Skip to content The Open University

Architecting Resilience: Handling Malicious and Accidental Threats

Resilience is the persistence of service delivery that can justifiably be trusted, when facing changes. While architecting is the art and science of creating and building complex systems, and which covers the following basic activities: scope, structure and certification. One important aspect of resilience is the provision of assurances, and these are obtained by building arguments about system resilience. However in order to build arguments, one needs collect, structure and analyse evidence in which in self-adaptive systems can be obtained either at development-time or run-time time. This talk has covered three contributions in which architecting resilience can be effectively employed in the handling of accidental and malicious threats. In the first contribution, we have described how for self-adaptive software systems integration testing can be performed at run-time. On itself this activity should be implemented as a feedback control loop, which should be associated with the analysis activity of the autonomic MAPE-K [camara13computing]. The second contribution described a stepwise progress for the provision of assurances about the resilience of self-adaptive software systems, and it covered the following topics: (i) resilience evaluation based on environmental stimuli in which probabilistic model-checking is used for obtaining levels of confidence [camara12seams], (ii) resilience evaluation by comparing adaptation mechanisms of self-adaptive software systems [camara13seams], (iii) robustness evaluation of controllers by injecting faults into the probes of Rainbow [camara13ladc], (iv) effectiveness of architecture-based self-adaptation by evaluating the effort of evolving industrial middleware into an architectural-based self-adaptive software system [camara13seams], finally (v) robustness-driven resilience evaluation of self-adaptive software systems in which system properties are evaluated by injecting faults [silva11seams]. The third contribution described an approach based on self-adaptation as a means to improve the management of malicious behaviour, by adapting authorization policies and access rights [bailey13aims]. The goal is to adapt to mitigate malicious behaviour, and prevent future attacks.

References

[camara13computing]J. Camara, R. de Lemos, M. Vieira, R. Almeida, and R. Ventura, ``Architecture-Based Resilience Evaluation for Self-Adaptive Systems'', Computing Journal (Special "Software Architecture for Code Testing and Analysis"), 2013, vol.95, no.8, pp. 689-722.
[camara12seams]J. Camara and R. de Lemos, ``Evaluation of resilience in self-adaptive systems using probabilistic model-checking'', in Proceedings of the International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2012), Zurich, Switzerland. June 2012. pp. 53-62.
[camara13seams]J. Camara, P. Correia, R. de Lemos, D. Garlan, P. Gomes, B. Schmerl, and R. Ventura, ``Evolving an Adaptive Industrial Software System to Use Architecture-Based Self-Adaptation'', in Proceedings of the International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2013), San Francisco, CA, USA. May 2013. pp. 13-22.
[camara13ladc]J. Camara, R. de Lemos, N. Laranjeiro, R. Ventura, and M. Vieira, ``Robustness Evaluation in Self-Adaptive Software Systems'', in Latin American Symposium on Dependable Computing (LADC 2013). Rio de Janeiro, RJ, Brazil. April 2013. pp. 1-10.
[bailey13aims]C. Bailey, D. W. Chadwick, R. de Lemos, and K. W. S. Sui, ``Enabling the Autonomic Management of Federated Identity Providers'', in 7th International Conference on. Autonomous Infrastructure, Management and Security (AIMS 2013), June 2013, UPC Barcelona, Spain. 2013. pp. 100-111.
[silva11seams]C. E. da Silva and R. de Lemos, ``Dynamic plans for integration testing of self-adaptive software systems'', in Proceedings of the 6th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2011), Honolulu, HI, USA. May 2011. pp. 148-157.