12. – 17. Dezember 2004, Dagstuhl-Seminar 04511

Architecting Systems with Trustworthy Components


Ralf H. Reussner (Universität Oldenburg, DE)
Judith A. Stafford (Tufts University – Medford, US)
Clemens A. Szyperski (Microsoft Research – Redmond, US)

Auskunft zu diesem Dagstuhl-Seminar erteilt

Dagstuhl Service Team


Dagstuhl Seminar Proceedings DROPS
Dagstuhl's Impact: Dokumente verfügbar

Motivation and Goals

Component software technologies attract much attention for their promise to enable scaling of our software industry to new levels of flexibility, diversity, and cost efficiency. Yet, these hopes collide with the reality that assemblies typically suffer from the proverbial "weakest link" phenomenon. If a component is used in a new compositional variation, then it will likely be stressed in a new way. Asserting useful properties of assemblies based on the used composition schema and theory requires a firm handle on the properties of the components being composed. For such assertions to hold, components need to meet their advertised properties, even if used under circumstances not explicitly envisaged by their developers. A component that fails to do so becomes a weak link of its hosting assembly and may cause the entire assembly to not meet its advertised properties.

In contrast, components that promise to be a strong link in their assemblies can be called 'trustworthy' and ways to get to the construction and proper use of such components are the subject of this seminar. Transitively, the seminar is also after trustworthy assemblies: assemblies that reliably meet their requirements based on trustworthy components and solid composition methods.

None of the weakest link phenomenon is a new observation, but the recent trend to move to dynamic and late composition of non-trivial components exasperates the problem. A concrete example promising deep wide-spread relevance are web services. The problem space is complex and multi-faceted. Practical solutions will have to draw on combined insights from a diverse range of disciplines, including component software technology, software engineering, software architecture, dependable systems, formal methods, as well as areas such as type systems and proof-carrying code.

A lot of good and sometimes even groundbreaking work has been performed in the focus area of this seminar, but much remains open. Bringing together many of the key minds in the various contributing areas to engage in this week-long seminar of mingling and discussions promises to spark some new key ideas and insights, ideally leading to new collaborative efforts.

To spark discussions, the seminar organizers propose a small set of core problems:

  • measurement and normalization of non-functional properties,
  • modular reasoning over non-functional properties,
  • capture of component requirements in interfaces and protocols
  • interference and synergy of top-down and bottom-up aspects,
  • duality of componentization and architecture,
  • system properties (non deadlocks, liveness, fairness, etc.)
  • opportunities for correctness by construction/static checking

All of these are considered hard today and yet, all of them, if solved appropriately, promise the creation of key stepping stones towards an overall approach yielding trustworthy components as well as trustworthy compositions. It is likely that any such approach supports a multitude of more specialized disciplines and methods, targeting different requirement profiles at the assembly level. Examples would include cases that require tight resource management or real-time characteristics.

Outcomes of the seminar will likely shape closer characterizations or answers to questions such as:

  • Depending on the system-property to reason about, what are suitable techniques, and
  • what component interface information do they require?
  • Where are principal limitations of reasoning over a given system-property (depending on the reasoning technique)?
  • Do certain system-properties conflict (e.g., performance - security)? For those pairs of conflicting properties, how can one find tradeoffs systematically?


Bücher der Teilnehmer 

Buchausstellung im Erdgeschoss der Bibliothek

(nur in der Veranstaltungswoche).


In der Reihe Dagstuhl Reports werden alle Dagstuhl-Seminare und Dagstuhl-Perspektiven-Workshops dokumentiert. Die Organisatoren stellen zusammen mit dem Collector des Seminars einen Bericht zusammen, der die Beiträge der Autoren zusammenfasst und um eine Zusammenfassung ergänzt.


Download Übersichtsflyer (PDF).


Es besteht weiterhin die Möglichkeit, eine umfassende Kollektion begutachteter Arbeiten in der Reihe Dagstuhl Follow-Ups zu publizieren.

Dagstuhl's Impact

Bitte informieren Sie uns, wenn eine Veröffentlichung ausgehend von
Ihrem Seminar entsteht. Derartige Veröffentlichungen werden von uns in der Rubrik Dagstuhl's Impact separat aufgelistet  und im Erdgeschoss der Bibliothek präsentiert.