Model Based Engineering (MBE) Tools

Model-based Engineering (MBE) utilizes models as a central and indispensable aspect of a product’s lifecycle including concept, development, deployment, operation, and maintenance. Adventium has developed a range of MBE tools. Many leverage the widely used Architecture Analysis & Design Language (AADL) (an SAE international standard), and the associated Open Source AADL Tool Environment (OSATE). These tools may be accessed via Adventium's Curated Access to Model-based Engineering Tools (CAMET™) Library. The CAMET (pronounced "camay") Library also includes example models, documentation, bug reporting, assessments of technology readiness levels, and other support information.

The CAMET Library is available to sponsors for a nominal fee based on the number of requested access. Each sponsorship purchase provides access for up to five CAMET Library users. Academic institutions that plan to use the library contents in course curriculum and teaching can apply for no cost access. Sponsorships support the maintenance of the CAMET Library site and improving and maturing the tools and other materials on the library. CAMET Library tools range in maturity from TRL 2 to 5 and require experience using AADL. Tool support, enhancements, new tools, models, and other materials will be added to the library as they are developed on other Adventium Labs projects.

Click here to read the Frequently Asked Questions document for using CAMET Library in proposals to the Joint Multi-Role Technology Demonstrator (JMR TD) Mission Systems Architecture Demonstration (MSAD) Capstone Demonstration (BAA W911W6-18-R-0006) and related solicitations.

To sign up as a sponsor, please click here.

Mentoring and Support: For basic background information and training on AADL, please see the set of resources listed in Additional Resources at the bottom of this page. In addition to materials available on the CAMET Library, sponsors may contract with Adventium to provide them project or application focused support and mentoring on a time and materials or other contractual basis. Please contact for further details.

The CAMET Library currently contains the following tools:

