Towards a Framework for Managing Inconsistencies in Systems of Systems

The growth in the complexity of software systems has led to a proliferation of systems that have been created independently to provide specific functions, such as activity tracking, household energy management or personal nutrition assistance. The runtime composition of these individual systems into Systems of Systems (SoSs) enables support for more sophisticated functionality that cannot be provided by individual constituent systems on their own. However, in order to realize the benefits of these functionalities it is necessary to address a number of challenges associated with SoSs, including, but not limited to, operational and managerial independence, geographic distribution of participating systems, evolutionary development, and emergent conflicting behavior that can occur due interactions between the requirements of the participating systems. In this paper, we present a framework for conflict management in SoSs. The management of conflicting requirements involves four steps, namely (a) overlap detection, (b) conflict identification, (c) conflict diagnosis, and (d) conflict resolution based on the use of a utility function. The framework uses a Monitor-Analyze-Plan- Execute- Knowledge (MAPE-K) architectural pattern. In order to illustrate the work, we use an example SoS ecosystem designed to support food security at different levels of granularity

Advanced Security Analysis for Emergent Software Platforms

Emergent software ecosystems, boomed by the advent of smartphones and the Internet of Things (IoT) platforms, are perpetually sophisticated, deployed into highly dynamic environments, and facilitating interactions across heterogeneous domains. Accordingly, assessing the security thereof is a pressing need, yet requires high levels of scalability and reliability to handle the dynamism involved in such volatile ecosystems. This dissertation seeks to enhance conventional security detection methods to cope with the emergent features of contemporary software ecosystems. In particular, it analyzes the security of Android and IoT ecosystems by developing rigorous vulnerability detection methods. A critical aspect of this work is the focus on detecting vulnerable and unsafe interactions between applications that share common components and devices. Contributions of this work include novel insights and methods for: (1) detecting vulnerable interactions between Android applications that leverage dynamic loading features for concealing the interactions; (2) identifying unsafe interactions between smart home applications by considering physical and cyber channels; (3) detecting malicious IoT applications that are developed to target numerous IoT devices; (4) detecting insecure patterns of emergent security APIs that are reused from open-source software. In all of the four research thrusts, we present thorough security analysis and extensive evaluations based on real-world applications. Our results demonstrate that the proposed detection mechanisms can efficiently and effectively detect vulnerabilities in contemporary software platforms. Advisers: Hamid Bagheri and Qiben Ya

Testing Autonomous Cars for Feature Interaction Failures using Many-Objective Search

Complex systems such as autonomous cars are typically built as a composition of features that are independent units of functionality. Features tend to interact and impact one another’s behavior in unknown ways. A challenge is to detect and manage feature interactions, in particular, those that violate system requirements, hence leading to failures. In this paper, we propose a technique to detect feature interaction failures by casting our approach into a search-based test generation problem. We define a set of hybrid test objectives (distance functions) that combine traditional coverage-based heuristics with new heuristics specifically aimed at revealing feature interaction failures. We develop a new search-based test generation algorithm, called FITEST, that is guided by our hybrid test objectives. FITEST extends recently proposed many-objective evolutionary algorithms to reduce the time required to compute fitness values. We evaluate our approach using two versions of an industrial self-driving system. Our results show that our hybrid test objectives are able to identify more than twice as many feature interaction failures as two baseline test objectives used in the software testing literature (i.e., coverage-based and failure-based test objectives). Further, the feedback from domain experts indicates that the detected feature interaction failures represent real faults in their systems that were not previously identified based on analysis of the system features and their requirements

Initialisation Problems in Feature Composition

Composing features that have inconsistent requirements may lead to feature interactions that violate requirements satisfied by each feature in isolation. These interactions manifest themselves as conflicts on shared resources. Arbitration is a common approach to resolving such conflicts that uses prioritisation to decide which feature has access to resources when there is a conflict. However, arbitration alone does not guarantee satisfaction of the requirement of the feature that eventually gains access to a resource. This is because arbitration does not take into account that the resource may be in a state that is inconsistent with that expected by the feature. We call this the initialisation problem. In this thesis we propose an approach to addressing the initialisation problem which combines arbitration with contingencies. Contingency means having several specifications per feature satisfying the same requirement, depending on the current resource state. We illustrate and validate our approach by applying it to resolving conflicts between features in smart home and automotive domains. The validation shows that contingencies complement arbitration by enabling satisfaction of the requirement of the feature that eventually gains access to a shared resource, regardless of the current state of the resource. The main contribution of this thesis is an approach to analysing initialisation concerns in feature composition. At the core of our approach is an explicit consideration of all possible states of a resource as potential initial states. Given each initial state we then derive corresponding specifications that would enable a feature to satisfy its requirement in those states. We show that our approach to initialisation problems is relevant to addressing the feature interaction problem by characterising some types of conflicts as initialisation concerns

