Modelo de dirección de proyectos complejos: aplicación a la gestión integrada de la Comunidad de Regantes LASESA (Huesca)

La complejidad en los proyectos y la complejidad de la dirección de proyectos son conceptos cuyo interés va en aumento. En el ámbito de los proyectos, dado que la gestión de recursos y las actividades suceden en interacción con las personas, la complejidad en dirección de proyectos resulta ser una práctica inherentemente social. Esto ha hecho que en la actualidad se haya convertido en una necesidad profundizar en el concepto. En el primer capítulo de esta investigación, se hace una revisión del estado del arte del concepto y se construye un marco teórico que permite establecer y justificar las dimensiones de la complejidad en esta disciplina. De igual manera, con una revisión similar de los estándares internacionales existentes, se descubren las herramientas y modelos para el análisis de la complejidad en dirección de proyectos, con la que se pretende, a través de la práctica profesional desde organismos y alianzas internacionales, ayudar a contrastar la utilidad e interés de los conceptos propuestos. En el segundo capítulo, se presenta un marco conceptual sobre la certificación de competencias, se analizan y comparan los principales sistemas de certificación de competencias vigentes en el ámbito de la dirección de proyectos. En el tercer capítulo, se presenta un proceso metodológico novedoso para valorar, desde la integración del conocimiento experto y experimentado, dos aspectos complementarios de la complejidad de la dirección de proyectos: (a) la valoración del nivel de complejidad del proyecto; y (b), la valoración de los efectos en el desarrollo de las competencias de comportamiento de las partes implicadas. La metodología propuesta se aplica a la Comunidad de Regantes LASESA en Huesca (España), proceso que se presenta en el cuarto capítulo. LASESA es un proyecto complejo que gestiona los recursos hídricos de 10.000 hectáreas y con más de 600 propietarios implicados. Los resultados evidencian como la gestión de un proyecto complejo genera efectos positivos en el desarrollo de las competencias de comportamiento de las personas que se implican y participan en los trabajos….. ABSTRACT The complexity of the projects and the complexity of project management are concepts whose interest is increasing. In terms of projects, since the management of resources and activities occur in interaction with people, the project management complexity makes an inherently social practice. This has now has become a necessity to deepen the concept. In the first chapter of this study, we review the state of art of the concept and builds a theoretical framework that allows to establish and justify the dimensions of the complexity in this discipline. Likewise, a similar review of existing international standards, we discover the tools and models for the analysis of complexity in project management, with which it is intended, through professional practice from agencies and international alliances, help to compare the usefulness and interest of the proposed concepts. In the second chapter, we present a conceptual framework for the certification of competences, are analyzed and compared the main skills certification systems in force in the field of project management. In the third chapter, we present a novel methodological process to assess, since the integration of expert knowledge and experienced, complementary aspects of the complexity of project management: (a) the assessment of the level of complexity of the project, and (b ), the assessment of the effects on the development of behavioral competencies of the parties involved. The proposed methodology is applied to the Community Irrigation LASESA in Huesca (Spain), a process that is presented in the fourth chapter. LASESA is a complex project that manages the water resources of 10,000 acres and more than 600 landowners involved. The results show as managing a complex project generates positive effects on the development of behavioral competencies of people who are involved and participate in the work.

Definición de los procedimientos e indicadores de la cadena de custodia de la industria de pasta y papel vinculados a la normativa ISO 9000/14000

