SlideShare ist ein Scribd-Unternehmen logo

Resilient systems - predicatbility ane evolution

Als PPTX, PDF herunterladen
Ivica Crnkovic
Ivica Crnkovic
1 von 28
Resilient Systems - Predictability and Evolution Ivica Crnkovic Mälardalen University, Sweden www.idt.mdh.se/~icc ivica.crnkovic@mdh.se
What is resilience? • In ecology1 – the capacity of an ecosystem to respond to a perturbation or disturbance by resisting damage and recovering quickly • In System Engineering – Resilience is the ability of organizational, hardware and software systems to mitigate the severity and likelihood of failures or losses, to adapt to changing conditions, and to respond appropriately after the fact. 1Resilience (ecology - Wikipedia) 1/25/2013 Serene 2011 2
Characteristics of resilient systems Critical aspects of resilience: System Resistance 1. Latitude: the maximum amount a state system can be changed before losing its ability to recover. Robustness 2. Resistance: the ease or difficulty of changing the system; how “resistant” it is to being changed. 3. Precariousness: how close the current state of the system is to a limit or “threshold.” Environment Latitude 4. Panarchy: the degree to which a certain hierarchical level of an ecosystem is influenced by other Precariousness levels. 1/25/2013 Serene 2011 4
Resilience vs. dependability vs. robustness? • Dependability Ability of a system to Availability deliver service that can justifiably be Reliability trusted Safety Confidentiality Attributes Integrity (Ability of a system to avoid failures Maintainability that are more frequent or more severe than is acceptable to user(s) Faults Dependability Threats Errors • Survivability is the ability to remain Failures alive or continue to exist. • Robustness is the persistence of a system’s characteristic behavior under Fault Prevention perturbations or conditions of Fault Tolerance uncertainty. Means Fault Removal Fault Forecasting • Resilience is the persistence of the avoidance of failures that are unexpectedly frequent or severe, when facing change [Laprie] 1/25/2013 Serene 2011 5
Robustness vs. Resilience 1/25/2013 Serene 2011 6
Resilience vs. dependability vs. robustness? dependable (robust&resistent) systems” “Resilient systems” states • Highly controlled • A broad spectrum of possible equilibrium state • Operates in a narrow band • Not necessary all states are predicted • Predefined states (“modes”) • Adaptive and evolving systems • Top-down design • impact of the system on the environment • Challenge: predict all states • Challenge: caused by the environment • Adaptation • Optimal performance in different states • Minimize unwanted impact on the environment 1/25/2013 Serene 2011 7
Do we care about impact on the environment? ABB vision: “Power and productivity for a better world” “….., we help our customers to use electrical power efficiently, to increase industrial productivity and to lower environmental impact in a sustainable way.” 1/25/2013 Serene 2011 8
Resilient system development challenges • Resilience is an extra-functional (non-functional) property • A part of the design: – System adaptability – System evolvability – Impact on external environment • (direct & indirect) • (short & long term) 1/25/2013 Serene 2011 10
Development process – top-down vs. Bottom-up • Modern, sustainable and resilient systems: – Complex, distributed, highly dynamic, highly adaptive – Adjustable to the changing environment and to the users • Top-down principle is not enough! – It would be a problem with evolution and flexibility • Late compositions, reconfigurations, on-line verifications, on-line validations 1/25/2013 Serene 2011 11
Extended development process 1JOSEPH FIKSEL Designing Resilient, Sustainable Systems , Environ. Sci. Technol. 2003, 37, 5330-5339 1/25/2013 Serene 2011 12
How can we assess the resilience?
Resilience property model is refined to Resilience subcharacteristics 1 1..* 1 is refined to 1..* measured by measuring attributes 1..* metrics 1 1 reason about 1..* QoS Questions: which are subcharacteristics? which measuring attributes? How to design for resilience? How to analyze resilience? 1/25/2013 22
Analysis Process Elicit Architectural Concerns Stakeholders’ concerns (subcharacteristics) Potential architectural Change stimuli requirements Analyze Implication of Propose architectural change stimuli solutions Analyze Implication of change stimuli
Example: Software Evolvability Model • Literature survey and analysis of the literature • Industrial case studies -is refined to Evolvability Subcharacteristics 1 1..* 1 -is refined to • Evolvability subcharacteristics 1..* -is measured by • Analyzability Measuring Attributes Metrics • Architectural Integrity 1 1..* • Changeability 1 -reason about QoS • Portability 1..* • Extensibility • Testability • Domain-specific attributes Hongyu Pei Breivold, Ivica Crnkovic, Peter Eriksson, Analyzing Software Evolvability, 32nd IEEE International computer Software and Applications Conference (COMPSAC), 2008 1/25/2013 Serene 2011 24
Case Study: ABB Robotic Control System PC Applications Man Machine Interactions Controller Control Interfaces and Language Resources I/O File System Safety Base system Support services OS & HW abstraction Device Drivers A conceptual view of the software architecture 1/25/2013 Serene 2011 27
