Temporal specification and deductive verification of a distributed component model and its environment

In this paper we investigate the formalisation of distributed and long-running stateful systems using our normative temporal specification framework. We analyse aspects of a component-oriented Grid system, and the benefits of having a logic-based tool to perform automated and safe dynamic reconfiguration of its components. We describe which parts of this Grid system are involved in the reconfiguration process and detail the translation procedure into a state-based formal specification. Subsequently, we apply deductive verification to test whether dynamic reconfiguration can be performed. Finally, we analyse the procedure required to update our model for reconfiguration and justify the validity and the advantages of our methodology

Dynamic reconfiguration of GCM components

We detail in this report past research and current/future developments in formal specification of Grid component systems by temporal logic and consequent resolution technique, for an automated dynamic reconfiguration of components. It is analysed the specification procedure of GCM (Grid Component Model) components and infrastructure in respect to their state behaviour, and the verification process in a dynamic and reconfigurable distributed system. Furthermore it is demonstrated how an automata based method is used to achieve the specification, as well as how the enrichment of the temporal specification language of Computation Tree Logic CTL with the ability to capture norms, allows to formally define the concept of reconfiguration

Integrating formal reasoning into component-based approach to reconfigurable distributed systems

Distributed computing is becoming ubiquitous in recent years in many areas, especially the scientific and industrial ones, where the processing power - even that of supercomputers - never seems to be enough. Grid systems were born out of necessity, and had to grow quickly to meet requirements which evolved over time, becoming today’s complex systems. Even the simplest distributed system nowadays is expected to have some basic functionalities, such as resources and execution management, security and optimization features, data control, etc. The complexity of Grid applications is also accentuated by their distributed nature, making them some of the most elaborate systems to date. It is often too easy that these intricate systems happen to fall in some kind of failure, it being a software bug, or plain simple human error; and if such a failure occurs, it is not always the case that the system can recover from it, possibly meaning hours of wasted computational power. In this thesis, some of the problems which are at the core of the development and mainte- nance of Grid software applications are addressed by introducing novel and solid approaches to their solution. The difficulty of Grid systems to deal with unforeseen and unexpected cir- cumstances resulting from dynamic reconfiguration can be identified. Such problems are often related to the fact that Grid applications are large, distributed and prone to resource failures. This research has produced a methodology for the solution of this problem by analysing the structure of distributed systems and their reliance on the environment which they sit upon, often overlooked when dealing with these types of scenarios. It is concluded that the way that Grid applications interact with the infrastructure is not sufficiently addressed and a novel approach is developed in which formal verification methods are integrated with distributed applications development and deployment in a way that includes the environment. This approach allows for reconfiguration scenarios in distributed applications to proceed in a safe and controlled way, as demonstrated by the development of a prototype application