En el trabajo se ha reflejado la génesis del término „desarrollo sostenible‟ y la preocupación social y de los gobiernos hacia la sostenibilidad de los recursos, generando una política forestal a escala internacional, cuyo hito inicial desempeña la Cumbre de Rio y otros procesos, donde surge el término „sostenibilidad‟ - procesos gubernamentales que ponen su atención en los bosques,entre ellos el Proceso paneuropeo del que emanan los Criterios e indicadores de la gestión forestal sostenible, así como otros foros donde aparece la vinculación entre los productos y la sostenibilidad de los bosques de donde proceden. A partir de esos conceptos aparecen los sistemas de certificación, primero FSC, promovido por las ONG ambientalistas, y en respuesta a ello, el sistema PEFC de los propietarios forestales privados con las industrias forestales. En su introducción, el trabajo recoge como surge y evoluciona esta preocupación y como se sucede y desarrollan los sistemas de certificación en España, orientados tanto a la superficie forestal como a sus productos derivados. Tratando de ser una herramienta técnica, en estos últimos quince años, se han ido planteando metodologías y propuestas técnicas que puedan garantizar el origen sostenible del bosque de donde procede la materia prima. Aunque la persistencia de la masa forestal como término tiene importancia, no considera numerosos aspectos incluidos en el concepto “gestión forestal sostenible”. El trabajo manifiesta qué es y cómo se origina la Gestión Forestal Sostenible y muy ligado con ello, el origen de la certificación como herramienta, explicando cómo se incardina la certificación forestal española con las estructuras internacionales y se construyen nuevas estructuras a escala española y autonómica. Se expone el dominio y alcance técnico de la certificación, sus inicios y un análisis de la diversidad de sistemas y etiquetas existentes -como ha ido evolucionando a escala internacional y nacional, por sistemas, sectores y continentes, con especial atención en España, recopilando lo sucedido relevante para el sector forestal, industrias forestales y sistemas de certificación en los años de estudio de elaboración de la tesis. Se refleja la relevancia que adquiere la certificación forestal y de la cadena de custodia para la industria del papel, tanto por las regulaciones, normativas y legislación que involucran al producto derivado del bosque como por ser herramienta que enlaza el bosque sostenible con el consumidor. La aplicación de todas esas especificaciones técnicas que muestran la sostenibilidad del bosque y al trazabilidad en el proceso productivo comporta una carga administrativa de recopilación de información, de control para el seguimiento asociado con los registros necesarios, y de archivo de documentos, conforme a las exigencias que plantean los sistemas de certificación forestal. Por tanto, es importante definir un método y procedimientos genéricos para los correspondientes sistemas de gestión preexistentes en las empresas del sector de pasta y papel (de calidad/ de medio ambiente/integrados), para implantar un Sistema de Cadena de Custodia genérico (común a FSC y PEFC) en una instalación de celulosa y papel y un sistema de diligencia debida. Para ello, ha sido necesario analizar la línea de producción y establecer los puntos de su diagrama en los que se requiere el control de la trazabilidad, puntos en los que se procede al seguimiento y registro de la materia prima, materia semielaborada y producto, y de ahí proceder a redactar o retocar los procedimientos de gestión calidad/ medioambiental, en su caso, para incluir los campos de registro. Según determinen los procedimientos, se efectuará un seguimiento y registro de los, derivados que configuran una característica y se determinará una serie de indicadores del sistema de trazabilidad de la madera en la industria de celulosa y papel, es decir, un conjunto de parámetros cuantitativos y descriptivos, sujetos al seguimiento de forma periódica, que muestren el cambio y permitan observar la evaluación y control del Sistema de Cadena de Custodia. Además de asegurar la trazabilidad de la madera y fibra en la industria de pasta y papel y con ello la sostenibilidad del bosque del que procede, se avalará la legalidad de los aprovechamientos que proporcionan ese recurso maderable, cumpliendo así no sólo la legislación vigente sino también ambos sistemas de certificación FSC y PEFC. El sistema de cadena de custodia de la pasta y papel se caracteriza por los indicadores de seguimiento que permite el control de la trazabilidad. ABSTRACT This paper traces the origins of the term „Sustainable Development‟ and of both citizen and institutional concern for the sustainability of resources, leading to the enactment of a forestry policy at international level, of which the initial milestones are the Rio Summit and other processes in which the term „Sustainability‟ was born. Those forestfocused institutional initiatives include the pan-European process that led to the publication of Sustainable Forest Management Criteria and Indicators, and other forums that highlight the link between finished wood-based products and the sustainability of the forests from which that wood is sourced. Those concepts were the culture in which forest certification systems were engendered, first FSC, promoted by environmental NGOs, and subsequently PEFC, fostered in response to FSC by private forest owners and forest-based industries. In its Introduction, this paper looks at how such concern arose and has evolved and how certification systems came into existence in Spain and developed to encompass both forest lands and forest-based products. As part of a mission to provide an applicable technical tool, new methodologies and technical proposals have been put forward over the past fifteen years aimed at guaranteeing the sustainable origin of the forest from which raw material is sourced. Although the maintenance of forest stands as a term in its own right is important, it does not take many of the aspects included in the concept of “sustainable forest management” into account. This thesis describes what SFM is and how it was born, underlying the close link between SFM and the origin of certification as a tool, explaining how Spanish forest certification is embodied in international structures, while new structures are built here in Spain on both the national and regional scale. This work also details the domain and scope of forest certification from the technical standpoint, explains its beginnings, and assesses the various systems and labels that exist - how certification has evolved internationally and nationally across systems, sectors and continents, with special emphasis on Spain. It provides a compilation of events relevant to forestry, forest industries and forest certification systems that have taken place during the years this thesis has been in preparation. It reflects on the relevance that forest and chain of custody certification holds for the paper industry, in view not only of the regulations, policies and legislation that affect forest-based products but also of its role as a tool that bonds the sustainable forest with the consumer. Implementing the range of technical specifications to demonstrate forest sustainability and traceability throughout the production process entails the administrative burden of collecting information and providing controls to process the relevant records and documents to be kept on file in compliance with the requirements made by forest certification schemes. It is therefore important to define a generic method, together with its relevant procedures,that fits the management systems (quality / environmental / integrated)existing today in pulp and paper companies, in order to implement a generic Chain of Custody scheme (common to FSC and PEFC) in a pulp and paper mill, and a due diligence system. To achieve that, it has first been necessary to analyse the production line and establish points along the route where traceabilitycontrols need to be implemented and points where raw material, semi-finished goods and end products should be monitored and recorded. Subsequently, the procedures in quality / environmental management systems need to be drafted or amended as required to include fields that reflect those records. As required by the procedures, forest-based products that have a specific characteristic shall be monitored and recorded, and a number of indicators identified in the traceability system of wood for pulp & paper, i.e.createa set of quantitative and descriptive parameters subject to regular monitoringthat reveal changes and enable the Chain of Custody system to be assessed and controlled. In addition to ensuring the traceability of wood and fibre in the pulp and paper industry -and so the sustainability of the forest from which it is sourced -, the legality of the harvesting that produces that timber will also be enhanced, thus fulfilling not only the law but also both FSC and PEFC certification schemes. The chain of custody system for pulp and paper is characterised by monitoring indicators that enable traceability to be controlled.