Architectural concerns • Analyzability • Architectural Integrity • Changeability • Portability • Extensibility • Testability • Domain-specific attributes – Performance, real-time 1/25/2013 Serene 2011 28
Phase 1: Change Stimuli and Architectural Requirements Change Stimuli • Time-to-market requirements • Increased ease and flexibility of distributed development of diverse application variants. Requirements Subcharacteristics R1. Transform the monolithic architecture to Analyzability modular architecture. Changeability R2. Reduced architecture complexity. R3. Enable distributed development of Extensibility extensions with minimum dependency. R4. Portability. Portability R5. Impact on product development process. Testability R6. Minimized software code size and runtime Domain-specific footprint. Attribute R1, R2, R3 prioritized 1/25/2013 Serene 2011 29
Phase 2: Architectural analysis • Extract architectural constructs related to the respective identified issues • Identify refactoring components for each identified issue Refactoring components – dynamic component biding 1/25/2013 Serene 2011 30
Phase 3: finalize the analysis Example: Implications of the IPC component refactoring on evolvability subcharacteristics (+ positive impact, - negative impact) Subcharacteristics IPC Component Refactoring Analyzability – due to less possibility of static analysis since definitions are defined dynamically Architectural Integrity + due to documentation of specific requirements, architectural solutions and consequences Changeability + due to the dynamism which makes it easier to introduce and deploy new slots Portability + due to improved abstraction of Application Programming Interfaces (APIs) for IPC Extensibility + due to encapsulation of IPC facilities and dynamic deployment Testability No impact Domain-specific + resource limitation issue is handled through dynamic IPC attribute connection – due to introduced dynamism, the system performance could be slightly reduced 1/25/2013 Serene 2011 31
Quantitative Architecture Evolvability Analysis Method Using Analytic Hierarchy Process (AHP) for comparison of choices Phase 1: Analyze the implications of change stimuli on Phase 3: Finalize the evaluation software architecture Step 3.1: Analyze and Step 1.1: Elicit stakeholders’ Step 1.2: Extract stakeholders’ present evaluation results views on evolvability prioritization and preferences of subcharacteristics evolvability subcharacteristics Phase 2: Analyze and prepare the software architecture to accommodate change stimuli and potential future changes Step 2.2: Assess candidate Step 2.1: Identify candidate architectural solutions’ impacts on architectural solutions evolvability subcharacteristics 1/25/2013 Serene 2011 32
Analytic Hierarchy Process (AHP) [mij] nxn matrics – comparison elements (subcharacteristics) mij – comparison values between two elements (1 … 9/1) (results – binary relations between the elements) Calculation and value normalization -> normalized significance of the values Wi (W1+W2+… Wn = 1)
Case study: Ericsson • mobile network architecture with respect to the evolvability of a logical node at Ericsson. • Logical Node: – handle control signaling for and keep track of user equipment such as mobiles using a certain type of radio access. Application level In-Service Software Upgrade (ISSU) Control System Transmission System Platform level Middleware OS 1/25/2013 Serene 2011 34
Phase 1: requirements identification Requirements Subcharacteristics R1. The ISSU solution should be easy to understand for the Analyzability development organization. R2. Many kinds of application changes shall be possible Changeability without special upgrade code, e.g., backward compatible interfaces. R3. Enable introduction of ISSU solution without limitations on Extensibility extending existing features or adding new ones. R4. Enable change of operating system or hardware. Portability R5. Enable the ease to test and debug parts of the system Testability individually, and extract test data from the system. R6. The ISSU total time, capacity impact during ISSU and Capacity normal execution should be within specified values. R7. Critical components need to have redundancy during Availability ISSU. R8. The impact of software or hardware failure during upgrade should be limited. 1/25/2013 Serene 2011 35
Preferences of evolvability subcharacteristics (1) 1/25/2013 Serene 2011 36
Preferences of evolvability subcharacteristics (2) CR < 0.1 – the consistent selections between stakeholders 1/25/2013 Serene 2011 37
Phase 2: provide alternative architectural solutions Select alternative: 1/25/2013 Serene 2011 38
Summary - Questions • What is the importance of resilience? • How to include resilience aspects in the development process? – In certification? – In real-time systems? – Component-based approach? – Model-driven approach? • How to verify resilient systems? – Can we test all possible scenarios? • Adaptability – Where to implement the adaptability? • Source code level? • Architectural level? 1/25/2013 Serene 2011 39
1/25/2013 Serene 2011 40