  • Design Space Explorer (DSE): DSE is an OSATE plugin that provides an interface allowing users to select specific implementations from alternatives in a general AADL model and then create specific model instances and signature files. DSE allows a user to build general system models and then select and instantiate specific implementations. Please click here for a demonstration
  • Reliability Block Diagram (RBD) Report: RBD Report is an OSATE plugin which is an updated version of RBD which computes error probabilities for error states in a model and outputs the results in a user dialog box as well as in a csv format report. RBD Report adds support for “or-more” and “or-less” logical compositions as well as the use of system modes within a model. Please click here for a demonstration
  • Reliability Block Diagram (RBD) Report - No Display: A version of the RBD Report OSATE plugin which does not display results in a user dialog box so it can be run headless in a batch mode. Please click here for a demonstration.
  • FASTAR™ - Framework for Analysis of Schedulability, Timing and Resources: FASTAR is a framework that integrates a variety of AADL-based analysis and scheduling tools. Please click here for a demonstration. FASTAR provides the following capabilities:
    • Utilization analysis is performed on preliminary AADL models that declare demand and capacity budgets, using metrics such as MIPS or Bytes. Virtual resources are supported, e.g. a virtual processor has both a capacity (for software it hosts) and a demand (that it places on underlying hardware). The tool provides features to manage uncertainty, such as sensitivity analysis and specification of reserves.
    • Schedulability analysis is performed on more detailed AADL models that include information about individual threads, execution times, dispatch rates, and data flows. The framework allows different third-party analysis tools suited for different workload patterns and scheduling algorithms (e.g. a tool capable of analyzing switched networks, a tool capable of analyzing ARINC 653 modules) to be integrated and used together for overall system end-to-end analysis.
    • Schedule generation uses the schedule generation capabilities of integrated third-party tools for different subsystems. The initial FASTAR release automatically generates ARINC 653 schedules.
  • Rapid Prototyping for ARINC 653: The ARINC 653 (an international avionics standard) rapid prototyping tools consist of a schedule generation tool and a tool to output data in a  real-time operating systems (RTOS) specific format. The schedule generation tool uses timing requirements properties declared by the user in the AADL model (e.g. thread periods and deadlines, maximum latencies  for flows through multiple partitions) and generates thread priorities and a module partition schedule. These are output as an AADL extension declaration of the user-declared system, where this generated extension contains AADL core standard and AADL ARINC 653 annex property declarations of the generated scheduling decisions. The generated AADL schedule declarations are input to a tool that currently targets LynxOS-178 and can also be input to tools that support other RTOS, e.g., those under development by the Software Engineering Institute for VxWorks 653 and Deos 653. Please click here for a demonstration.
  • Multiple Independent Levels of Security (MILS) Analysis Tool: The MILS Analysis tool is a plugin to OSATE that allows a system represented in AADL to be assessed early in its design phase for compliance with the MILS approach. The tool analyzes the AADL model to determine that directly connected components operate at the same security level and that components at different security levels are appropriately separated or protected with a security measure such as a Cross Domain Solution (CDS). Mission components in the model that violate these constraints are flagged and the engineer/modeler can revise the model to remove the violation. No software or hardware that implements cyber security, encryption, or cross domain solutions is part of this tool. Please click here for a demonstration
  • Continuous Virtual Integration Toolkit (CVIT): The CVIT package applies the concept of continuous software integration testing to model integration and analysis. Building on widely-used open source packages such as Jenkins, Maven, and Ant, CVIT allows users to stand up a server that automatically executes scripts for model retrieval, integration, analysis, and generation. Users set up virtual integration to be triggered periodically or when certain models are updated by their developers. User scripts are used to pull AADL model projects from multiple repositories, integrate and instantiate selected system implementations, run selected AADL analysis and generation tools, and display results and trends on user-configured dashboards. System engineers are able to track trends of key performance parameters as models become more accurate and detailed or when correctness and consistency need to be managed for large models that are being collaboratively developed by multiple people and organizations. Modelers are alerted to errors and constraint violations automatically without manually running evaluation tools. Please click here for a demonstration
The following tools are in review now and expected to be available in the future on the CAMET Library:
  • Distributed Risk Management Tools: A suite of tools to assist risk analysis of complex systems of systems. These tools leverage a formalized system theoretic process analysis (STPA) based top down analysis combined with bottom up failure modes and effect analysis (FMEA) error driven analysis. This combination makes it possible to identify safety and security hazards and assign mitigations and risk controls to individual system components. The distributed risk management tools enable semi-automated analysis to identify hazards and help address them with mitigations. The tools use the same model representations, structures, and processes to conduct the security analysis and safety analysis. Safety and security reports are generated that are tailored to specific stakeholders such as system integrators, component developers and regulators.
  • Trade Space Explorer (TSE): TSE is an OSATE plugin used to evaluate implementation trade-offs by varying continuous properties in each design instance, applying third party analysis tools, and enabling visualization and evaluation against requirements. Please click here for a demonstration.
  • Java-based Tool Invocation: In addition to supporting OSATE, CAMET Library subscribers will be able to use Adventium’s tools as standalone binaries via a standard Java API for use in any Java-friendly environment. The Java binary versions will use input and output models specified in accordance with available XML schemas. The first tools with this capability will be the FASTAR ARINC653 schedule analysis tools.
  • State Linked Interface Compliance Engine for Data (SLICED): SLICED will provide behavioral analysis tools for modular software components in complex systems. SLICED behavioral analysis will detect errors in messaging patterns/paradigms, sampling rates, and latency requirements. Currently, these behavioral details are detectable only through manual, labor intensive review by system integrators. SLICED combines existing timing analysis and Future Airborne Capability Environment (FACE™) data models with descriptions of the state of a software Unit of Portability (UoP). SLICED will integrate with existing virtual integration processes. Importantly, SLICED behavior is centered around well-defined and observable interfaces, allowing vendors and integrators to perform model-based analysis while protecting their intellectual property.

The CAMET Library currently contains the following example models:

  • CubeSat Model: A detailed model of a CubeSat including subsystems for: power, flight control, telemetry, attitude control, mechanical, and payload. Subsystems are modeled down to the level of commercially available components. The CubeSat model makes extensive use of EMV2 and error states and includes many implementation options. This large model provides a great test set for developing and testing analysis tools.
  • Joint Common Architecture (JCA) Models: Mission system architecture models developed as part of the Army's JCA Demo program. The JCA models consist of Data Correlation and Fusion Manager (DCFM) component, Modular Integrated Survivability (MIS) system, and Operating Environment (host computing platform) AADL models. The DCFM is a FACE (Future Airborne Capability Environment) Unit of Portability with an associated FACE data model that was automatically translated to AADL component interface declarations. The models were virtually integrated to form an AADL model of the overall system and the FASTAR tools used to analyze and detect defects in timing properties. The report of that effort can be found here.

Additional Resources: To sign up as a sponsor, please click here. For more information, please contact us at