1 Luigi Logrippo SITE Feature Interactions as Inconsistencies

Slides:



Advertisements
Similar presentations
Testing Relational Database
Advertisements

The Robert Gordon University School of Engineering Dr. Mohamed Amish
Design by Contract.
The design process IACT 403 IACT 931 CSCI 324 Human Computer Interface Lecturer:Gene Awyzio Room:3.117 Phone:
Project Proposal.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
VIDE als voortzetting van Cocktail SET Seminar 11 september 2008 Dr. ir. Michael Franssen.
Effective Math Questioning
Software Testing and Quality Assurance
Lab Telemàtica II: VoIP 2008/2009 Anna Sfairopoulou Page 1 Advanced services with SIP.
Distributed Databases Logical next step in geographically dispersed organisations goal is to provide location transparency starting point = a set of decentralised.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
EXPERT SYSTEMS Part I.
Feb. 23, 2004CS WPI1 CS 509 Design of Software Systems Lecture #5 Monday, Feb. 23, 2004.
Building Knowledge-Driven DSS and Mining Data
SM3121 Software Technology Mark Green School of Creative Media.
Test Design Techniques
Automatic Software Testing Tool for Computer Networks ARD Presentation Adi Shachar Yaniv Cohen Dudi Patimer
The design process z Software engineering and the design process for interactive systems z Standards and guidelines as design rules z Usability engineering.
An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.
On Roles of Models in Information Systems (Arne Sølvberg) Gustavo Carvalho 26 de Agosto de 2010.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Software Engineering 2003 Jyrki Nummenmaa 1 REQUIREMENT SPECIFICATION Today: Requirements Specification Requirements tell us what the system should.
CPSC 871 John D. McGregor Module 1 Session 2 Requirements Elicitation/analysis.
SE-02 SOFTWARE ENGINEERING LECTURE 3 Today: Requirements Analysis Requirements tell us what the system should do - not how it should do it. Requirements.
Topics Covered: Software requirement specification(SRS) Software requirement specification(SRS) Authors of SRS Authors of SRS Need of SRS Need of SRS.
1 REQUIREMENT ENGINEERING Chapter 7. 2 REQUIREMENT ENGINEERING Definition Establishing what the customer requires from a software system. OR It helps.
1 Luigi Logrippo Kamel Adi Inconsistency and incompleteness in security policies
MITREMITRE Coalition Security Policy Language Project 11 December 2000.
Features, Policies and Their Interactions Joanne M. Atlee Department of Computer Science University of Waterloo.
Software Engineering – University of Tampere, CS DepartmentJyrki Nummenmaa REQUIREMENT SPECIFICATION Today: Requirements Specification.
HCI in Software Process Material from Authors of Human Computer Interaction Alan Dix, et al.
Home Enrichment (HE) TEST THE IDEA. DAY ONE (1) Focus: Purpose & Questions at Issue 4 Home Enrichment (HE)- 4/13 Do Nightly / Due on Fri. 4/17 TEST THE.
Software Requirements (Advanced Topics) “Walking on water and developing software from a specification are easy if both are frozen.” --Edward V Berard.
Assessment Callie Cothern and Heather Vaughn. A Change in the view of assistive technology assessment: From a one shot, separate event to an ongoing,
ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.
NATURE OF OB Total System Approach Nature of Organisational behaviour
1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,
The Changing Nature of Feature Interaction Ken Turner University of Stirling Lydie du Bousquet IMAG Glenn Bruns Bell Labs, Lucent Technologies Luigi Logrippo.
Chapter 2.2 Game Design. CS Overview This introduction covers: –Terms –Concepts –Approach All from a workaday viewpoint.
DEBUGGING. BUG A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
How to Read Research Papers? Xiao Qin Department of Computer Science and Software Engineering Auburn University
An Ontological Framework for Web Service Processes By Claus Pahl and Ronan Barrett.
UML-1 3. Capturing Requirements and Use Case Model.
UML-1 8. Capturing Requirements and Use Case Model.
A Use Case Primer 1. The Benefits of Use Cases  Compared to traditional methods, use cases are easy to write and to read.  Use cases force the developers.
Service Creation Model and Framework Focus: control, redirection services Challenges: –Simplicity, user-friendliness –Flexibility –Robustness (e.g., feature.
RECOGNIZING, ANALYZING, AND CONSTRUCTING ARGUMENTS
CONCLUSION The conclusion of this work is that it is possible to develop a problem-solving method providing evolutionary computational support to general.
September XACML: Consistency analysis Luigi Logrippo Université du Québec University of Ottawa
1 Access Control Policies: Modeling and Validation Luigi Logrippo & Mahdi Mankai Université du Québec en Outaouais.
Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.
1 Luigi Logrippo SITE Feature Interactions as Inconsistencies
Software Requirements Specification Document (SRS)
Requirement engineering & Requirement tasks/Management. 1Prepared By:Jay A.Dave.
Refining the Use Cases 1. How Use Cases Evolve  Early efforts typically define most of the major use cases.  The refining stages complete the process.
1 Logic issues in policy languages Luigi Logrippo Université du Québec en Outaouais and University of Ottawa Canada.
Semantic Web in Context Broker Architecture Presented by Harry Chen, Tim Finin, Anupan Joshi At PerCom ‘04 Summarized by Sungchan Park
1 Representing and Exploring the Behavioral View of Goal Models: A Semi-Formal Approach Sotiris Liaskos Toronto 2004.
Luigi Logrippo SITE Logic and implementation issues in VoIP and security
Banaras Hindu University. A Course on Software Reuse by Design Patterns and Frameworks.
Modeling Education with Work Domain Analysis: A Work in Progress Lee Nickles September 11, 2002.
A service Oriented Architecture & Web Service Technology.
1 Software Requirements Descriptions and specifications of a system.
Chapter 5 – Requirements Engineering
Define the problem Pouya amani lori
From Laws to Programs: A Logical Design Approach
Feature Interactions as Inconsistencies
Presentation transcript:

