Architecting Resilience: Handling Malicious and Accidental Threats
Resilience is the persistence of service delivery that can justifiably be
trusted, when facing changes. While architecting is the art and science of
creating and building complex systems, and which covers the following basic
activities: scope, structure and certification. One important aspect of
resilience is the provision of assurances, and these are obtained by building
arguments about system resilience. However in order to build arguments, one
needs collect, structure and analyse evidence in which in self-adaptive systems
can be obtained either at development-time or run-time time.
This talk has covered three contributions in which architecting resilience can
be effectively employed in the handling of accidental and malicious threats. In
the first contribution, we have described how for self-adaptive software
systems integration testing can be performed at run-time. On itself this
activity should be implemented as a feedback control loop, which should be
associated with the analysis activity of the autonomic MAPE-K [camara13computing]
The second contribution described a stepwise progress for the provision of
assurances about the resilience of self-adaptive software systems, and it
covered the following topics: (i) resilience evaluation based on environmental
stimuli in which probabilistic model-checking is used for obtaining levels of
, (ii) resilience evaluation by comparing adaptation mechanisms of
self-adaptive software systems [camara13seams]
, (iii) robustness evaluation of controllers by
injecting faults into the probes of Rainbow [camara13ladc]
, (iv) effectiveness of
architecture-based self-adaptation by evaluating the effort of evolving
industrial middleware into an architectural-based self-adaptive software system [camara13seams]
finally (v) robustness-driven resilience evaluation of self-adaptive software
systems in which system properties are evaluated by injecting faults [silva11seams]
The third contribution described an approach based on self-adaptation as a
means to improve the management of malicious behaviour, by adapting
authorization policies and access rights [bailey13aims]
. The goal is to adapt to mitigate
malicious behaviour, and prevent future attacks.
|[camara13computing]||J. Camara, R. de Lemos, M. Vieira, R. Almeida, and R. Ventura, ``Architecture-Based Resilience Evaluation for Self-Adaptive Systems'',
Computing Journal (Special "Software Architecture for Code Testing and Analysis"), 2013, vol.95, no.8, pp. 689-722.
|[camara12seams]||J. Camara and R. de Lemos, ``Evaluation of resilience in self-adaptive systems using probabilistic model-checking'', in Proceedings of the International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2012), Zurich, Switzerland. June 2012. pp. 53-62.
|[camara13seams]||J. Camara, P. Correia, R. de Lemos, D. Garlan, P. Gomes, B. Schmerl, and R. Ventura, ``Evolving an Adaptive Industrial Software System to Use Architecture-Based Self-Adaptation'', in Proceedings of the International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2013), San Francisco, CA, USA. May 2013. pp. 13-22.
|[camara13ladc]||J. Camara, R. de Lemos, N. Laranjeiro, R. Ventura, and M. Vieira, ``Robustness Evaluation in Self-Adaptive Software Systems'', in Latin American Symposium on Dependable Computing (LADC 2013). Rio de Janeiro, RJ, Brazil. April 2013. pp. 1-10.
|[bailey13aims]||C. Bailey, D. W. Chadwick, R. de Lemos, and K. W. S. Sui, ``Enabling the Autonomic Management of Federated Identity Providers'', in 7th International Conference on. Autonomous Infrastructure, Management and Security (AIMS 2013), June 2013, UPC Barcelona, Spain. 2013. pp. 100-111.
|[silva11seams]||C. E. da Silva and R. de Lemos, ``Dynamic plans for integration testing of self-adaptive software systems'', in Proceedings of the 6th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2011), Honolulu, HI, USA. May 2011. pp. 148-157.