Architectural mismatch tolerance

The integrity of complex software systems built from existing components is becoming more dependent on the integrity of the mechanisms used to interconnect these components and, in particular, on the ability of these mechanisms to cope with architectural mismatches that might exist between components. There is a need to detect and handle (i.e. to tolerate) architectural mismatches during runtime because in the majority of practical situations it is impossible to localize and correct all such mismatches during development time. When developing complex software systems, the problem is not only to identify the appropriate components, but also to make sure that these components are interconnected in a way that allows mismatches to be tolerated. The resulting architectural solution should be a system based on the existing components, which are independent in their nature, but are able to interact in well-understood ways. To find such a solution we apply general principles of fault tolerance to dealing with arch itectural mismatche

Robustness of interdependent networks under targeted attack

When an initial failure of nodes occurs in interdependent networks, a cascade of failure between the networks occurs. Earlier studies focused on random initial failures. Here we study the robustness of interdependent networks under targeted attack on high or low degree nodes. We introduce a general technique and show that the {\it targeted-attack} problem in interdependent networks can be mapped to the {\it random-attack} problem in a transformed pair of interdependent networks. We find that when the highly connected nodes are protected and have lower probability to fail, in contrast to single scale free (SF) networks where the percolation threshold $p_c=0$, coupled SF networks are significantly more vulnerable with $p_c$ significantly larger than zero. The result implies that interdependent networks are difficult to defend by strategies such as protecting the high degree nodes that have been found useful to significantly improve robustness of single networks.Comment: 11 pages, 2 figure

Percolation of partially interdependent networks under targeted attack

The study of interdependent networks, and in particular the robustness on networks, has attracted considerable attention. Recent studies mainly assume that the dependence is fully interdependent. However, targeted attack for partially interdependent networks simultaneously has the characteristics of generality in real world. In this letter, the comprehensive percolation of generalized framework of partially interdependent networks under targeted attack is analyzed. As $\alpha=0$ and $\alpha=1$, the percolation law is presented. Especially, when $a=b=k$, $p_{1}=p_{2}=p$, $q_{A}=q_{B}=q$, the first and second lines of phase transition coincide with each other. The corresponding phase transition diagram and the critical line between the first and the second phase transition are found. We find that the tendency of critical line is monotone decreasing with parameter $p_{1}$. However, for different $\alpha$, the tendency of critical line is monotone increasing with $\alpha$. In a larger sense, our findings have potential application for designing networks with strong robustness and can regulate the robustness of some current networks.Comment: 6 pages, 9 figure

Percolation of Partially Interdependent Scale-free Networks

We study the percolation behavior of two interdependent scale-free (SF) networks under random failure of 1-$p$ fraction of nodes. Our results are based on numerical solutions of analytical expressions and simulations. We find that as the coupling strength between the two networks $q$ reduces from 1 (fully coupled) to 0 (no coupling), there exist two critical coupling strengths $q_1$ and $q_2$, which separate three different regions with different behavior of the giant component as a function of $p$. (i) For $q \geq q_1$, an abrupt collapse transition occurs at $p=p_c$. (ii) For $q_2<q<q_1$, the giant component has a hybrid transition combined of both, abrupt decrease at a certain $p=p^{jump}_c$ followed by a smooth decrease to zero for $p < p^{jump}_c$ as $p$ decreases to zero. (iii) For $q \leq q_2$, the giant component has a continuous second-order transition (at $p=p_c$). We find that $(a)$ for $\lambda \leq 3$, $q_1 \equiv 1$; and for $\lambda > 3$, $q_1$ decreases with increasing $\lambda$. $(b)$ In the hybrid transition, at the $q_2 < q < q_1$ region, the mutual giant component $P_{\infty}$ jumps discontinuously at $p=p^{jump}_c$ to a very small but non-zero value, and when reducing $p$, $P_{\infty}$ continuously approaches to 0 at $p_c = 0$ for $\lambda 0$ for $\lambda > 3$. Thus, the known theoretical $p_c=0$ for a single network with $\lambda \leqslant 3$ is expected to be valid also for strictly partial interdependent networks.Comment: 20 pages, 17 figure

Reliability Analysis for the Advanced Electric Power Grid: From Cyber Control and Communication to Physical Manifestations of Failure

The advanced electric power grid is a cyber-physical system comprised of physical components, such as transmission lines and generators, and a network of embedded systems deployed for their cyber control. The objective of this paper is to qualitatively and quantitatively analyze the reliability of this cyber-physical system. The original contribution of the approach lies in the scope of failures analyzed, which crosses the cyber-physical boundary by investigating physical manifestations of failures in cyber control. As an example of power electronics deployed to enhance and control the operation of the grid, we study Flexible AC Transmission System (FACTS) devices, which are used to alter the flow of power on specific transmission lines. Through prudent fault injection, we enumerate the failure modes of FACTS devices, as triggered by their embedded software, and evaluate their effect on the reliability of the device and the reliability of the power grid on which they are deployed. The IEEE118 bus system is used as our case study, where the physical infrastructure is supplemented with seven FACTS devices to prevent the occurrence of four previously documented potential cascading failures

Methodologies synthesis

This deliverable deals with the modelling and analysis of interdependencies between critical infrastructures, focussing attention on two interdependent infrastructures studied in the context of CRUTIAL: the electric power infrastructure and the information infrastructures supporting management, control and maintenance functionality. The main objectives are: 1) investigate the main challenges to be addressed for the analysis and modelling of interdependencies, 2) review the modelling methodologies and tools that can be used to address these challenges and support the evaluation of the impact of interdependencies on the dependability and resilience of the service delivered to the users, and 3) present the preliminary directions investigated so far by the CRUTIAL consortium for describing and modelling interdependencies

MAFTIA Conceptual Model and Architecture

This document builds on the work reported in MAFTIA deliverable D1. It contains a refinement of the MAFTIA conceptual model and a discussion of the MAFTIA architecture. It also introduces the work done in WP6 on verification and assessment of security properties, which is reported on in more detail in MAFTIA deliverable D

Conceptual Model and Architecture of MAFTIA

This deliverable builds on the work reported in [MAFTIA 2000] and [Powell and Stroud 2001]. It contains a further refinement of the MAFTIA conceptual model and a revised discussion of the MAFTIA architecture. It also introduces the work done in MAFTIA on verification and assessment of security properties, which is reported on in more detail in [Adelsbach and Creese 2003

Testing the robustness of controllers for self-adaptive systems

Self-Adaptive systems are software-intensive systems endowed with the ability to respond to a variety of changes that may occur in their environment, goals, or the system itself, by adapting their structure and behavior at run-time in an autonomous way. Controllers are complex components incorporated in self-adaptive systems, which are crucial to their function since they are in charge of adapting the target system by executing actions through effectors, based on information monitored by probes. However, although controllers are becoming critical in many application domains, so far very little has been done to assess their robustness. In this paper, we propose an approach for evaluating the robustness of controllers for self-adaptive software systems, aiming to identify faults in their design. Our proposal considers the stateful nature of the controller, and identifies a set of robustness tests, which includes the provision of mutated inputs to the interfaces between the controller and the target system (i.e., probes). The feasibility of the approach is evaluated on Rainbow, a framework for architecture-based self-adaptation, and in the context of the Znn.com case study