architecting self adaptive critical system s
play

Architecting Self-Adaptive Critical System s: Contradiction or - PowerPoint PPT Presentation

Sep 15, 2023 •556 likes •727 views

Architecting Self-Adaptive Critical System s: Contradiction or Panacea? Invited Talk at WADS 2009, 29.06.2009 Holger Giese System Analysis & Modeling Group, Hasso Plattner Institute for Software Systems Engineering at the University of

  1. Architecting Self-Adaptive Critical System s: Contradiction or Panacea? Invited Talk at WADS 2009, 29.06.2009 Holger Giese System Analysis & Modeling Group, Hasso Plattner Institute for Software Systems Engineering at the University of Potsdam, Germany holger.giese@hpi.uni-potsdam.de

  2. W hat are Critical Softw are System s? 2 Exam ples: Characteristics: � large-scale, heterogeneous, distributed May include: Automotive Transportation � Server backends, embedded subsystems, wireless ad hoc networks, mobile devices Require: Industrial automation Avionics � Safety, security, high reliability, high availability, … Medicine Space missions Enterprise Critical Systems Critical System of Systems: RailCab 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  3. Cirtical Softw are System s - Threats 3 dependability security safety Typical threats: hardware failure, not fulfilled context assumption, misuse, attacks, … Sources for threats: system hardware (incl. computer), environment, software, … 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  4. Self-Adaptive Critical Softw are System s Context = system hardware + environment 4 adapt Adaptation Software d u p u y p Context Adaptation to com pensate threats ( self-healing, self-configuring) : ■ Absolute position: adaptation must guarantee that all threats are properly handled (this CANNOT be achieved) ■ Relative position: adaptation must guarantee that all relevant threats are properly handled (relevant = likelihood+ severity + … ; CAN ONLY be achieved in rare cases) Problem : Usually not all threats are known! ■ Practice: adaptation must guarantee that all known and relevant threats are properly handled (relevant = likelihood+ severity + … ) 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  5. Know n and Unkow n Threats 5 dependability security safety Developer: Known threats Known knowns System: anticipated Known In principle unknowns known threats ? unknown threats unknown unknowns unanticipated 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  6. Self-Adaptive Critical System s: Pros & Cons 6 Pros ( cliché) : ■ Self-adaptive systems can handle unanticipated threats which classical system design do not cover Cons ( cliché) : ■ For self-adaptive systems no guarantees can be given as they can change their behavior Resulting Open Questions ( Contradiction or Panacea?) : What kind of additional threats can self-adaptive systems cover? Can we establish the required guarantees for self-adaptive systems? 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  7. Adaptation & Models 7 Adapt “w ithout” m odels: ■ Still implicit design-tim e m odels are Adaptation used to establish guarantees offline ■ Lim itation: covers only threats included in one model of the software’ d u p + context (potentially including some u y p Software’ Context parameters that can be observed) Adapt w ith runtim e m odels: ■ Explicit runtim e m odels are used to establish guarantees online ■ Lim itation: covers only threats captured by the runtime models ( m ultiple !); assume correct learning of them from the observations 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  8. Adaptation & Guarantees 8 Bottom line: Self-adaptive systems must simply be “better” and not “worse” Cases that m ust be covered offline: (1) Execution of the adaptation: consistent update; timing, … Additional cases that m ust be covered offline for runtim e m odels: (2) Adapting the model of the software‘: consistent; fast enough; … (3) Adapting the model of the context: consistent; fast enough; accurate enough, … (4) Model as reference: correct reference, complete, … Cases that m ust be covered offline and/ or online: (5) Planning of the adaptation: does it really ensure the required guarantees? Open Question: are the required guarantees possible/ feasible? Some examples … 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  9. Exam ple for ( 1 ) Execution of the adaptation Operator-Controller Module ( OCM) for 9 self-optim izing m echatronic system s � Cognitive operator ( CO) : decoupled from the hard real-time processing ( flexible ) � Reflective operator ( RO) : Real-time coordination and reconfiguration ( pre-planned ) � Controller ( C) : Control via sensors and actuators in hard real-time Modular form al verification ( “RO part”) : � Formal interface covers possible pre-planned configuration steps � Consistent configuration across complex hierarchies: correct timing Holger Giese, Sven Burmester, Wilhelm Schäfer, and Oliver Oberschelp, 'Modular Design and Verification of Component-Based Mechatronic Systems with Online-Reconfiguration', in Proc. of 12th ACM SIGSOFT Foundations of Software Engineering 2004 (FSE 2004), Newport Beach, USA , pp. 179--188, ACM Press, November 2004. 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  10. Exam ple for ( 1 ) Execution of the adaptation ( cont.) 10 Distributed Softw are Architecture + correct Context: system ■ Supports system with flexibly changing graph structure (real-time clocks, linear variables) ■ Model all possible structural changes in the system and its environment in form of ? move extended graphs and graph transformations Verification: t:Track ■ Analyze whether structural changes can lead from safe to unsafe situations s 1 :Shuttle s 2 :Shuttle (inductive invariants ; incremental check for changed transformations) dc:Distance Coordination Basil Becker and Dirk Beyer and Holger Giese and Florian Klein and Daniela Schilling, Symbolic I nvariant Verification for Systems with Dynamic Structural Adaptation, Proc. of the 28th International Conference on Software Engineering (ICSE), Shanghai, China, vol. , 2006, 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  11. Exam ple for ( 5 ) Planning of the adaptation 11 ■ Distributed learning of a model of the track (environment) ■ Local learning of a model of the shuttle (system hardware) ■ Planning an adaptation in form of an optimal trajectory ■ Trajectory synthesis establishes required guarantees Sven Burmester and Holger Giese and Eckehard Münch and Oliver Oberschelp and Florian Klein and Peter Scheideler,. Tool Support for the Design of Self-Optimizing Mechatronic Multi-Agent Systems , International Journal on Software Tools for Technology Transfer (STTT) 10 (3), 207-222, 2008. 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  12. Exam ple 2 for ( 5 ) Plan- ning of the adaptation 12 ■ Application: Monitoring and repair of complex architectures with redundancy (self-repair) ■ Uses a model as reference and to capture the state of software’ + context ■ The model as reference is used to compute the required repair (computed solution ensures online the required guarantees) ■ Trade-off: speed of Matthias Tichy and Holger Giese and Daniela Schilling and Wladimir Pauls, Computing Optimal Self-Repair Actions: Damage Minimization versus Repair repair vs. quality of Time, Proc. of the I CSE 2005 Workshop on Architecting Dependable Systems, St. Louis, Missouri, USA, (Rog\ 'erio de Lemos and Alexander Romanovsky, structural adaptation ed.), vol. , ACM Press, 2005, p. 1–6, Covers: arbitrary changes within the model of software’ + context 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  13. Conclusions 13 Open Questions ( Contradiction or Panacea?) : What kind of additional threats can self-adaptive systems cover? ■ Self-adaptive systems allows in principle to cover more threats □ Without runtime models coverage is restricted to what is covered by the design-time model □ With runtime models coverage is restricted to what can be covered by the different possible forms of the runtime model Can we establish the required guarantees for self-adaptive systems? ■ Some guarantees for self-adaptive solutions can be established offline (1) Execution of the adaptation (2) Adapting the model of the software (3) Adapting the model of the context (4) Model as reference ■ Some guarantees for self-adaptive solutions can be established online/ offline (5) Planning of the adaptation: does it really ensure the required guarantees? 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  14. Conclusions ( Cont.) 14 ■ Self-adaptive solutions only help when □ Adaptation itself is guaranteed to work, □ Guarantees for the adaptation can be established (offline or online) or □ When cases are covered that are otherwise not covered. ■ Coverage not having a runtime model itself counts! Critical Self-adaptive softw are system s are thus ■ No contradiction but also ■ No panacea as building them requires a lot of effort � ease building self-adaptive systems is key 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