1 Luigi Logrippo SITE Feature Interactions as Inconsistencies

2 Development Early research on FI was based on the idea that Fis were the result of complex interleavings of features See Feature Interaction contexts Later it became understood that, more simply, if features are logically inconsistent then they cannot coexist

3 Main idea Many software flaws can be discovered by making the logic precise and thoroughly examining it by the use of logic tools Formal methods Feature interactions are the result of logic flaws Inconsistency of specs Application areas: New VoIP and Web based systems Security Many others Do this Do that

4 Feature Interaction in Automotive Electronic Stability Program (ESP) and Cruise Control (CC) ESP: Break if wheels slip on wet road CC: Increase speed until cruise speed is reached FI detectable by the fact that the two features have contradicting requirements

5 Protection rings in Bell-LaPadula security model High security personnel can use delegatio n to transfer access rights to lower security personnel FI: Delegation defeats BLP

6 C 3. A gets connected to C 1. A calls B 2. B forwards to C A has C in OCS list A B has CF to C B FI: CF defeats OCS. OCS: Originating Call Screening CF: Call Forward FI in communications

7 Infinite loops FIs Companies A, B and C have policies where each of them uses the next in a loop as suppliers of parts in excess of inventory This can start a chain reaction with potentially disastrous effects! Send 1000 hockey pucks Send 800 pucks Send 600 pucks Send 400 pucks Send 400 FI: subcontracting defeats itself

8 Infinite loops FIs Companies A, B and C have policies where each of them uses the next in a loop as suppliers of parts in excess of inventory This can start a chain reaction with potentially disastrous effects! Send 1000 hockey pucks Send 800 pucks Send 600 pucks Send 400 pucks Send 400 FI: subcontracting defeats itself

9 Presence communications features 1 Alice: call Bob urgently about meeting cancellation Bob’s policy : send to voice mail all calls that arrive when I am moving faster than 50Km/h FI: Bob’s policy defeats Alice’s urgent call policy

10 Presence communications features 2 Alice: call Bob as soon as he arrives in building Bob: call Alice as soon as she arrives in building One of the two policies will be defeated by the other

11 FIs as inconsistencies There is FI when there is inconsistency between: Two simultaneous actions of one agent ESP – CC example Two simultaneous actions of two different agents ‘Call as soon as gets in the building’ example An action and the requirements of a user Actions and systems requirements Infinite loop example Inconsistency of actions is

12 This idea is explicit in Within an explicit logic framework: Felty and Namjoshi, FIW 2000 Various papers of Aiguier and LeGall, e.g. Formal Methods 2006 (LNCS 4085) More generally talking about ‘conflicts’, ‘broken assumptions’, etc. Kolberg, Magill, Wilson, IEEE Comm., 2003 Gorse, Logrippo, Sincennes, originally in Gorse’s Master’s thesis of 2000 and eventually published in SoSym 2006 Metzger et al., FIW 2003 and 2005 Turner, Blair 2006 Etc.

13 Interesting aside on logic Not all inconsistencies we have identified are straight logical inconsistencies… Some are infinite loops Others may be deadlocks What is the logic interpretation of an infinite loop or a deadlock? What is the computational interpretation of a logical inconsistency? Subject of ongoing work on the relationship between lambda calculus and logic

14 How do we know about the conflicts This can be obvious, in cases where there is a straight contradiction A and not A But this is rarely the case Most papers leave it to the systems designer to state whether two actions or requirements are in contradiction, E.g. accept call contradicts disconnect

15 Determining more precisely inconsistency of actions So action inconsistency is usually a symptom Based on knowledge of expected systems behavior Detection is tentative Detection tool identifies possible conflict scenarios and interaction must be confirmed by human inspection

16 Next step of analysis: Considering pre- & post-conditions Wu and Schulzrinne have moved forward with this idea Not entirely new… Introducing the idea of conflicts between pre- and post- conditions of actions Whether actions conflict can be determined on the basis of their pre-and post-conditions This can provide information also on possible FI resolution

17 Use of pre- and post-conditions Enable(A,B) (positive interaction) The post-condition of A is implied by the pre-condition of B Disable(A,B) (negative interaction) The post-condition of A is not implied by the pre-condition of B Conflict of post-conditions: (negative interactions) The expected postconditions of two actions conflict directly Special case: they request the same resources The expected postconditions of two actions conflict because of parameters

18 How to choose pre- and post-condition Communications systems are very complex and every action is the result of, also produces, very complex conditions Only few elements can be expressed in pre- and post-conditions that are meant for analysis These elements can only be chosen in terms of broad generalizations The choice of these elements is of course vital for producing a useful analysis In terms of the characteristics of APPEL, we have chosen to focus on two elements: Call states State of the media

19 How to determine conflicts Similarly, conflicts must be determined in terms of broad generalizations E.g. if one action requests a resource of a certain type, then it might disable another action that requires the same type of resources These generalizations can be made more specific when more information is available

20 Example 1

21 How to detect Specifications must be made precise! Sometimes they are already sufficiently precise, e.g. in a XML-based language E.g.BPEL Constraint Logic Programming Given a set of logic constraints, CPL tools can tell whether There is a solution, constraints are satisfiable There is no solution, in fact there is a counterexample

22 How to solve Solution is a more complex problem, will depend from User intentions, Try to identify user goals May require an interactive system Solution methods will vary according to the application domain

23 Conclusions Complex designs require the composition of complex features With a lot of user control on what will happen in different situation (user policies ) Introduction of these features will require sophisticated methods to control different situations of feature conflicts

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.