Lecture Notes in Computer Science 6150 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany MadhuSudan MicrosoftResearch,Cambridge,MA,USA DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum Max-PlanckInstituteofComputerScience,Saarbruecken,Germany Holger Giese (Ed.) Architecting Critical Systems First International Symposium, ISARCS 2010 Prague, Czech Republic, June 23-25, 2010 Proceedings 1 3 VolumeEditor HolgerGiese HassoPlattnerInstituteforSoftwareSystemsEngineering Prof.-Dr.-Helmert-Str.2-3,14482Potsdam,Germany E-mail:[email protected] LibraryofCongressControlNumber:2010928429 CRSubjectClassification(1998):C.3,K.6.5,D.4.6,E.3,H.4,D.2 LNCSSublibrary:SL4–SecurityandCryptology ISSN 0302-9743 ISBN-10 3-642-13555-2SpringerBerlinHeidelbergNewYork ISBN-13 978-3-642-13555-2SpringerBerlinHeidelbergNewYork Thisworkissubjecttocopyright.Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,re-useofillustrations,recitation,broadcasting, reproductiononmicrofilmsorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheGermanCopyrightLawofSeptember9,1965, initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsareliable toprosecutionundertheGermanCopyrightLaw. springer.com ©Springer-VerlagBerlinHeidelberg2010 PrintedinGermany Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper 06/3180 Preface Architecting critical systems has gained major importance in commercial, gov- ernmentalandindustrialsectors.Emergingsoftwareapplicationsencompasscrit- icalities that are associated with either the whole system or some of its compo- nents.Therefore,effective methods, techniques, andtools for constructing,test- ing,analyzing,andevaluatingthe architecturesfor criticalsystemsareofmajor importance. Furthermore, these methods, techniques and tools must address is- sues of dependability and security, while focusing not only on the development, but also on the deployment and evolution of the architecture. This newly established ISARCS symposium provided an exclusive forum for exchanging views on the theory and practice for architecting critical systems. Such systems are characterized by the perceived severity of consequences that faults or attacks may cause, and architecting them requires appropriate means to assurethat they will fulfill their specified servicesina dependable andsecure manner. The different attributes of dependability and security cannot be considered in isolation for today’s critical systems, as architecting critical systems essen- tially means to find the right trade-off among these attributes and the various other requirements imposed on the system. This symposium therefore brought together the four communities working on dependability, safety, security and testing/analysis,each addressing to some extent the architecting of critical sys- tems from their specific perspective. To this end the symposium united the following three former events: – Workshop on Architecting Dependable Systems (WADS) – Workshop on the Role of Software Architecture for Testing and Analysis (ROSATEA) – Workshop on Views on Designing Complex Architectures. (VODCA) The 27 submissions and 11 published papers of this first ISARCS instance in 2010 show that we brought together as planned expertise from the different communities and therefore were able to provide a first overarching view on the state of research on how to design, develop, deploy and evolve critical systems from the architectural perspective. The selected papers addressed issues such as rigorous development, testing and analysis based on architecture, fault tolerance based on the architecture, safety-critical systems and architecture, secure systems and architecture, com- bined approaches and industrial needs. In the symposium the design of critical systems was addressed looking at issues such as analyzing the trade-offs between security andperformance,archi- tecturaldesigndecisionsforachievingreliablesoftwaresystems,andtheintegra- tionoffault-tolerancetechniquesintothe designofcriticalsystems.Inaddition, also more rigorous approaches to design were discussed. VI Preface The assurance of critical systems was discussed for approaches that employ formalmethodsandtestingforapplicationsaswellasunderlyingsoftwarelayers. In addition, a number of results that target specific domains such as military systems, safety-critical product lines and peer-to-peer control and data acqui- sition systems were presented. These papers provided a good introduction into the specific requirements of these domains and presented specific solutions for their domain. Furthermore, the interplay of architecture modeling and exist- ing domain-specific safety standards was discussed in the context of automotive systems. Theprogramwascompletedbytwokeynotesthatweresharedwiththeother eventsofthefederatedCompArchconference.Thefirstonewasonacomponent- based approach for adaptive user-centric pervasive applications from Martin Wirsing from the Ludwig-Maximilians-Universita¨t Munich, Germany, and the second addressed how to make the definition of evolution intrinsic to architec- ture descriptions, by Jeff Magee from the Imperial College, London, UK. I thank the authors of all submitted