architecting self adaptive critical system s
play

Architecting Self-Adaptive Critical System s: Contradiction or - PowerPoint PPT Presentation

Sep 15, 2023 •556 likes •727 views

Architecting Self-Adaptive Critical System s: Contradiction or Panacea? Invited Talk at WADS 2009, 29.06.2009 Holger Giese System Analysis & Modeling Group, Hasso Plattner Institute for Software Systems Engineering at the University of

  1. Architecting Self-Adaptive Critical System s: Contradiction or Panacea? Invited Talk at WADS 2009, 29.06.2009 Holger Giese System Analysis & Modeling Group, Hasso Plattner Institute for Software Systems Engineering at the University of Potsdam, Germany holger.giese@hpi.uni-potsdam.de

  2. W hat are Critical Softw are System s? 2 Exam ples: Characteristics: � large-scale, heterogeneous, distributed May include: Automotive Transportation � Server backends, embedded subsystems, wireless ad hoc networks, mobile devices Require: Industrial automation Avionics � Safety, security, high reliability, high availability, … Medicine Space missions Enterprise Critical Systems Critical System of Systems: RailCab 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  3. Cirtical Softw are System s - Threats 3 dependability security safety Typical threats: hardware failure, not fulfilled context assumption, misuse, attacks, … Sources for threats: system hardware (incl. computer), environment, software, … 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  4. Self-Adaptive Critical Softw are System s Context = system hardware + environment 4 adapt Adaptation Software d u p u y p Context Adaptation to com pensate threats ( self-healing, self-configuring) : ■ Absolute position: adaptation must guarantee that all threats are properly handled (this CANNOT be achieved) ■ Relative position: adaptation must guarantee that all relevant threats are properly handled (relevant = likelihood+ severity + … ; CAN ONLY be achieved in rare cases) Problem : Usually not all threats are known! ■ Practice: adaptation must guarantee that all known and relevant threats are properly handled (relevant = likelihood+ severity + … ) 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  5. Know n and Unkow n Threats 5 dependability security safety Developer: Known threats Known knowns System: anticipated Known In principle unknowns known threats ? unknown threats unknown unknowns unanticipated 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  6. Self-Adaptive Critical System s: Pros & Cons 6 Pros ( cliché) : ■ Self-adaptive systems can handle unanticipated threats which classical system design do not cover Cons ( cliché) : ■ For self-adaptive systems no guarantees can be given as they can change their behavior Resulting Open Questions ( Contradiction or Panacea?) : What kind of additional threats can self-adaptive systems cover? Can we establish the required guarantees for self-adaptive systems? 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  7. Adaptation & Models 7 Adapt “w ithout” m odels: ■ Still implicit design-tim e m odels are Adaptation used to establish guarantees offline ■ Lim itation: covers only threats included in one model of the software’ d u p + context (potentially including some u y p Software’ Context parameters that can be observed) Adapt w ith runtim e m odels: ■ Explicit runtim e m odels are used to establish guarantees online ■ Lim itation: covers only threats captured by the runtime models ( m ultiple !); assume correct learning of them from the observations 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  8. Adaptation & Guarantees 8 Bottom line: Self-adaptive systems must simply be “better” and not “worse” Cases that m ust be covered offline: (1) Execution of the adaptation: consistent update; timing, … Additional cases that m ust be covered offline for runtim e m odels: (2) Adapting the model of the software‘: consistent; fast enough; … (3) Adapting the model of the context: consistent; fast enough; accurate enough, … (4) Model as reference: correct reference, complete, … Cases that m ust be covered offline and/ or online: (5) Planning of the adaptation: does it really ensure the required guarantees? Open Question: are the required guarantees possible/ feasible? Some examples … 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  9. Exam ple for ( 1 ) Execution of the adaptation Operator-Controller Module ( OCM) for 9 self-optim izing m echatronic system s � Cognitive operator ( CO) : decoupled from the hard real-time processing ( flexible ) � Reflective operator ( RO) : Real-time coordination and reconfiguration ( pre-planned ) � Controller ( C) : Control via sensors and actuators in hard real-time Modular form al verification ( “RO part”) : � Formal interface covers possible pre-planned configuration steps � Consistent configuration across complex hierarchies: correct timing Holger Giese, Sven Burmester, Wilhelm Schäfer, and Oliver Oberschelp, 'Modular Design and Verification of Component-Based Mechatronic Systems with Online-Reconfiguration', in Proc. of 12th ACM SIGSOFT Foundations of Software Engineering 2004 (FSE 2004), Newport Beach, USA , pp. 179--188, ACM Press, November 2004. 