INTRODUCTION COMMITTEES PROGRAM REGISTRATION
HOTELS TUTORIALS ABOUT MORELIA PAST LADC's
CALL FOR FAST ABSTRACTS CALL FOR PARTICIPATION

TUTORIALS


Morelia, Mexico

26-28 September 2007


  • Tutorial 1: Do you know... How to analyze and share results from dependability evaluation experiments?
    Marco Vieira and Henrique Madeira, U. Coimbra, Portugal

  • Tutorial 2: Software Architectures for Dependable Systems
    Rogerio de Lemos, U. Kent, UK

  • Tutorial 3: BAR--Where Distributed Computing Meets Game Theory
    Lorenzo Alvisi

    Software Architectures for Dependable Systems
    Rogerio de Lemos
    Short description:

    The aim of this tutorial is to provide an insight on how the structuring of software systems at the architectural level is fundamental for the development of dependable systems. Taking as a basis the different dependability means, we show how dependability should be considered at the architectural level, and the impact this should have when developing dependable systems. Existing architectural approaches do not provide the necessary means for reasoning about dependability, hence the need to know what are the general principles associated with software architectures, what is being developed in terms of dependability means, and what are the challenges lying ahead. The main objectives of this tutorial are the following: . to establish the major principles associated with software architectures and dependability that are relevant when reasoning about faults at the architectural level; . to introduce and discuss existing approaches for architecting dependable systems; . to identify the main challenges that lie ahead when considering the structuring of dependable systems at the architectural level. At the end of the tutorial, the participants should have a better appreciation of the challenges, problems and solutions that are currently associated with the structuring of dependable systems at the architectural level. These should include methods, techniques, and tools that are relevant in the context of dependability means, mainly, rigorous design, fault tolerance and system evaluation. The level of this tutorial is basic, and there are no special prerequisites, since we are dealing with fundamental concepts from two different disciplines, that of software architectures and dependability. However, some of the approaches to be presented would be state-of-the-art for motivating future directions of research. The tutorial includes the discussion of some case studies to help clarify issues and solidify concepts discussed.

    BAR - Where Distributed Computing Meets Game Theory
    Lorenzo Alvisi

    This tutorial describes a general approach for building cooperative services that span multiple administrative domains (MADs). MAD systems are attractive because their diffused control structure may yield services that are potentially less costly and more democratic than their more centralized counterparts. Unfortunately, they are also particularly problematic from a dependability standpoint as they challenge the traditional distinction between correct and faulty nodes.

    Nodes in a MAD system can, as always, deviate from their specification because they are *broken, on account of bugs, errors in software configuration, or even malicious attacks. But MAD systems add a new dimension: without a central administrator to ensure that all unbroken nodes follow faithfully their assigned protocol, nodes may deviate from their specification also because they are *selfish* and are intent on maximizing their own utility. BFT handles the first class of deviations well. However, the Byzantine model classifies all deviations as faults and requires a bound on the number of faults in the system; this bound is not tenable in MAD systems where *all* nodes may benefit from selfish behavior and be motivated to deviate from the protocol. Models based on traditional game theory only account for rational behavior and are therefore brittle: they handle the second class of selfish deviations, but may be vulnerable to arbitrary disruptions if even a single node is broken and deviates from expected rational behavior.

    The challenge in developing a solid foundation for constructing MAD services is then (at least) threefold: (1) to develop a model for MAD services in which it is possible to reason and prove properties of MAD services; (2) to understand how to simplify the development of MAD services under the new model, (3) to demonstrate that MAD services developed under this model can be practical by building and deploying useful applications.

    This tutorial reports on the initial progress that my colleagues---Mike Dahlin, Allen Clement, Harry Li, Jean-Phippe Martin, Jeff Napper, Edmund Wong---and I have made in addressing these issues:

    • It will introduce BAR, a new failure model named after the initial of the three classes of nodes (Byzantine, Altruistic, and Rational) that it explicitly considers. Byzantine nodes can deviate arbitrarily from their specification, even if doing so is against their interest. Altruistic nodes follow their specification faithfully, without consideration of their self interest. Rational nodes behave selfishly and deviate from a given protocol if doing so improves their own utility. We will discuss how BAR can be used to establish a formally sound foundation for modeling realistic MAD services.
    • It will present BAR-tolerant protocols for terminating reliable broadcast, state machine replication, and gossip-based multicast.
    • It will discuss the design and implementation of two BAR-tolerant peer-to-peer systems: BAR-B, a cooperative backup service, and FlightPath, a streaming media application. Both systems provably continue to maintain their properties despite the absence of altruistic peers.

    Do you know... How to analyze and share results from dependability evaluation experiments?
    Marco Vieira, Henrique Madeira

    Experimental dependability evaluation has been extensively used to evaluate specific fault tolerance mechanisms, validate robustness of software components, or to assess the general impact of faults in systems. However, two major aspects are typically difficult: 1) the analysis of the usually large amount of data produced, especially when the analysis is complex and 2) the comparison of results from different experiments or results of similar experiments across different systems. These problems are also common to other dependability evaluation techniques such as the ones based on simulation, or even to the analysis of field data on computer faults. In this tutorial we explore the use of data warehousing and OLAP (On-Line Analytical Processing) technologies to analyze the results from dependability evaluation experiments. The tutorial, intended for researchers working in experimental dependability evaluation, includes a demonstration of the use of these technologies in a concrete example of dependability evaluation experiment.


    Security patterns and secure systems design
    Eduardo B. Fernandez

    Analysis and design patterns are well established to build high-quality object-oriented software. Patterns combine experience and good practices to develop basic models that can be used for new designs. Security patterns join the extensive knowledge accumulated about security with the structure provided by patterns to provide guidelines for secure system design and evaluation. They are being adopted by companies such as IBM, Sun, and Microsoft. We show the anatomy of a security pattern, a variety of them, and their use in the construction of secure systems. These patterns include Authentication, Authorization, Role-Based Access Control, Firewalls, Web Services Security (XACML, SAML), and others. We apply these patterns through a secure system development method based on a hierarchical architecture whose layers define the scope of each security mechanism. The patterns are shown using UML models and some examples are taken from my book "Security Patterns: Integrating security and systems engineering" (Wiley 2006).