Recovery within long running transactions

As computer systems continue to grow in complexity, the possibilities of failure increase. At the same time, the increase in computer system pervasiveness in day-to-day activities brought along increased expectations on their reliability. This has led to the need for effective and automatic error recovery techniques to resolve failures. Transactions enable the handling of failure propagation over concurrent systems due to dependencies, restoring the system to the point before the failure occurred. However, in various settings, especially when interacting with the real world, reversal is not possible. The notion of compensations has been long advocated as a way of addressing this issue, through the specification of activities which can be executed to undo partial transactions. Still, there is no accepted standard theory; the literature offers a plethora of distinct formalisms and approaches. In this survey, we review the compensations from a theoretical point of view by: (i) giving a historic account of the evolution of compensating transactions; (ii) delineating and describing a number of design options involved; (iii) presenting a number of formalisms found in the literature, exposing similarities and differences; (iv) comparing formal notions of compensation correctness; (v) giving insights regarding the application of compensations in practice; and (vi) discussing current and future research trends in the area.peer-reviewe

WS-Pro: a Petri net based performance-driven service composition framework

As an emerging area gaining prevalence in the industry, Web Services was established to satisfy the needs for better flexibility and higher reliability in web applications. However, due to the lack of reliable frameworks and difficulties in constructing versatile service composition platform, web developers encountered major obstacles in large-scale deployment of web services. Meanwhile, performance has been one of the major concerns and a largely unexplored area in Web Services research. There is high demand for researchers to conceive and develop feasible solutions to design, monitor, and deploy web service systems that can adapt to failures, especially performance failures. Though many techniques have been proposed to solve this problem, none of them offers a comprehensive solution to overcome the difficulties that challenge practitioners. Central to the performance-engineering studies, performance analysis and performance adaptation are of paramount importance to the success of a software project. The industry learned through many hard lessons the significance of well-founded and well-executed performance engineering plans. An important fact is that it is too expensive to tackle performance evaluation, mostly through performance testing, after the software is developed. This is especially true in recent decades when software complexity has risen sharply. After the system is deployed, performance adaptation is essential to maintaining and improving software system reliability. Performance adaptation provides techniques to mitigate the consequence of performance failures and therefore is an important research issue. Performance adaptation is particularly meaningful for mission-critical software systems and software systems with inevitable frequent performance failures, such as Web Services. This dissertation focuses on Web Services framework and proposes a performance-driven service composition scheme, called WS-Pro, to support both performance analysis and performance adaptation. A formalism of transformation from WS-BPEL to Petri net is first defined to enable the analysis of system properties and facilitate quality prediction. A state-transition based proof is presented to show that the transformed Petri net model correctly simulates the behavior of the WS-BPEL process. The generated Petri net model was augmented using performance data supplied by both historical data and runtime data. Results of executing the Petri nets suggest that optimal composition plans can be achieved based on the proposed method. The performance of service composition procedure is an important research issue which has not been sufficiently treated by researchers. However, such an issue is critical for dynamic service composition, where re-planning must be done in a timely manner. In order to improve the performance of service composition procedure and enhance performance adaptation, this dissertation presents an algorithm to remove loops in the reachability graphs so that a large portion of the computation time of service composition can be moved to a pre-processing unit; hence the response time is shortened during runtime. We also extended the WS-Pro to the ubiquitous computing area to improve fault-tolerance

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements

Applications of Bayesian networks and Petri nets in safety, reliability, and risk assessments: A review

YesSystem safety, reliability and risk analysis are important tasks that are performed throughout the system lifecycle to ensure the dependability of safety-critical systems. Probabilistic risk assessment (PRA) approaches are comprehensive, structured and logical methods widely used for this purpose. PRA approaches include, but not limited to, Fault Tree Analysis (FTA), Failure Mode and Effects Analysis (FMEA), and Event Tree Analysis (ETA). Growing complexity of modern systems and their capability of behaving dynamically make it challenging for classical PRA techniques to analyse such systems accurately. For a comprehensive and accurate analysis of complex systems, different characteristics such as functional dependencies among components, temporal behaviour of systems, multiple failure modes/states for components/systems, and uncertainty in system behaviour and failure data are needed to be considered. Unfortunately, classical approaches are not capable of accounting for these aspects. Bayesian networks (BNs) have gained popularity in risk assessment applications due to their flexible structure and capability of incorporating most of the above mentioned aspects during analysis. Furthermore, BNs have the ability to perform diagnostic analysis. Petri Nets are another formal graphical and mathematical tool capable of modelling and analysing dynamic behaviour of systems. They are also increasingly used for system safety, reliability and risk evaluation. This paper presents a review of the applications of Bayesian networks and Petri nets in system safety, reliability and risk assessments. The review highlights the potential usefulness of the BN and PN based approaches over other classical approaches, and relative strengths and weaknesses in different practical application scenarios.This work was funded by the DEIS H2020 project (Grant Agreement 732242)

The planning coordinator: A design architecture for autonomous error recovery and on-line planning of intelligent tasks

Developing a robust, task level, error recovery and on-line planning architecture is an open research area. There is previously published work on both error recovery and on-line planning; however, none incorporates error recovery and on-line planning into one integrated platform. The integration of these two functionalities requires an architecture that possesses the following characteristics. The architecture must provide for the inclusion of new information without the destruction of existing information. The architecture must provide for the relating of pieces of information, old and new, to one another in a non-trivial rather than trivial manner (e.g., object one is related to object two under the following constraints, versus, yes, they are related; no, they are not related). Finally, the architecture must be not only a stand alone architecture, but also one that can be easily integrated as a supplement to some existing architecture. This thesis proposal addresses architectural development. Its intent is to integrate error recovery and on-line planning onto a single, integrated, multi-processor platform. This intelligent x-autonomous platform, called the Planning Coordinator, will be used initially to supplement existing x-autonomous systems and eventually replace them

Measurements, Models, Systems and Design

531 s.

Independent verification of specification models for large software systems at the early phases of development lifecycle

One of the major challenges facing the software industry, in general and IV&V (Independent Verification and Validation) analysts in particular, is to find ways for analyzing dynamic behavior of requirement specifications of large software systems early in the development lifecycle. Such analysis can significantly improve the performance and reliability of the developed systems. This dissertation addresses the problem of developing an IV&V framework for extracting semantics of dynamic behavior from requirement specifications based on: (1) SART (Structured Analysis with Realtime) models, and (2) UML (Unified Modeling Language) models.;For SART, the framework presented here shows a direct mapping from SART specification models to CPN (Colored Petrinets) models. The semantics of the SART hierarchy at the individual levels are preserved in the mapping. This makes it easy for the analyst to perform the analysis and trace back to the corresponding SART model. CPN was selected because it supports rigorous dynamic analysis. A large scale case study based on a component of NASA EOS system was performed for a proof of the concept.;For UML specifications, an approach based on metamodels is presented. A special type of metamodel, called dynamic metamodel (DMM), is introduced. This approach holds several advantages over the direct mapping of UML to CPN. The mapping rules for generating DMM are not CPN specific, hence they would not change if a language other than CPN is used. Also it makes it more flexible to develop DMM because other types of models can be added to the existing UML models. A simple example of a pacemaker is used to illustrate the concepts of DMM