involve “end user computing” where the users are capable of directly composing the capabilities they need in response to demand situations. Practically, this cycle will involve adapting components so that they can be effectively composed to satisfy the particular demand. This paper will present this two-pronged engineering process, characterize where and why it is different from other life cycles, identify practical considerations, and discuss the effect on component and system of system requirements.

This paper explores the problems related to Configuration Management (CM) for systems of systems, and describes several attributes of successful system-of-systems configuration management. The authors show that, just as with other management aspects of systems of systems, you don’t stop performing CM when you leave conventional systems behind; instead, there are additional concerns that must be addressed to achieve effective CM in systems of systems. Presented as a system of systems CM framework, the authors describe several principles and supporting attributes for effective system-of-systems CM. These principles and attributes are applied against a real-life scenario to illustrate how they can be used to increase the probability of success when initiating a system of systems CM strategy.

The increasing complexity and short product cycles drive developers of mobile systems to analyse the performance of systems before hardware prototypes are available. Therefore, it is necessary to predict application runtimes with the help of simulations of system models. Miscellaneous components and factors of mobile devices affect the performance, e.g. caches, buses etc. In order to predict the performance of new system designs already during early stages of development, models of the timing behaviour are necessary. We have developed a modular timing simulator for models of typical mobile systems which can be used to predict the runtime of applications on future systems. Since UML is the de-facto standard for software modelling and widely used, we use UML to specify the hardware of the system. In this way, the gap between hardware and software modelling may be closed and performance analysis of application and system design are tight closer. The UML system model consists of an architecture model and an instruction behaviour description. The architecture model describes the components of the system and the connections between them and the behavioural model specifies the timing of the processor instructions. These models are used to simulate different configurations of an ARM9 system. Traces from one configuration are used to predict the performance of another configuration. Predictions for an ARM11 system with parallel pipeline units are made.

Networks-on-chip (NOC) are expected to play a key role in future embedded systems. A NOC-based system has the potential to support concurrent processing, in both software and hardware. This can however lead to concurrency issues. We present a multiprocessor system modeling and performance evaluation approach that addresses concurrency. We illustrate our methodology by mapping a H.264 decoder onto a 4×3 mesh-based NOC architecture. We show latency, area, and power consumption results for this NOC architecture abstracted from its FPGA implementation.

Complex systems are often developed by independent design teams whose boundaries are defined by interface design documents that can be incomplete and ambiguous without anyone realizing it. Such weaknesses can lead to inadequate testing and can cause system-level design problems and inadequate robustness. An important line of defense against these errors in a safety- or mission-critical system is a software failure mode and effects analysis (SW FMEA).

Agent-based systems consist of a collection of agents that interact with each other in dynamic unpredictable, and unreliable environments. A very basic problem regarding security properties of agent-based systems is that whether a message sent by an agent is reliably received by other agents and whether the message received is regarded as reliable in the view of receivers. The problem generally depends on the trust that agents would put in the security mechanisms of the system. In order to support the analysis of various security mechanisms in agent-based systems, it is necessary to systematically investigate formal representation techniques, and provide more generic tools for the specification, and reasoning about trust theories formalizing security mechanisms in agent-based systems. In this paper, we use a temporalised belief logic to show how to establish dynamic trust theories for communication protocols. Such theories provide a foundation for reasoning about properties of agent-based systems operating in dynamic environments. We also outline a decision procedure based on model checking for verifying security properties for trust theories.

