Navigation

Operating Systems Group
Research

Research

The operating systems group is engaged in approaches, models and methods for generic application support. This relates to properties such as mobility, timeliness, dependability, autonomy and power consumption. The research is organized in three core topic groups:

Meta-Functional Properties

Classic research knows them as non-functional aspects: Dependability, resources, and everything related to aspects besides a system's functionality. Since, for some people, the term "non-functional" suggests that the evaluation target is not functioning, we decided to call them "meta-functional".

The problem with meta-functional aspects is the following: Every system demands them to a certain extent, but their cross-cutting nature makes them challenging to specify and assess. Especially the divide-and-conquer approach frequently contradicts their emergent nature. Our professorship specializes in precisely that problem by considering meta-functional aspects from different viewpoints and system types.

Safety

The rising connectivity and complexity of modern systems lead to new challenges for safety considerations in development. This regards not only classic fault-tolerant design but demands safety-by-design throughout the complete development process, including certification and maintenance. Especially the correlation with other meta-functional aspects is of particular interest to the research of our professorship.

Real-Time Capability

Every system with interactions from and to the environment must consider real-time to a certain degree. This might be "only" related to soft real-time in case of, e.g., streaming or hard real-time as in control systems. Those timing properties arise from the overall system behavior, starting with the hardware, the operating system, the middleware, and the applications. Therefore, the holistic view of the system behavior is crucial to predict and guarantee correct timing behavior.

Security

Nowadays, the CIA-Triad consisting of confidentiality, integrity, and availability, is an issue in every system. Even previously closed systems like railway and automotive are now open systems with varying external communication capabilities. Therefore, security is one of our professorship's focuses, especially in connection with other meta-functional aspects.

Robustness

A common practical problem is transferring a system design to new use cases while guaranteeing certain meta-functional aspects. The concept of robustness targets this problem. We consider it as the property of the system's design to enable the system to adapt to environmental conditions, compensatable by configuration parameters. Therefore, we model the demanded meta-functional aspect by identifying the key parameters and their interrelation. Changing the parameters, thus, directly leads to analysis results regarding the degree to which the system still guarantees the aspects. In combination with correctness-by-construction, it is even possible to identify wrongly identified parameters or define variable parameters. This reveals a solution space for the system in other use cases.

Dependability

The concept of dependability unifies the meta-functional aspects related to the trustworthiness of the system service. It consists of the attributes and means and impairments of these attributes. This concept is an umbrella term for everything related to the correct behavior of a system. These are for the user mostly unrecognizable aspects, or better to say: The user only recognizes the absence.

For us, the holistic view of dependability is the perfect starting point for research on the development processes, the modeling and analysis methods and tools, and the different defense methods.

Performance

Performance is the most sought-after aspect of today's complex and highly connected systems. In order to guarantee and predict the performance of a system, it is not sufficient to think about the application and programming models. Instead, observing the complete system and integrating the operating system and communication behavior/structure into the analysis is necessary. Especially in connection to real-time and dependability, the concept of performance is an exciting topic for us.

(Semi-)formal Methods

In practice, most people recoil from using formal methods in their product development. Our mission is to identify, use and improve (semi-) formal methods for usage in real development projects. This idea includes the modeling and analysis of system parts and the overall engineering chain. We use varying levels of formality, fitting to the use case for process design, modeling, and analysis but also concepts like correctness-by-construction and design-by-contract. The goal is to support the developers with methods and tools, reducing the effort and possible contradictions in late design phases.

Process Analysis

In many development processes, inconsistencies and conflicts, e.g., between safety and security demands, are revealed late, leading to high costs. Process analysis aims to identify drawbacks regarding traceability, reproducibility, and intersections in the development strands of functional and meta-functional development. The idea is to streamline the development process to shift the identification of design drawbacks to early development phases.

Another aspect of this research area is the interrelation of development processes in different sectors, e.g., automotive, railway, and aviation. The idea is to design holistic development processes for areas with similar demands from the systems and the normative references.

Therefore, we focus also on certification capabilities for development processes and possible future defense methods and technologies, e.g., quantum technology.

Modeling

Modeling and analysis are necessities for the prediction and guarantee of meta-functional aspects. Our professorship focuses on (semi-) formal methods for modeling and analyzing systems in different sectors. We use a wide range of techniques, e.g., Markov chains, automatons, fault trees, TLA+, or Isabelle/HOL. Depending on the use case and the analysis focus, we combine the methods with concepts like correctness-by-construction or design-by-contract.

