Search the Dagstuhl Website
Looking for information on the websites of the individual seminars? - Then please:
Not found what you are looking for? - Some of our services have separate websites, each with its own search option. Please check the following list:
Schloss Dagstuhl - LZI - Logo
Schloss Dagstuhl Services
Within this website:
External resources:
  • DOOR (for registering your stay at Dagstuhl)
  • DOSA (for proposing future Dagstuhl Seminars or Dagstuhl Perspectives Workshops)
Within this website:
External resources:
Within this website:
External resources:
  • the dblp Computer Science Bibliography

Dagstuhl Seminar 04511

Architecting Systems with Trustworthy Components

( Dec 12 – Dec 17, 2004 )

(Click in the middle of the image to enlarge)

Please use the following short url to reference this page:


Motivation and Goals

Component software technologies attract much attention for their promise to enable scaling of our software industry to new levels of flexibility, diversity, and cost efficiency. Yet, these hopes collide with the reality that assemblies typically suffer from the proverbial "weakest link" phenomenon. If a component is used in a new compositional variation, then it will likely be stressed in a new way. Asserting useful properties of assemblies based on the used composition schema and theory requires a firm handle on the properties of the components being composed. For such assertions to hold, components need to meet their advertised properties, even if used under circumstances not explicitly envisaged by their developers. A component that fails to do so becomes a weak link of its hosting assembly and may cause the entire assembly to not meet its advertised properties.

In contrast, components that promise to be a strong link in their assemblies can be called 'trustworthy' and ways to get to the construction and proper use of such components are the subject of this seminar. Transitively, the seminar is also after trustworthy assemblies: assemblies that reliably meet their requirements based on trustworthy components and solid composition methods.

None of the weakest link phenomenon is a new observation, but the recent trend to move to dynamic and late composition of non-trivial components exasperates the problem. A concrete example promising deep wide-spread relevance are web services. The problem space is complex and multi-faceted. Practical solutions will have to draw on combined insights from a diverse range of disciplines, including component software technology, software engineering, software architecture, dependable systems, formal methods, as well as areas such as type systems and proof-carrying code.

A lot of good and sometimes even groundbreaking work has been performed in the focus area of this seminar, but much remains open. Bringing together many of the key minds in the various contributing areas to engage in this week-long seminar of mingling and discussions promises to spark some new key ideas and insights, ideally leading to new collaborative efforts.

To spark discussions, the seminar organizers propose a small set of core problems:

  • measurement and normalization of non-functional properties,
  • modular reasoning over non-functional properties,
  • capture of component requirements in interfaces and protocols
  • interference and synergy of top-down and bottom-up aspects,
  • duality of componentization and architecture,
  • system properties (non deadlocks, liveness, fairness, etc.)
  • opportunities for correctness by construction/static checking

All of these are considered hard today and yet, all of them, if solved appropriately, promise the creation of key stepping stones towards an overall approach yielding trustworthy components as well as trustworthy compositions. It is likely that any such approach supports a multitude of more specialized disciplines and methods, targeting different requirement profiles at the assembly level. Examples would include cases that require tight resource management or real-time characteristics.

Outcomes of the seminar will likely shape closer characterizations or answers to questions such as:

  • Depending on the system-property to reason about, what are suitable techniques, and
  • what component interface information do they require?
  • Where are principal limitations of reasoning over a given system-property (depending on the reasoning technique)?
  • Do certain system-properties conflict (e.g., performance - security)? For those pairs of conflicting properties, how can one find tradeoffs systematically?

  • Uwe Aßmann (TU Dresden, DE) [dblp]
  • Colin Atkinson (Universität Mannheim, DE) [dblp]
  • Steffen Becker (Universität Oldenburg, DE) [dblp]
  • Jan Bredereke (Verden (Aller), DE)
  • Antonio Brogi (University of Pisa, IT) [dblp]
  • Christian Bunse (FhG IESE - Kaiserslautern, DE)
  • Ivica Crnkovic (Mälardalen University - Vasterås, SE) [dblp]
  • Viktoria Firus (Universität Oldenburg, DE)
  • Kathi Fisler (Worcester Polytechnic Institute, US) [dblp]
  • Felix Freiling (RWTH Aachen, DE) [dblp]
  • Sabine Glesner (TU Berlin, DE) [dblp]
  • Gerhard Goos (KIT - Karlsruher Institut für Technologie, DE)
  • Ian Gorton (NICTA - Sydney, AU)
  • Lars Grunske (The University of Queensland - Brisbane, AU) [dblp]
  • Christine Hofmeister (Lehigh University - Bethlehem, US) [dblp]
  • Jean-Marc Jézéquel (INRIA - Rennes, FR) [dblp]
  • Bernd Krämer (FernUniversität in Hagen, DE)
  • Shriram Krishnamurthi (Brown University - Providence, US) [dblp]
  • Juliana Küster Filipe (University of Birmingham, GB)
  • Stig Larsson (Chalmers - Göteborg, SE)
  • Nicole Levy (University of Versailles, FR)
  • Raffaela Mirandola (University of Rome "Tor Vergata", IT) [dblp]
  • Sven Overhage (Universität Augsburg, DE)
  • Frantisek Plasil (Charles University - Prague, CZ)
  • Iman Poernomo (King's College London, GB)
  • Ralf H. Reussner (Universität Oldenburg, DE) [dblp]
  • Alexander Romanovsky (University of Newcastle, GB) [dblp]
  • Christian Salzmann (BMW Car IT - München, DE)
  • Thomas Santen (TU Berlin, DE) [dblp]
  • Heinz W. Schmidt (Monash University - Clayton, AU) [dblp]
  • Jürgen Schneider (IBM Deutschland - Böblingen, DE)
  • Judith A. Stafford (Tufts University - Medford, US)
  • Alexander Stuckenholz (FernUniversität in Hagen, DE)
  • Asuman Sünbül (SAP Labs - Palo Alto, US)
  • Clemens A. Szyperski (Microsoft Research - Redmond, US) [dblp]
  • Massimo Tivoli (University of L'Aquila, IT) [dblp]
  • Willem-Jan van den Heuvel (Tilburg University, NL)
  • Rob van Ommering (Philips Research Europe - Eindhoven, NL)
  • Kurt Wallnau (Carnegie Mellon University - Pittsburgh, US)
  • Jens Holger Weber (University of Victoria, CA) [dblp]
  • Wolfgang Weck (Software Architecture Consultant - Zürich, CH)