Introduction. The contemporary environment and large-scale systems challenges motivate research in support of a new paradigm: value robustness. By value robustness, we mean the ability of a system to continue to deliver stakeholder value in the face of a changing context. The authors’ research seeks to develop methods for concept exploration, architecting, and design using a dynamic perspective for the purpose of realizing systems, products, and services that deliver sustained value to stakeholders in a changing world. The research is aimed at improving the development of real world systems and systems of systems, and involves deep engagement with government and industry stakeholders in the research conduct and the transition of research outcomes to industry practice. Approach. The concept of value robustness is responsive to the issues cited in a number of reports and studies on the challenges of systems acquisition and development over the past decade. For example, a 2004 workshop explored the topic of engineering for robustness, that is, developing systems capable of adapting to changes in missions and requirements; able to reliably function given changes in threats and environmental be easily modified to leverage new technologies; and scalable and adaptable (Rhodes 2004). The workshop prompted such questions as what this really implies for systems engineering, how this type of robustness can be measured, and who bears the cost. The evolution of a new paradigm, value robustness, requires a new mindset that recognizes the dynamic context, understands the fallacy of static preferences as a basis for design and embraces the ‘inevitability’ of change (Ross 2006). Research seeks to understand how to match changing systems to changing needs as a mechanism to ensure sustainable system success. Conceptual and analytic methods are needed to enhance the ability to design for changeability. The ability to quantitatively assess changeability is a key element for being able to specify and verify system adherence to changeability specifications as an explicit metric for designing systems. Complementary research is likewise underway to develop analytic methods for discovering “clever” system designs that remain successful in spite of changing contexts without the systems having to change themselves. The research is leading to the articulation of principles for design of value robust systems, including designing for specific “ilities”. The paper discusses research on principles for architecting for survivability as one example of this, where survivability is framed by the value robustness concept. Results. The paper will discuss the research progress and several recent research outcomes that are currently be tested in industry and government practice. These include: a dynamic tradespace exploration method; Epoch-Era Analysis method; metrics of system changeability; and a taxonomy of “ilities”. We discuss several ongoing collaborative research projects designed to engage the practitioner community as collaborative research partners, and the associated mechanisms for transitioning academic research to real world practice. Example References Richards, M.G., Ross, A.M., Hastings, D.E., and Rhodes, D.H., “Design Principles for Survivable System Architecture,” 1st Annual IEEE Systems Conference, Honolulu, HI, April 2007. Richards, M.G., Hastings, D.E., Rhodes, D.H., and Weigel, A.L., “Defining Survivability for Engineering Systems,” 5th Conference on Systems Engineering Research, Hoboken, NJ, March 2007 Rhodes, D., Report on the AF/LAI Workshop on Systems Engineering for Robustness, Massachusetts Institute of Technology, July 2004. Ross, A.M., Rhodes, D.H., and Hastings, D.E., “Defining Changeability: Reconciling Flexibility, Adaptability, Scalability and Robustness for Maintaining Lifecycle Value,” INCOSE International Symposium 2007, San Diego, CA, June 2007. Ross, A.M. and Rhodes, D.H., “The System Shell as a Construct for Mitigating the Impact of Changing Contexts by Creating Opportunities for Value Robustness,” 1st Annual IEEE Systems Conference, Honolulu, HI, April 2007. Ross, A.M. and Hastings, D.E., “Assessing Changeability in Aerospace Systems Architecting and Design Using Dynamic Multi-Attribute Tradespace Exploration,” AIAA Space 2006, San Jose, CA, September 2006. Ross, A.M. Managing Unarticulated Value: Changeability in Multi-Attribute Tradespace Exploration, Doctor of Philosophy Dissertation, Engineering Systems Division, MIT, June 2006 Ross, A.M. Multi-Attribute Tradespace Exploration with Concurrent Design as a Value-centric Framework for Space System Architecture and Design, Dual Master of Science Thesis, Aeronautics and Astronautics and Technology and Policy Program, MIT, June 2003

Software design patterns are prescribed solutions to common families of software implementation problems. Though design patterns have proven to be effective and efficient in many applications, many would argue that they have not been used nearly often enough or been effectively implemented. This is particularly true when constructing large-scale systems, where the complexity of the software is exacerbated by the integration with hardware devices. Software design patterns are implemented in order to promote high quality code and reduce debugging and design time. Design patterns accomplish this by acting as a coarse-grained form of code reuse. Whenever a recognized problem is encountered, designers need only to look through the pattern catalogue to determine which pattern addresses the problem and customize the solution for the application in question. Doing this avoids wasting time spent in crafting and debugging a new solution. In addition, design patterns conceptually encapsulate these solutions and allow for a common vocabulary amongst software designers, allowing for better communication of ideas and proposed pattern solutions. The same vocabulary can also be employed in official design documentation for future review, aiding in understanding the overall system architecture. This paper presents a prototype tool called VULCAN that aims to assist with the creation of high quality code through the use of design patterns. This tool comes in the form of a plug-in for integration with the popular Eclipse development environment. VULCAN facilitates high quality code creation through the automatic generation of design pattern code templates, customized with user input and integrated into pre-existing projects. This paper also provides an analysis of the need for design pattern use, past efforts at automated pattern code creation, and the description of the tool VULCAN and its implementation. By automating the design pattern generation process through the application of a practical and easily usable tool, the reluctance to use and difficulty in coding design patterns can be substantially mitigated, resulting in an over-all higher quality body of finished code.

