Extra Functional Properties Evaluation of Self-managed Software Systems with Formal Methods

Multitud de aplicaciones software actuales están abocadas a operar en contextos dinámicos. Estos pueden manifestarse en términos de cambios en el entorno de ejecución de la aplicación, cambios en los requisitos de la aplicación, cambios en la carga de trabajo recibida por la aplicación, o cambios en cualquiera de los elementos que la aplicación software pueda percibir y verse afectada. Además, estos contextos dinámicos no están restringidos a un dominio particular de aplicaciones sino que se pueden encontrar en múltiples dominios, tales como: sistemas empotrados, arquitecturas orientadas a servicios, clusters para computación de altas prestaciones, dispositivos móviles o software para el funcionamiento de la red. La existencia de estas características disuade a los ingenieros de desarrollar software que no sea capaz de cambiar de modo alguno su ejecución para acomodarla al contexto en el que se está ejecutando el software en cada momento. Por lo tanto, con el objetivo de que el software pueda satisfacer sus requisitos en todo momento, este debe incluir mecanismos para poder cambiar su configuración de ejecución. Además, debido a que los cambios de contexto son frecuentes y afectan a múltiples dispositivos de la aplicación, la intervención humana que cambie manualmente la configuración del software no es una solución factible. Para enfrentarse a estos desafíos, la comunidad de Ingeniería del Software ha propuesto nuevos paradigmas que posibilitan el desarrollo de software que se enfrenta a contextos cambiantes de un modo automático; por ejemplo las propuestas Autonomic Computing y Self-* Software. En tales propuestas es el propio software quien gestiona sus mecanismos para cambiar la configuración de ejecución, sin requerir por lo tanto intervención humana alguna. Un aspecto esencial del software auto-adaptativo (Self-adaptive Software es uno de los términos más generales para referirse a Self-* Software) es el de planear sus cambios o adaptaciones. Los planes de adaptación determinan tanto el modo en el que se adaptará el software como los momentos oportunos para ejecutar tales adaptaciones. Hay un gran conjunto de situaciones para las cuales la propiedad de auto- adaptación es una solución. Una de esas situaciones es la de mantener al sistema satisfaciendo sus requisitos extra funcionales, tales como la calidad de servicio (Quality of Service, QoS) y su consumo de energía. Esta tesis ha investigado esa situación mediante el uso de métodos formales. Una de las contribuciones de esta tesis es la propuesta para asentar en una arquitectura software los sistemas que son auto-adaptativos respecto a su QoS y su consumo de energía. Con este objetivo, esta parte de la investigación la guía una arquitectura de tres capas de referencia para sistemas auto-adaptativos. La bondad del uso de una arquitectura de referencia es que muestra fácilmente los nuevos desafíos en el diseño de este tipo de sistemas. Naturalmente, la planificación de la adaptación es una de las actividades consideradas en la arquitectura. Otra de las contribuciones de la tesis es la propuesta de métodos para la creación de planes de adaptación. Los métodos formales juegan un rol esencial en esta actividad, ya que posibilitan el estudio de las propiedades extra funcionales de los sistemas en diferentes configuraciones. El método formal utilizado para estos análisis es el de las redes de Petri markovianas. Una vez que se ha creado el plan de adaptación, hemos investigado la utilización de los métodos formales para la evaluación de QoS y consumo de energía de los sistemas auto-adaptativos. Por lo tanto, se ha contribuido a la comunidad de análisis de QoS con el análisis de un nuevo y particularmente complejo tipo de sistemas software. Para llevar a cabo este análisis se requiere el modelado de los cambios din·micos del contexto de ejecución, para lo que se han utilizado una variedad de métodos formales, como los Markov modulated Poisson processes para estimar los parámetros de las variaciones en la carga de trabajo recibida por la aplicación, o los hidden Markov models para predecir el estado del entorno de ejecución. Estos modelos han sido usados junto a las redes de Petri para evaluar sistemas auto-adaptativos y obtener resultados sobre su QoS y consumo de energía. El trabajo de investigación anterior sacó a la luz el hecho de que la adaptabilidad de un sistema no es una propiedad tan fácilmente cuantificable como las propiedades de QoS -por ejemplo, el tiempo de respuesta- o el consumo de energÌa. En consecuencia, se ha investigado en esa dirección y, como resultado, otra de las contribuciones de esta tesis es la propuesta de un conjunto de métricas para la cuantificación de la propiedad de adaptabilidad de sistemas basados en servicios. Para conseguir las anteriores contribuciones se realiza un uso intensivo de modelos y transformaciones de modelos; tarea para la que se han seguido las mejores prácticas en el campo de investigación de la Ingeniería orientada a modelos (Model-driven Engineering, MDE). El trabajo de investigación de esta tesis en el campo MDE ha contribuido con: el aumento de la potencia de modelado de un lenguaje de modelado de software propuesto anteriormente y métodos de transformación desde dos lenguajes de modelado de software a redes de Petri estocasticas