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  10. Exam ple for ( 1 ) Execution of the adaptation ( cont.) 10 Distributed Softw are Architecture + correct Context: system ■ Supports system with flexibly changing graph structure (real-time clocks, linear variables) ■ Model all possible structural changes in the system and its environment in form of ? move extended graphs and graph transformations Verification: t:Track ■ Analyze whether structural changes can lead from safe to unsafe situations s 1 :Shuttle s 2 :Shuttle (inductive invariants ; incremental check for changed transformations) dc:Distance Coordination Basil Becker and Dirk Beyer and Holger Giese and Florian Klein and Daniela Schilling, Symbolic I nvariant Verification for Systems with Dynamic Structural Adaptation, Proc. of the 28th International Conference on Software Engineering (ICSE), Shanghai, China, vol. , 2006, 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  11. Exam ple for ( 5 ) Planning of the adaptation 11 ■ Distributed learning of a model of the track (environment) ■ Local learning of a model of the shuttle (system hardware) ■ Planning an adaptation in form of an optimal trajectory ■ Trajectory synthesis establishes required guarantees Sven Burmester and Holger Giese and Eckehard Münch and Oliver Oberschelp and Florian Klein and Peter Scheideler,. Tool Support for the Design of Self-Optimizing Mechatronic Multi-Agent Systems , International Journal on Software Tools for Technology Transfer (STTT) 10 (3), 207-222, 2008. 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  12. Exam ple 2 for ( 5 ) Plan- ning of the adaptation 12 ■ Application: Monitoring and repair of complex architectures with redundancy (self-repair) ■ Uses a model as reference and to capture the state of software’ + context ■ The model as reference is used to compute the required repair (computed solution ensures online the required guarantees) ■ Trade-off: speed of Matthias Tichy and Holger Giese and Daniela Schilling and Wladimir Pauls, Computing Optimal Self-Repair Actions: Damage Minimization versus Repair repair vs. quality of Time, Proc. of the I CSE 2005 Workshop on Architecting Dependable Systems, St. Louis, Missouri, USA, (Rog\ 'erio de Lemos and Alexander Romanovsky, structural adaptation ed.), vol. , ACM Press, 2005, p. 1–6, Covers: arbitrary changes within the model of software’ + context 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  13. Conclusions 13 Open Questions ( Contradiction or Panacea?) : What kind of additional threats can self-adaptive systems cover? ■ Self-adaptive systems allows in principle to cover more threats □ Without runtime models coverage is restricted to what is covered by the design-time model □ With runtime models coverage is restricted to what can be covered by the different possible forms of the runtime model Can we establish the required guarantees for self-adaptive systems? ■ Some guarantees for self-adaptive solutions can be established offline (1) Execution of the adaptation (2) Adapting the model of the software (3) Adapting the model of the context (4) Model as reference ■ Some guarantees for self-adaptive solutions can be established online/ offline (5) Planning of the adaptation: does it really ensure the required guarantees? 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

  14. Conclusions ( Cont.) 14 ■ Self-adaptive solutions only help when □ Adaptation itself is guaranteed to work, □ Guarantees for the adaptation can be established (offline or online) or □ When cases are covered that are otherwise not covered. ■ Coverage not having a runtime model itself counts! Critical Self-adaptive softw are system s are thus ■ No contradiction but also ■ No panacea as building them requires a lot of effort � ease building self-adaptive systems is key 29.06.2009 | Architecting Self-Adaptive Critical Systems: Contradiction or Panacea?