Abstract Pending.

Cognitive maps are cartographic illustrations of a person’s internal representation of the spatial environment in which they live. All of us do form and use cognitive maps, whether in real or virtual space, to deal with and process the information contained in the surrounding environment. Cognitive maps help in visualizing the positional and location details and also the route map for reaching the destination from the current location. Quality of such visualizations directly depends on the quality of the cognitive maps. Thus a human being’s spatial behavior relies upon, and is determined by the individual’s cognitive map of the surrounding environment. One major deprivation in the life of visually impaired and the blind people is the access to information and visualization, as a result of which navigation and orientation ability as well as the ability to perceive surrounding environment reduces. This paper describes a technique and related experiments for acquisition of spatial knowledge (and thereby development of cognitive maps) of a building or a locality by visually impaired and the blind people through training in computer-simulated (virtual) environments. These might be places such as a school, a university campus or a shopping center. Our system allows them to navigate virtually and is able to automatically record navigation path of subjects. An algorithm is also presented for finding optimal path between places using boundary relation heuristic. Special emphasis is placed on online assessment (using various statistical measures) of cognitive maps formed by participants after walking through virtual environments. Preliminary results indicate that 1) bi-dimensional regression analysis is more useful than other methods to assess the configural relations between cognitive and actual maps and 2) most of participants were able to create precise cognitive maps after getting trained in virtual environments.

The practice of systems engineering has evolved significantly over the past decade in response to new challenges, yet at the same time the engineering workforce has declined. Several studies also cite an erosion of engineering competency, particularly in government and aerospace/defense industry. The development of systems competency is critical; yet, we lack the empirical basis for developing a truly informed strategy for addressing this need. This paper describes past and ongoing research on systems thinking and practice within the Engineering Systems Division at the Massachusetts Institute of Technology. The research seeks to impact the effectiveness of systems engineering in modern enterprises, through development of new empirical based knowledge related to systems thinking and practice.

Introduction. As technology continues to advance, systems of increasing complexity are realized. Given resource scarcity, especially financial limitations in fields such as aerospace, new functionality is sought from linking of systems—systems-of-systems. These linkages result in the introduction of even more complexity into the realization and operation of both the constituent systems and the system-of-systems. Research has shown a negative correlation between system complexity and the documentation of design knowledge (Dong, 1999). Systems thinking is a critical skill contributing to the balance of this undocumented design knowledge. Therefore, as complexity increases, the importance of systems thinking also increases. Systems of systems are further complicated by the bringing together of different corporate cultures, varying sets of technical and administrative processes, proprietary information, and a general absence of central authority. Under these situations, teams whose members come from different environments face hurdles towards the formation of a shared understanding of the system-of-systems necessary to effectively integrate the constituent systems. This research has implications for workforce development, process improvement, and effective team composition. Approach. Before the more complex system-of-systems issue can be address, the development of team-level systems thinking must first be explored at the system level of design. This paper describes ongoing research exploring the role of engineering culture, organizational influences, and technical process usage on the emergence of systems thinking within teams of engineers. This construct has been termed “collaborative systems thinking” to emphasize the important of intellectual coordination and interaction in team-level systems thinking. Teams within in the aerospace industry were chosen based on the researcher’s background and because of the high complexity of aerospace products. Building upon past work analyzing the enablers and barriers to systems thinking development in individual engineers (Davidz, 2005), and relying on a wide net of organizational literature, psychology literature, and workforce development research, a framework is developed that combines commonly used measures from past research that address team-level cognition, comprehension, and behaviors and processes linked to system comprehension and effective design. This framework (Lamb and Rhodes, 2007) emphasizes the role of engineering culture, organizational culture and technical process usage in enabling or inhibiting team-level systems thinking. This framework is used to inform a set of exploratory case studies investigating the links between culture, process and team-level systems thinking. A combination of surveys, interviews, observations, and primary documentation are used to explore collaborative systems thinking within teams during conceptual design and the early stages of detail design. A blend of quantitative and qualitative methods allow for a rich description of the ways in which teams engage in collaborative systems thinking and the enablers and barriers extant in their social and technical environment. Results. At this point, field work is just commencing. This paper will summarize initial field results, drawing preliminary conclusions on the ways in which engineering culture and technical process interact. Results will also include a field-tested description of the ways in which teams express systems thinking characteristics, including any modifications to the initial collaborative systems thinking framework. A plan for completing the research, disseminating the results and ideas for future research will also is presented. References. Davidz, H., Nightingale, D., and Rhodes, D, “Enablers and Barriers to Systems Thinking Development: Results of a Qualitative and Quantitative Study,” 3rd Conference on Systems Engineering Research, Hoboken, NJ, March 2005. Dong, Q., “Representing Information Flow and Knowledge Management in Product Design Using Design Structure Matrix,” Master’s thesis, Massachusetts Institute of Technology, Cambridge, MA, 1999. Lamb, C.T., and Rhodes, D.H., “Standardized Process as a Tool for Higher Level Systems Thinking,” INCOSE International Symposium 2007, San Diego, CA, June 2007.

