Luca Simoncini PDCC, Pisa and University of Pisa, Pisa, Italy System Architecture and Interoperability - Architecture is a critical element of the solution - Luca Simoncini PDCC, Pisa and University of Pisa, Pisa, Italy Pisa, 25-27/11/02, Workshops on &

Pros and cons of present architectural designs Most of large-scale infrastructures have been developed connecting stand-alone proprietary systems with ad-hoc solutions and independently developed components Pros: Ad-hoc components make easier system validation Limitation of third-party components Re-design and updating do not depend on third parties Cons: Components and implementation technologies evolution and obsolescence Upgrading of components Unflexibility and difficult adaptability Needed re-validation for new systems or major revisions Cons on interaction and interoperability Systems with slightly different requirements and specs cannot reuse components from previous designs: Complete re-design Lack of experience from older systems Interoperability is hard to achieve: Different project specifications Different dependability properties Different communication protocols or media ……. Difficult integration Pisa, 25-27/11/02, Workshops on &

What is needed Definition and construction of an architectural framework such: To reduce the design and development costs To reduce the number of components used in the several subsystems To simplify the evolution process of the products and reduce the associated costs To simplify the validation (and certification) of the products through an incremental approach based on reuse Infrastructure characteristics: Use of generic components: COTS and open source SW components Dependability properties associated to architecture and not only to components: Techniques for error detection, diagnosis and recovery independent from specific components (both HW or SW) Hierarchical approach for functional and non functional properties: To make validation easier Openness of the system: Adaptability to different kinds of architecture for interaction. Pisa, 25-27/11/02, Workshops on &

Trends, new problems and keywords Increasing number of (maybe non-trained) users: New fault types New threats (i.e. to privacy and security) Ubiquity and mobility: New threats to security Evolution, growing complexity, layering of services: Vital services and system survivability Keywords: Integration Composition Recursion: fault error failure Usability Genericity, Openness, Adaptability, Re-use for: Design of dependable components and architectures Designing architectures for dependability Dependable infrastructures from user perspective Pisa, 25-27/11/02, Workshops on &

Design of dependable components and architectures Architecture is a critical element of the solution Rigorous design (i.e. fault prevention) Verification and validation (i.e. fault removal) Fault Tolerance (accidental and malicious faults) System evaluation (i.e. fault forecasting) Requirements Composable compon. Secure components Separation of concern Invariance Early prototyping Adaptable compon. Testable components Coverage evaluation Enabling Technologies Formal methods Design for V&V State observability Testing Supports to validation and verification Redundancy Functional diversity Middleware Analytical modeling Fault injection Instruments Specs languages Modeling Tools Function placement Generic, composable, open source, reusable components Pisa, 25-27/11/02, Workshops on &

Designing architectures for dependability Multiple facets of dependability raise many issues Rigorous design (i.e. fault prevention) Verification and validation (i.e. fault removal) Fault Tolerance (accidental and malicious faults) System evaluation (i.e fault forecasting) How to compose: Interfaces Legacy systems How to guarantee integrity How to guarantee security How to guarantee survivability How to guarantee predictable timing Trusting the tools Testing Symbolic execution How to assess risks How to cope with new fault types How to reach survivability How to coordinate adaptability How to get good usability Uncertainty Meaningful models Meaningful simulations Evaluating coverage Experimental verification Abstraction, recursion, incremental verification Pisa, 25-27/11/02, Workshops on &

Dependable infrastructures from user perspective The user has the final word on system dependability Rigorous design (i.e. fault prevention) Verification and validation (i.e. fault removal) Fault Tolerance (accidental and malicious faults) System evaluation (i.e. fault forecasting) Is the system compliant with specifications ? Do I have the knowledge of possible residual faults ? Is the system able to provide meaningful service in presence of accidental and malicious faults ? Has the system sufficient performance to satisfy my needs ? Is system usability sufficiently good to reduce the probability of human errors ? Does the system protect my privacy, integrity of my data and and security ? Is the cost/dependability ratio optimal for my needs ? I think the system/service has (optimal/good/sufficient/insufficient) cost/dependability ! Pisa, 25-27/11/02, Workshops on &

System architecture in Application studies | Tools and Components | Support Measures Aerospace Healthcare Dependability Case Support Modelling and simulation Policy Issues e-business Infrastruct. Interdepend. Intrusion management Training Bestpractice Fault Prevention Fault Removal Fault Tolerance Fault Forecasting Pisa, 25-27/11/02, Workshops on &