Recommend

OPTIMUM OPTIMUM ADAPTIVE ALGORITHMS ADAPTIVE ALGORITHMS for for SYSTEM IDENTIFICATION SYSTEM

OPTIMUM OPTIMUM ADAPTIVE ALGORITHMS ADAPTIVE ALGORITHMS for for SYSTEM IDENTIFICATION SYSTEM

OPTIMUM OPTIMUM ADAPTIVE ALGORITHMS ADAPTIVE ALGORITHMS for for SYSTEM IDENTIFICATION SYSTEM IDENTIFICATION George V. Moustakides Dept. of Computer Engineering & Informatics University of Patras, GREECE Definition of the problem w n x

435 views • 24 slides
Architecting a 30 PB all - Architecting a 30 PB all flash file system flash file system Kirill

Architecting a 30 PB all - Architecting a 30 PB all flash file system flash file system Kirill

Architecting a 30 PB all - Architecting a 30 PB all flash file system flash file system Kirill Kirill Lozinskiy Lozinskiy Glenn K. Lockwood et al. Glenn K. Lockwood et al. 1 NERSC @ Berkeley Lab (LBNL) NERSC @ Berkeley Lab (LBNL)

393 views • 16 slides
The Use of EduPRO System for Adaptive Learning Process Organizing Benefits of adaptive e

The Use of EduPRO System for Adaptive Learning Process Organizing Benefits of adaptive e

Vasyl Stefanyk Precarpathian National University Centre of Distance Learning The Use of EduPRO System for Adaptive Learning Process Organizing Benefits of adaptive e learning system Formation of the individual structure of the material;

396 views • 10 slides
Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive

Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive

S T A T D E Critical Infrastructure Protection and S E N T A I N V U Y High Confidence Adaptive Software O H F C F R I A C E E S University Research Initiative Program O E F R N L A A V Welcome to the 3 rd

318 views • 14 slides
Mission-critical 101 Resiliency Performance Fault Scalability Tolerance Disaster

Mission-critical 101 Resiliency Performance Fault Scalability Tolerance Disaster

Architecting for Highly Available, Scalable, and Reliable Mission- Critical Applications Diego Dagum Microsoft Corp. Mission-critical 101 Resiliency Performance Fault Scalability Tolerance Disaster Maintainability Recovery Availability

169 views • 14 slides
Instruction Set 2 Architecting a vocabulary for the HW INSTRUCTION SET OVERVIEW 3 Instruction

Instruction Set 2 Architecting a vocabulary for the HW INSTRUCTION SET OVERVIEW 3 Instruction

1 EE 109 Unit 13 MIPS Instruction Set 2 Architecting a vocabulary for the HW INSTRUCTION SET OVERVIEW 3 Instruction Set Architecture (ISA) Defines the software interface of the processor and memory system Instruction set is the

915 views • 52 slides
Infrastructure for Critical Adaptive Distributed Embedded Systems Alberto Ballesteros Julin

Infrastructure for Critical Adaptive Distributed Embedded Systems Alberto Ballesteros Julin

Towards a Self-Reconfigurable Infrastructure for Critical Adaptive Distributed Embedded Systems Alberto Ballesteros Julin Proenza Manuel Barranco Lus Almeida Pere Palmer 3 th of July 2018 Universitat de les Illes Balears Introduction

665 views • 52 slides
Architecting Java solutions for CICS Architecting Java solutions for CICS Course introduction

Architecting Java solutions for CICS Architecting Java solutions for CICS Course introduction

Architecting Java solutions for CICS Architecting Java solutions for CICS Course introduction Course introduction Reasons for hosting Java in CICS Requirements: Knowledge of transaction processing Experience of Java development What youll

