Meet the new Eclipse-based tools for Assurance and Certification of Cyber-Physical Systems

Embedded systems have significantly increased in technical complexity towards open, interconnected cyber-physical systems (CPSs), exacerbating the problem of ensuring dependability properties such as safety and security. CPSs integrate software applications interacting with the physical world at increasingly higher levels of autonomy, which will allow them to drive on our roads, fly over our heads, move alongside us in our daily lives, and work independently in our factories soon. In industrial domains such as aerospace, space, automotive, industrial automation, and railway, CPSs are subject to rigorous assurance processes as a way to ensure they do not pose undue risk to people or property. The dependability of the systems must also often be certified by an independent "certification authority" as a formal recognition.

Present-day assurance processes, as prescribed by international standards such as IEC 61508 and ISO 26262 for functional safety, provide guidance on how to evaluate and mitigate risks. Complying with these standards typically results in cumbersome, time-consuming, and paper-intensive processes to provide convincing and valid justifications of system dependability, which may preclude CPSs deployment, particularly for SMEs.

This article presents the toolchain developed by the partners of the AMASS project, integrated under the umbrella of the PolarSys OpenCert project to increase the efficiency of assurance and certification activities and to lower certification costs in face of rapidly changing product features and market needs.

The OpenCert ecosystem is an advanced integrated solution for assurance and certification of CPSs that will allow different stakeholders (engineers, assessors, tool vendors, etc.) to more easily and better perform their work. Starting from the results of the OPENCOSS project and its resulting OpenCert solution, it leverages several Eclipse and PolarSys projects including Eclipse Papyrus and its CHESS extension, EPF Composer (Eclipse Process Framework), Eclipse Capra, and Eclipse CDO.

What does the PolarSys OpenCert platform provide? Let’s look at a typical usage scenario

To deal with the technical CPS complexity and the associated labor-intensive activities for assurance and certification of these systems, the tools use model-based approaches and incremental techniques.

A typical usage scenario consists of five macro-phases:

Assurance Project Management: This functionality, provided by OpenCert, includes project lifecycle aspects such as the creation of assurance projects and any project baseline information that may be shared by the different functional modules. This module manages a "project repository", which can be accessed by the other tool modules and can include information reused from previous projects. It also includes Capra for management of traceability between assurance assets.

Process Definition: This feature supports the management of knowledge about standards (e.g. IEC 61508, DO-178C, ISO 26262, EN 50128/50126/50129, and IEC 62443, among others), regulations, and interpretations, in a form that can be stored, retrieved, categorized, associated, searched, and browsed. It also supports the definition of development and assurance processes as well as the tailoring of particular project plans for assurance. In addition, these tools allow engineers to track where they are with respect to their duties to conform to standards, helping them to see the effective progress of the work and the level of compliance. OpenCert and EPF Composer provide support for this functionality.

System Design and Analysis: This feature manages system architecture specification by decomposing a system into components. It also includes mechanisms to support compositional assurance, contract-based system specification, and architectural pattern management. It allows engineers to browse information about the architecture of the system and how the entities of the architecture can be related to an assurance case. Most of the functionality is supported by Papyrus and CHESS extensions.

Assurance Case Management: This feature manages argumentation information in a modular fashion. It also includes mechanisms to support assurance pattern management. Assurance cases are a structured form of an argument that specifies a convincing justification that a system is adequately dependable for a given application in a given environment. Assurance cases are modeled as connections between claims, sub-claims, and their evidence. The OpenCert editor for argumentation is the mains basis of this feature. Assurance case fragments can be generated from system models in CHESS and from process models in EPF Composer.

Evidence Management: This feature deals with the specification of the actual artifacts that are used as evidence in an assurance project. The artifacts can have specific properties (e.g. the result of a test case) and can be stored in external data tools (e.g. DOORS for a requirement). All these aspects are managed throughout an artifact’s lifecycle, which can include changes to an artifact and evaluations (e.g. about the completeness of a document). The OpenCert evidence editor supports this functionality.

The toolchain is further integrated with external tools for systems and software engineering, e.g. IBM Rhapsody for system modeling, Requirements Quality Suite for requirements engineering, and Safety Architect and Cyber Architect for system dependability analysis. In the context of the AMASS project, the above features are being applied and validated in 11 case studies dealing with novel characteristics of aircrafts, cars, control systems, satellites, and trains.


The main benefits of the PolarSys OpenCert ecosystem platform can be outlined as follows:

  • Reduced Initial & Rework Costs: guidance for compliance with standards and regulations, and for reuse of assurance and certification assets, help for engineers to more efficiently execute assurance projects.
  • Better Coping with Risks: deployment of safety and security analyses, and of cost-effective and transparent assurance and certification processes, improvement in risk management.
  • Harmonized compliance: the OpenCert ecosystem helps engineers create a transparent view of the process and product quality against a set of harmonized requirements derived from standards and regulations.
  • Reduced compliance management and (re) certification costs: through the use of existing knowledge, quantitative methods, and modular reuse techniques, the OpenCert ecosystem reduces these costs.

In summary, the OpenCert ecosystem is an advanced integrated solution for assurance and certification of CPSs that will allow different stakeholders (engineers, assessors, tool vendors, etc.) to more easily and better perform their work.

More information about the ecosystem and the underlying approach can be found at Videos demonstrating the latest features of the OpenCert platform can be found at The project consortium already provides prototypes that can be used for testing purpose and is eager to help early adopters of the technology.

More details about AMASS

As the result of various European collaborative projects involving both industry and academia, including CHESS, OPENCOSS, SafeCer, and now AMASS, a large consortium that is creating and consolidating an ecosystem of open tools and a community for assurance and certification of CPSs.

AMASS has received funding from the Electronic Component Systems for European Leadership Joint Undertaking under grant agreement No 692474. This Joint Undertaking receives support from the European Union’s Horizon 2020 research and innovation programme and Spain, Czech Republic, Germany, Sweden, Italy, United Kingdom and France.

About the Author

Huascar Espinoza

Huáscar Espinoza

Jose Luis de la Vara

Jose Luis de la Vara
Universidad Carlos III de Madrid

Barbara Gallina

Barbara Gallina
Mälardalens Högskola

Stefano Puri

Stefano Puri

Silvia Mazzini

Silvia Mazzini

Gael Blondelle

Gaël Blondelle
Eclipse Foundation