Engineering Trustworthy Self-Adaptive Software with Dynamic Assurance Cases

Building on concepts drawn from control theory, self-adaptive software handles environmental and internal uncertainties by dynamically adjusting its architecture and parameters in response to events such as workload changes and component failures. Self-adaptive software is increasingly expected to meet strict functional and non-functional requirements in applications from areas as diverse as manufacturing, healthcare and finance. To address this need, we introduce a methodology for the systematic ENgineering of TRUstworthy Self-adaptive sofTware (ENTRUST). ENTRUST uses a combination of (1) design-time and runtime modelling and verification, and (2) industry-adopted assurance processes to develop trustworthy self-adaptive software and assurance cases arguing the suitability of the software for its intended application. To evaluate the effectiveness of our methodology, we present a tool-supported instance of ENTRUST and its use to develop proof-of-concept self-adaptive software for embedded and service-based systems from the oceanic monitoring and e-finance domains, respectively. The experimental results show that ENTRUST can be used to engineer self-adaptive software systems in different application domains and to generate dynamic assurance cases for these systems.

[1]  Nelly Bencomo,et al.  RELAX: Incorporating Uncertainty into the Specification of Self-Adaptive Systems , 2009, 2009 17th IEEE International Requirements Engineering Conference.

[2]  Gul A. Agha,et al.  CHAMELEON: A Self-Evolving, Fully-Adaptive Resource Arbitrator for Storage Systems , 2005, USENIX Annual Technical Conference, General Track.

[3]  Lars Grunske,et al.  Lightweight Adaptive Filtering for Efficient Learning and Updating of Probabilistic Models , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[4]  Sebastian Junges,et al.  Parameter Synthesis for Markov Models: Faster Than Ever , 2016, ATVA.

[5]  Radu Calinescu,et al.  Dynamic QoS Management and Optimization in Service-Based Systems , 2011, IEEE Transactions on Software Engineering.

[6]  Ji Zhang,et al.  Using temporal logic to specify adaptive program semantics , 2006, J. Syst. Softw..

[7]  Radu Calinescu,et al.  General-Purpose Autonomic Computing , 2009, Autonomic Computing and Networking.

[8]  Bengt Jonsson,et al.  A logic for reasoning about time and reliability , 1990, Formal Aspects of Computing.

[9]  Danny Weyns,et al.  Software Engineering of Self-Adaptive Systems: An Organised Tour and Future Challenges , 2017 .

[10]  Bradley R. Schmerl,et al.  Analyzing Latency-Aware Self-Adaptation Using Stochastic Games and Simulations , 2016, ACM Trans. Auton. Adapt. Syst..

[11]  Sebastián Uchitel,et al.  Synthesis of live behaviour models for fallible domains , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[12]  Radu Calinescu,et al.  Compositional Reverification of Probabilistic Safety Properties for Large-Scale Complex IT Systems , 2012, Monterey Workshop.

[13]  Jean-Marc Jézéquel,et al.  Perpetual Assurances for Self-Adaptive Systems , 2019, Software Engineering for Self-Adaptive Systems.

[14]  Sebastian VanSyckel,et al.  A survey on engineering approaches for self-adaptive systems , 2015, Pervasive Mob. Comput..

[15]  Luciano Baresi,et al.  Fuzzy Goals for Requirements-Driven Adaptation , 2010, 2010 18th IEEE International Requirements Engineering Conference.

[16]  Carlo Ghezzi,et al.  Self-adaptive software needs quantitative verification at runtime , 2012, CACM.

[17]  John A. McDermid,et al.  Assurance cases and prescriptive software safety certification: A comparative study , 2013 .

[18]  Wang Yi,et al.  UPPAAL 4.0 , 2006, Third International Conference on the Quantitative Evaluation of Systems - (QEST'06).

[19]  Peter G. Bishop,et al.  Safety and Assurance Cases: Past, Present and Possible Future - an Adelard Perspective , 2010, SSS.

[20]  Rajarshi Das,et al.  Utility functions in autonomic systems , 2004, International Conference on Autonomic Computing, 2004. Proceedings..

[21]  Nelly Bencomo,et al.  A Goal-Based Modeling Approach to Develop Requirements of an Adaptive System with Environmental Uncertainty , 2009, MoDELS.

[22]  Nils Jansen,et al.  Synthesis and Verification of Self-aware Computing Systems , 2017, Self-Aware Computing Systems.

