Runtime Requirements Monitoring Framework for Adaptive e-Learning Systems

International audienceAs academic learners and companies are turning to e-learning courses to achieve their personal and professional goals, it becomes more and more important to handle service quality in this sector. Despite scientific research conducted to personalize the learning process and meet learner's requirements under adaptive e-learning systems, however, the specification and management of quality attribute is particularly challenging due to problems arising from environmental variability. In our view, a detailed and high-level specification of requirements supported through the whole system lifecycle is needed for a comprehensive management of adaptive e-learning systems, especially in continuously changing environmental conditions. In this paper, we propose a runtime requirements monitoring to check the conformity of adaptive e-learning systems to their requirements and ensure that the activities offered by these learning environments can achieve the desired learning outcomes. As a result, when deviations (i.e., not satisfied requirements) occur, they are identified and then notified during system operation. With our approach, the requirements are supported during the whole system lifecycle. First, we specify system's requirements in the form of a dynamic software product line. This specification applies a novel requirements engineering language that combines goal-driven requirements with features and claims and avoid the enumeration of all desired adaptation strategies (i.e. when an adaptation should be applied) at the design time. Second, the specification is automatically transformed into a constraint satisfaction problem that reduces the requirements monitoring into a constraint program at runtime

Quantifiable non-functional requirements modeling and static verification for web service compositions

As service oriented architectures have become more widespread in industry, many complex web services are assembled using independently developed modular services from different vendors. Although the functionalities of the composite web services are ensured during the composition process, the non-functional requirements (NFRs) are often ignored in this process. Since quality of services plays a more and more important role in modern service-based systems, there is a growing need for effective approaches to verifying that a composite web service not only offers the required functionality but also satisfies the desired NFRs. Current approaches to verifying NFRs of composite services (as opposed to individual services) remain largely ad-hoc and informal in nature. This is especially problematic for high-assurance composite web services. High-assurance composite web services are those composite web services with special concern on critical NFRs such as security, safety and reliability. Examples of such applications include traffic control, medical decision support and the coordinated response systems for civil emergencies. The latter serves to motivate and illustrate the work described here. In this dissertation we develop techniques for ensuring that a composite service meets the user-specified NFRs expressible as hard constraints, e.g., the messages of particular operations must be authenticated. We introduce an automata-based framework for verifying that a composite service satisfies the desired NFRs based on the known guarantees regarding the non-functional properties of the component services. This automata-based model is able to represent NFRs that are hard, quantitative constraints on the composite web services. This model addresses two issues previously not handled in the modeling and verification of NFRs for composite web services: (1) the scope of the NFRs and (2) consistency checking of multiple NFRs. A scope of a NFR on a web service composition is the effective range of the NFR on the sub-workflows and modular services of the web service composition. It allows more precise description of a NFR constraint and more efficient verification. When multiple NFRs exist and overlap in their scopes, consistency checking is necessary to avoid wasted verification efforts on conflicting constraints. The approach presented here captures scope information in the model and uses it to check the consistency of multiple NFRs prior to the static verification of web service compositions. We illustrate how our approach can be used to verify security requirements for an Emergency Management System. We then focus on families of highly-customizable, composed web services where repeated verification of similar sets of NFRs can waste computation resources. We introduce a new approach to extend software product line engineering techniques to the web service composition domain. The resulting technique uses a partitioning similar to that between domain engineering and application engineering in the product-line context. It specifies the options that the user can select and constructs the resulting web service compositions. By first creating a web-service composition search space that satisfies the common requirements and then querying the search space as the user makes customization decisions, the technique provides a more efficient way to verify customizable web services. A decision model, illustrated with examples from the emergency-response application, is created to interact with the customers and ensure the consistency of their specifications. The capability to reuse the composition search space is shown to improve the quality of the composite services and reduce the cost of re-verifying the same compositions. By distinguishing the commonalities and the variabilities of the web services, we divide the web composition into two stages: the preparation stage (to construct all commonalities) and the customization stage (to choose optional and alternative features). We thus draw most of the computation overhead into the first stage during the design in order to enable improved runtime efficiency during the second stage. A simulation platform was constructed to conduct experiments on the two verification approaches and three strategies introduced in this dissertation. The results of these experiments were analyzed to show the advantage of our automaton-based model in its verification efficiency with scoping information. We have shown how to choose the most efficient verification strategy from the three strategies of verifying multiple NFRs introduced in this dissertation under different circumstances. The results indicate that the software product line approach has significant efficiency improvement over traditional on-demand verification for highly customizable web service compositions