Empfohlen

Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
JAZEEL K T
 
Quantum Computing Applications in Power Systems
Quantum Computing Applications in Power SystemsQuantum Computing Applications in Power Systems
Quantum Computing Applications in Power Systems
Power System Operation
 
Quantum Computing and Qiskit
Quantum Computing and QiskitQuantum Computing and Qiskit
Quantum Computing and Qiskit
Pooja Mistry
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Leonardo ENERGY
 
Unit commitment in power system
Unit commitment in power systemUnit commitment in power system
Unit commitment in power system
Abrar Ahmed
 
Smart grid problems in general
Smart grid problems in generalSmart grid problems in general
Smart grid problems in general
Aimal Achakzai
 
Cyber Security in Power Systems
Cyber Security in Power SystemsCyber Security in Power Systems
Cyber Security in Power Systems
Power System Operation
 
Smart grid
Smart gridSmart grid
Smart grid
Ranjeet Kumar
 

Empfohlen

Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
JAZEEL K T
 
Quantum Computing Applications in Power Systems
Quantum Computing Applications in Power SystemsQuantum Computing Applications in Power Systems
Quantum Computing Applications in Power Systems
Power System Operation
 
Quantum Computing and Qiskit
Quantum Computing and QiskitQuantum Computing and Qiskit
Quantum Computing and Qiskit
Pooja Mistry
 
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Cybersecurity for Smart Grids: Vulnerabilities and Strategies to Provide Cybe...
Leonardo ENERGY
 
Unit commitment in power system
Unit commitment in power systemUnit commitment in power system
Unit commitment in power system
Abrar Ahmed
 
Smart grid problems in general
Smart grid problems in generalSmart grid problems in general
Smart grid problems in general
Aimal Achakzai
 
Cyber Security in Power Systems
Cyber Security in Power SystemsCyber Security in Power Systems
Cyber Security in Power Systems
Power System Operation
 
Smart grid
Smart gridSmart grid
Smart grid
Ranjeet Kumar
 
Presentation1 160729072733
Presentation1 160729072733Presentation1 160729072733
Presentation1 160729072733
SIVA SASTHRI
 
Power system security
Power system securityPower system security
Power system security
Adani Institute of Infrastructure Engineering College
 
Artificial intelligence in power system
Artificial intelligence in power systemArtificial intelligence in power system
Artificial intelligence in power system
ShrutikaHajare
 
Numerical protection 2
Numerical protection 2Numerical protection 2
Numerical protection 2
angila95
 
CYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRIDCYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRID
Siva Sasthri
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security Issues
journalBEEI
 
Auto reclosers
Auto reclosersAuto reclosers
Auto reclosers
Debojyoti Mukherjee
 
Power system security
Power system security Power system security
Power system security
MANGESHKULKARNI72
 
Overview of custom power devices
Overview of custom power devicesOverview of custom power devices
Overview of custom power devices
Raja Adapa
 
three phase fault analysis with auto reset for temporary fault and trip for p...
three phase fault analysis with auto reset for temporary fault and trip for p...three phase fault analysis with auto reset for temporary fault and trip for p...
three phase fault analysis with auto reset for temporary fault and trip for p...
Vikram Rawani
 
Quantum computer
Quantum computerQuantum computer
Quantum computer
Nikhil Eg
 
CHAPTER- 4.ppt
CHAPTER- 4.pptCHAPTER- 4.ppt
CHAPTER- 4.ppt
hussenbelew
 
Module 2 ee369 KTU syllabus-high voltage ac generation,resonant circuits
Module 2 ee369 KTU syllabus-high voltage ac generation,resonant circuitsModule 2 ee369 KTU syllabus-high voltage ac generation,resonant circuits
Module 2 ee369 KTU syllabus-high voltage ac generation,resonant circuits
Asha Anu Kurian
 
PROTECTION AGAINST BLACKOUTS AND SELF-RESTORATION OF POWER SYSTEMS
PROTECTION AGAINST BLACKOUTS AND SELF-RESTORATION OF POWER SYSTEMSPROTECTION AGAINST BLACKOUTS AND SELF-RESTORATION OF POWER SYSTEMS
PROTECTION AGAINST BLACKOUTS AND SELF-RESTORATION OF POWER SYSTEMS
Power System Operation
 
