Oracles for Testing Software Timeliness with Uncertainty

Uncertainty in timing properties (e.g., detection time of external events) is a common occurrence in embedded software systems since these systems interact with complex physical environments. Such time uncertainty leads to non-determinism. For example, time-triggered operations may either generate different valid outputs across different executions, or experience failures (e.g., results not being generated in the expected time window) that occur only occasionally over many executions. For these reasons, time uncertainty makes the generation of effective test oracles for timing requirements a challenging task. To address the above challenge, we propose STUIOS (Stochastic Testing with Unique Input Output Sequences), an approach for the automated generation of stochastic oracles that verify the capability of a software system to fulfill timing constraints in the presence of time uncertainty. Such stochastic oracles entail the statistical analysis of repeated test case executions based on test output probabilities predicted by means of statistical model checking. Results from two industrial case studies in the automotive domain demonstrate that this approach improves the fault detection effectiveness of tests suites derived from timed automata, compared to traditional approaches

Automated requirements-driven testing of embedded systems based on use case specifications and timed automata

The complexity of embedded software in safety-critical domains, such as automotive and avionics, has significantly increased over the years. For most embedded systems, standards require system testing to explicitly demonstrate that the software meets its functional and safety requirements. In these domains, system test cases are often manually derived from functional requirements in natural language plus other design artefacts, like UML statecharts. The definition of system test cases is therefore time-consuming and error-prone, especially given the quickly rising complexity of embedded systems. The benefits of automatic test generation are widely acknowledged today but existing approaches often require behavioural models that tend to be complex and expensive to produce, and are thus often not part of development practice. The work proposed in this dissertation focusses on the automated generation of test cases for testing the compliance between software and its functional and timing requirements. This dissertation is inspired by contexts where functional and timing requirements are expressed by means of use case specifications and timing automata, respectively. This is the development context of our industrial partner, IEE, an automotive company located in Luxembourg, who provided the case study used to validate the approach and tool described in this dissertation. This dissertation presents five main contributions: (1) A set of guidelines for the definition of functional and timing requirements to enable the automated generation of system test cases. (2) A technique for the automated generation of functional test cases from requirements elicited in the form of use case specifications following a prescribed template and natural-language restrictions. (3) A technique that reuses the automatically generated functional test cases to generate timeliness test cases from minimal models of the timing requirements of the system. (4) A technique for the automated generation of oracles for non-deterministic systems whose specifications are expressed by means of timed automata. In the context of this dissertation, automated oracles for non-deterministic systems are necessary to evaluate the results of the generated timeliness test cases. (5) The evaluation of the applicability and effectiveness of the proposed guidelines and techniques on an industrial case study, a representative automotive embedded system developed by IEE

Resilient architecture (preliminary version)

The main objectives of WP2 are to define a resilient architecture and to develop a range of middleware solutions (i.e. algorithms, protocols, services) for resilience to be applied in the design of highly available, reliable and trustworthy networking solutions. This is the first deliverable within this work package, a preliminary version of the resilient architecture. The deliverable builds on previous results from WP1, the definition of a set of applications and use cases, and provides a perspective of the middleware services that are considered fundamental to address the dependability requirements of those applications. Then it also describes the architectural organisation of these services, according to a number of factors like their purpose, their function within the communication stack or their criticality/specificity for resilience. WP2 proposes an architecture that differentiates between two classes of services, a class including timeliness and trustworthiness oracles, and a class of so called complex services. The resulting architecture is referred to as a "hybrid architecture". The hybrid architecture is motivated and discussed in this document. The services considered within each of the service classes of the hybrid architecture are described. This sets the background for the work to be carried on in the scope of tasks 2.2 and 2.3 of the work package. Finally, the deliverable also considers high-level interfacing aspects, by providing a discussion about the possibility of using existing Service Availability Forum standard interfaces within HIDENETS, in particular discussing possibly necessary extensions to those interfaces in order to accommodate specific HIDENETS services suited for ad-hoc domain

Beyond oracles – a critical look at real-world blockchains

This thesis intends to provide answers to the following questions: 1) What is the oracle problem, and how do the limitations of oracles affect different real-world applications? 2) What are the characteristics of the portion of the literature that leaves the oracle problem unaddressed? 3) Who are the main contributors to solving the oracle problem, and which issues are they focusing on? 4) How can the oracle problem be overcome in real-world applications? The first chapter aims to answer the first question through a literature review of the most current papers published in the field, bringing clarity to the blockchain oracle problem by discussing its effects in some of the most promising real-world blockchain applications. Thus, the chapter investigates the sectors of Intellectual Property Rights (IPRs), healthcare, supply chains, academic records, resource management, and law. By comparing the different applications, the review reveals that heterogeneous issues arise depending on the sector. The analysis supports the view that the more trusted a system is, the less the oracle problem has an impact. The second chapter presents the results of a systematic review intended to highlight the state-of-the-art of real-world blockchain applications using the oracle problem as a lens of analysis. Academic papers proposing real-world blockchain applications were reviewed to see if the authors considered the oracle’s role in the applications and related issues. The results found that almost 90% of the inspected literature neglected the role of oracles, thereby proposing incomplete or irreproducible projects. Through a bibliometric analysis, the third chapter sheds light on the institutions and authors that are actively contributing to the literature on oracles and promoting progress and cooperation. The study shows that, although there is still a lack of collaboration worldwide, there are dedicated authors and institutions working toward a similar and beneficial cause. The results also make it clear that most areas of oracle research are poorly addressed, with some remaining untouched. The fourth and last chapter focuses on a case study of a dairy company operating in the northeast region of Italy. The company applied blockchain technology to support the traceability of their products worldwide, and the study investigated the benefits of their innovation from the point of view of sustainability. The study also considers the role of oracle management, as it is a critical aspect of a blockchain-based project. Thus, the relationship between the company, the blockchain oracle, and the supervising authority is discussed, offering insight into how sustainable innovations can positively impact supply chain management. This work as a whole aims to shed light on blockchain oracles as an academic area of research, explaining why the study of oracles should be considered the backbone of blockchain literature development