Experiments in abstract interpretation-based code certification for pervasive systems

Proof carrying code (PCC) is a general is originally a roof in ñrst-order logic of certain vermethodology for certifying that the execution of an un- ification onditions and the checking process involves trusted mobile code is safe. The baste idea is that the ensuring that the certifícate is indeed a valid ñrst-order code supplier attaches a certifícate to the mobile code proof. which the consumer checks in order to ensure that the The main practical difñculty of PCC techniques is in code is indeed safe. The potential benefit is that the generating safety certiñeates which at the same time: i) consumer's task is reduced from the level of proving to allow expressing interesting safety properties, ii) can be the level of checking. Recently, the abstract interpre- generated automatically and, iii) are easy and efficient tation techniques developed, in logic programming have to check. In [1], the abstract interpretation techniques been proposed as a basis for PCC. This extended ab- [5] developed in logic programming1 are proposed as stract reports on experiments which illustrate several is- a basis for PCC. They offer a number of advantages sues involved in abstract interpretation-based certifica- for dealing with the aforementioned issues. In particution. First, we describe the implementation of our sys- lar, the xpressiveness of existing abstract domains will tem in the context of CiaoPP: the preprocessor of the be implicitly available in abstract interpretation-based Ciao multi-paradigm programming system. Then, by code certification to deñne a wide range of safety propermeans of some experiments, we show how code certifi- ties. Furthermore, the approach inherits the automation catión is aided in the implementation of the framework. and inference power of the abstract interpretation en- Finally, we discuss the application of our method within gines used in (Constraint) Logic Programming, (C)LP. the área, of pervasive systems

