Skip to main content

Über dieses Buch

This book constitutes the refereed proceedings of the 11th International Workshop on Software Engineering for Resilient Systems, SERENE 2019, held in Naples, Italy, in September 2019.

The 5 full papers and 4 short papers presented together with 1 keynote and 1 invited paper were carefully reviewed and selected from 12 submissions. They cover the following areas: resilience engineering in complex and critical applications; testing and validation methods; security, trust and privacy management.



Keynote Paper


Ethics and Privacy in Autonomous Systems: A Software Exoskeleton to Empower the User

Software systems are increasingly autonomous in making decisions on behalf of potential users. In these systems, the power of self goes beyond the ability of substituting human agents operating on software systems and exceeds the system boundaries invading the user prerogatives. Privacy and ethical issues are at the top of the research agenda in (big) data management and AI, that offer a wide range of techniques often used as key (black-box) components of autonomous systems. In this extended abstract, I discuss these issues from the software system developer perspective that uses such black-box components and outline a new approach based on a partially synthesized software exoskeleton that empowers the user by mediating her interactions in order to preserve her privacy and ethical preferences.
Paola Inverardi

Invited Paper


A Distilled Characterization of Resilience and Its Embraced Properties Based on State-Spaces

In recent years, we have observed the increasing interest in the system property resilience. We ascribe this increasing interest to the rapidly growing number of deployed, complex, socio-technical systems, which are facing uncertainty about changes they are expected to experience during their life-cycle and ways to deal with them. This paper contributes to current resilience research by focusing on the different definitions given for this system property, highlighting the risk that, using different terms in different communities, this contributes to create a “tower of Babel” problem, with the consequent difficulty in exchanging ideas and working together towards a common goal. We adopt an extended definition of dependability to define resilience. Based on that, we identify features of resilient systems, capture properties falling under the resilience umbrella, and define a conceptual framework for resilience characterization including how changes affect the system, strategies to design resilience, and discuss metrics for quantifying resilience at design and runtime.
Jesper Andersson, Vincenzo Grassi, Raffaela Mirandola, Diego Perez-Palacin

Resilience Engineering in Complex and Critical Applications


Modelling Autonomous Resilient Multi-robotic Systems

Resilience is an ability of the system to deliver its services in a dependable way despite the changes. In this paper, we propose a multi-agent based formal outlook on ensuring resilience of multi-robotic systems. We represent system functions as collaborative activities performed by the agents with different capabilities. Changes invoke either structural reconfigurations – forming different collaborations or compensative activities – introducing into the system agents with additional capabilities. We formalize the resilience mechanisms and demonstrate their use by a case study – a coordination of a swarm of drones.
Inna Vistbakka, Elena Troubitsyna

Reactive Middleware for Effective Requirement Change Management of Cloud-Based Global Software Development

Requirement change management (RCM) for global software development (GSD), facilitated by the cloud platform, faces communication, coordination and control issues especially when there is no effective information and knowledge-sharing mechanisms. This paper describes a reasonably effective requirement change management approach for cloud-based GSD.
Objective: In this regard, we contribute a Reactive Middleware which facilitates a set of guidelines defined to manage change and traceability.
Methods: This Reactive Middleware provides services for user management, requirement management, change management, and traceability of cloud-based GSD projects. We present (1) a process model for change management and traceability (CM-T) for cloud-based GSD, and then (2) detail our management approach for system engineering processes as part of the presented GSD guidelines.
Results: To ensure that the defined CM-T process model complies with the CMMI Level 2 (Baseline) Capability, the process model is validated using an expert panel review process where a total average, 85.58% of the experts support the maturity of the process model. Also, we demonstrate the continual tight linkage of stakeholders’ requirements and system engineering processes towards change management and traceability, with an Airlock Control System case study.
David Ebo Adjepon-Yamoah

Fault-Tolerant IoT

A Systematic Mapping Study
A failure may occur at all architectural levels of the Internet of Things (IoT) applications: sensor and actuator nodes can be missed, network links can be down, and processing and storage components can fail to perform properly. That is the reason for which fault-tolerance (FT) has become a crucial concern for IoT systems.
Our study aims at identifying and classifying the existing FT mechanisms that can tolerate the IoT systems failure. In line with a systematic mapping study selection procedure, we picked out 60 papers among over 2300 candidate studies. To this end, we applied a rigorous classification and extraction framework to select and analyze the most influential domain-related information. Our analysis revealed the following main findings: (i) whilst researchers tend to study fault-tolerant IoT (FT-IoT) in cloud level only, several studies extend the application to fog and edge computing; (ii) there is a growing scientific interest on using the microservices architecture to address FT in IoT systems; (iii) the IoT components distribution, collaboration and intelligent elements location impact the system resiliency. This study gives a foundation to classify the existing and future approaches for fault-tolerant IoT, by classifying a set of methods, techniques and architectures that are potentially capable to reduce IoT systems failure.
Mahyar Tourchi Moghaddam, Henry Muccini

