Dagstuhl Seminar 13022
Engineering Resilient Systems: Models, Methods and Tools
( Jan 06 – Jan 11, 2013 )
- Nicolas Guelfi (University of Luxembourg, LU)
- Maritta Heisel (Universität Duisburg-Essen, DE)
- Mohamed Kaaniche (LAAS - Toulouse, FR)
- Alexander Romanovsky (University of Newcastle, GB)
- Elena Troubitsyna (Abo Akademi University, FI)
- Andreas Dolzmann (for scientific matters)
- Annette Beyer (for administrative matters)
Software-intensive systems are becoming widely used in such critical infrastructures as railway, air- and road traffic, power management, health care and banking. In spite of drastically increased complexity and need to operate in unpredictable volatile environments, high dependability remains a must for such systems. Resilience â€“ the ability to deliver services that can be justifiably trusted despite changes â€“ is an evolution of the dependability concept. It adds several new dimensions to the dependability field including adaptability to evolving requirements and proactive error prevention. To address these emerging challenges we need novel models, methods and tools that enable explicit modelling of resilience aspects and reasoning about them. The seminar aims at discussing the most promising techniques for achieving resilience both at the system design stage and at runtime. It will bring together researchers from dependability, formal methods, fault tolerance and software engineering communities to ensure an emergence of holistic approaches and timely dissemination of cutting-age ideas.
Building trustworthy systems is one of the main challenges faced by software developers, who have been concerned with dependability-related issues since the first day computer systems were built and deployed. The goal of our seminar is to facilitate understanding of the new challenges in the field of resilient systems engineering and develop insight in the state-of-the-art in modelling and verification technologies. We aim at discussing
- Novel techniques explicitly addressing resilience through the entire cycle of system development and assessment
- Approaches to modelling, verification and assessment of proactive fault tolerance and novel adaptive error recovery techniques. We will address the problem of achieving architectural plasticity and brainstorm architectural patterns supporting adaptation
- Integration and synergy of various methods for designing resilient systems that provide the designers with a holistic view on system functional and non-functional behaviour
- Problem of flow-down of system requirements to software requirements and bridge between requirements engineering and formal modelling. We will explore the problem of requirements evolution and mechanisms guaranteeing adequate predictable system reaction on changes.
The seminar will bring together experts from various disciplines and organisations to promote understanding that resilience should be explicitly included into traditional software engineering theories and practices and should become an integral part of all steps of software development.
The Dagstuhl Seminar 13022 -- Engineering Resilient Systems: Models, Methods and Tools has brought together prominent researchers from different fields to discuss the problems of engineering resilient systems. The seminar was run in a highly interactive manner. The discussions were centered around the following topics:
- defining resilience
- resilience in modelling languages for requirement analysis and system design
- resilience in implementation languages and frameworks
- verifying resilience using testing, model checking and static analysis
- assessing resilience using probabilist models
- resilience mechanisms at architectural and implementation level
The concept of resilience has been introduced to capture the move towards a greater adaptability and flexibility. However, the notion of resilience is still a subject of debates. The seminar has discussed various proposed definitions and converged to defining resilience as dependability in presence of changes.
Over the last decades a remarkable progress has been achieved in engineering of highly dependable systems, i.e., the systems that can be justifiably trusted to provide critical services to a society. However, novel computing paradigms pose new scientific and technological challenges to the dependability field. To deliver critical services in a dependable way, the systems should smoothly adapt to changes. At the seminar, we had a dedicated session discussing the nature of changes. Among the proposed categories were
- evolving user requirements
- changing operating environment
- unforeseen failure modes
- scalability challenge
Modelling is the primarily vehicle driving development of resilient systems. However, system modelling area is still highly fragmented. The most acute problems are caused by
- the gap between the requirements and models and
- heterogeneity of models used to represent different aspects of system behaviour
Indeed, over the last few years the problem of poor flow-down of system requirements to software requirements has started to receive a proper attention. The vast majority of development relate the severe design problems with the flawed requirements and misunderstandings about what the software should do. Requirements tend to focus on describing nominal behaviour while omitting or poorly describing off-nominal conditions, safety constrains and fault tolerance mechanisms.