Power system protection_lecture_notes
Power system protection_lecture_notesPower system protection_lecture_notes
Power system protection_lecture_notes
lcm3766l
 
Final cyber physical system (1)
Final cyber physical system (1)Final cyber physical system (1)
Final cyber physical system (1)
vanisre jaiswal
 
Class 16 load shedding
Class 16 load sheddingClass 16 load shedding
Class 16 load shedding
Siksha 'O' Anusandhan (Deemed to be University )
 
Wireless Communication
Wireless CommunicationWireless Communication
Wireless Communication
Dhruv Aggarwal
 
Quantum computing
Quantum computingQuantum computing
Quantum computing
dharmsinghggu
 
Distributed Generation
Distributed Generation Distributed Generation
Distributed Generation
Anshul Shrivastava
 
Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)
Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
Ian Sommerville
 

Weitere ähnliche Inhalte

Was ist angesagt?

Numerical protection 2
Numerical protection 2Numerical protection 2
Numerical protection 2
angila95
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security Issues
journalBEEI
 
Quantum computer
Quantum computerQuantum computer
Quantum computer
Nikhil Eg
 

Was ist angesagt? (20)

Presentation1 160729072733
Presentation1 160729072733Presentation1 160729072733
Presentation1 160729072733
 
Power system security
Power system securityPower system security
Power system security
 
Artificial intelligence in power system
Artificial intelligence in power systemArtificial intelligence in power system
Artificial intelligence in power system
 
Numerical protection 2
Numerical protection 2Numerical protection 2
Numerical protection 2
 
CYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRIDCYBER SECURITY IN THE SMART GRID
CYBER SECURITY IN THE SMART GRID
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security Issues
 
Auto reclosers
Auto reclosersAuto reclosers
Auto reclosers
 
Power system security
Power system security Power system security
Power system security
 
Overview of custom power devices
Overview of custom power devicesOverview of custom power devices
Overview of custom power devices
 
three phase fault analysis with auto reset for temporary fault and trip for p...
three phase fault analysis with auto reset for temporary fault and trip for p...three phase fault analysis with auto reset for temporary fault and trip for p...
three phase fault analysis with auto reset for temporary fault and trip for p...
 
Quantum computer
Quantum computerQuantum computer
Quantum computer
 
CHAPTER- 4.ppt
CHAPTER- 4.pptCHAPTER- 4.ppt
CHAPTER- 4.ppt
 
Module 2 ee369 KTU syllabus-high voltage ac generation,resonant circuits
Module 2 ee369 KTU syllabus-high voltage ac generation,resonant circuitsModule 2 ee369 KTU syllabus-high voltage ac generation,resonant circuits
Module 2 ee369 KTU syllabus-high voltage ac generation,resonant circuits
 
PROTECTION AGAINST BLACKOUTS AND SELF-RESTORATION OF POWER SYSTEMS
PROTECTION AGAINST BLACKOUTS AND SELF-RESTORATION OF POWER SYSTEMSPROTECTION AGAINST BLACKOUTS AND SELF-RESTORATION OF POWER SYSTEMS
PROTECTION AGAINST BLACKOUTS AND SELF-RESTORATION OF POWER SYSTEMS
 
Power system protection_lecture_notes
Power system protection_lecture_notesPower system protection_lecture_notes
Power system protection_lecture_notes
 
Final cyber physical system (1)
Final cyber physical system (1)Final cyber physical system (1)
Final cyber physical system (1)
 
Class 16 load shedding
Class 16 load sheddingClass 16 load shedding
Class 16 load shedding
 
Wireless Communication
Wireless CommunicationWireless Communication
Wireless Communication
 
Quantum computing
Quantum computingQuantum computing
Quantum computing
 
Distributed Generation
Distributed Generation Distributed Generation
Distributed Generation
 

Ähnlich wie Resilient systems - predicatbility ane evolution

Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)
Ian Sommerville
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
Ian Sommerville
 
Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)
eu-circle
 
Scaling identity to internet proportions
Scaling identity to internet proportionsScaling identity to internet proportions
Scaling identity to internet proportions
OracleIDM
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013
Ian Sommerville
 
Moser lightfoot pmc2012pres
Moser lightfoot pmc2012presMoser lightfoot pmc2012pres
Moser lightfoot pmc2012pres
NASAPMC
 
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
juliekannai
 
Software archiecture lecture05
Software archiecture lecture05Software archiecture lecture05
Software archiecture lecture05
Luktalja
 
Michael.bay
Michael.bayMichael.bay
Michael.bay
NASAPMC
 

Ähnlich wie Resilient systems - predicatbility ane evolution (20)

Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)Dependablity Engineering 1 (CS 5032 2012)
Dependablity Engineering 1 (CS 5032 2012)
 
CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013CS 5032 L7 dependability engineering 2013
CS 5032 L7 dependability engineering 2013
 
European critical infrastructures: which analysis framework for supporting ef...
European critical infrastructures: which analysis framework for supporting ef...European critical infrastructures: which analysis framework for supporting ef...
European critical infrastructures: which analysis framework for supporting ef...
 
