TRUSTED SERVICE COMPOSITION FOR DISTRIBUTED REAL-TIME AND EMBEDDED SYSTEMS

poster abstractDistributed real-time and embedded (DRE) software systems are expected to provide high quality-of-service (QoS) attributes, e.g., scalability, reliability, and security, in conjunction with correct functionality built atop of infrastructure with limited capabilities. Given the many complex and conflicting QoS and functional attributes of DRE systems, a major challenge in developing such software systems is to guaranteeing it trustworthiness, i.e., the degree of confidence that the system adheres to its specification. Current state-of-the-art methods use service orientation to compose systems from reusable and trusted services, and validate the trustworthiness of the end system using runtime evidences. The major shortcoming of this approach is that trust is considered an afterthought (i.e., not an integral part of the software development lifecycle). Trustworthiness of a system should be evaluated based on the trustworthiness of different properties of the system, including its functionality and QoS attributes. Our research extends current state-of-the-art methods for developing trusted DRE systems by considering development time factors of the composition (e.g., properties of individual services, interaction patterns, and compatibility with other services). It is a major research challenge to evaluate the composition of trustworthiness for different system properties with different composition patterns. Our current and future research work to address this challenge includes identifying trust composition operators for different types of compositions, deriving a formal model of trust composition, and validating our approach with a case study using a distributed tracking system

Composition, Superposition, and Encapsulation in the Formal Specification of Distributed Systems

Composition, superposition, and encapsulation are important techniques that work well together for designing large distributed software systems. Composition is a symmetric operator that allows system components to communicate with each other across module boundaries. Superposition is an asymmetric relationship that allows one system component to observe the state of another. Encapsulation is the ability to define the reason about the behavior of a module in terms of a well-defined boundary between that module and its environment, while hiding the internal operations of that module. In this paper, the I/O automation model of Lynch and Tuttle is extended to permit superposition of program modules. This results in a unified model that supports composition, superposition, and encapsulation. The extended model includes a formal specification mechanism for layered systems that allows the sets of correct behaviors of each layer to be expressed in terms of the states of the layers below it. To illustrate the ideas, we use the extended model to specify the global snapshot problem and prove the correctness of the global snapshot algorithm of Chandy and Lamport

Using the PALS Architecture to Verify a Distributed Topology Control Protocol for Wireless Multi-Hop Networks in the Presence of Node Failures

The PALS architecture reduces distributed, real-time asynchronous system design to the design of a synchronous system under reasonable requirements. Assuming logical synchrony leads to fewer system behaviors and provides a conceptually simpler paradigm for engineering purposes. One of the current limitations of the framework is that from a set of independent "synchronous machines", one must compose the entire synchronous system by hand, which is tedious and error-prone. We use Maude's meta-level to automatically generate a synchronous composition from user-provided component machines and a description of how the machines communicate with each other. We then use the new capabilities to verify the correctness of a distributed topology control protocol for wireless networks in the presence of nodes that may fail.Comment: In Proceedings RTRTS 2010, arXiv:1009.398

Universal Loop-Free Super-Stabilization

We propose an univesal scheme to design loop-free and super-stabilizing protocols for constructing spanning trees optimizing any tree metrics (not only those that are isomorphic to a shortest path tree). Our scheme combines a novel super-stabilizing loop-free BFS with an existing self-stabilizing spanning tree that optimizes a given metric. The composition result preserves the best properties of both worlds: super-stabilization, loop-freedom, and optimization of the original metric without any stabilization time penalty. As case study we apply our composition mechanism to two well known metric-dependent spanning trees: the maximum-flow tree and the minimum degree spanning tree