During the seminar we have brainstormed the examples of requirements that would be specific to resilient systems and tried to linked them with the modelling techniques.
While developing resilient systems the designers use dedicated models to reason about different (often antagonistic) aspects of system behaviour. Hence, the design space is inherently heterogeneous. On the one hand, specialised models provide the designers with expressive and powerful techniques to analyse various aspects of system behaviour. On the other hand, it becomes hard to obtain a holistic view on the system characteristics and analyse trade-offs between several potentially conflicting goals, define the mechanisms for adapting to volatile operating conditions and devise appropriate mechanisms for proactive fault tolerance.
We have discussed the advances in formal modelling of resilient systems and in particular proactive fault tolerance and adaptive fault tolerance mechanisms at various frameworks. We have reviewed the advances achieved in the area of formal modelling of resilient systems and brain-stormed the techniques leveraging an integration of various models to facilitate emergence of integrated modelling approaches.
Essentially, any design flow can be seen as a set of well-defined abstraction levels. The design flow should allow the designer to optimize design decision at each level and move freely between abstraction layers. At our seminar we discussed the principles of mapping abstract models onto architectural models and design implementation. We addressed the problem of achieving architectural plasticity and brain-stormed architectural patterns supporting adaptation as well as mechanisms guaranteeing adequate predictable system reaction on changes. A significant attention has also been paid to the methods and tools for resilience assessment.
Engineering resilient systems is a young research area. The participants of the seminar have agreed that often it is hard to distinguish a traditional dependability research from the resilience research. We have converged to the view that the system ability to scale, cope with changes and evolve emphasizes the resilience aspect.
It was also noted that the area of resilience engineering lacks a comprehensive reference guide that would allow the designers of resilient systems understand how various proposed methods and tools can facilitate design of resilient systems. The participants of the seminar has decided to work on such a book.
- Antonia Bertolino (CNR - Pisa, IT) [dblp]
- Felicita Di Giandomenico (CNR - Pisa, IT) [dblp]
- Giovanna Di Marzo Serugendo (University of Geneva, CH) [dblp]
- Peter H. Feiler (Carnegie Mellon University - Pittsburgh, US) [dblp]
- Stefania Gnesi (CNR - Pisa, IT) [dblp]
- Vincenzo Grassi (University of Rome "Tor Vergata", IT) [dblp]
- Denis Hatebur (Universität Duisburg-Essen, DE) [dblp]
- Maritta Heisel (Universität Duisburg-Essen, DE) [dblp]
- Mohamed Kaaniche (LAAS - Toulouse, FR) [dblp]
- Linas Laibinis (Abo Akademi University - Turku, FI) [dblp]
- Paolo Masci (Queen Mary University of London, GB) [dblp]
- Henry Muccini (University of L'Aquila, IT) [dblp]
- Andras Pataricza (Budapest Univ. of Technology & Economics, HU) [dblp]
- Patrizio Pelliccione (University of L'Aquila, IT) [dblp]
- Matteo Risoldi (University of Luxembourg, LU) [dblp]
- Alexander Romanovsky (University of Newcastle, GB) [dblp]
- Thomas Santen (European Microsoft Innovation Center - Aachen, DE) [dblp]
- Rolf Schumacher (Ingenieur-Büro Rolf Schumacher - Buchholz, DE)
- Janos Sztipanovits (Vanderbilt University, US) [dblp]
- Anton Tarasyuk (Abo Akademi University, FI) [dblp]
- Elena Troubitsyna (Abo Akademi University, FI) [dblp]
- Marco Vieira (University of Coimbra, PT) [dblp]
- semantics / formal methods
- software engineering
- verification / logic
- Software engineering
- Model-driven engineering
- Formal methods
- Fault tolerance
- Requirements engineering