Resilience of Critical Infrastructures to Climate Change
Resilience of Critical Infrastructures to Climate ChangeResilience of Critical Infrastructures to Climate Change
Resilience of Critical Infrastructures to Climate Change
 
Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)Resilience of Critical Infrastructures to Climate Change (old)
Resilience of Critical Infrastructures to Climate Change (old)
 
Reliability Engineering
Reliability EngineeringReliability Engineering
Reliability Engineering
 
1050_Thomas
1050_Thomas1050_Thomas
1050_Thomas
 
Sqa material
Sqa materialSqa material
Sqa material
 
Scaling identity to internet proportions
Scaling identity to internet proportionsScaling identity to internet proportions
Scaling identity to internet proportions
 
Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)Dependability and security (CS 5032 2012)
Dependability and security (CS 5032 2012)
 
Emergent properties
Emergent propertiesEmergent properties
Emergent properties
 
CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013CS 5032 L2 dependability and security 2013
CS 5032 L2 dependability and security 2013
 
Moser lightfoot pmc2012pres
Moser lightfoot pmc2012presMoser lightfoot pmc2012pres
Moser lightfoot pmc2012pres
 
Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)Safety specification (CS 5032 2012)
Safety specification (CS 5032 2012)
 
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
Preparing for a Black Swan: Planning and Programming for Risk Mitigation in E...
 
Software archiecture lecture05
Software archiecture lecture05Software archiecture lecture05
Software archiecture lecture05
 
Future Research in (Software) Resilience
Future Research in (Software) ResilienceFuture Research in (Software) Resilience
Future Research in (Software) Resilience
 
Antifragile Software Design
Antifragile Software DesignAntifragile Software Design
Antifragile Software Design
 
Michael.bay
Michael.bayMichael.bay
Michael.bay
 
Whose View is it Anyway: Addressing Multiple Stakeholder Concerns
Whose View is it Anyway: Addressing Multiple Stakeholder ConcernsWhose View is it Anyway: Addressing Multiple Stakeholder Concerns
Whose View is it Anyway: Addressing Multiple Stakeholder Concerns
 

Mehr von Ivica Crnkovic

Rapid Continuous Software Engineering - Meeting the challenges of modern sof...
Rapid Continuous Software Engineering - Meeting the challenges of modern sof...Rapid Continuous Software Engineering - Meeting the challenges of modern sof...
Rapid Continuous Software Engineering - Meeting the challenges of modern sof...
Ivica Crnkovic
 
Software Assurance: What Should We Do next? - Software Design for Reliability
Software Assurance: What Should We Do next? - Software Design for ReliabilitySoftware Assurance: What Should We Do next? - Software Design for Reliability
Software Assurance: What Should We Do next? - Software Design for Reliability
Ivica Crnkovic
 
A classification framework for component models
A classification framework for component modelsA classification framework for component models
A classification framework for component models
Ivica Crnkovic
 
Teaching in multicultural classromre
Teaching in multicultural classromreTeaching in multicultural classromre
Teaching in multicultural classromre
Ivica Crnkovic
 
The challenges and opportunities in open source reuse
The challenges and opportunities in open source reuseThe challenges and opportunities in open source reuse
The challenges and opportunities in open source reuse
Ivica Crnkovic
 
Empirical se 2013-01-17
Empirical se 2013-01-17Empirical se 2013-01-17
Empirical se 2013-01-17
Ivica Crnkovic
 
Crnkovic cbse-impact.pptx
Crnkovic cbse-impact.pptxCrnkovic cbse-impact.pptx
Crnkovic cbse-impact.pptx
Ivica Crnkovic
 
Ten Tips to Succeed in Global Software Engineering Education
Ten Tips to Succeed in Global Software Engineering EducationTen Tips to Succeed in Global Software Engineering Education
Ten Tips to Succeed in Global Software Engineering Education
Ivica Crnkovic
 

Mehr von Ivica Crnkovic (19)

2020 09-16-ai-engineering challanges
2020 09-16-ai-engineering challanges2020 09-16-ai-engineering challanges
2020 09-16-ai-engineering challanges
 