757 views • 56 slides
Adaptive PID Controller Yiming Zhao 1 Contents Control system PID controller

Adaptive PID Controller Yiming Zhao 1 Contents Control system PID controller

Adaptive PID Controller Yiming Zhao 1 Contents Control system PID controller Adaptive PID 2 Control System Open-loop system OUT IN PLANT 3 Control System Closed-loop system/feedback control system input reference

843 views • 20 slides
An Adaptive, Emotional, and Expressive Reminding System Nadine Richard & Seiji Yamada NII,

An Adaptive, Emotional, and Expressive Reminding System Nadine Richard & Seiji Yamada NII,

An Adaptive, Emotional, and Expressive Reminding System Nadine Richard & Seiji Yamada NII, Tokyo An adaptive reminding system Two-step action selection iCalendar and historical data: categorization / prioritization user- and

301 views • 7 slides
and Self-Adaptive Predictive Controller Using Hybrid Automata Imane Lamrani, Ayan Banerjee,

and Self-Adaptive Predictive Controller Using Hybrid Automata Imane Lamrani, Ayan Banerjee,

Co-simulation of Physical Model and Self-Adaptive Predictive Controller Using Hybrid Automata Imane Lamrani, Ayan Banerjee, Sandeep Gupta. iMPACT Lab CISDE, Arizona State University. Introduction Safety-critical cyber-physical system (CPS)

208 views • 19 slides
Critical Power Perspectives Every power system problem is critical. Electricity is

Critical Power Perspectives Every power system problem is critical. Electricity is

Critical Power Perspectives Every power system problem is critical. Electricity is required for jobs, income, food, and shelter. Many teachings regarding controlling power quality are wrong. Voltage and Current Perspectives: Cause and

728 views • 21 slides
A Personality-based Adaptive System for Visualizing Classical Music Performances Markus Schedl ,

A Personality-based Adaptive System for Visualizing Classical Music Performances Markus Schedl ,

A Personality-based Adaptive System for Visualizing Classical Music Performances Markus Schedl , Mark Melenhorst, Cynthia C.S. Liem, Agustn Martorell, scar Mayor, Marko Tkali http://www.cp.jku.at A Personality-based Adaptive System for

562 views • 19 slides
The Role of Event Description in Architecting Dependable Systems Marcio S. Dias Debra J.

The Role of Event Description in Architecting Dependable Systems Marcio S. Dias Debra J.

The Role of Event Description in Architecting Dependable Systems Marcio S. Dias Debra J. Richardson djr@ics.uci.edu mdias@ics.uci.edu Information and Computer Science University of California, Irvine I CSE 2002 Workshop on Architecting

1.02k views • 25 slides
RAIC: Architecting Dependable Systems Through Redundancy and Just-In-Time Testing For The ICSE

RAIC: Architecting Dependable Systems Through Redundancy and Just-In-Time Testing For The ICSE

RAIC: Architecting Dependable Systems Through Redundancy and Just-In-Time Testing For The ICSE 2002 Workshop on Architecting Dependable Systems Orlando, Florida, USA Chang Liu, Debra J. Richardson Information And Computer Science University

840 views • 24 slides
Scenario praxis for systemic and adaptive governance: a critical review Ray Ison 1 , Andrea Grant

Scenario praxis for systemic and adaptive governance: a critical review Ray Ison 1 , Andrea Grant

www. monash .edu Scenario praxis for systemic and adaptive governance: a critical review Ray Ison 1 , Andrea Grant 1 & Richard Bawden 2 1. School of Geography & Environmental Sciences, Monash University, Clayton 2. Systemic

492 views • 33 slides
C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering

C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering

C++ for Safety-Critical Systems DI Gnter Obiltschnig Applied Informatics Software Engineering GmbH guenter.obiltschnig@appinf.com A life-critical system or safety-critical system is a system whose failure or malfunction may result in: >

