3,618 research outputs found
Taming Uncertainty in the Assurance Process of Self-Adaptive Systems: a Goal-Oriented Approach
Goals are first-class entities in a self-adaptive system (SAS) as they guide
the self-adaptation. A SAS often operates in dynamic and partially unknown
environments, which cause uncertainty that the SAS has to address to achieve
its goals. Moreover, besides the environment, other classes of uncertainty have
been identified. However, these various classes and their sources are not
systematically addressed by current approaches throughout the life cycle of the
SAS. In general, uncertainty typically makes the assurance provision of SAS
goals exclusively at design time not viable. This calls for an assurance
process that spans the whole life cycle of the SAS. In this work, we propose a
goal-oriented assurance process that supports taming different sources (within
different classes) of uncertainty from defining the goals at design time to
performing self-adaptation at runtime. Based on a goal model augmented with
uncertainty annotations, we automatically generate parametric symbolic formulae
with parameterized uncertainties at design time using symbolic model checking.
These formulae and the goal model guide the synthesis of adaptation policies by
engineers. At runtime, the generated formulae are evaluated to resolve the
uncertainty and to steer the self-adaptation using the policies. In this paper,
we focus on reliability and cost properties, for which we evaluate our approach
on the Body Sensor Network (BSN) implemented in OpenDaVINCI. The results of the
validation are promising and show that our approach is able to systematically
tame multiple classes of uncertainty, and that it is effective and efficient in
providing assurances for the goals of self-adaptive systems
Formal Synthesis of Uncertainty Reduction Controllers
In its quest for approaches to taming uncertainty in self-adaptive systems
(SAS), the research community has largely focused on solutions that adapt the
SAS architecture or behaviour in response to uncertainty. By comparison,
solutions that reduce the uncertainty affecting SAS (other than through the
blanket monitoring of their components and environment) remain underexplored.
Our paper proposes a more nuanced, adaptive approach to SAS uncertainty
reduction. To that end, we introduce a SAS architecture comprising an
uncertainty reduction controller that drives the adaptive acquisition of new
information within the SAS adaptation loop, and a tool-supported method that
uses probabilistic model checking to synthesise such controllers. The
controllers generated by our method deliver optimal trade-offs between SAS
uncertainty reduction benefits and new information acquisition costs. We
illustrate the use and evaluate the effectiveness of our approach for mobile
robot navigation and server infrastructure management SAS
Adaptive just-in-time code diversification
We present a method to regenerate diversified code dynamically in a Java bytecode JIT compiler, and to update the diversification frequently during the execution of the program. This way, we can significantly reduce the time frame in which attackers can let a program leak useful address space information and subsequently use the leaked information in memory exploits. A proof of concept implementation is evaluated, showing that even though code is recompiled frequently, we can achieved smaller overheads than the previous state of the art, which generated diversity only once during the whole execution of a program
Taming Model Uncertainty in Self-adaptive Systems Using Bayesian Model Averaging
Research on uncertainty quantification and mitigation of software-intensive systems and (self-)adaptive systems, is increasingly gaining momentum, especially with the availability of statistical inference techniques (such as Bayesian reasoning) that make it possible to mitigate uncertain (quality) attributes of the system under scrutiny often encoded in the system model in terms of model parameters. However, to the best of our knowledge, the uncertainty about the choice of a specific system model did not receive the deserved attention.This paper focuses on self-adaptive systems and investigates how to mitigate the uncertainty related to the model selection process, that is, whenever one model is chosen over plausible alternative and competing models to represent the understanding of a system and make predictions about future observations. In particular, we propose to enhance the classical feedback loop of a self-adaptive system with the ability to tame the model uncertainty using Bayesian Model Averaging. This method improves the predictions made by the analyze component as well as the plan that adopts metaheuristic optimizing search to guide the adaptation decisions. Our empirical evaluation demonstrates the cost-effectiveness of our approach using an exemplar case study in the robotics domain
Vulnerabilities and responsibilities: dealing with monsters in computer security
Purpose – The purpose of this paper is to analyze information security assessment in terms of cultural categories and virtue ethics, in order to explain the cultural origin of certain types of security vulnerabilities, as well as to enable a proactive attitude towards preventing such vulnerabilities.\ud
\ud
Design/methodology/approach – Vulnerabilities in information security are compared to the concept of “monster” introduced by Martijntje Smits in philosophy of technology. The applicability of different strategies for dealing with monsters to information security is discussed, and the strategies are linked to attitudes in virtue ethics.\ud
\ud
Findings – It is concluded that the present approach can form the basis for dealing proactively with unknown future vulnerabilities in information security.\ud
\ud
Research limitations/implications – The research presented here does not define a stepwise approach for implementation of the recommended strategy in practice. This is future work.\ud
\ud
Practical implications – The results of this paper enable computer experts to rethink their attitude towards security threats, thereby reshaping their practices.\ud
\ud
Originality/value – This paper provides an alternative anthropological framework for descriptive and normative analysis of information security problems, which does not rely on the objectivity of risk
- …