Ai engineering icsoc -2019-10-30
Ai engineering icsoc -2019-10-30Ai engineering icsoc -2019-10-30
Ai engineering icsoc -2019-10-30
 
Software Engineering Challenges in building AI-based complex systems
Software Engineering Challenges in building AI-based complex systemsSoftware Engineering Challenges in building AI-based complex systems
Software Engineering Challenges in building AI-based complex systems
 
ICSE 2018 opening session
ICSE 2018 opening sessionICSE 2018 opening session
ICSE 2018 opening session
 
AI challanges - Cse day-2018.04.12
AI challanges - Cse day-2018.04.12AI challanges - Cse day-2018.04.12
AI challanges - Cse day-2018.04.12
 
Beyond digitalisation 2016-06-07
Beyond digitalisation 2016-06-07Beyond digitalisation 2016-06-07
Beyond digitalisation 2016-06-07
 
ICSE2018 presentation 2016-05-20
ICSE2018 presentation 2016-05-20ICSE2018 presentation 2016-05-20
ICSE2018 presentation 2016-05-20
 
Component-Based and Model-Driven Engineering: what is the difference? A CBSE ...
Component-Based and Model-Driven Engineering: what is the difference? A CBSE ...Component-Based and Model-Driven Engineering: what is the difference? A CBSE ...
Component-Based and Model-Driven Engineering: what is the difference? A CBSE ...
 
European Conference on Software Architecture - ECSA 2015 Announcement
European Conference on Software Architecture - ECSA 2015 AnnouncementEuropean Conference on Software Architecture - ECSA 2015 Announcement
European Conference on Software Architecture - ECSA 2015 Announcement
 
Rapid Continuous Software Engineering - Meeting the challenges of modern sof...
Rapid Continuous Software Engineering - Meeting the challenges of modern sof...Rapid Continuous Software Engineering - Meeting the challenges of modern sof...
Rapid Continuous Software Engineering - Meeting the challenges of modern sof...
 
Software Assurance: What Should We Do next? - Software Design for Reliability
Software Assurance: What Should We Do next? - Software Design for ReliabilitySoftware Assurance: What Should We Do next? - Software Design for Reliability
Software Assurance: What Should We Do next? - Software Design for Reliability
 
Sa past-future
Sa past-futureSa past-future
Sa past-future
 
A classification framework for component models
A classification framework for component modelsA classification framework for component models
A classification framework for component models
 
Teaching in multicultural classromre
Teaching in multicultural classromreTeaching in multicultural classromre
Teaching in multicultural classromre
 
The challenges and opportunities in open source reuse
The challenges and opportunities in open source reuseThe challenges and opportunities in open source reuse
The challenges and opportunities in open source reuse
 
Empirical se 2013-01-17
Empirical se 2013-01-17Empirical se 2013-01-17
Empirical se 2013-01-17
 
SPL in Clouds
SPL in CloudsSPL in Clouds
SPL in Clouds
 
Crnkovic cbse-impact.pptx
Crnkovic cbse-impact.pptxCrnkovic cbse-impact.pptx
Crnkovic cbse-impact.pptx
 
Ten Tips to Succeed in Global Software Engineering Education
Ten Tips to Succeed in Global Software Engineering EducationTen Tips to Succeed in Global Software Engineering Education
Ten Tips to Succeed in Global Software Engineering Education
 