The Department of Defense, like other government agencies and indeed the global business community, faces increasingly complex challenges that cannot be met by stand-alone systems. This has led to growing reliance on increasingly interoperable and interdependent systems that combine multiple organizational and functional capabilities to achieve an overarching mission. This is the motivation for developing systems-of-systems, enterprise systems, and even extended enterprise systems. This paper focuses on the engineering of this class of systems: a process that demands consideration of increasing scale, the rapid pace of change of the underlying technologies, the complexity of system interactions, and, perhaps most important, shared ownership and control. We hypothesize that engineering these systems is inherently different from engineering large-scale but essentially well-bounded monolithic systems. Decisions about the system(s) under development have to consider not only the technical and programmatic dimensions but also the political, operational and economic contexts. This paper discusses a diagnostic tool for profiling complexity and uncertainty in large scale system engineering developments and provides some lessons learned from its application. The profiler highlights four critical contextual dimensions that influence the engineering and acquisition of systems, system of systems and enterprise-wide systems: the strategic context, the implementation context, the stakeholder context, and the system context. It also highlights the various regimes operate, from well-bounded systems, to systems-of-systems, to complex enterprise-wide systems. On the basis of these insights, we propose an approach to tailoring engineering and acquisition strategies and practices to the specific circumstances at hand.

The US Secretary of Health has proposed 2008 prototype “remote patient monitoring use cases” to allow harvesting data from tens of millions of Americans who are treated for expensive and complex chronic diseases at home or in nursing homes. The value of such monitoring is multi-fold, including the desire to help improve timely and proper care by making data readily available to physicians, to reduce the harmful and expensive costs of mistaken, inappropriate, or ineffective care quickly, and to extend and enhance nationwide population health vigilance to detect and address new risks such as avian flue pandemics that would aggressively threaten these vulnerable population members. This initiative is part of a 10-year project that began in 2004 when President Bush authorized the US Department of Health and Human Services to initiate the design and development of a first generation National Healthcare Information Network (NHIN) (www.HHS.gov/healthit/). Of course, the NHIN is by nature a complex System of Systems (SoS) challenge because contemporary healthcare depends on multiple disparate clinical specialists (e.g., radiologist, cardiologist, or rheumatologist) and care-delivery-providers (e.g., hospital, physician office, or home care), each using specialized computer systems for optimal clinical data and practice management. In addition, telemedicine tools are creating an ever-expanding diversity of points-of-care, creating a growing number of smaller healthcare subsystems that extend to personal, consumer-based health care technologies. The NHIN project process employs a series of overlapping iterative, one-year analysis-design-prototype use-case standards-design cycles. Each year, clinicians, providers, and researchers (AHIC - http://www.hhs.gov/healthit/ahic/workgroups.html) specify clinical and operational goals and requirements. Next, a technology team (HITSP – www.ansi.org/hitsp/) identifies appropriate technical frameworks and standards to facilitate effective data interoperability among these providers. All of the tasks that are under way focus on one main goal: to help create a complete, current, and constantly-updated Electronic Health Record (EHR) for every American citizen by 2014 to allow more effective, safe, and economical healthcare. This new remote patient monitoring task will present many new system of systems engineering challenges to consider and overcome. One of the first issues is that the monitoring devices themselves are quite heterogeneous. The devices are manufactured by hundreds of companies, and, because they are provided to patients and nursing homes by thousands of private medical equipment rental companies across the country, the vendor, model number, configuration, and maintenance and calibration history varies widely. In addition, the use and programming of each device may be under the control of multiple parties, including the patient, family members, visiting or staff nurses, or other non-clinical aides. Lastly, many new consumer-product companies claim to be poised to introduce new, low-cost “health monitoring” devices (see www.ContinuaAlliance.org) In a “perfect world,” it would be ideal if the remote patient monitoring data could simply be directly integrated into the patient’s EHR. In reality, however, the NHIN systems will need to be sophisticated enough to segregate, retain, and access related-but-different patient monitoring data that spans hospital, nursing home, and at-home care, or risk life-threatening and inefficient misinterpretation if the data is erroneously pooled for decision making. The system will ALSO have to be designed to handle single- and multiple-component and system fault modes without endangering patients. The emergent behavior challenges and risks will be substantial, including new system-caused errors from incorrect data aggregation, patient or family manipulation of remote monitoring data for a secondary purpose, such as obtaining new or more drugs or permission to re-enter a hospital, or physician-overload-induced errors, burnout, and insensitivity caused by too much disparate data being pushed onto physicians without effective software tools to manage the data properly. Solving these challenges will require controlled simulation, modeling, and deployment management so that the various interdependencies can be foreseen, detected, and accommodated as the system expands. Software tools like Colored Petri Nets (CPN) or Event-driven Process Models can help explore data loading in advance of actual deployment, especially for slow-moving illnesses like certain diabetes or chronic obstructive lung disease (COPD) patients. Furthermore, careful deployment to disaggregated points of care, such as nursing homes can allow system-level verification and validation of software tools while limiting or controlling confounding variables. The NHIN’s remote patient monitoring project is ambitious, and could be very valuable to improve healthcare costs, effectiveness, and safety. It will require careful system of systems thinking and planning in order to succeed, because it is being done in an area where little prior research, experience, or expertise exists.