Traceability support in software product lines

Dissertação apresentada na Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa para a obtenção do grau de Mestre em Engenharia Informática.Traceability is becoming a necessary quality of any modern software system. The complexity in modern systems is such that, if we cannot rely on good techniques and tools it becomes an unsustainable burden, where software artifacts can hardly be linked to their initial requirements. Modern software systems are composed by a many artifacts (models, code, etc.). Any change in one of them may have repercussions on many components. The assessment of this impact usually comes at a high cost and is highly error-prone. This complexity inherent to software development increases when it comes to Software Product Line Engineering. Traceability aims to respond to this challenge, by linking all the software artifacts that are used, in order to reason about how they influence each others. We propose to specify, design and implement an extensible Traceability Framework that will allow developers to provide traceability for a product line, or the possibility to extend it for other development scenarios. This MSc thesis work is to develop an extensible framework, using Model-Driven techniques and technologies, to provide traceability support for product lines. We also wish to provide basic and advanced traceability queries, and traceability views designed for the needs of each user

Runtime Resolution of Feature Interactions in Evolving Telecommunications Systems

Feature interactions in telecommunications is an active research area. Many approaches to solve the so-called feature interaction problem have been proposed. However, all these approaches consider feature interaction as a somewhat isolated problem, in particular it is not seen in the context of evolving legacy systems and third party features in a deregulated market environment. An exception is the approach by Marples and Magill [MM98, Mar00], which presents an interaction detection mechanism and an essentially manual resolution approach. We develop an automatic resolution approach that can be integrated with Marples and Magill's detection mechanism. We distinguish two key concepts, namely solutions and resolutions. The former are essentially possible behaviours of the system, they are not qualified as desirable or undesirable, the latter are the desirable solutions. Our approach allows for automatic removal of undesired behaviour and selection of the "best" desired behaviour. The correctness, complexity and suitability of our approach are analysed. Two case studies support these more theoretical considerations. Our approach is transferable to other areas, such as quality of service management, and is not restricted to network architectures with a single point of control