DeFi Security: Turning The Weakest Link Into The Strongest Attraction

The primary innovation we pioneer -- focused on blockchain information security -- is called the Safe-House. The Safe-House is badly needed since there are many ongoing hacks and security concerns in the DeFi space right now. The Safe-House is a piece of engineering sophistication that utilizes existing blockchain principles to bring about greater security when customer assets are moved around. The Safe-House logic is easily implemented as smart contracts on any decentralized system. The amount of funds at risk from both internal and external parties -- and hence the maximum one time loss -- is guaranteed to stay within the specified limits based on cryptographic fundamentals. To improve the safety of the Safe-House even further, we adapt the one time password (OPT) concept to operate using blockchain technology. Well suited to blockchain cryptographic nuances, our secondary advancement can be termed the one time next time password (OTNTP) mechanism. The OTNTP is designed to complement the Safe-House making it even more safe. We provide a detailed threat assessment model -- discussing the risks faced by DeFi protocols and the specific risks that apply to blockchain fund management -- and give technical arguments regarding how these threats can be overcome in a robust manner. We discuss how the Safe-House can participate with other external yield generation protocols in a secure way. We provide reasons for why the Safe-House increases safety without sacrificing the efficiency of operation. We start with a high level intuitive description of the landscape, the corresponding problems and our solutions. We then supplement this overview with detailed discussions including the corresponding mathematical formulations and pointers for technological implementation. This approach ensures that the article is accessible to a broad audience

Legal challenges of artificial intelligence : modelling the disruptive features of emerging technologies and assessing their possible legal impact

The extensive use of Artificial Intelligence (AI) tools and systems and its extraordinary relevance in a multitude of social and economic domains must be framed into the broader context of a second wave of digital transformation. AI embodies the transformative force and the disruptive potential of a second generation of technologies that are ushering in a new stage of the digital evolution of our societies and economies. The acceleration and accumulation of technological developments pose unforeseen challenges to the twenty-first century’s law. A systematic, extensive, and wisely combined application of these emerging technologies, such as AI and advanced robotics, Internet-of-Things (IoT), and DLT, offers fascinating possibilities and announces great disruptive effects. The aim of this paper is to devise an analytical framework to identify the disruptive features of AI, as one of the most illustrative exponent of the second-generation technologies, and assess the potential impact on certain existing principles, rules and concepts

A Blockchain-based Decentralized Electronic Marketplace for Computing Resources

AbstractWe propose a framework for building a decentralized electronic marketplace for computing resources. The idea is that anyone with spare capacities can offer them on this marketplace, opening up the cloud computing market to smaller players, thus creating a more competitive environment compared to today's market consisting of a few large providers. Trust is a crucial component in making an anonymized decentralized marketplace a reality. We develop protocols that enable participants to interact with each other in a fair way and show how these protocols can be implemented using smart contracts and blockchains. We discuss and evaluate our framework not only from a technical point of view, but also look at the wider context in terms of fair interactions and legal implications

Perspectives on Auditing and Regulatory Compliance in Blockchain Transactions

The recent advent of blockchain technology is anticipated to revolutionize the operational processes of several industries including banking, finance, real estate, retail and benefit governmental as well as corporate information management structures. The underlying principles of information immutability, traceability, and verifiability built-in blockchain transactions may lead to greater adoption of distributed crypto-ledger applications in auditing automation, compliance monitoring, and guaranteeing high assurance. This chapter discusses the contemporary applications of blockchain technology in information auditing, exploring aspects such as data recording, accuracy, verification, transparency, and overall value of a decentralized blockchain crypto-ledger for auditors. Opportunities for timeliness, completeness, and reconciliation in appraising regulatory compliance of organizations employing blockchain-based contractual frameworks are also investigated. The chapter reviews the existing and anticipated challenges blockchain applications pose to traditional regulatory compliance models and the inherent risks for businesses and stakeholders. We highlight the impact of operational concerns such as decentralized transactions, network complexity, transaction reversals, credential management, software quality, and human resources. Finally, the chapter provides perspective on assurance complexities involved in transforming from proprietary to blockchain-based framework while adhering to IT control obligations dictated by three major auditing standards Sarbanes Oxley Act (SOX), Control Objectives for Information Technologies (COBIT), and International Standardization Organization (ISO) /International Electrotechnical Commission (IEC) 27001