Resilient systems - predicatbility ane evolution

  • 1. Resilient Systems - Predictability and Evolution Ivica Crnkovic Mälardalen University, Sweden www.idt.mdh.se/~icc ivica.crnkovic@mdh.se
  • 2. What is resilience? • In ecology1 – the capacity of an ecosystem to respond to a perturbation or disturbance by resisting damage and recovering quickly • In System Engineering – Resilience is the ability of organizational, hardware and software systems to mitigate the severity and likelihood of failures or losses, to adapt to changing conditions, and to respond appropriately after the fact. 1Resilience (ecology - Wikipedia) 1/25/2013 Serene 2011 2
  • 3. Characteristics of resilient systems Critical aspects of resilience: System Resistance 1. Latitude: the maximum amount a state system can be changed before losing its ability to recover. Robustness 2. Resistance: the ease or difficulty of changing the system; how “resistant” it is to being changed. 3. Precariousness: how close the current state of the system is to a limit or “threshold.” Environment Latitude 4. Panarchy: the degree to which a certain hierarchical level of an ecosystem is influenced by other Precariousness levels. 1/25/2013 Serene 2011 4
  • 4. Resilience vs. dependability vs. robustness? • Dependability Ability of a system to Availability deliver service that can justifiably be Reliability trusted Safety Confidentiality Attributes Integrity (Ability of a system to avoid failures Maintainability that are more frequent or more severe than is acceptable to user(s) Faults Dependability Threats Errors • Survivability is the ability to remain Failures alive or continue to exist. • Robustness is the persistence of a system’s characteristic behavior under Fault Prevention perturbations or conditions of Fault Tolerance uncertainty. Means Fault Removal Fault Forecasting • Resilience is the persistence of the avoidance of failures that are unexpectedly frequent or severe, when facing change [Laprie] 1/25/2013 Serene 2011 5
  • 6. Resilience vs. dependability vs. robustness? dependable (robust&resistent) systems” “Resilient systems” states • Highly controlled • A broad spectrum of possible equilibrium state • Operates in a narrow band • Not necessary all states are predicted • Predefined states (“modes”) • Adaptive and evolving systems • Top-down design • impact of the system on the environment • Challenge: predict all states • Challenge: caused by the environment • Adaptation • Optimal performance in different states • Minimize unwanted impact on the environment 1/25/2013 Serene 2011 7
  • 7. Do we care about impact on the environment? ABB vision: “Power and productivity for a better world” “….., we help our customers to use electrical power efficiently, to increase industrial productivity and to lower environmental impact in a sustainable way.” 1/25/2013 Serene 2011 8
  • 8. Resilient system development challenges • Resilience is an extra-functional (non-functional) property • A part of the design: – System adaptability – System evolvability – Impact on external environment • (direct & indirect) • (short & long term) 1/25/2013 Serene 2011 10
  • 9. Development process – top-down vs. Bottom-up • Modern, sustainable and resilient systems: – Complex, distributed, highly dynamic, highly adaptive – Adjustable to the changing environment and to the users • Top-down principle is not enough! – It would be a problem with evolution and flexibility • Late compositions, reconfigurations, on-line verifications, on-line validations 1/25/2013 Serene 2011 11
  • 10. Extended development process 1JOSEPH FIKSEL Designing Resilient, Sustainable Systems , Environ. Sci. Technol. 2003, 37, 5330-5339 1/25/2013 Serene 2011 12
  • 11. How can we assess the resilience?
  • 12. Resilience property model is refined to Resilience subcharacteristics 1 1..* 1 is refined to 1..* measured by measuring attributes 1..* metrics 1 1 reason about 1..* QoS Questions: which are subcharacteristics? which measuring attributes? How to design for resilience? How to analyze resilience? 1/25/2013 22
  • 13. Analysis Process Elicit Architectural Concerns Stakeholders’ concerns (subcharacteristics) Potential architectural Change stimuli requirements Analyze Implication of Propose architectural change stimuli solutions Analyze Implication of change stimuli
  • 14. Example: Software Evolvability Model • Literature survey and analysis of the literature • Industrial case studies -is refined to Evolvability Subcharacteristics 1 1..* 1 -is refined to • Evolvability subcharacteristics 1..* -is measured by • Analyzability Measuring Attributes Metrics • Architectural Integrity 1 1..* • Changeability 1 -reason about QoS • Portability 1..* • Extensibility • Testability • Domain-specific attributes Hongyu Pei Breivold, Ivica Crnkovic, Peter Eriksson, Analyzing Software Evolvability, 32nd IEEE International computer Software and Applications Conference (COMPSAC), 2008 1/25/2013 Serene 2011 24
  • 15. Case Study: ABB Robotic Control System PC Applications Man Machine Interactions Controller Control Interfaces and Language Resources I/O File System Safety Base system Support services OS & HW abstraction Device Drivers A conceptual view of the software architecture 1/25/2013 Serene 2011 27
  • 16. Architectural concerns • Analyzability • Architectural Integrity • Changeability • Portability • Extensibility • Testability • Domain-specific attributes – Performance, real-time 1/25/2013 Serene 2011 28