Abstract interpretation-based code certification for pervasive systems: Preliminary experiments

Proof carrying code is a general methodology for certifying that the execution of an untrusted mobile code is safe, according to a predefined safety policy. The basic idea is that the code supplier attaches a certifícate (or proof) to the mobile code which, then, the consumer checks in order to ensure that the code is indeed safe. The potential benefit is that the consumer's task is reduced from the level of proving to the level of checking, a much simpler task. Recently, the abstract interpretation techniques developed in logic programming have been proposed as a basis for proof carrying code [1]. To this end, the certifícate is generated from an abstract interpretation-based proof of safety. Intuitively, the verification condition is extracted from a set of assertions guaranteeing safety and the answer table generated during the analysis. Given this information, it is relatively simple and fast to verify that the code does meet this proof and so its execution is safe. This extended abstract reports on experiments which illustrate several issues involved in abstract interpretation-based code certification. First, we describe the implementation of our system in the context of CiaoPP: the preprocessor of the Ciao multi-paradigm (constraint) logic programming system. Then, by means of some experiments, we show how code certification is aided in the implementation of the framework. Finally, we discuss the application of our method within the área of pervasive systems which may lack the necessary computing resources to verify safety on their own. We herein illustrate the relevance of the information inferred by existing cost analysis to control resource usage in this context. Moreover, since the (rather complex) analysis phase is replaced by a simpler, efficient checking process at the code consumer side, we believe that our abstract interpretation-based approach to proof-carrying code becomes practically applicable to this kind of systems.

Application of virtual certification techniques to vehicle design and track maintenance

Virtual certification partially substitutes by computer simulations the experimental techniques required for rail vehicle certification. In this paper, several works were these techniques were used in the vehicle design and track maintenance processes are presented. Dynamic simulation of multibody systems was used to virtually apply the EN14363 standard to certify the dynamic behaviour of vehicles. The works described are: assessment of a freight bogie design adapted to meter-gauge, assessment of a railway track layout for a subway network, freight bogie design with higher speed and axle load, and processing of the data acquired by a track recording vehicle for track maintenance.

Advanced Topics in Resource Analysis: Certification, Incrementality, Concurrency and Array-Sensitivity