papers, and the PC members and ex- ternal referees who provided excellent reviews. I am in particular grateful to Frantisek Plasil and the whole team in Prague as well as Stefan Neumann and EdgarNa¨hter for their help and support concerning organizationalissues. I fur- thermorethanktheISARCSSCmembersfortheirsupportthroughoutthewhole process and their strong commitment to making ISARCS 2010 a success. April 2010 Holger Giese Organization ISARCS 2010 was organized by the Faculty of Mathematics and Physics of the CharlesUniversity,Prague,CzechRepublicasoneeventofthefederatedconfer- ence Component-Based Software Engineering and Software Architecture (Com- pArch 2010). General Chair Frantisek Plasil Charles University, Prague, Czech Republic Program Chair Holger Giese Hasso Plattner Institute at the University of Potsdam, Germany Local Organization Petr Hnˇetynka Charles University, Prague, Czech Republic Milena Zeithamlova Action M Agency, Prague,Czech Republic Steering Committee Rog´erio de Lemos University of Coimbra, Portugal) Cristina Gacek City University, London, UK Fabio Gadducci University of Pisa, Italy Lars Grunske SwinburneUniversityofTechnology,Australia Henry Muccini University of L’Aquila, Italy Maurice ter Beek ISTI-CNR, Pisa, Italy Program Committee Alessandro Aldini University of Urbino, Italy Aslan Askarov Cornell University, USA Brian Berenbach Siemens Corporate Research, USA Stefano Bistarelli Universit`a di Perugia, Italy Michel R.V. Chaudron Leiden University, The Netherlands Betty H. C.Cheng Michigan State University, USA Nathan Clarke University of Plymouth, UK Ricardo Corin Universidad Nacional de Cordoba (FAMAF), Argentina VIII Organization Cas Cremers ETH Zurich, Switzerland Ivica Crnkovic Ma¨lardalen University, Sweden Bojan Cukic West Virginia University, USA Eric Dashofy The Aerospace Corporation, USA Erik de Vink Eindhoven University of Technology, The Netherlands Heiko Do¨rr Carmeq GmbH, Germany Alexander Egyed Johannes Kepler University, Austria S´ebastien G´erard CEA LIST, France Wolfgang Grieskamp Microsoft Corporation, USA Ethan Hadar CA Inc., Israel Paola Inverardi University of L’Aquila, Italy Val´erie Issarny INRIA, UR de Rocquencourt, France Tim Kelly University of York, UK Marc-Olivier Killijian LAAS-CNRS Toulouse, France Philip Koopman Carnegie Mellon University, USA Patricia Lago VU University Amsterdam, The Netherlands Javier Lopez University of Malaga, Spain Nenad Medvidovic University of Southern California, USA Flavio Oquendo European University of Brittany - UBS/VALORIA, France Mauro Pezz`e University of Lugano, Switzerland Ralf H. Reussner Karlsruhe Institute of Technology / FZI, Germany Roshanak Roshandel Seattle University, USA Ana-Elena Rugina Astrium Satellites, France Bradley Schmerl Carnegie Mellon University, USA Bran Selic Malina Software, Canada Judith Stafford Tufts University, USA Michael von der Beeck BMW Group, Germany External Referees Rog´erio de Lemos Lars Grunske Aaron Kane Giovanni Mainetto Mohamad Reza Mousavi Henry Muccini Marinella Petrocchi Justin Ray Francesco Santini Malcolm Taylor Maurice H. ter Beek Table of Contents Design An Architectural Framework for Analyzing Tradeoffs between Software Security and Performance......................................... 1 Vittorio Cortellessa, Catia Trubiani, Leonardo Mostarda, and Naranker Dulay Architectural Design Decisions for Achieving Reliable Software Systems ........................................................ 19 Atef Mohamed and Mohammad Zulkernine Integrating Fault-Tolerant Techniques into the Design of Critical Systems ........................................................ 33 Ricardo J. Rodr´ıguez and Jos´e Merseguer Component Behavior Synthesis for Critical Systems .................. 52 Tobias Eckardt and Stefan Henkler Verification and Validation A Road to a Formally Verified General-Purpose Operating System ..... 72 Martin Dˇeck´y Engineering a Distributed e-Voting System Architecture: Meeting Critical Requirements ............................................ 89 J. Paul Gibson, Eric Lallet, and Jean-Luc Raffy Testing Fault Robustness of Model Predictive Control Algorithms...... 109 Piotr Gawkowski, Konrad Grochowski, Maciej L(cid:3) awryn´czuk, Piotr Marusak, Janusz Sosnowski, and Piotr Tatjewski Domain-Specific Results Towards Net-Centric Cyber Survivability for Ballistic Missile Defense... 125 Michael N. Gagnon, John Truelove, Apu Kapadia, Joshua Haines, and Orton Huang A Safety Case Approach to Assuring Configurable Architectures of Safety-Critical Product Lines...................................... 142 Ibrahim Habli and Tim Kelly IncreasingtheResilienceofCriticalSCADASystemsUsingPeer-to-Peer Overlays........................................................ 161 Daniel Germanus, Abdelmajid Khelil, and Neeraj Suri X Table of Contents Standards ISO/DIS 26262 in the Context of Electric and Electronic Architecture Modeling ....................................................... 179 Martin Hillenbrand, Matthias Heinz, Nico Adler, Klaus D. Mu¨ller-Glaser, Johannes Matheis, and Clemens Reichmann Author Index.................................................. 193
Description: