Complex, dependable and physically-entangled systems of systems must be supported by innovations to allow a significant reduction of the cost and complexity of system design targeting computing platforms composed of parallel heterogeneous architectures. Software development is one key challenge, as current programming tools do not fully support emerging processor architectures. Parallel and heterogeneous platforms are difficult to program and even more to optimise for the multiple conflicting criteria imposed by applications, such as performance, energy efficiency, real-time response, resiliency and fault tolerance. AMPERE addresses this challenge by incorporating model-driven engineering (MDE) as the key element for the construction of complex software architectures. MDE enables to efficiently capture system's functional and non-functional requirements, including multiple conflicting requirements, as well as enabling the use of domain specific model-driven languages (DSML) to further refine the description of cyber/physical interactions. The vision of AMPERE is that there is a clear necessity of developing a new generation of code synthesis methods and tools capable to implement correct-by-construction systems, in which the constraints captured by the system model are efficiently transformed to the parallel programming models supported by the underlying parallel heterogeneous platform, whilst providing the level of performance required. Moreover, AMPERE will provide computing software composed of a set of advanced run-time methods implementing monitoring and dynamic reconfiguration techniques, that will support the parallel execution to improve the overall system's efficiency, and guarantee that the non-functional requirements capture by the DSML are fulfilled. AMPERE advances will be integrated in a set of ready-to-use tools and libraries, and validated through demonstration in two reference applications, from automotive and railway domains.

certMILS develops a security certification methodology for Cyber-physical systems (CPS). CPS are characterised by safety-critical nature, complexity, connectivity, and open technology. A common downside to CPS complexity and openness is a large attack surface and a high degree of dynamism that may lead to complex failures and irreparable physical damage. The legitimate fear of security or functional safety vulnerabilities in CPS results in arduous testing and certification processes. Once fielded, many CPS suffer from the motto: never change a running system. certMILS increases the economic efficiency and European competitiveness of CPS development, while demonstrating the effectiveness of safety & security certification of composable systems. The project employs a security-by-design concept originating from the avionics industry: Multiple Independent Levels of Security (MILS), which targets controlled information flow and resource usage amongst software applications. certMILS reduces certification complexity, promotes re-use, and enables secure updates to CPS throughout its life-cycle by providing certified separation of applications, i.e. if an application within a complex CPS fails or starts acting maliciously, other applications are unaffected. Security certification of complex systems to medium-high assurance levels is not solved today. The existing monolithic approaches cannot cope with the complexity of modern CPS. certMILS uses ISO/IEC 15408 and IEC 62443 to develop and applies a compositional security certification methodology to complex composable safety-critical systems operating in constantly evolving hostile environments. certMILS core results are standardised in a protection profile.certMILS develops three composable industrial CPS pilots (smart grid, railway, subway), certifies security of critical re-useable components, and ensures security certification for the pilots by certification labs in three EU countries with involvement of the authorities.