OPTIMUM OPTIMUM ADAPTIVE ALGORITHMS ADAPTIVE ALGORITHMS for for SYSTEM IDENTIFICATION SYSTEM

OPTIMUM OPTIMUM ADAPTIVE ALGORITHMS ADAPTIVE ALGORITHMS for for SYSTEM IDENTIFICATION SYSTEM

OPTIMUM OPTIMUM ADAPTIVE ALGORITHMS ADAPTIVE ALGORITHMS for for SYSTEM IDENTIFICATION SYSTEM IDENTIFICATION George V. Moustakides Dept. of Computer Engineering & Informatics University of Patras, GREECE Definition of the problem w n x

435 views • 24 slides
Architecting a 30 PB all - Architecting a 30 PB all flash file system flash file system Kirill

Architecting a 30 PB all - Architecting a 30 PB all flash file system flash file system Kirill

Architecting a 30 PB all - Architecting a 30 PB all flash file system flash file system Kirill Kirill Lozinskiy Lozinskiy Glenn K. Lockwood et al. Glenn K. Lockwood et al. 1 NERSC @ Berkeley Lab (LBNL) NERSC @ Berkeley Lab (LBNL)

393 views • 16 slides
The Use of EduPRO System for Adaptive Learning Process Organizing Benefits of adaptive e

The Use of EduPRO System for Adaptive Learning Process Organizing Benefits of adaptive e

Vasyl Stefanyk Precarpathian National University Centre of Distance Learning The Use of EduPRO System for Adaptive Learning Process Organizing Benefits of adaptive e learning system Formation of the individual structure of the material;