Reconfiguration of Distributed Information Fusion System ? A case study

Information Fusion Systems are now widely used in different fusion contexts, like scientific processing, sensor networks, video and image processing. One of the current trends in this area is to cope with distributed systems. In this context, we have defined and implemented a Dynamic Distributed Information Fusion System runtime model. It allows us to cope with dynamic execution supports while trying to maintain the functionalities of a given Dynamic Distributed Information Fusion System. The paper presents our system, the reconfiguration problems we are faced with and our solutions.Comment: 6 pages - Preprint versio

Effects of Communication Protocol Stack Offload on Parallel Performance in Clusters

The primary research objective of this dissertation is to demonstrate that the effects of communication protocol stack offload (CPSO) on application execution time can be attributed to the following two complementary sources. First, the application-specific computation may be executed concurrently with the asynchronous communication performed by the communication protocol stack offload engine. Second, the protocol stack processing can be accelerated or decelerated by the offload engine. These two types of performance effects can be quantified with the use of the degree of overlapping Do and degree of acceleration Daccs. The composite communication speedup metrics S_comm(Do, Daccs) can be used in order to quantify the combined effects of the protocol stack offload. This dissertation thesis is validated empirically. The degree of overlapping Do, the degree of acceleration Daccs, and the communication speedup Scomm characteristic of the system configurations under test are derived in the course of experiments performed for the system configurations of interest. It is shown that the proposed metrics adequately describe the effects of the protocol stack offload on the application execution time. Additionally, a set of analytical models of the networking subsystem of a PC-based cluster node is developed. As a result of the modeling, the metrics Do, Daccs, and Scomm are obtained. The models are evaluated as to their complexity and precision by comparing the modeling results with the measured values of Do, Daccs, and Scomm. The primary contributions of this dissertation research are as follows. First, the metric Daccs and Scomm are introduced in order to complement the Do metric in its use for evaluation of the effects of optimizations in the networking subsystem on parallel performance in clusters. The metrics are shown to adequately describe CPSO performance effects. Second, a method for assessing performance effects of CPSO scenarios on application performance is developed and presented. Third, a set of analytical models of cluster node networking subsystems with CPSO capability is developed and characterised as to their complexity and precision of the prediction of the Do and Daccs metrics

Evaluating Resilience of Cyber-Physical-Social Systems

Nowadays, protecting the network is not the only security concern. Still, in cyber security, websites and servers are becoming more popular as targets due to the ease with which they can be accessed when compared to communication networks. Another threat in cyber physical social systems with human interactions is that they can be attacked and manipulated not only by technical hacking through networks, but also by manipulating people and stealing users’ credentials. Therefore, systems should be evaluated beyond cy- ber security, which means measuring their resilience as a piece of evidence that a system works properly under cyber-attacks or incidents. In that way, cyber resilience is increas- ingly discussed and described as the capacity of a system to maintain state awareness for detecting cyber-attacks. All the tasks for making a system resilient should proactively maintain a safe level of operational normalcy through rapid system reconfiguration to detect attacks that would impact system performance. In this work, we broadly studied a new paradigm of cyber physical social systems and defined a uniform definition of it. To overcome the complexity of evaluating cyber resilience, especially in these inhomo- geneous systems, we proposed a framework including applying Attack Tree refinements and Hierarchical Timed Coloured Petri Nets to model intruder and defender behaviors and evaluate the impact of each action on the behavior and performance of the system.Hoje em dia, proteger a rede não é a única preocupação de segurança. Ainda assim, na segurança cibernética, sites e servidores estão se tornando mais populares como alvos devido à facilidade com que podem ser acessados quando comparados às redes de comu- nicação. Outra ameaça em sistemas sociais ciberfisicos com interações humanas é que eles podem ser atacados e manipulados não apenas por hackers técnicos através de redes, mas também pela manipulação de pessoas e roubo de credenciais de utilizadores. Portanto, os sistemas devem ser avaliados para além da segurança cibernética, o que significa medir sua resiliência como uma evidência de que um sistema funciona adequadamente sob ataques ou incidentes cibernéticos. Dessa forma, a resiliência cibernética é cada vez mais discutida e descrita como a capacidade de um sistema manter a consciência do estado para detectar ataques cibernéticos. Todas as tarefas para tornar um sistema resiliente devem manter proativamente um nível seguro de normalidade operacional por meio da reconfi- guração rápida do sistema para detectar ataques que afetariam o desempenho do sistema. Neste trabalho, um novo paradigma de sistemas sociais ciberfisicos é amplamente estu- dado e uma definição uniforme é proposta. Para superar a complexidade de avaliar a resiliência cibernética, especialmente nesses sistemas não homogéneos, é proposta uma estrutura que inclui a aplicação de refinamentos de Árvores de Ataque e Redes de Petri Coloridas Temporizadas Hierárquicas para modelar comportamentos de invasores e de- fensores e avaliar o impacto de cada ação no comportamento e desempenho do sistema