El Análisis de Consumo de Recursos o Análisis de Coste trata de aproximar el coste de ejecutar un programa como una función dependiente de sus datos de entrada. A pesar de que existen trabajos previos a esta tesis doctoral que desarrollan potentes marcos para el análisis de coste de programas orientados a objetos, algunos aspectos avanzados, como la eficiencia, la precisión y la fiabilidad de los resultados, todavía deben ser estudiados en profundidad. Esta tesis aborda estos aspectos desde cuatro perspectivas diferentes: (1) Las estructuras de datos compartidas en la memoria del programa son una pesadilla para el análisis estático de programas. Trabajos recientes proponen una serie de condiciones de localidad para poder mantener de forma consistente información sobre los atributos de los objetos almacenados en memoria compartida, reemplazando éstos por variables locales no almacenadas en la memoria compartida. En esta tesis presentamos dos extensiones a estos trabajos: la primera es considerar, no sólo los accesos a los atributos, sino también los accesos a los elementos almacenados en arrays; la segunda se centra en los casos en los que las condiciones de localidad no se cumplen de forma incondicional, para lo cual, proponemos una técnica para encontrar las precondiciones necesarias para garantizar la consistencia de la información acerca de los datos almacenados en memoria. (2) El objetivo del análisis incremental es, dado un programa, los resultados de su análisis y una serie de cambios sobre el programa, obtener los nuevos resultados del análisis de la forma más eficiente posible, evitando reanalizar aquellos fragmentos de código que no se hayan visto afectados por los cambios. Los analizadores actuales todavía leen y analizan el programa completo de forma no incremental. Esta tesis presenta un análisis de coste incremental, que, dado un cambio en el programa, reconstruye la información sobre el coste del programa de todos los métodos afectados por el cambio de forma incremental. Para esto, proponemos (i) un algoritmo multi-dominio y de punto fijo que puede ser utilizado en todos los análisis globales necesarios para inferir el coste, y (ii) una novedosa forma de almacenar las expresiones de coste que nos permite reconstruir de forma incremental únicamente las funciones de coste de aquellos componentes afectados por el cambio. (3) Las garantías de coste obtenidas de forma automática por herramientas de análisis estático no son consideradas totalmente fiables salvo que la implementación de la herramienta o los resultados obtenidos sean verificados formalmente. Llevar a cabo el análisis de estas herramientas es una tarea titánica, ya que se trata de herramientas de gran tamaño y complejidad. En esta tesis nos centramos en el desarrollo de un marco formal para la verificación de las garantías de coste obtenidas por los analizadores en lugar de analizar las herramientas. Hemos implementado esta idea mediante la herramienta COSTA, un analizador de coste para programas Java y KeY, una herramienta de verificación de programas Java. De esta forma, COSTA genera las garantías de coste, mientras que KeY prueba la validez formal de los resultados obtenidos, generando de esta forma garantías de coste verificadas. (4) Hoy en día la concurrencia y los programas distribuidos son clave en el desarrollo de software. Los objetos concurrentes son un modelo de concurrencia asentado para el desarrollo de sistemas concurrentes. En este modelo, los objetos son las unidades de concurrencia y se comunican entre ellos mediante llamadas asíncronas a sus métodos. La distribución de las tareas sugiere que el análisis de coste debe inferir el coste de los diferentes componentes distribuidos por separado. En esta tesis proponemos un análisis de coste sensible a objetos que, utilizando los resultados obtenidos mediante un análisis de apunta-a, mantiene el coste de los diferentes componentes de forma independiente. Abstract Resource Analysis (a.k.a. Cost Analysis) tries to approximate the cost of executing programs as functions on their input data sizes and without actually having to execute the programs. While a powerful resource analysis framework on object-oriented programs existed before this thesis, advanced aspects to improve the efficiency, the accuracy and the reliability of the results of the analysis still need to be further investigated. This thesis tackles this need from the following four different perspectives. (1) Shared mutable data structures are the bane of formal reasoning and static analysis. Analyses which keep track of heap-allocated data are referred to as heap-sensitive. Recent work proposes locality conditions for soundly tracking field accesses by means of ghost non-heap allocated variables. In this thesis we present two extensions to this approach: the first extension is to consider arrays accesses (in addition to object fields), while the second extension focuses on handling cases for which the locality conditions cannot be proven unconditionally by finding aliasing preconditions under which tracking such heap locations is feasible. (2) The aim of incremental analysis is, given a program, its analysis results and a series of changes to the program, to obtain the new analysis results as efficiently as possible and, ideally, without having to (re-)analyze fragments of code that are not affected by the changes. During software development, programs are permanently modified but most analyzers still read and analyze the entire program at once in a non-incremental way. This thesis presents an incremental resource usage analysis which, after a change in the program is made, is able to reconstruct the upper-bounds of all affected methods in an incremental way. To this purpose, we propose (i) a multi-domain incremental fixed-point algorithm which can be used by all global analyses required to infer the cost, and (ii) a novel form of cost summaries that allows us to incrementally reconstruct only those components of cost functions affected by the change. (3) Resource guarantees that are automatically inferred by static analysis tools are generally not considered completely trustworthy, unless the tool implementation or the results are formally verified. Performing full-blown verification of such tools is a daunting task, since they are large and complex. In this thesis we focus on the development of a formal framework for the verification of the resource guarantees obtained by the analyzers, instead of verifying the tools. We have implemented this idea using COSTA, a state-of-the-art cost analyzer for Java programs and KeY, a state-of-the-art verification tool for Java source code. COSTA is able to derive upper-bounds of Java programs while KeY proves the validity of these bounds and provides a certificate. The main contribution of our work is to show that the proposed tools cooperation can be used for automatically producing verified resource guarantees. (4) Distribution and concurrency are today mainstream. Concurrent objects form a well established model for distributed concurrent systems. In this model, objects are the concurrency units that communicate via asynchronous method calls. Distribution suggests that analysis must infer the cost of the diverse distributed components separately. In this thesis we propose a novel object-sensitive cost analysis which, by using the results gathered by a points-to analysis, can keep the cost of the diverse distributed components separate.