396 views • 10 slides
Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive

Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive

S T A T D E Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive Software O H F C F R I A C E E S University Research Initiative Program O E F R N L A A V Welcome to the 3 rd

318 views • 14 slides
Mission-critical 101 Resiliency Performance Fault Scalability Tolerance Disaster

Mission-critical 101 Resiliency Performance Fault Scalability Tolerance Disaster

Architecting for Highly Available, Scalable, and Reliable Mission- Critical Applications Diego Dagum Microsoft Corp. Mission-critical 101 Resiliency Performance Fault Scalability Tolerance Disaster Maintainability Recovery Availability

169 views • 14 slides
Instruction Set 2 Architecting a vocabulary for the HW INSTRUCTION SET OVERVIEW 3 Instruction

Instruction Set 2 Architecting a vocabulary for the HW INSTRUCTION SET OVERVIEW 3 Instruction

1 EE 109 Unit 13 MIPS Instruction Set 2 Architecting a vocabulary for the HW INSTRUCTION SET OVERVIEW 3 Instruction Set Architecture (ISA) Defines the software interface of the processor and memory system Instruction set is the

915 views • 52 slides
Infrastructure for Critical Adaptive Distributed Embedded Systems Alberto Ballesteros Julin

Infrastructure for Critical Adaptive Distributed Embedded Systems Alberto Ballesteros Julin

Towards a Self-Reconfigurable Infrastructure for Critical Adaptive Distributed Embedded Systems Alberto Ballesteros Julin Proenza Manuel Barranco Lus Almeida Pere Palmer 3 th of July 2018 Universitat de les Illes Balears Introduction

665 views • 52 slides
Architecting Java solutions for CICS Architecting Java solutions for CICS Course introduction

Architecting Java solutions for CICS Architecting Java solutions for CICS Course introduction

Architecting Java solutions for CICS Architecting Java solutions for CICS Course introduction Course introduction Reasons for hosting Java in CICS Requirements: Knowledge of transaction processing Experience of Java development What youll

757 views • 56 slides
Adaptive PID Controller Yiming Zhao 1 Contents Control system PID controller

Adaptive PID Controller Yiming Zhao 1 Contents Control system PID controller

Adaptive PID Controller Yiming Zhao 1 Contents Control system PID controller Adaptive PID 2 Control System Open-loop system OUT IN PLANT 3 Control System Closed-loop system/feedback control system input reference

843 views • 20 slides
An Adaptive, Emotional, and Expressive Reminding System Nadine Richard & Seiji Yamada NII,

An Adaptive, Emotional, and Expressive Reminding System Nadine Richard & Seiji Yamada NII,

An Adaptive, Emotional, and Expressive Reminding System Nadine Richard & Seiji Yamada NII, Tokyo An adaptive reminding system Two-step action selection iCalendar and historical data: categorization / prioritization user- and

301 views • 7 slides
and Self-Adaptive Predictive Controller Using Hybrid Automata Imane Lamrani, Ayan Banerjee,

and Self-Adaptive Predictive Controller Using Hybrid Automata Imane Lamrani, Ayan Banerjee,

Co-simulation of Physical Model and Self-Adaptive Predictive Controller Using Hybrid Automata Imane Lamrani, Ayan Banerjee, Sandeep Gupta. iMPACT Lab CISDE, Arizona State University. Introduction Safety-critical cyber-physical system (CPS)

208 views • 19 slides
Critical Power Perspectives Every power system problem is critical. Electricity is

Critical Power Perspectives Every power system problem is critical. Electricity is

Critical Power Perspectives Every power system problem is critical. Electricity is required for jobs, income, food, and shelter. Many teachings regarding controlling power quality are wrong. Voltage and Current Perspectives: Cause and

728 views • 21 slides
A Personality-based Adaptive System for Visualizing Classical Music Performances Markus Schedl ,

A Personality-based Adaptive System for Visualizing Classical Music Performances Markus Schedl ,

A Personality-based Adaptive System for Visualizing Classical Music Performances Markus Schedl , Mark Melenhorst, Cynthia C.S. Liem, Agustn Martorell, scar Mayor, Marko Tkali http://www.cp.jku.at A Personality-based Adaptive System for

562 views • 19 slides
The Role of Event Description in Architecting Dependable Systems Marcio S. Dias Debra J.

The Role of Event Description in Architecting Dependable Systems Marcio S. Dias Debra J.