JARVIS, A Hardware/Software Framework for Resilient Industry 4.0 Systems

JARVIS is a Research & Development project, jointly developed by industrial SME partners and by the University of Florence, aimed at development of a hardware/software framework supporting integration among physical IoT devices, data analytic software agents, and human operators involved in operation and maintenance of resilient Industry 4.0 systems. At the heart of the JARVIS architecture, a suite of software digital twins deployed in a Java EE environment supports runtime monitoring and control of the hierarchy of hardware configuration items of the system, capturing their composition and representing their failure modes through a reflection architectural pattern enabling agile adaptation to the evolution of configurations. Besides, analytic modules can be deployed as micro-services leveraging both the knowledge base provided by digital twins and the data flowing from the ingestion layer. This enables agile development of advanced monitoring and control services supporting maintainability and resilience. We describe the JARVIS architecture, outlining responsibilities and collaborations among its modules, and we provide details on the structure of representation of digital twins, showing how this is exploited in a data analytic agent providing an executable representation of fault trees associated with failure modes of configuration items.
Jacopo Parri, Fulvio Patara, Samuele Sampietro, Enrico Vicario

Testing and Validation Methods


Toward Testing Self-organizations in Multi-Embedded-Agent Systems

This paper presents a testing approach for validating global adaptation in multi-embedded-agent systems. Those systems are gaining increasing attention due to their high adaptability and resilience. They differ from software multi-agent systems because embedded agents have additional constraints, like energy management that software agents don’t. Those constraints and other specificities, like the tight link with the physical environment, require the use of specific methods and tools for testing these systems. The proposed approach aims at validating at run-time the adaptation of those systems when the entities composing them, the agents, are able to change their global behaviors with self-organization processes. Self-organization processes are not specific to multi-agent systems but in their case, they allow agents to change their organization, i.e. their way of interacting, at runtime. The proposed approach and tool are designed to support lifelong monitoring of multi-embedded-agent systems. In such systems, agents have self-organization behaviors resulting in complex and ever adapting systems, which are challenging to test and monitor.
Arthur Baudet, Oum-El-Kheir Aktouf, Annabelle Mercier, Jean-Paul Jamont

Towards Integrated Correctness Analysis and Performance Evaluation of Software Systems (Doctoral Forum Paper)

In recent times, the involvement of computer systems in our lives has been drastically increasing, as has the need of improving the resilience of these systems, e.g. so they can withstand errors and changes in their environment. Techniques such as testing and simulation are often used to ensure this, but in the case of complex, real-time systems, these techniques can only provide coverage for a limited set of possible system behaviours. Software model checking and stochastic verification are alternative techniques that formally and exhaustively verify whether software meets its functional requirements and establish the performance and dependability properties of software, respectively. The two formal techniques are often used in isolation, yet software must simultaneously ensure a combination of functional and non-functional requirements. The doctoral project described in this paper aims to bring these two areas of software verification together by enabling the joint analysis of functional and non-functional properties of software systems.
Ioannis Stefanakos

Security, Trust and Privacy Management


An Energy Aware Approach to Trust Management Systems for Embedded Multi-Agent Systems

With the growing interest toward pervasive systems such as the Internet of Things or Cyber-Physical Systems, embedded multi-agent systems have been increasingly investigated. In these systems, agents cooperate to achieve their local goals and a global goal that would be impossible for an isolated agent to achieve. However, the dark side of this collaboration is that agents can easily be victim of malicious attacks coming from untrustworthy agents. Consequently, trust management systems are designed to help agents choosing trustworthy counterparts to cooperate based on available information. But gathering the necessary information may be too expensive in terms of energy for small embedded agents and not relevant in all contexts. We propose a solution that allows agents to manage the energy consumption associated with information gathering. Our solution uses a Multi-Armed Bandit algorithm, which is a reinforcement learning technique to allow the agents to adapt themselves and their energy consumption to the context.
Arthur Darroux, Jean-Paul Jamont, Oum-El-Kheir Aktouf, Annabelle Mercier

Addressing Security Properties in Systems of Systems: Challenges and Ideas

Within growing pervasive information systems, Systems of Systems (SoS) emerge as a new research frontier. A SoS is formed by a set of constituent systems that live on their own with well-established functionalities and requirements, and, in certain circumstances, they must collaborate to achieve a common mission. In this scenario, security is one crucial property that needs to be considered since the early stages of SoS lifecycle. Unfortunately, SoS security cannot be guaranteed by addressing the security of each constituent system separately. The aim of this paper is to discuss the challenges faced in addressing the security of SoS and to propose some research ideas centered around the notion of a mission to be carried out by the SoS.
Miguel Angel Olivero, Antonia Bertolino, Francisco José Dominguez-Mayo, María José Escalona, Ilaria Matteucci

On the Use of Quality Models to Characterize Trustworthiness Properties

Making informed choices when designing or contracting a system is yet a very challenging task. One of the biggest users’ concern is to select the most trustworthy solution. However, it is difficult to understand the trustworthiness of a system, because it encompasses a large diversity of properties such as security, privacy, performance, among others. Composing a measure that considers such a large number of properties, the relationship among them and their relevance in the composition requires a well defined model, such as a quality model. In this experience report, we study whether quality models can provide scores that are useful to characterize those properties, helping users to choose the most trustworthy of the available alternatives. Then, we have chosen a property that is on the top of users concerns: data privacy. Results showed a higher percentage of success of linkage attacks when the privacy score is lower, indicating the usefulness of quality models in measuring and improving data privacy and providing interesting insights to the users.
Tania Basso, Hebert Silva, Regina Moraes


Weitere Informationen

Premium Partner