Adjoint Modeling and Observing System Design in the Subpolar North Atlantic

The near-surface ocean currents of the subpolar North Atlantic transport large amounts of heat from the subtropics to higher latitudes, affecting Arctic sea ice extent, the melting of the Greenland Ice Sheet, and the climate in western Europe and North America. Moreover, deep water formation in the subpolar North Atlantic actively shapes the Atlantic meridional overturning circulation, which connects the surface with the deep ocean and the northern with the southern hemisphere. The recently acquired data from the OSNAP (Overturning in the Subpolar North Atlantic Program) mooring array challenges our understanding of the processes that govern circulation and deep water formation in the subpolar North Atlantic. However, only long-term and sustained ocean observations can provide the much-needed benchmark to evaluate climate model simulations, to advance our understanding of key mechanisms, and to predict the role of the North Atlantic in future climate changes and anthropogenic carbon uptake. Unfortunately, most observational efforts rely on short-term funding periods. Given the cost of deploying and maintaining ocean observing systems, these systems have to be designed carefully. Key questions are: What information is contained in already existing observation networks? What do existing networks, such as the OSNAP array, tell us about hydrographic and circulation quantities in remote oceanic regions with few observations? In this thesis, a novel approach to ocean observing system design is explored that is able to address these questions. The approach makes use of adjoint modeling and Hessian-based Uncertainty Quantification (UQ) within a global oceanographic inverse problem. Adjoint-derived sensitivities reveal that the eastern boundary of the North Atlantic and the coasts of Iceland and Greenland are important pathways for communicating wind-driven pressure anomalies around the entire subpolar North Atlantic and the Nordic Seas. Consequently, the OSNAP observing array shares many dynamical pathways and mechanisms with oceanic quantities that are remote from the array. The OSNAP array has therefore potential to inform these unobserved - or unobservable - quantities: for instance, ocean heat content in the Nordic Seas or close to Greenland’s margins. In this thesis, this potential is quantified within the state-of-the-art ECCO (Estimating the Circulation and Climate of the Ocean) state estimation framework, by combining physical relationships in the model with prior information and data uncertainties. The effectiveness of an observing system is determined by how well it captures climate-relevant signals and important dynamical adjustment mechanisms. A second important factor, however, is how strongly the monitored signals are masked by noise. All factors combined, heat transport measurements across the OSNAP-West transect, extending from Labrador to South Greenland, impose an overall much stronger constraint on the ECCO state estimate than heat transport measurements across the OSNAP-East transect, extending from South Greenland to Scotland. This is largely explained by the fact that climate signals detected by OSNAP-West are less noisy compared to climate signals detected by OSNAP-East. As a result, transport and hydrographic quantities - even in the Nordic Seas - are constrained more efficiently by OSNAP-West than OSNAP-East observations, contrary to recent findings. This suggests that OSNAP-West is important for informing remote climate signals. This thesis explores the physical mechanisms that link the subpolar North Atlantic and the Nordic Seas, translates the mathematical concepts that underlie Hessian-based UQ to dynamical concepts, and discusses benefits, shortcomings, and future challenges for designing an effective, long-term Atlantic observing system by means of UQ within ocean state estimation.Doktorgradsavhandlin

Climate change, environmentally displaced persons and post-sovereignty: an assessment of normative gaps and potential solutions in international law

This thesis analyses the impact of natural and anthropogenic environmental disruptions in the dynamics of migration as well as its social, legal and political implications in the context of disasters and climate change. The complex case of environmentally displaced persons is examined and the capacity of existing international legal frameworks to address the needs of these group is reviewed. In this scenario, the study explores gaps and limitations of contemporary international law that directly relates to environmentally-induced displacement and concludes that the current international law regime is insufficient to protect environmentally displaced persons. Additionally, the thesis critically evaluates to what extent the power of sovereignty in the international system has been used as a justification by many states for exempting themselves from responsibilities associated to climate change-induced mobility. The thesis argues that there is an urgent need to develop an international legal protection framework applicable to environmentally displaced persons. In order to address this existing void, the study further discusses the establishment of a specific legally binding convention on the rights of environmentally displaced persons as a promising solution to filling this critical gap in international law

