The research program addresses new methods to develop and control ESPs (embedded system platforms) which efficiently and robustly integrate several changing applications under high requirements to real-time, safety, availability, and security. Research shall cover network and computing nodes including hardware and run-time environment (RTE), i.e. all the software needed to run applications, such as basic software, operating system(s), communication stack and application program interface (API).

Due to shared resource usage, integration of applications on an ESP leads to non-functional application dependencies affecting application timing, memory usage, safety, energy consumption, and security. Such dependencies are hard to avoid (even using virtualization) except with large overhead which is usually too expensive. As a consequence, changing applications affect each other through shared resource usage. The effect of such changes must be controlled to guarantee the required system properties. This requires new mechanisms and architectures leading to the research topic, controlling concurrent change (CCC).

To be accepted in practical engineering of complex safety critical systems, a designer must be able to trust change control. More concretely, for critical functions the same level of controllability and quality must be obtained as the current lab based design processes. Mechanisms and processes must be intelligible and traceable to be accepted. To be accepted in the market, new mechanisms must not entail significant increase in cost, and they must be highly flexible and robust for long system life times. Finally, the approach shall scale to large systems which include open networks with non-trusted components and applications.


The current design processes for complex embedded systems typically follow some variant of the V-Model. The V-Model distinguishes a design phase from requirements to function implementation (left branch) and a following test and integration phase from function test to system and acceptance tests (right branch). A main objective of CCC is to substitute most of the manual and lab based process steps of the right V-Model branch by a combination of automated integration steps based on formal models and methods, and new protection mechanisms in the architecture. Automated integration and monitoring shall be moved from the lab or test field right to the target architecture. Function development on the left V-Model branch is assumed to remain in the lab (at least within CCC research), but it will be influenced by new requirements from the automated integration process, such as by the need to extend the scope of specification and constraints.