[23]  Kester Clegg,et al.  Using a Software Safety Argument Pattern Catalogue: Two Case Studies , 2011, SAFECOMP.

[24]  Jeffrey O. Kephart,et al.  An architectural approach to autonomic computing , 2004, International Conference on Autonomic Computing, 2004. Proceedings..

[25]  Ezio Bartocci,et al.  Runtime Verification with State Estimation , 2011, RV.

[26]  Radu Calinescu,et al.  Efficient runtime quantitative verification using caching, lookahead, and nearly-optimal reconfiguration , 2014, SEAMS 2014.

[27]  Carlo Ghezzi,et al.  A formal approach to adaptive software: continuous assurance of non-functional requirements , 2011, Formal Aspects of Computing.

[28]  Carlo Ghezzi,et al.  Run-time efficient probabilistic model checking , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[29]  Ladan Tahvildari,et al.  Self-adaptive software: Landscape and research challenges , 2009, TAAS.

[30]  Hausi A. Müller,et al.  A framework for evaluating quality-driven self-adaptive software systems , 2011, SEAMS '11.

[31]  Peter G. Bishop,et al.  A Methodology for Safety Case Development , 2000, SSS.

[32]  Bradley R. Schmerl,et al.  Rainbow: architecture-based self-adaptation with reusable infrastructure , 2004, International Conference on Autonomic Computing, 2004. Proceedings..

[33]  Sang Hyuk Son,et al.  Feedback Control Real-Time Scheduling: Framework, Modeling, and Algorithms* , 2001, Real-Time Systems.

[34]  Myra B. Cohen,et al.  Challenges in Composing and Decomposing Assurances for Self-Adaptive Systems , 2013, Software Engineering for Self-Adaptive Systems.

[35]  Radu Calinescu,et al.  An incremental verification framework for component-based software systems , 2013, CBSE '13.

[36]  Tecnología do ar e espaço European Organisation for the Safety of Air Navigation , 2010 .

[37]  Rogério de Lemos,et al.  Proceedings of the 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems , 2012, ICSE 2012.

[38]  Jesper Andersson,et al.  FORMS: Unifying reference model for formal specification of distributed self-adaptive systems , 2012, TAAS.

[39]  Gabor Karsai,et al.  Towards Practical Runtime Verification and Validation of Self-Adaptive Software Systems , 2013, Software Engineering for Self-Adaptive Systems.

[40]  Jeff Magee,et al.  Self-Managed Systems: an Architectural Challenge , 2007, Future of Software Engineering (FOSE '07).

[41]  Bev Littlewood,et al.  The use of computers in safety-critical applications , 1998 .

[42]  Jian Xiang,et al.  A Safety Condition Monitoring System , 2015, SAFECOMP Workshops.

[43]  Rogério de Lemos,et al.  Software Engineering for Self-Adaptive Systems [outcome of a Dagstuhl Seminar] , 2009, Software Engineering for Self-Adaptive Systems.

[44]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[45]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[46]  Petr Jan Horn,et al.  Autonomic Computing: IBM's Perspective on the State of Information Technology , 2001 .

[47]  David Wright,et al.  The Use of Multilegged Arguments to Increase Confidence in Safety Claims for Software-Based Systems: A Study Based on a BBN Analysis of an Idealized Example , 2007, IEEE Transactions on Software Engineering.

[48]  Holger Giese,et al.  Symbolic invariant verification for systems with dynamic structural adaptation , 2006, ICSE.

[49]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[50]  T. S. E. Maibaum,et al.  Towards specification, modelling and analysis of fault tolerance in self managed systems , 2006, SEAMS '06.

[51]  Danny Weyns,et al.  A survey of formal methods in self-adaptive systems , 2012, C3S2E '12.

[52]  Marin Litoiu,et al.  Designing Adaptive Applications Deployed on Cloud Environments , 2016, ACM Trans. Auton. Adapt. Syst..

[53]  Danny Weyns,et al.  UNDERSEA: An Exemplar for Engineering Self-Adaptive Unmanned Underwater Vehicles (Artifact) , 2017, Dagstuhl Artifacts Ser..

[54]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[55]  Radu Calinescu,et al.  Using observation ageing to improve markovian model learning in QoS engineering , 2011, ICPE '11.

[56]  Farhad Arbab,et al.  Synthesizing structural and behavioral control for reconfigurations in component-based systems , 2015, Formal Aspects of Computing.

[57]  Danny Weyns,et al.  MAPE-K Formal Templates to Rigorously Design Behaviors for Self-Adaptive Systems , 2015, ACM Trans. Auton. Adapt. Syst..