899 views • 87 slides
ARCHITECTING FOR CONTINUOUS DELIVERY Ken Mugrage ThoughtWorks Technology Advocate @kmugrage

ARCHITECTING FOR CONTINUOUS DELIVERY Ken Mugrage ThoughtWorks Technology Advocate @kmugrage

ARCHITECTING FOR CONTINUOUS DELIVERY Ken Mugrage ThoughtWorks Technology Advocate @kmugrage https://gocd.org/ TEAM STRUCTURE @kmugrage https://gocd.org/ CONWAYS LAW Any organization that designs a system (defined broadly) will produce

888 views • 47 slides
DFW Experience With Rhythm Adaptive Signal Control Rhythm Adaptive Signal Control April 13 2012

DFW Experience With Rhythm Adaptive Signal Control Rhythm Adaptive Signal Control April 13 2012

DFW Experience With Rhythm Adaptive Signal Control Rhythm Adaptive Signal Control April 13 2012 Michael Pacelli, City of Grapevine Paul Luedtke, HDR Engineering, Inc. John Black, City of Richardson What is it? The InSync adaptive system

538 views • 33 slides
Design and Calibration of the Jaguar XK Adaptive Cruise Control System Tim Jagger MathWorks

Design and Calibration of the Jaguar XK Adaptive Cruise Control System Tim Jagger MathWorks

Design and Calibration of the Jaguar XK Adaptive Cruise Control System Tim Jagger MathWorks International Automotive Conference 2006 JAGUAR XK Page 3 ADAPTIVE CRUISE CONTROL(ACC) MODEL BASED CALIBRATION Adaptive Cruise Control The

503 views • 23 slides
Architecting for High Availability Attila Narin AWS Solutions Architecture QCon London, March 2013

Architecting for High Availability Attila Narin AWS Solutions Architecture QCon London, March 2013

Architecting for High Availability Attila Narin AWS Solutions Architecture QCon London, March 2013 Session Feedback ID 1927 1. DESIGN FOR FAILURE 2. MULTIPLE AVAILABILITY ZONES 3. SCALING 4. SELF-HEALING 5. LOOSE COUPLING LETS BUILD A SYSTEM

1.57k views • 135 slides
An Adaptive Management System for Restoring the Chesapeake Bay Presented to STAC September 12,

An Adaptive Management System for Restoring the Chesapeake Bay Presented to STAC September 12,

The Chesapeake Bay Partnerships Strategy Review System: An Adaptive Management System for Restoring the Chesapeake Bay Presented to STAC September 12, 2018 Kristin Saunders, Cross Program Coordinator (UMCES) On behalf of Dave Goshorn

792 views • 21 slides
2/29/16 Adaptive Immune Responses to Ranaviruses and Immune Evasion Strategies of Ranaviruses

2/29/16 Adaptive Immune Responses to Ranaviruses and Immune Evasion Strategies of Ranaviruses

2/29/16 Adaptive Immune Responses to Ranaviruses and Immune Evasion Strategies of Ranaviruses http://www.urmc.rochester.edu/smd/mbi/xenopus What is adaptive immunity anyway? An adaptive Immune System is present in all jawed vertebrates

683 views • 17 slides
OPTICAL FIBER CALIBRATION SYSTEM & ADAPTIVE POWER SUPPLY * J. CVACH*, INSTITUTE OF PHYSICS,

OPTICAL FIBER CALIBRATION SYSTEM & ADAPTIVE POWER SUPPLY * J. CVACH*, INSTITUTE OF PHYSICS,

OPTICAL FIBER CALIBRATION SYSTEM & ADAPTIVE POWER SUPPLY * J. CVACH*, INSTITUTE OF PHYSICS, ASCR, PRAGUE Introduction 1. LED driver 2. Notched fibres 3. Adaptive power supply 4. Summary 5. _______________________________________ *

567 views • 13 slides

More recommend