MultiPARTES: Multicore Virtualization for Mixed-Criticality Systems

Modern embedded applications typically integrate a multitude of functionalities with potentially different criticality levels into a single system. Without appropriate preconditions, the integration of mixed-criticality subsystems can lead to a significant and potentially unacceptable increase of engineering and certification costs. A promising solution is to incorporate mechanisms that establish multiple partitions with strict temporal and spatial separation between the individual partitions. In this approach, subsystems with different levels of criticality can be placed in different partitions and can be verified and validated in isolation. The MultiPARTES FP7 project aims at supporting mixed- criticality integration for embedded systems based on virtualization techniques for heterogeneous multicore processors. A major outcome of the project is the MultiPARTES XtratuM, an open source hypervisor designed as a generic virtualization layer for heterogeneous multicore. MultiPARTES evaluates the developed technology through selected use cases from the offshore wind power, space, visual surveillance, and automotive domains. The impact of MultiPARTES on the targeted domains will be also discussed. In a number of ongoing research initiatives (e.g., RECOMP, ARAMIS, MultiPARTES, CERTAINTY) mixed-criticality integration is considered in multicore processors. Key challenges are the combination of software virtualization and hardware segregation and the extension of partitioning mechanisms to jointly address significant non-functional requirements (e.g., time, energy and power budgets, adaptivity, reliability, safety, security, volume, weight, etc.) along with development and certification methodology.

Systems and technologies for objective evaluation of technical skills in laparoscopic surgery

Minimally invasive surgery is a highly demanding surgical approach regarding technical requirements for the surgeon, who must be trained in order to perform a safe surgical intervention. Traditional surgical education in minimally invasive surgery is commonly based on subjective criteria to quantify and evaluate surgical abilities, which could be potentially unsafe for the patient. Authors, surgeons and associations are increasingly demanding the development of more objective assessment tools that can accredit surgeons as technically competent. This paper describes the state of the art in objective assessment methods of surgical skills. It gives an overview on assessment systems based on structured checklists and rating scales, surgical simulators, and instrument motion analysis. As a future work, an objective and automatic assessment method of surgical skills should be standardized as a means towards proficiency-based curricula for training in laparoscopic surgery and its certification.

Languages for safety-certification related propertis

The Safety Certification of Software-Intensive Systems with Reusable Components project, in short SafeCer (www.safecer.eu),is targeting increased efficiency and reduced time-to-market by composable safety certification of safety- relevant embedded systems. The industrial domains targeted are within automotive and construction equipment, avionics, and rail. Some of the companies involved are: Volvo Tech- nology, Thales, TTTech, and Intecs among others. SafeCer includes more than 30 partners in six different countries and has a budget of e25.7 millions. A primary objective is to provide support for system safety arguments based on arguments and properties of system components as well as to provide support for generation of corresponding evidence in a similar compositional way. By providing support for efficient reuse of certification and stronger links between certification and development, compo- nent reuse will be facilitated, and by providing support for reuse across domains the amount of components available for reuse will increase dramatically. The resulting efficiency and reduced time to market will, together with increased quality and reduced risk, increase competitiveness and pave the way for a cross-domain market for software components qualified for certification.

