Deriving Specifications of Dependable Systems: toward a Method

This paper proposes a method for deriving formal specifications of systems. To accomplish this task we pass through a non trivial number of steps, concepts and tools where the first one, the most important, is the concept of method itself, since we realized that computer science has a proliferation of languages but very few methods. We also propose the idea of Layered Fault Tolerant Specification (LFTS) to make the method extensible to dependable systems. The principle is layering the specification, for the sake of clarity, in (at least) two different levels, the first one for the normal behavior and the others (if more than one) for the abnormal. The abnormal behavior is described in terms of an Error Injector (EI) which represents a model of the erroneous interference coming from the environment. This structure has been inspired by the notion of idealized fault tolerant component but the combination of LFTS and EI using rely guarantee thinking to describe interference can be considered one of the main contributions of this work. The progress toward this method and the way to layer specifications has been made experimenting on the Transportation and the Automotive Case Studies of the DEPLOY project.Comment: Published in "12th European Workshop on Dependable Computing, EWDC 2009, Toulouse : France (2009)

Adaptive Process Management in Cyber-Physical Domains

The increasing application of process-oriented approaches in new challenging cyber-physical domains beyond business computing (e.g., personalized healthcare, emergency management, factories of the future, home automation, etc.) has led to reconsider the level of flexibility and support required to manage complex processes in such domains. A cyber-physical domain is characterized by the presence of a cyber-physical system coordinating heterogeneous ICT components (PCs, smartphones, sensors, actuators) and involving real world entities (humans, machines, agents, robots, etc.) that perform complex tasks in the “physical” real world to achieve a common goal. The physical world, however, is not entirely predictable, and processes enacted in cyber-physical domains must be robust to unexpected conditions and adaptable to unanticipated exceptions. This demands a more flexible approach in process design and enactment, recognizing that in real-world environments it is not adequate to assume that all possible recovery activities can be predefined for dealing with the exceptions that can ensue. In this chapter, we tackle the above issue and we propose a general approach, a concrete framework and a process management system implementation, called SmartPM, for automatically adapting processes enacted in cyber-physical domains in case of unanticipated exceptions and exogenous events. The adaptation mechanism provided by SmartPM is based on declarative task specifications, execution monitoring for detecting failures and context changes at run-time, and automated planning techniques to self-repair the running process, without requiring to predefine any specific adaptation policy or exception handler at design-time

Optimizing for confidence - Costs and opportunities at the frontier between abstraction and reality

Is there a relationship between computing costs and the confidence people place in the behavior of computing systems? What are the tuning knobs one can use to optimize systems for human confidence instead of correctness in purely abstract models? This report explores these questions by reviewing the mechanisms by which people build confidence in the match between the physical world behavior of machines and their abstract intuition of this behavior according to models or programming language semantics. We highlight in particular that a bottom-up approach relies on arbitrary trust in the accuracy of I/O devices, and that there exists clear cost trade-offs in the use of I/O devices in computing systems. We also show various methods which alleviate the need to trust I/O devices arbitrarily and instead build confidence incrementally "from the outside" by considering systems as black box entities. We highlight cases where these approaches can reach a given confidence level at a lower cost than bottom-up approaches.Comment: 11 pages, 1 figur

Operating ITS-G5 DSRC over Unlicensed Bands: A City-Scale Performance Evaluation

Future Connected and Autonomous Vehicles (CAVs) will be equipped with a large set of sensors. The large amount of generated sensor data is expected to be exchanged with other CAVs and the road-side infrastructure. Both in Europe and the US, Dedicated Short Range Communications (DSRC) systems, based on the IEEE 802.11p Physical Layer, are key enabler for the communication among vehicles. Given the expected market penetration of connected vehicles, the licensed band of 75 MHz, dedicated to DSRC communications, is expected to become increasingly congested. In this paper, we investigate the performance of a vehicular communication system, operated over the unlicensed bands 2.4 GHz - 2.5 GHz and 5.725 GHz - 5.875 GHz. Our experimental evaluation was carried out in a testing track in the centre of Bristol, UK and our system is a full-stack ETSI ITS-G5 implementation. Our performance investigation compares key communication metrics (e.g., packet delivery rate, received signal strength indicator) measured by operating our system over the licensed DSRC and the considered unlicensed bands. In particular, when operated over the 2.4 GHz - 2.5 GHz band, our system achieves comparable performance to the case when the DSRC band is used. On the other hand, as soon as the system, is operated over the 5.725 GHz - 5.875 GHz band, the packet delivery rate is 30% smaller compared to the case when the DSRC band is employed. These findings prove that operating our system over unlicensed ISM bands is a viable option. During our experimental evaluation, we recorded all the generated network interactions and the complete data set has been publicly available.Comment: IEEE PIMRC 2019, to appea

The development of a tool to promote sustainability in casting processes

The drive of the manufacturing industry towards productivity, quality and profitability has been supported in the last century by the availability of relatively cheap and abundant energy sources with limited focus on the minimisation of energy and material waste. However, in the last decades, more and more stringent regulations aimed at reducing pollution and consumption of resources have been introduced worldwide and in particular in Europe. Consequently, a highly mature and competitive industry like foundry is expecting challenges that an endeavour towards sustainability can turn into significant opportunities for the future. A tool to undertake a systematic analysis of energy and material flows in the casting process is being developed. An overview of the computer program architecture is presented and its output has been validated against real-world data collected from foundries

Arguing satisfaction of security requirements

This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the security of a system. The process starts with the enumeration of security goals based on assets in the system, then uses these goals to derive security requirements in the form of constraints. Next, a satisfaction argument for the system is constructed, using a problem-centered representation, a formal proof to analyze properties that can be demonstrated, and structured informal argumentation of the assumptions exposed during construction of the argument. Constructing the satisfaction argument can expose missing and inconsistent assumptions about system context and behavior that effect security, and a completed argument provides assurances that a system can respect its security requirements

Arcadia, a software development environment research project

The research objectives of the Arcadia project are two-fold: discovery and development of environment architecture principles and creation of novel software development tools, particularly powerful analysis tools, which will function within an environment built upon these architectural principles.Work in the architecture area is concerned with providing the framework to support integration while also supporting the often conflicting goal of extensibility. Thus, this area of research is directed toward achieving external integration by providing a consistent, uniform user interface, while still admitting customization and addition of new tools and interface functions. In an effort to also attain internal integration, research is aimed at developing mechanisms for structuring and managing the tools and data objects that populate a software development environment, while facilitating the insertion of new kinds of tools and new classes of objects.The unifying theme of work in the tools area is support for effective analysis at every stage of a software development project. Research is directed toward tools suitable for analyzing pre-implementation descriptions of software, software itself, and towards the production of testing and debugging tools. In many cases, these tools are specifically tailored for applicability to concurrent, distributed, or real-time software systems.The initial focus of Arcadia research is on creating a prototype environment, embodying the architectural principles, which supports Ada1 software development. This prototype environment is itself being developed in Ada.Arcadia is being developed by a consortium of researchers from the University of California at Irvine, the University of Colorado at Boulder, the University of Massachusetts at Amherst, TRW, Incremental Systems Corporation, and The Aerospace Corporation. This paper delineates the research objectives and describes the approaches being taken, the organization of the research endeavor, and current status of the work