Correctness by Construction

The idea of correctness-by-construction is to model the evaluation target in a way where the composition or integration of the models guarantees that the desired system properties are met. Our approach is to specify the constraints for a correct design in an iterative refinement process. As a result, it is possible to specify the system or the development process design from different viewpoints, refine them over time and combine them dynamically, or even transfer them onto new use cases for robustness checks.

Design by Contract

The idea of design-by-contract is to specify the system elements with a particular perspective: If the environment delivers the correct input into the evaluation target, this element guarantees a specific behavior. While this approach appears straightforward and already used in the functional design, we extend it to meta-functional aspects. This approach enables many possibilities for system design with hard constraints regarding meta-functional aspects. We focus on the holistic view of the different development strands and the composition of contracts for those. Therefore, we can identify weak points and conflicts between the contracts. We aim to use design-by-contract throughout the development process, from the concept phase to implementation, and even as a blueprint for testing and verification activities. Combined with correctness-by-construction, the concept of design-by-contracts allows to "design" systems out of the contracts.

Verification

Verification is the system analysis regarding the fulfillment of the development process requirements. That does not only relate to formal correctness proofs; Furthermore, we utilize different viewpoints on the systems to verify development processes for certification. New technologies can be verified regarding their usage in specific sectors. Also, verifying system designs regarding their prediction or guarantee for meta-functional aspects is intended.

Mobile and/or Distributed Application Systems

Today, most systems are mobile (e.g., mobile phones) and/or distributed (e.g., clusters, cars). In this broad field of research, we mainly focus on transportation and cyber-physical systems. However, specific problems of distributed computing, like communication models, are also of interest to our professorship. The underlying issues are similar in those system types. Especially the cross-sector application of our research competence is our primary objective.

Aviation and Space

The aviation and space sector has much longer development and usage phases than other transportation sectors. While they have the same underlying problems to solve, the emphasis lies on different aspects. The concept of fault tolerance, e.g., through graceful degradation, is the first class citizen to prevent system crashes during flight. Therefore, also preventive maintenance is a long-running concept. On the other hand, communication with external systems like Car2X or Rail2X is of lower interest. Also, the nature of phased mission systems allows for focusing the development and run-time efforts for the different clearly defined use cases. However, the aviation industry also faces new challenges with the growing connectivity, e.g., through mobile phones within airplanes. The space industry encounters new use cases and more complex environmental constraints influencing mission success. In our research, we cover two aspects: Transferring the ideas of phased mission systems and changing defense methods to other sectors and introducing new technologies, modeling, and analysis techniques into the aviation and space industry to tackle the upcoming challenges.

Cyber-physical Systems

The use of cyber-physical systems crosses our daily life introducing specific challenges for programmers, e.g., the capabilities of heterogeneous components, location and motion awareness, or distributed scheduling. These challenges call for new machine and programming models that shift those issues into middleware and operating systems. This shift supports the programmer in constituting desired properties of distributed systems, e.g., location transparency, and focusing on the result of the task instead of the way how to solve it.

Railway

The railway industry used to focus on the infrastructure, leaving the train's influence and the environment aside, if possible. This view was valid for a long time.

Nowadays, the railway industry also shifts towards communication with the infrastructure and the environment, e.g., to enable autonomous driving. The arising challenges are one focus of our research. We aim to enable the shift towards the digitalization of safety mechanisms and the introduction of certifiable technologies for security. Therefore, we aim for holistic approaches concerning the different viewpoints and layers of system design and development.

Automobilindustrie

The automotive industry is one of the classic ground transportation sectors. Like in other ones, the rising complexity and communication capabilities shift automotive systems from closed to open systems, introducing new demands for meta-functional aspects. In contrast to other transportation sectors, the target of the evaluation was the automotive itself, while the infrastructure was not of special interest. Trends like Car2X change this and make the relation to the infrastructure a first-class citizen of the modeling and analysis focus. We aim for a holistic view of different meta-functional aspects in the development process and the introduction of environmental constraints and influences in the modeling and analysis approach. Our research aligns with but also challenges the normative references, e.g., ISO/SAE 21434 and UNECE No. R155.