SACRE: Supporting contextual requirements' adaptation in modern self-adaptive systems in the presence of uncertainty at runtime

Runtime uncertainty such as unpredictable resource unavailability, changing environmental conditions and user needs, as well as system intrusions or faults represents one of the main current challenges of self-adaptive systems. Moreover, today's systems are increasingly more complex, distributed, decentralized, etc. and therefore have to reason about and cope with more and more unpredictable events. Approaches to deal with such changing requirements in complex today's systems are still missing. This work presents SACRE (Smart Adaptation through Contextual REquirements), our approach leveraging an adaptation feedback loop to detect self-adaptive systems' contextual requirements affected by uncertainty and to integrate machine learning techniques to determine the best operationalization of context based on sensed data at runtime. SACRE is a step forward of our former approach ACon which focus had been on adapting the context in contextual requirements, as well as their basic implementation. SACRE primarily focuses on architectural decisions, addressing self-adaptive systems' engineering challenges. Furthering the work on ACon, in this paper, we perform an evaluation of the entire approach in different uncertainty scenarios in real-time in the extremely demanding domain of smart vehicles. The real-time evaluation is conducted in a simulated environment in which the smart vehicle is implemented through software components. The evaluation results provide empirical evidence about the applicability of SACRE in real and complex software system domains.Comment: 45 pages, journal article, 14 figures, 9 tables, CC-BY-NC-ND 4.0 licens

SACRE: Supporting contextual requirements’ adaptation in modern self-adaptive systems in the presence of uncertainty at runtime

Runtime uncertainty such as unpredictable resource unavailability, changing environmental conditions and user needs, as well as system intrusions or faults represents one of the main current challenges of self-adaptive systems. Moreover, today’s systems are increasingly more complex, distributed, decentralized, etc. and therefore have to reason about and cope with more and more unpredictable events. Approaches to deal with such changing requirements in complex today’s systems are still missing. This work presents SACRE (Smart Adaptation through Contextual REquirements), our approach leveraging an adaptation feedback loop to detect self-adaptive systems’ contextual requirements affected by uncertainty and to integrate machine learning techniques to determine the best operationalization of context based on sensed data at runtime. SACRE is a step forward of our former approach ACon which focus had been on adapting the context in contextual requirements, as well as their basic implementation. SACRE primarily focuses on architectural decisions, addressing selfadaptive systems’ engineering challenges. Furthering the work on ACon, in this paper, we perform an evaluation of the entire approach in different uncertainty scenarios in real-time in the extremely demanding domain of smart vehicles. The real-time evaluation is conducted in a simulated environment in which the smart vehicle is implemented through software components. The evaluation results provide empirical evidence about the applicability of SACRE in real and complex software system domains.Peer ReviewedPostprint (author's final draft

Current trends and advances in IT service infrastructures security assurance evaluation

The term security assurance has been used in the computer science literature to express the confidence that one has in the strength of the security measures. The need for a methodology to measure current security assurance levels of a system has been reported in the literature as vital in order to maintain and improve the overall security. However, a scrutiny of the literature reveals that in the area of IT security assurance, a large number of research questions still remain without an answer. Although a number of works have been presented in recent years, especially with respect to assurance metrics development, little effort has been made in developing a robust operational methodology for the evaluation of IT service infrastructures security assurance. This paper captures the current status of research efforts made in the field of security assurance evaluation. It collects previous and current academic, normalization and commercial work on security assurance, and establishes a comprehensive state of the art in the domain. In addition, the paper outlines the general features of an ongoing work aiming at the development of a security assurance evaluation framework that takes into account the evolving and ubiquitous IT infrastructures. The novelty of this ongoing work lies not only on the adaptability of the security assurance evaluation system to the evolving infrastructure model but also on the use of a “bottomup” approach in evaluating the security assurance level of a service using aggregation techniques. The methodology is intended to assist network managers in addressing more promptly security failures within the infrastructure as well as to increase the trust of end users in using IT systems