To meet time-to-market demands, it is crucial that improvement be made to the system design efficiency. By utilizing a reusable design methodology, it is possible to meet project management requirements. Component integrations may often fail due to concurrency concerns. These concurrency problems mainly occur when components access share resources simultaneously and communicate with each other. If these problems are not addressed then a system could lead to sporadic and disastrous failures. In this paper, we propose a methodology for developing concurrency compliant components from a requirements document. We have applied this methodology to develop process management and memory management aspects of a Real Time Operating System (RTOS).

– System modeling has the potential to enhance system design productivity by providing a platform for system performance evaluations. This model must be designed at an abstract level, hiding system details. However, it must represent any subsystem or its components at any level of specification details as needed. In order to model such a system, we will need to combine various models-of-computation (MOC). MOCs provide a framework to model various algorithms and activities, while accounting for and exploiting concurrency and synchronization aspects. Along with supporting various MOCs, a modeling environment should also support a well developed library. In this paper, we have explored and compared various system modeling environments. MLDesigner is one such modeling environment that supports a well developed library and integrates various MOCs. We discuss the process of system modeling with MLDesigner. We further present an abstract model of a Network-on-Chip (NoC) in MLDesigner and show latency results for various customizable parameters for this model.

Safety and Airworthiness of airborne platforms rest heavily on the maintainability and reliability to maximise the availability and reduce logistics down time. Most of the test and maintenance data currently produced is either paper-based or discarded and generally fails to provide preventive analysis. Improvements could be made by creating an expert system using intelligent agents. Data Mining techniques and intelligent agents could be employed to create an expert system within the Integrated Logistics Support (ILS), thereby creating a feedback mechanism. This paper reports the design and development of an agent-based Intelligent Decision Support System (IDSS), which has been developed by taking a Systems approach. By taking this approach, we were able to integrate various sources of information to create an IDSS that can extrapolate forecasts and generate warnings to assist maintainers and engineers in making informed decisions in time and operation critical situations.