Self-managed Workflows for Cyber-physical Systems

Workflows are a well-established concept for describing business logics and processes in web-based applications and enterprise application integration scenarios on an abstract implementation-agnostic level. Applying Business Process Management (BPM) technologies to increase autonomy and automate sequences of activities in Cyber-physical Systems (CPS) promises various advantages including a higher flexibility and simplified programming, a more efficient resource usage, and an easier integration and orchestration of CPS devices. However, traditional BPM notations and engines have not been designed to be used in the context of CPS, which raises new research questions occurring with the close coupling of the virtual and physical worlds. Among these challenges are the interaction with complex compounds of heterogeneous sensors, actuators, things and humans; the detection and handling of errors in the physical world; and the synchronization of the cyber-physical process execution models. Novel factors related to the interaction with the physical world including real world obstacles, inconsistencies and inaccuracies may jeopardize the successful execution of workflows in CPS and may lead to unanticipated situations. This thesis investigates properties and requirements of CPS relevant for the introduction of BPM technologies into cyber-physical domains. We discuss existing BPM systems and related work regarding the integration of sensors and actuators into workflows, the development of a Workflow Management System (WfMS) for CPS, and the synchronization of the virtual and physical process execution as part of self-* capabilities for WfMSes. Based on the identified research gap, we present concepts and prototypes regarding the development of a CPS WFMS w.r.t. all phases of the BPM lifecycle. First, we introduce a CPS workflow notation that supports the modelling of the interaction of complex sensors, actuators, humans, dynamic services and WfMSes on the business process level. In addition, the effects of the workflow execution can be specified in the form of goals defining success and error criteria for the execution of individual process steps. Along with that, we introduce the notion of Cyber-physical Consistency. Following, we present a system architecture for a corresponding WfMS (PROtEUS) to execute the modelled processes-also in distributed execution settings and with a focus on interactive process management. Subsequently, the integration of a cyber-physical feedback loop to increase resilience of the process execution at runtime is discussed. Within this MAPE-K loop, sensor and context data are related to the effects of the process execution, deviations from expected behaviour are detected, and compensations are planned and executed. The execution of this feedback loop can be scaled depending on the required level of precision and consistency. Our implementation of the MAPE-K loop proves to be a general framework for adding self-* capabilities to WfMSes. The evaluation of our concepts within a smart home case study shows expected behaviour, reasonable execution times, reduced error rates and high coverage of the identified requirements, which makes our CPS~WfMS a suitable system for introducing workflows on top of systems, devices, things and applications of CPS.:1. Introduction 15 1.1. Motivation 15 1.2. Research Issues 17 1.3. Scope & Contributions 19 1.4. Structure of the Thesis 20 2. Workflows and Cyber-physical Systems 21 2.1. Introduction 21 2.2. Two Motivating Examples 21 2.3. Business Process Management and Workflow Technologies 23 2.4. Cyber-physical Systems 31 2.5. Workflows in CPS 38 2.6. Requirements 42 3. Related Work 45 3.1. Introduction 45 3.2. Existing BPM Systems in Industry and Academia 45 3.3. Modelling of CPS Workflows 49 3.4. CPS Workflow Systems 53 3.5. Cyber-physical Synchronization 58 3.6. Self-* for BPM Systems 63 3.7. Retrofitting Frameworks for WfMSes 69 3.8. Conclusion & Deficits 71 4. Modelling of Cyber-physical Workflows with Consistency Style Sheets 75 4.1. Introduction 75 4.2. Workflow Metamodel 76 4.3. Knowledge Base 87 4.4. Dynamic Services 92 4.5. CPS-related Workflow Effects 94 4.6. Cyber-physical Consistency 100 4.7. Consistency Style Sheets 105 4.8. Tools for Modelling of CPS Workflows 106 4.9. Compatibility with Existing Business Process Notations 111 5. Architecture of a WfMS for Distributed CPS Workflows 115 5.1. Introduction 115 5.2. PROtEUS Process Execution System 116 5.3. Internet of Things Middleware 124 5.4. Dynamic Service Selection via Semantic Access Layer 125 5.5. Process Distribution 126 5.6. Ubiquitous Human Interaction 130 5.7. Towards a CPS WfMS Reference Architecture for Other Domains 137 6. Scalable Execution of Self-managed CPS Workflows 141 6.1. Introduction 141 6.2. MAPE-K Control Loops for Autonomous Workflows 141 6.3. Feedback Loop for Cyber-physical Consistency 148 6.4. Feedback Loop for Distributed Workflows 152 6.5. Consistency Levels, Scalability and Scalable Consistency 157 6.6. Self-managed Workflows 158 6.7. Adaptations and Meta-adaptations 159 6.8. Multiple Feedback Loops and Process Instances 160 6.9. Transactions and ACID for CPS Workflows 161 6.10. Runtime View on Cyber-physical Synchronization for Workflows 162 6.11. Applicability of Workflow Feedback Loops to other CPS Domains 164 6.12. A Retrofitting Framework for Self-managed CPS WfMSes 165 7. Evaluation 171 7.1. Introduction 171 7.2. Hardware and Software 171 7.3. PROtEUS Base System 174 7.4. PROtEUS with Feedback Service 182 7.5. Feedback Service with Legacy WfMSes 213 7.6. Qualitative Discussion of Requirements and Additional CPS Aspects 217 7.7. Comparison with Related Work 232 7.8. Conclusion 234 8. Summary and Future Work 237 8.1. Summary and Conclusion 237 8.2. Advances of this Thesis 240 8.3. Contributions to the Research Area 242 8.4. Relevance 243 8.5. Open Questions 245 8.6. Future Work 247 Bibliography 249 Acronyms 277 List of Figures 281 List of Tables 285 List of Listings 287 Appendices 28