Controlling Concurrent Change

Contracting mechanisms and their challenges

As a guiding principle to automate integration, flexible contracting mechanisms shall be used as interfaces between changing platform components and networks on the one side and changing applications on the other side. Here, the main challenge is the contract inter-dependence of these interfaces through mapping and resource sharing. Once the contracting mechanism accepts an application change and adapts the platform accordingly, the contracts shall be enforced by appropriate monitoring.

While both contracting and monitoring have been investigated before, the main challenge of CCC is to define a complete, autonomous and secure process which meets the stringent requirements of safety and availability standards and regulations. That includes that the process and its mechanisms must be protected against errors, tampering or failing system components.

Autonomously acting middleware

CCC plans to solve the challenges by the use of a flexible distributed middleware layer that shall autonomously handle contracting and establish system self-protection and self-configuration to guarantee the safety, security, and availability properties.

The guarantees of this autonomously acting middleware should reach the same level of confidence and dependability as the safety related lab based design scenarios of today. This is a main requirement for use of such approaches in industrial practice. Consequently, the middle-ware itself must adhere to the highest reliability and security requirements of the whole system and must be robust under change of the execution platform. So, the middleware architecture itself is a major research topic of CCC.


Contract interdependence will inevitably lead to conflicting constraints and objectives when systems change. New methods are needed for conflict resolution and system optimization which guarantee non-violation of vital system properties when change occurs. To reach the required level of confidence, the current requirements and design processes for safe, secure, and highly available systems shall be investigated under the aspect of change in the field, and autonomous solutions shall be determined.

The mechanisms employed must not be overly complex, such that an engineer can understand what will happen in the system. Furthermore, specification methods allowing easy formulation of all relevant constraints must be developed to make such an approach useable in practice.

Application domains

To investigate and ensure practical applicability and guide the development of theory and architecture, two application domains, automotive and space, are addressed.

The software of an experimental car which is currently developed in a parallel project investigating future road vehicles will be enhanced by the CCC middleware. The experimental car will be used to demonstrate concurrent change in several scenarios from individual software updates to major upgrades with incremental platform change.

Experimental Car MOBILE

An ongoing space computer project will apply the CCC results to control concurrent software updates and hardware reconfiguration of a space experiment under high availability requirements. The CCC middleware will be investigated in a test scenario on the ground using a copy of the space computer that will be employed in space.

Space Computer

Both projects will give important feedback from the CCC mechanism application in a complete and realistic environment. The embedded networks in these projects are still small enough to provide a manageable research scenario.