- Problem Definition: A successful development of complex large-scale systems has not been easy since a variety of issues to be solved are therein. It is becoming more pronounced that the systems engineering (SE) approach can effectively deal with those issues. To gain increased benefits from adopting the SE approach, standardization activities have long been carried out. Each SE standard has its own scope and attributes. Many systems developments require that a high level of safety be maintained throughout the whole system life cycle. As such, an extra effort is needed to manage safety issues therein. A useful methodology for systems safety can be found in the guide published by FAA. Here we are concerned with the development of complex large-scale systems with safety-critical requirements. Therefore, we have to study how to integrate both the SE and safety management processes. To do so, we have developed a whole lifecycle model for the systems that can follow the SE process standard and safety management requirement. - Methods of Approach: As an SE standard process, ISO/IEC 15288 has been selected since it is international and also covers the whole system lifecycle. The systems safety described by FAA has been referenced in our study whenever its scope is not specific only to air transportation. While studying the integrated life cycle model, we have concentrated on the two points: 1) When and how the SE and systems safety have to be synchronized to achieve concurrent and integrated execution; and 2) How the model and data can be managed efficiently to allow the model to be easily changed according to later changes in requirements and design. Specifically, the life cycle model was constructed through two steps. In the first step, the integrated process model was developed by integrating SE (ISO/IEC 15288) and systems safety in the CORE® (from Vitech Corp.) environment. The model consists of three hierarchical levels: the life-cycle level, the process level, and the activity level. The model of three levels was represented by enhanced functional flow block diagram (EFFBD) using CORE®. The EFFBD functional blocks of each level are decomposed into the ones of the lower levels. The interface between the SE and safety processes is also defined in this step. Here, note that the introduction of leveling in the model can allow the data traceability among each level and can be maintained by CORE®. In the second step, a DB schema was derived from the process model obtained. Although the result is intended for use in CORE®, it can also be used in other CASysE tools such as Cradle®. To obtain a DB schema, the data flows in the process model is first analyzed, then the traceability among data is defined. Based on the results, the DB schema is derived, which becomes the basis of the model management on the CASysE tools. - Results and Discussion: The process model was developed by concentrating only on the technical processes of ISO/IEC 15288 and also on the safety assessment and analysis processes of FAA guide since those can be applied to any generic systems development. The integrated model was realized on CORE®. The model specifies the required SE and safety processes that have to be carried out concurrently. Also, the interaction/interface between them has been realized by the data that has to be exchanged. Each process was further developed by identifying the activities that it should perform. Thus, the safety process can know what kind data is required from the SE process, and vice versa. The results can be used as a reference model in the development of a safety critical system. To verify the model obtained, we carried out the following with the help of CORE®: 1) The timeline analysis was done by simulating the model; and 2) A traceability report was automatically generated to compare SE (ISO/IEC 15288) activities with systems engineering activities in the model. The report can be used to check whether SE (ISO/IEC 15288) activities aren't correctly applied to systems engineering activities in the model. The use of a CASysE tool turned out to be useful in the simulation and verification of the model. It is also possible to maintain the data traceability in the developed model, thereby allowing easy changes later in the underlying model if necessary.

Many of today’s software engineering course projects require student to integrate disparate components across a heterogeneous networked infrastructure. Service-oriented architecture (SOA) is a recent evolution in distributed middleware that can be used to accomplish this task. While SOA holds the promise of supporting business needs by closely aligning information technology support, mastering the design, development, and deployment of SOA-based systems places a considerable pedagogical burden on the faculty and students. Team-based projects are the cornerstone of many software engineering courses. In these projects, the students learn the importance of topics such as project management and issues of scale that separate software engineering from program development. The focus of such projects is not on learning about a particular technology such as SOA, but on using it as a means to an end. However, this cannot be achieved without a sufficient understanding of the underlying technologies. This means the instructor must carefully balance the time and effort needed to learn about SOA, and the time and effort needed to learn about all other aspects of software engineering required to make the course project a success. This may be particularly difficult to achieve considering the relative complexity of SOA: it requires knowledge that is both broad and deep to be leveraged effectively. From an industry perspective, many employers often lament that they must provide extensive (re)training to new employees. One of the reasons given for this situation is that the students haven’t learned in school what the company considers to be important. To be sure, there will always be issues specific to the corporation that the new employee must acquire. But for software engineering, it seems odd that the projects students are given during their final years as an undergraduate are usually not indicative of the type of projects they will likely be working on in an industrial setting. This is particularly acute for SOA, since many companies and consultancies are heavily invested in converting legacy systems into valuable corporate assets in the guise of business services. At the 4th International Symposium on Software Engineering Course Projects (SWECP 2007) that was held at IBM in Toronto on October 25, 2007, the focus was on how educators and industry can work together to develop efficient and rewarding methods for teaching and using SOA in an academic environment. SWECP 2007 was a half-day event with about 20 participants. The symposium was structured around a handful of invited presentations from recognized experts in the field. The idea is to foster the exchange of ideas and information in an informal setting, but with some boundaries placed on topics and time to ensure that the symposium is on schedule. The symposium provided an opportunity for the exchange of information related to areas including (but not limited to): • Course modules for learning SOA principles • Lab exercises for experimenting with SOA technologies • The use of commercial tools in the course project • Constructing and managing teams, particularly matching business needs and IT capability • Differences between undergraduate course projects and graduate SOA-based projects • Interdisciplinary projects and systems engineering concepts regarding SOA This paper provides a summary analysis of the symposium. Lessons learned from teaching and using SOA in a systems context in a university setting is discussed. Comments from industry participants regarding their experience with new graduates attempting to quickly integrate as productive team members working on SOA-based systems are provided.