The Role of Event Description in Architecting Dependable Systems Marcio S. Dias Debra J. Richardson djr@ics.uci.edu mdias@ics.uci.edu Information and Computer Science University of California, Irvine I CSE 2002 Workshop on Architecting

1.02k views • 25 slides
RAIC: Architecting Dependable Systems Through Redundancy and Just-In-Time Testing For The ICSE

RAIC: Architecting Dependable Systems Through Redundancy and Just-In-Time Testing For The ICSE

RAIC: Architecting Dependable Systems Through Redundancy and Just-In-Time Testing For The ICSE 2002 Workshop on Architecting Dependable Systems Orlando, Florida, USA Chang Liu, Debra J. Richardson Information And Computer Science University

840 views • 24 slides
Scenario praxis for systemic and adaptive governance: a critical review Ray Ison 1 , Andrea Grant

Scenario praxis for systemic and adaptive governance: a critical review Ray Ison 1 , Andrea Grant

www. monash .edu Scenario praxis for systemic and adaptive governance: a critical review Ray Ison 1 , Andrea Grant 1 & Richard Bawden 2 1. School of Geography & Environmental Sciences, Monash University, Clayton 2. Systemic

492 views • 33 slides
UNREDUCED DYNAMIC UNREDUCED DYNAMIC COMPLEXITY COMPLEXITY Towards the Unified Science of

UNREDUCED DYNAMIC UNREDUCED DYNAMIC COMPLEXITY COMPLEXITY Towards the Unified Science of

Andrei P. Kirilyuk Andrei P. Kirilyuk Institute of Metal Physics, Kiev, Ukraine Institute of Metal Physics, Kiev, Ukraine http://myprofile.cos.com/mammoth http://myprofile.cos.com/mammoth UNREDUCED DYNAMIC UNREDUCED DYNAMIC COMPLEXITY

718 views • 33 slides
System Administrators in the Wild! What we ve learned from watching you Good Morning! I am

System Administrators in the Wild! What we ve learned from watching you Good Morning! I am

System Administrators in the Wild! What we ve learned from watching you Good Morning! I am really honored to be here as an invited speaker, Ive always been impressed by the quality of speakers here at LISA, and Ill do my best to live

602 views • 48 slides
Model-Based Self-Adaptation of Service-Oriented Software Systems GK Workshop 2010 Schloss

Model-Based Self-Adaptation of Service-Oriented Software Systems GK Workshop 2010 Schloss

Model-Based Self-Adaptation of Service-Oriented Software Systems GK Workshop 2010 Schloss Dagstuhl, June 2, 2010 Thomas Vogel Research School on Service-Oriented Systems Engineering System Analysis and Modeling Group Motivation 2 Continuous

472 views • 26 slides
Diabetes and CKD: is it all about managing glucose Melanie J Davies CBE FMedSci Professor of

Diabetes and CKD: is it all about managing glucose Melanie J Davies CBE FMedSci Professor of

Diabetes and CKD: is it all about managing glucose Melanie J Davies CBE FMedSci Professor of Diabetes Medicine Agenda Metabolic-cardio-renal cross-talk and role of GLP-1RA Glucose lowering in T2D and CKD Summary Patients with T2D

650 views • 26 slides
The Realities of Continuous Availability Mark Richards Director and Sr. Architect, Collaborative

The Realities of Continuous Availability Mark Richards Director and Sr. Architect, Collaborative

QCon London 2009 The Realities of Continuous Availability Mark Richards Director and Sr. Architect, Collaborative Consulting, LLC Author of Java Transaction Design Strategies (C4Media) Author of Java Message Service 2nd Edition (OReilly)

544 views • 51 slides
Current Issues Regarding Data and Safety Monitoring Committees in Clinical Trials Discussion:

Current Issues Regarding Data and Safety Monitoring Committees in Clinical Trials Discussion:

Current Issues Regarding Data and Safety Monitoring Committees in Clinical Trials Discussion: Emerging Challenges in the Practice of Clinical Trial Data Monitoring Committees Maureen G. Maguire, PhD Carolyn Jones Professor Department of

450 views • 14 slides
Ethics for Behavioral Health Providers W orking in S chools and H ealth C are S ettings Avi

Ethics for Behavioral Health Providers W orking in S chools and H ealth C are S ettings Avi

Ethics for Behavioral Health Providers W orking in S chools and H ealth C are S ettings Avi Kriechman, M.D. Department of Psychiatry and Behavioral Sciences University of New Mexico Learning Objectives 1. List and define fundamental ethical

330 views • 28 slides
Verifiable Autonomy Michael Fisher University of Liverpool, 11th September 2015 Formal

Verifiable Autonomy Michael Fisher University of Liverpool, 11th September 2015 Formal

Verifiable Autonomy Michael Fisher University of Liverpool, 11th September 2015 Formal Verification Examples Closing Motivation: Autonomy Everywhere! rtc.nagoya.riken.jp/RI-MAN www.volvo.com Formal Verification Examples Closing

490 views • 19 slides

More recommend