  • 17. Phase 1: Change Stimuli and Architectural Requirements Change Stimuli • Time-to-market requirements • Increased ease and flexibility of distributed development of diverse application variants. Requirements Subcharacteristics R1. Transform the monolithic architecture to Analyzability modular architecture. Changeability R2. Reduced architecture complexity. R3. Enable distributed development of Extensibility extensions with minimum dependency. R4. Portability. Portability R5. Impact on product development process. Testability R6. Minimized software code size and runtime Domain-specific footprint. Attribute R1, R2, R3 prioritized 1/25/2013 Serene 2011 29
  • 18. Phase 2: Architectural analysis • Extract architectural constructs related to the respective identified issues • Identify refactoring components for each identified issue Refactoring components – dynamic component biding 1/25/2013 Serene 2011 30
  • 19. Phase 3: finalize the analysis Example: Implications of the IPC component refactoring on evolvability subcharacteristics (+ positive impact, - negative impact) Subcharacteristics IPC Component Refactoring Analyzability – due to less possibility of static analysis since definitions are defined dynamically Architectural Integrity + due to documentation of specific requirements, architectural solutions and consequences Changeability + due to the dynamism which makes it easier to introduce and deploy new slots Portability + due to improved abstraction of Application Programming Interfaces (APIs) for IPC Extensibility + due to encapsulation of IPC facilities and dynamic deployment Testability No impact Domain-specific + resource limitation issue is handled through dynamic IPC attribute connection – due to introduced dynamism, the system performance could be slightly reduced 1/25/2013 Serene 2011 31
  • 20. Quantitative Architecture Evolvability Analysis Method Using Analytic Hierarchy Process (AHP) for comparison of choices Phase 1: Analyze the implications of change stimuli on Phase 3: Finalize the evaluation software architecture Step 3.1: Analyze and Step 1.1: Elicit stakeholders’ Step 1.2: Extract stakeholders’ present evaluation results views on evolvability prioritization and preferences of subcharacteristics evolvability subcharacteristics Phase 2: Analyze and prepare the software architecture to accommodate change stimuli and potential future changes Step 2.2: Assess candidate Step 2.1: Identify candidate architectural solutions’ impacts on architectural solutions evolvability subcharacteristics 1/25/2013 Serene 2011 32
  • 21. Analytic Hierarchy Process (AHP) [mij] nxn matrics – comparison elements (subcharacteristics) mij – comparison values between two elements (1 … 9/1) (results – binary relations between the elements) Calculation and value normalization -> normalized significance of the values Wi (W1+W2+… Wn = 1)
  • 22. Case study: Ericsson • mobile network architecture with respect to the evolvability of a logical node at Ericsson. • Logical Node: – handle control signaling for and keep track of user equipment such as mobiles using a certain type of radio access. Application level In-Service Software Upgrade (ISSU) Control System Transmission System Platform level Middleware OS 1/25/2013 Serene 2011 34
  • 23. Phase 1: requirements identification Requirements Subcharacteristics R1. The ISSU solution should be easy to understand for the Analyzability development organization. R2. Many kinds of application changes shall be possible Changeability without special upgrade code, e.g., backward compatible interfaces. R3. Enable introduction of ISSU solution without limitations on Extensibility extending existing features or adding new ones. R4. Enable change of operating system or hardware. Portability R5. Enable the ease to test and debug parts of the system Testability individually, and extract test data from the system. R6. The ISSU total time, capacity impact during ISSU and Capacity normal execution should be within specified values. R7. Critical components need to have redundancy during Availability ISSU. R8. The impact of software or hardware failure during upgrade should be limited. 1/25/2013 Serene 2011 35
  • 24. Preferences of evolvability subcharacteristics (1) 1/25/2013 Serene 2011 36
  • 25. Preferences of evolvability subcharacteristics (2) CR < 0.1 – the consistent selections between stakeholders 1/25/2013 Serene 2011 37
  • 26. Phase 2: provide alternative architectural solutions Select alternative: 1/25/2013 Serene 2011 38
  • 27. Summary - Questions • What is the importance of resilience? • How to include resilience aspects in the development process? – In certification? – In real-time systems? – Component-based approach? – Model-driven approach? • How to verify resilient systems? – Can we test all possible scenarios? • Adaptability – Where to implement the adaptability? • Source code level? • Architectural level? 1/25/2013 Serene 2011 39
  • 28. 1/25/2013 Serene 2011 40

Hinweis der Redaktion

  1. 4. For example, organisms living in communities that are in isolation from one another may be organized differently than the same type of organism living in a large continuous population, thus the community-level structure is influenced by population-level interactions
  2. robustness is the ability of a computer system to cope with errors during execution or the ability of an algorithm to continue to operate despite abnormalities in input, calculations, etc.
  3. robustness is the ability of a computer system to cope with errors during execution or the ability of an algorithm to continue to operate despite abnormalities in input, calculations, etc.
  4. Every open system interacts with its environment and, hence, is part of a larger system.Carried to the extreme, this type of reasoning leads to the “Gaia hypothesis”, which claims that the world is a single giant organism.
  5. The main problem with this software architecture was the existence of tight coupling among some components that reside in different layers.
  6. Analyze impacts of the solutions to the subcharacteristics (using AHP