Model-driven development of data intensive applications over cloud resources

The proliferation of sensors over the last years has generated large amounts of raw data, forming data streams that need to be processed. In many cases, cloud resources are used for such processing, exploiting their flexibility, but these sensor streaming applications often need to support operational and control actions that have real-time and low-latency requirements that go beyond the cost effective and flexible solutions supported by existing cloud frameworks, such as Apache Kafka, Apache Spark Streaming, or Map-Reduce Streams. In this paper, we describe a model-driven and stepwise refinement methodological approach for streaming applications executed over clouds. The central role is assigned to a set of Petri Net models for specifying functional and non-functional requirements. They support model reuse, and a way to combine formal analysis, simulation, and approximate computation of minimal and maximal boundaries of non-functional requirements when the problem is either mathematically or computationally intractable. We show how our proposal can assist developers in their design and implementation decisions from a performance perspective. Our methodology allows to conduct performance analysis: The methodology is intended for all the engineering process stages, and we can (i) analyse how it can be mapped onto cloud resources, and (ii) obtain key performance indicators, including throughput or economic cost, so that developers are assisted in their development tasks and in their decision taking. In order to illustrate our approach, we make use of the pipelined wavefront array

ESTABLISHMENT OF CYBER-PHYSICAL CORRELATION AND VERIFICATION BASED ON ATTACK SCENARIOS IN POWER SUBSTATIONS

Insurance businesses for the cyberworld are an evolving opportunity. However, a quantitative model in today\u27s security technologies may not be established. Besides, a generalized methodology to assess the systematic risks remains underdeveloped. There has been a technical challenge to capture intrusion risks of the cyber-physical system, including estimating the impact of the potential cascaded events initiated by the hacker\u27s malicious actions. This dissertation attempts to integrate both modeling aspects: 1) steady-state probabilities for the Internet protocol-based substation switching attack events based on hypothetical cyberattacks, 2) potential electricity losses. The phenomenon of sequential attacks can be characterized using a time-domain simulation that exhibits dynamic cascaded events. Such substation attack simulation studies can establish an actuarial framework for grid operation. The novelty is three-fold. First, the development to extend features of steady-state probabilities is established based on 1) modified password models, 2) new models on digital relays with two-step authentications, and 3) honeypot models. A generalized stochastic Petri net is leveraged to formulate the detailed statuses and transitions of components embedded in a Cyber-net. Then, extensive modeling of steady-state probabilities is qualitatively performed. Methodologies on how transition probabilities and rates are extracted from network components and actuarial applications are summarized and discussed. Second, dynamic models requisite for switching attacks against multiple substations or digital relays deployed in substations are formulated. Imperative protection and control models to represent substation attacks are clarified with realistic model parameters. Specifically, wide-area protections, i.e., special protection systems (SPSs), are elaborated, asserting that event-driven SPSs may be skipped for this type of case study. Third, the substation attack replay using a proven commercially available time-domain simulation tool is validated in IEEE system models to study attack combinations\u27 critical paths. As the time-domain simulation requires a higher computational cost than power flow-based steady-state simulation, a balance of both methods is established without missing the critical dynamic behavior. The direct impact of substation attacks, i.e., electricity losses, is compared between steady-state and dynamic analyses. Steady-state analysis results are prone to be pessimistic for a smaller number of compromised substations. Finally, simulation findings based on the risk-based metrics and technical implementation are extensively discussed with future work