A framework for mixed-criticality partitioned real-time embedded systems

Los sistemas empotrados son cada día más comunes y complejos, de modo que encontrar procesos seguros, eficaces y baratos de desarrollo software dirigidos específicamente a esta clase de sistemas es más necesario que nunca. A diferencia de lo que ocurría hasta hace poco, en la actualidad los avances tecnológicos en el campo de los microprocesadores de los últimos tiempos permiten el desarrollo de equipos con prestaciones más que suficientes para ejecutar varios sistemas software en una única máquina. Además, hay sistemas empotrados con requisitos de seguridad (safety) de cuyo correcto funcionamiento depende la vida de muchas personas y/o grandes inversiones económicas. Estos sistemas software se diseñan e implementan de acuerdo con unos estándares de desarrollo software muy estrictos y exigentes. En algunos casos puede ser necesaria también la certificación del software. Para estos casos, los sistemas con criticidades mixtas pueden ser una alternativa muy valiosa. En esta clase de sistemas, aplicaciones con diferentes niveles de criticidad se ejecutan en el mismo computador. Sin embargo, a menudo es necesario certificar el sistema entero con el nivel de criticidad de la aplicación más crítica, lo que hace que los costes se disparen. La virtualización se ha postulado como una tecnología muy interesante para contener esos costes. Esta tecnología permite que un conjunto de máquinas virtuales o particiones ejecuten las aplicaciones con unos niveles de aislamiento tanto temporal como espacial muy altos. Esto, a su vez, permite que cada partición pueda ser certificada independientemente. Para el desarrollo de sistemas particionados con criticidades mixtas se necesita actualizar los modelos de desarrollo software tradicionales, pues estos no cubren ni las nuevas actividades ni los nuevos roles que se requieren en el desarrollo de estos sistemas. Por ejemplo, el integrador del sistema debe definir las particiones o el desarrollador de aplicaciones debe tener en cuenta las características de la partición donde su aplicación va a ejecutar. Tradicionalmente, en el desarrollo de sistemas empotrados, el modelo en V ha tenido una especial relevancia. Por ello, este modelo ha sido adaptado para tener en cuenta escenarios tales como el desarrollo en paralelo de aplicaciones o la incorporación de una nueva partición a un sistema ya existente. El objetivo de esta tesis doctoral es mejorar la tecnología actual de desarrollo de sistemas particionados con criticidades mixtas. Para ello, se ha diseñado e implementado un entorno dirigido específicamente a facilitar y mejorar los procesos de desarrollo de esta clase de sistemas. En concreto, se ha creado un algoritmo que genera el particionado del sistema automáticamente. En el entorno de desarrollo propuesto, se han integrado todas las actividades necesarias para desarrollo de un sistema particionado, incluidos los nuevos roles y actividades mencionados anteriormente. Además, el diseño del entorno de desarrollo se ha basado en la ingeniería guiada por modelos (Model-Driven Engineering), la cual promueve el uso de los modelos como elementos fundamentales en el proceso de desarrollo. Así pues, se proporcionan las herramientas necesarias para modelar y particionar el sistema, así como para validar los resultados y generar los artefactos necesarios para el compilado, construcción y despliegue del mismo. Además, en el diseño del entorno de desarrollo, la extensión e integración del mismo con herramientas de validación ha sido un factor clave. En concreto, se pueden incorporar al entorno de desarrollo nuevos requisitos no-funcionales, la generación de nuevos artefactos tales como documentación o diferentes lenguajes de programación, etc. Una parte clave del entorno de desarrollo es el algoritmo de particionado. Este algoritmo se ha diseñado para ser independiente de los requisitos de las aplicaciones así como para permitir al integrador del sistema implementar nuevos requisitos del sistema. Para lograr esta independencia, se han definido las restricciones al particionado. El algoritmo garantiza que dichas restricciones se cumplirán en el sistema particionado que resulte de su ejecución. Las restricciones al particionado se han diseñado con una capacidad expresiva suficiente para que, con un pequeño grupo de ellas, se puedan expresar la mayor parte de los requisitos no-funcionales más comunes. Las restricciones pueden ser definidas manualmente por el integrador del sistema o bien pueden ser generadas automáticamente por una herramienta a partir de los requisitos funcionales y no-funcionales de una aplicación. El algoritmo de particionado toma como entradas los modelos y las restricciones al particionado del sistema. Tras la ejecución y como resultado, se genera un modelo de despliegue en el que se definen las particiones que son necesarias para el particionado del sistema. A su vez, cada partición define qué aplicaciones deben ejecutar en ella así como los recursos que necesita la partición