[58]  Taolue Chen,et al.  Automatic verification of competitive stochastic systems , 2012, Formal Methods in System Design.

[59]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[60]  Tim Kelly,et al.  The Goal Structuring Notation – A Safety Argument Notation , 2004 .

[61]  Shlomi Dolev,et al.  A self-stabilizing autonomic recoverer for eventual Byzantine software , 2008, J. Syst. Softw..

[62]  Andrea Bianco,et al.  Model Checking of Probabalistic and Nondeterministic Systems , 1995, FSTTCS.

[63]  Daniel Schneider,et al.  Conditional Safety Certification of Open Adaptive Systems , 2013, TAAS.

[64]  Betty H. C. Cheng,et al.  Towards run-time adaptation of test cases for self-adaptive systems in the face of uncertainty , 2014, SEAMS 2014.

[65]  James Inge Defence Standard 00-56 Issue 4: Safety Management Requirements for Defence Systems , 2007 .

[66]  Ewen Denney,et al.  A Formal Basis for Safety Case Patterns , 2013, SAFECOMP.

[67]  Radu Calinescu,et al.  Search-Based Synthesis of Probabilistic Models for Quality-of-Service Software Engineering (T) , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[68]  David Garlan,et al.  Rainbow: architecture-based self-adaptation with reusable infrastructure , 2004 .

[69]  Carlo Ghezzi,et al.  Model evolution by run-time parameter adaptation , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[70]  Danny Weyns,et al.  Model-Based Simulation at Runtime for Self-Adaptive Systems , 2016, 2016 IEEE International Conference on Autonomic Computing (ICAC).

[71]  Rogério de Lemos,et al.  Robustness-Driven Resilience Evaluation of Self-Adaptive Software Systems , 2017, IEEE Transactions on Dependable and Secure Computing.

[72]  John Rushby,et al.  The Interpretation and Evaluation of Assurance Cases , 2015 .

[73]  Radu Calinescu,et al.  log2cloud: log-based prediction of cost-performance trade-offs for cloud deployments , 2013, SAC '13.

[74]  Sebastián Uchitel,et al.  Controller synthesis: From modelling to enactment , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[75]  Bradley R. Schmerl,et al.  Software Engineering for Self-Adaptive Systems: A Second Research Roadmap , 2010, Software Engineering for Self-Adaptive Systems.

[76]  Jana Kosecka,et al.  Control of Discrete Event Systems , 1992 .

[77]  Julie A. McCann,et al.  A survey of autonomic computing—degrees, models, and applications , 2008, CSUR.

[78]  Radu Calinescu,et al.  Self-adaptive Software with Decentralised Control Loops , 2015, FASE.

[79]  Jeff Magee,et al.  FlashMob: distributed adaptive self-assembly , 2011, SEAMS '11.

[80]  Rajarshi Das,et al.  A multi-agent systems approach to autonomic computing , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[81]  Rogério de Lemos,et al.  Assurances for Self-Adaptive Systems: Principles, Models, and Techniques , 2013 .

[82]  Adam A. Porter,et al.  Using symbolic evaluation to understand behavior in configurable software systems , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[83]  Rodolfo E. Haber,et al.  Self-adaptive systems: A survey of current approaches, research challenges and applications , 2013, Expert Syst. Appl..

[84]  Corina S. Pasareanu,et al.  Learning Assumptions for Compositional Verification , 2003, TACAS.

[85]  Radu Calinescu,et al.  Adaptive model learning for continual verification of non-functional properties , 2014, ICPE.

[86]  I-Hsin Chung,et al.  Active Harmony: Towards Automated Performance Tuning , 2002, ACM/IEEE SC 2002 Conference (SC'02).

[87]  R. Hawkins,et al.  The Principles of Software Safety Assurance , 2022 .

[88]  Carlo Ghezzi,et al.  Quality Prediction of Service Compositions through Probabilistic Model Checking , 2008, QoSA.

[89]  Virgílio A. F. Almeida,et al.  Resource Management in the Autonomic Service-Oriented Architecture , 2006, 2006 IEEE International Conference on Autonomic Computing.

[90]  David S. Rosenblum,et al.  An Iterative Decision-Making Scheme for Markov Decision Processes and Its Application to Self-adaptive Systems , 2016, FASE.

[91]  J.D. Holt,et al.  Handbook of software engineering , 1986, Proceedings of the IEEE.