A generic framework for the development of proactive systems inspired by molecular biology systems is presented in this paper. Proactive systems need to predict future concerns and not only finding solutions to problems as is the case with conventional systems. The framework is also generic enough to represent human behaviour in general. It is also applicable to conventional systems. The main feature of the proposed framework is that allows the incorporation of all possible frameworks and findings about a subject matter into one fused framework.

Abstract- In this paper, an intelligent surveillance system using sensor networks for monitoring active volcanoes has been presented. While wireless sensor networks can generically be used for a wide variety of applications, breakthrough innovations are most often achieved when driven by a genuine need or application, with its specific system-level and science-related requirements and objectives. Hence, our work focuses on the development of a specific surveillance system for active volcanoes. We combine sensor network system engineering with systems-on-chip implementation to develop an integrated surveillance system called Sensor Networks for Active Volcanoes (SNAV). We report SNAV specific science-related requirements and system-level operations for this surveillance system. Development of the SNAV node system-on-chip (SoC) is then presented. A rapid SoC prototyping of the control and computing subsystem was implemented as an exploratory device based on reconfigurable SoC platform architecture. A low-power radio was developed as an embedded wireless communication core for SNAV system-on-chip designs. The success of this work enables low-power, low-cost sensor networks for intelligent surveillance system applications.

The agricultural industry is undergoing significant cultural shifts at present and will continue to do so into the future. These shifts have come about due to the emergence of more 'corporate' style farming, where declines in the labour workforce and increased emphasis on global competition, means a demand for increased efficiency and productivity in farming operations. Such a demand in turn lends itself to so called Precision Autonomous Farming (PAF). This paper presents ongoing work and progress in implementing a Systems Engineering approach to agricultural automation. An overview of the farming system is presented, depicting a system-of-system architecture. Each sub-system is described in more detail, and include the crop layout system, the software system, and the precision autonomous agricultural machinery system. Such autonomous machinery is used for seeding, crop sensing, harvesting, weeding and other follow-up operations. The authors propose the development and ongoing management of a Precision Farming Data Set (PFDS) formed off-line before crop cultivation, and used to achieve optimal performance of the farming system by specifying the spatial precision required for agricultural operations. Preliminary results are shown, highlighting the development and use of a fully instrumented tractor for use in agricultural operations, as well as initial research into developing high level path tracking controller for such machinery.

The proposed research is targeted towards component reuse, specifically towards component selection. One of the main challenges in addressing this problem is the very large size of the search space, which makes finding the optimal solution computationally expensive. Therefore, Greedy approaches are used for approximation. Our main focus is on mapping user requirements onto component attributes, so that we can determine the best order in which components should be considered/evaluated, in order to minimize backtracking and thus the search time.

Experience and analysis tell us that acquisition problems are pervasive, in large part because acquisition organizations themselves are complex dynamic systems. The interactions between the PMO, sponsors, contractor, subcontractors, and users all involve feedback, a mechanism that introduces complexity that defies traditional analysis. The resulting system behavior can seem unpredictable and unmanageable, and often counter-productive, but beneath this chaos there are recurring structures that can be recognized, understood, and managed. Systems thinking is an approach and toolset for qualitatively analyzing the patterns of behavior in complex systems, including organizations. It is based on studying the role that feedback loops play in creating dynamic, complex, nonlinear behaviors in systems. Systems thinking work has identified a set of easily recognized systems archetypes that characterize problematic behavior patterns that occur repeatedly across many types of organizations. These patt