Application of an inverse model in the community modeling effort results

Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy at the Massachusetts Institute of Technology and the Woods Hole Oceanographic Institution February 1995Inverse modeling activities in oceanography have recently been intensified, aided by the oncoming observational data stream of WOCE and the advance of computer power. However, interpretations of inverse model results from climatological hydrographic data are far from simple. This thesis examines the behavior of an inverse model in the WOCE CME (Community Modeling Effort) results where the physics and the parameter values are known. The ultimate hypotheses to be tested are whether the inferred circulations from a climatological hydrographic data set (where limited time means and spatial smoothing are usually used) represent the climatological ocean general circulations, and what the inferred "diffusion" coefficients really are. The inverse model is first tested in a non-eddy resolving numerical GCM ocean. Numerical/scale analyses are used to test whether the inverse model properly represents the GCM ocean. Experiments show how biased answers could result from an incorrect model, and how a correct model must produce the right answers. When the inverse model is applied to the time-mean hydrographic data of an eddy-resolving GCM ocean in the fine grid resolution of the GCM, the estimated horizontal circulation is statistically consistent with the EGCM time means in both patterns and values. Although the flow patterns are similar, the uncertainties for the GCM time means and the inverse model estimates are different. The former are very large, such that the GCM time-mean circulation has no significance in the deep ocean. The latter are much smaller, and with them the estimated circulations are well defined. This is consistent with the concept that ocean motions are very energetic, while variations of tracers (temperature, salinity) are low frequency. The inverse model succeeded in extracting the ocean general circulation from the "climatological" hydrographic data. The estimated vertical velocities are also statistically indistinguishable from the GCM time means. However, significant differences between the estimated "diffusion" coefficients and the EGCM eddy diffusion coefficients are found at certain locations. These discrepancies are attributed to the differences in physics of the inverse model and the EGCM ocean. The "diffusion" coefficients from the inversion parameterize not only the eddy fluxes, but also (part of) the temporal variation and biharmonic terms which are not explicitly included in the inverse model. Given the essentially red spectrum of the ocean, it makes sense to look for smooth solutions. Aliasing due to subsampling on a coarse grid and the effects of spatial smoothing are addressed in the last part of this thesis. It is shown that this aliasing could be greatly reduced by spatial smoothing. The estimated horizontal circulation from the spatially smoothed time-mean EGCM hydrographic data with a coarse grid resolution (2.4° longitude by 2.0° latitude) is generally consistent with the spatially smoothed EGCM time means. Significant differences only occur at some grid points at great depths, where the GCM circulations are very weak. The conclusions of this study are different from some previous studies. These discrepancies are explained in the concluding chapter. Finally, it should be pointed out that the issue of properly representing a GCM ocean by an inverse model is not identical to the issue of represent ing the real ocean by the same inverse model, since the GCM ocean is not identical to the real ocean. Numerical calculations show that both the non-eddy resolving and the eddy-resolving GCM oceans used in this work are evolving towards a statistical equilibrium. In the real ocean, the importance of temporal variation terms in the property conservation equations should also be analyzed when a steady mverse model is applied to a limited time-mean (the climatological) data set.This research was carried out under National Science Foundation grant OCE- 90-04396

Trust based Privacy Policy Enforcement in Cloud Computing

Cloud computing offers opportunities for organizations to reduce IT costs by using the computation and storage of a remote provider. Despite the benefits offered by cloud computing paradigm, organizations are still wary of delegating their computation and storage to a cloud service provider due to trust concerns. The trust issues with the cloud can be addressed by a combination of regulatory frameworks and supporting technologies. Privacy Enhancing Technologies (PET) and remote attestation provide the technologies for addressing the trust concerns. PET provides proactive measures through cryptography and selective dissemination of data to the client. Remote attestation mechanisms provides reactive measures by enabling the client to remotely verify if a provider is compromised. The contributions of this work are three fold. This thesis explores the PET landscape by studying in detail the implications of using PET in cloud architectures. The practicality of remote attestation in Software as a Service (SaaS) and Infrastructure as a Service (IaaS) scenarios is also analyzed and improvements have been proposed to the state of the art. This thesis also propose a fresh look at trust relationships in cloud computing, where a single provider changes its configuration for each client based on the subjective and dynamic trust assessments of clients. We conclude by proposing a plan for expanding on the completed work

Predictability: a way to characterize Complexity

Different aspects of the predictability problem in dynamical systems are reviewed. The deep relation among Lyapunov exponents, Kolmogorov-Sinai entropy, Shannon entropy and algorithmic complexity is discussed. In particular, we emphasize how a characterization of the unpredictability of a system gives a measure of its complexity. Adopting this point of view, we review some developments in the characterization of the predictability of systems showing different kind of complexity: from low-dimensional systems to high-dimensional ones with spatio-temporal chaos and to fully developed turbulence. A special attention is devoted to finite-time and finite-resolution effects on predictability, which can be accounted with suitable generalization of the standard indicators. The problems involved in systems with intrinsic randomness is discussed, with emphasis on the important problems of distinguishing chaos from noise and of modeling the system. The characterization of irregular behavior in systems with discrete phase space is also considered.Comment: 142 Latex pgs. 41 included eps figures, submitted to Physics Reports. Related information at this http://axtnt2.phys.uniroma1.i