[92]  Richard Hawkins,et al.  Principled Construction of Software Safety Cases , 2013, SASSUR@SAFECOMP.

[93]  Danny Weyns,et al.  Tele Assistance: A Self-Adaptive Service-Based System Exemplar , 2015, 2015 IEEE/ACM 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems.

[94]  Radu Calinescu,et al.  Developing self-verifying service-based systems , 2013, 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[95]  Michael Hicks,et al.  Specifying and Verifying the Correctness of Dynamic Software Updates , 2012, VSTTE.

[96]  Sebastián Uchitel,et al.  Synthesis of live behaviour models , 2010, FSE '10.

[97]  Peyman Oreizy,et al.  An architecture-based approach to self-adaptive software , 1999, IEEE Intell. Syst..

[98]  Walter Rudametkin,et al.  Extending Dynamic Software Product Lines with Temporal Constraints , 2017, 2017 IEEE/ACM 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS).

[99]  Mary Shaw,et al.  Engineering Self-Adaptive Systems through Feedback Loops , 2009, Software Engineering for Self-Adaptive Systems.

[100]  Calin Belta,et al.  Formal Verification and Synthesis for Discrete-Time Stochastic Systems , 2015, IEEE Trans. Autom. Control..

[101]  Schahram Dustdar,et al.  A survey on self-healing systems: approaches and systems , 2010, Computing.

[102]  Radu Calinescu,et al.  Using quantitative analysis to implement autonomic IT systems , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[103]  Rogério de Lemos,et al.  Software Engineering for Self-Adaptive Systems: Assurances (Dagstuhl Seminar 13511) , 2013, Dagstuhl Reports.

[104]  Danny Weyns,et al.  ActivFORMS: active formal models for self-adaptation , 2014, SEAMS 2014.

[105]  Paulo Tabuada,et al.  Verification and Control of Hybrid Systems , 2009 .

[106]  Myra B. Cohen,et al.  Beyond the rainbow: self-adaptive failure avoidance in configurable systems , 2014, FSE 2014.

[107]  Nathan van de Wouw,et al.  Backstepping controller synthesis and characterizations of incremental stability , 2012, Syst. Control. Lett..

[108]  Ewen Denney,et al.  Dynamic Safety Cases for Through-Life Safety Assurance , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[109]  Sebastián Uchitel,et al.  Hope for the best, prepare for the worst: multi-tier control for adaptive systems , 2014, ICSE.

[110]  Carlo Ghezzi,et al.  Mining behavior models from user-intensive web applications , 2014, ICSE.

[111]  Sam Malek,et al.  FUSION: a framework for engineering self-tuning self-adaptive software systems , 2010, FSE '10.

[112]  Shlomi Dolev,et al.  Self-stabilizing autonomic recoverer for eventual Byzantine software , 2003, Proceedings 2003 Symposium on Security and Privacy.

[113]  Hongyang Qu,et al.  Incremental Runtime Verification of Probabilistic Systems , 2012, RV.

[114]  Robert K. Brayton,et al.  Model-checking continuous-time Markov chains , 2000, TOCL.

[115]  Liliana Pasquale,et al.  User-centric adaptation of multi-tenant services: preference-based analysis for service reconfiguration , 2014, SEAMS 2014.

[116]  Martin Gogolla,et al.  Using Models at Runtime to Address Assurance for Self-Adaptive Systems , 2015, Models@run.time@Dagstuhl.

[117]  Diomidis Spinellis,et al.  Notable design patterns for domain-specific languages , 2001, J. Syst. Softw..

[118]  Bradley R. Schmerl,et al.  Optimal planning for architecture-based self-adaptation via model checking of stochastic games , 2015, SAC.

[119]  John J. Leonard,et al.  Autonomy for Unmanned Marine Vehicles with MOOS-IvP , 2013 .

[120]  Nico Hochgeschwender,et al.  RRA: Models and tools for robotics run-time adaptation , 2015, 2015 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).

[121]  Ladan Tahvildari,et al.  Requirements driven software evolution , 2004, Proceedings. 12th IEEE International Workshop on Program Comprehension, 2004..

[122]  Henry Hoffmann,et al.  Automated design of self-adaptive software with control-theoretical formal guarantees , 2014, Software Engineering & Management.

[123]  Danny Weyns,et al.  Keep it SIMPLEX: satisfying multiple goals with guarantees in control-based self-adaptive systems , 2016, SIGSOFT FSE.