para ejecutar correctamente. El problema del particionado y las restricciones al particionado se modelan matemáticamente a través de grafos coloreados. En dichos grafos, un coloreado propio de los vértices representa un particionado del sistema correcto. El algoritmo se ha diseñado también para que, si es necesario, sea posible obtener particionados alternativos al inicialmente propuesto. El entorno de desarrollo, incluyendo el algoritmo de particionado, se ha probado con éxito en dos casos de uso industriales: el satélite UPMSat-2 y un demostrador del sistema de control de una turbina eólica. Además, el algoritmo se ha validado mediante la ejecución de numerosos escenarios sintéticos, incluyendo algunos muy complejos, de más de 500 aplicaciones. ABSTRACT The importance of embedded software is growing as it is required for a large number of systems. Devising cheap, efficient and reliable development processes for embedded systems is thus a notable challenge nowadays. Computer processing power is continuously increasing, and as a result, it is currently possible to integrate complex systems in a single processor, which was not feasible a few years ago.Embedded systems may have safety critical requirements. Its failure may result in personal or substantial economical loss. The development of these systems requires stringent development processes that are usually defined by suitable standards. In some cases their certification is also necessary. This scenario fosters the use of mixed-criticality systems in which applications of different criticality levels must coexist in a single system. In these cases, it is usually necessary to certify the whole system, including non-critical applications, which is costly. Virtualization emerges as an enabling technology used for dealing with this problem. The system is structured as a set of partitions, or virtual machines, that can be executed with temporal and spatial isolation. In this way, applications can be developed and certified independently. The development of MCPS (Mixed-Criticality Partitioned Systems) requires additional roles and activities that traditional systems do not require. The system integrator has to define system partitions. Application development has to consider the characteristics of the partition to which it is allocated. In addition, traditional software process models have to be adapted to this scenario. The V-model is commonly used in embedded systems development. It can be adapted to the development of MCPS by enabling the parallel development of applications or adding an additional partition to an existing system. The objective of this PhD is to improve the available technology for MCPS development by providing a framework tailored to the development of this type of system and by defining a flexible and efficient algorithm for automatically generating system partitionings. The goal of the framework is to integrate all the activities required for developing MCPS and to support the different roles involved in this process. The framework is based on MDE (Model-Driven Engineering), which emphasizes the use of models in the development process. The framework provides basic means for modeling the system, generating system partitions, validating the system and generating final artifacts. The framework has been designed to facilitate its extension and the integration of external validation tools. In particular, it can be extended by adding support for additional non-functional requirements and support for final artifacts, such as new programming languages or additional documentation. The framework includes a novel partitioning algorithm. It has been designed to be independent of the types of applications requirements and also to enable the system integrator to tailor the partitioning to the specific requirements of a system. This independence is achieved by defining partitioning constraints that must be met by the resulting partitioning. They have sufficient expressive capacity to state the most common constraints and can be defined manually by the system integrator or generated automatically based on functional and non-functional requirements of the applications. The partitioning algorithm uses system models and partitioning constraints as its inputs. It generates a deployment model that is composed by a set of partitions. Each partition is in turn composed of a set of allocated applications and assigned resources. The partitioning problem, including applications and constraints, is modeled as a colored graph. A valid partitioning is a proper vertex coloring. A specially designed algorithm generates this coloring and is able to provide alternative partitions if required. The framework, including the partitioning algorithm, has been successfully used in the development of two industrial use cases: the UPMSat-2 satellite and the control system of a wind-power turbine. The partitioning algorithm has been successfully validated by using a large number of synthetic loads, including complex scenarios with more that 500 applications.