Xuegang Lin,Rongsheng Xu,Miaoliang Zhu

DOI: https://doi.org/10.1007/11596981_59

2005-01-01

Abstract:Survivability should be considered beyond security for networked information systems, which emphasizes the ability of continuing providing services timely in malicious environment. As an open complex system, networked information system is presented by a service-oriented hierarchical structure, and fault scenarios are thought of as stimulations that environment impact on systems while changes of system services’ performance as system reaction. Survivability test is done according to a test scheme which is composed of events, atomic missions, fault scenarios and services. Survivability is computed layer by layer based on the result of survivability test through three specifications (resistance, recognition and recovery). This computation method is more practicable than traditional state-based method for it converts direct defining system states and computing state transition into a layered computation process.

Shengwei An,Xiaoxing Ma,Chun Cao,Ping Yu,Chang Xu

DOI: https://doi.org/10.1109/QRS.2015.33

2015-01-01

Abstract:Dynamic Software Update (DSU) is a technique to upgrade running programs without shutting them down. DSU can improve system availability and maintenance flexibility. However, its adoption in practice is still limited due to the risk of system misbehavior that careless DSU may bring. To reduce this risk we propose a formal framework for the specification and verification of DSU. Different from previous approaches where DSU is described from the viewpoint of program's internal state transitions, our framework focuses on program's external behavior and its effect on its environment. This more abstract view avoids over specification of DSU and allows for better DSU flexibility. Based on this framework, we also devise a mechanism that automatically synthesizes runtime monitors to improve DSU timeliness without compromising its safety.

Andrew Colarik,Clark Thomborson,Lech Janczewski

DOI: https://doi.org/10.1007/1-4020-8145-6_5

2004-01-01

Abstract:Software fixes, patches and updates are issued periodically to extend the functional life cycle of software products. In order to facilitate the prompt notification, delivery, and installation of updates, the software industry has responded with update and patch management systems. Because of the proprietary nature of these systems, improvement efforts by academic researchers are greatly restricted. One solution to increasing our understanding of the underlying components and processes is architectural recovery. One contribution to recreating an architecture is the examination of design specification literature, such as patents. If a sizeable amount of similar and hopefully diverse patents can be examined, then some general conclusions about the components and processes of existing systems may be formulated. In this paper, we present an analytic framework consisting of a five-phase protocol taxonomy based on thirty-three software-based update and patch management system patents and patent applications. Furthermore, we present a decomposition of the security design provisions contained within the patent literature, and provide some general trends derived from the data. We suggest that this research may be used to improve the security services aspect of update and patch management system products.

Gang Chen,Hai Jin,Deqing Zou,Zhenkai Liang,Bing,Hao Wang

DOI: https://doi.org/10.1109/tpds.2015.2430854

IF: 5.3

2016-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Dynamic software updating (DSU) enables a program to be patched on the fly without being shutdown. This paper addresses the practicality problem of the recent research on DSU systems, and presents Replus, a new DSU system that balances practicality and functionality. Replus aims to retain backward binary compatibility and support multi-threaded programs. In addition, it does not require customers to have developer-level software knowledge. More importantly, without specific compiler support, Replus can patch programs that are difficult to be updated at runtime, as well as programs that may incur an indefinite delay in DSU. The key technique of our solution is to update the stack elements for the patched program using two new mechanisms: Immediate Stack Updating, which immediately updates the stack of a thread, and timely stack updating, which only updates the stack frames of the necessary functions without affecting others. Replus also develops an Instruction Level Updating mechanism, which is more efficient for certain security patches. We used popular server applications as test suites to evaluate the effectiveness of Replus. The experimental results demonstrated that Replus can successfully update all the test suites with negligible impact on application performance.

S. Esser,A. Borrmann

DOI: https://doi.org/10.1201/9781003191476-8

2021-07-22

Abstract:The application of suitable data structures is an essential aspect for novel digital workflows in engineering and design processes of the Architectural, Engineering, and Construction (AEC) industry. Since model-based data exchange gets increasingly adopted by the industry, feasible and more effective methods must be considered to improve data exchange in the future. While the concept of federated model integration and container-based collaboration as demanded by ISO19650 is well established and widely adopted, it shows a number of deficiencies, in particular when it comes to consistency preservation across the domain models and the handling of design updates. Current practice relies on the exchange of complete domain models which requires the manual identification of design changes by all other stakeholders. Consistency is checked merely by collision detection, which however can cover only geometric aspects. To overcome these limitations, this paper proposes a comprehensive system architecture as well as techniques to identify updates in models and federate such update information by means of update patches. To this end, specific focus is put on possible mechanisms to detect changes and to integrate update patches in the receiving application.

HUANG Chong-de,PENG Xin,ZHAO Wen-yun

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.10.027

2007-01-01

Abstract:With the requirements of continuous service in mission and safety critical software applications,shutdown and restart system during software upgrade are unacceptable.Dynamic update with foundation of runtime software evolution becomes a way to solve these problems.But as the variety of component style,ability,and communicating protocols,component substitute may encounter incompatibility.And force updating without adaptation may endanger the stability and correctness of current system.This paper focuses the behaviors of component,uses the architecture description language based on Wright,and uses the description method based on CSP,to describe the behaviors between components,to analyze the difference of behaviors before update.Be sure that the new component behaviors satisfy the system's requirements.And this mechanism ensures the correctness and security of dynamic update,and enhances the self-adaptability of system evolution.

Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Sébastien Martinez,Christophe Gransart,Olivier Stienne,Virginie Deniau,Philippe Bon

DOI: https://doi.org/10.3897/jucs.66857

2022-01-28

Abstract:Because stopping a service to apply updates raises issues, Dynamic Software Updating studies the application of updates on programs without disrupting the services they provide. This is acheived using specific mechanisms operating updating tasks such as the modification of the program state. To acheive transparency, Dynamic Software Updating systems use pre-selected and pre-configured mechanisms. Developers provide patches that are transparently converted to dynamic updates. The cost of such transparency is often that applied patches cannot modify the general semantic of the updated program. Allowing dynamic modification of the general semantic of a running program is rarely considered. In the context of protection of communications between moving vehicles and uncontrolled infrastructure, SoREn (Security REconfigurable Engine) is designed to be dynamically reconfigurable. Its semantics can transparently be modified at runtime to change the security policy it enforces. Administrators can supply new policies to trigger a reconfiguration, without developing new components. This paper details and discusses the design of SoREn, its meta-model linked to cybersecurity business concepts and its automatic reconfiguration calculator allowing transparent application of reconfigurations.

Tun Lu,Ning Gu

DOI: https://doi.org/10.1109/TASE.2007.48

2007-01-01

Abstract:Service-oriented computing (SOC) emerging as a new computing diagram that supports the rapid and low-cost development of distributed applications by composing platform-independent, coarse-grained and loosely coupled services. With the prevalence of service-oriented system, how to build survivable applications in the immature research field of service-oriented system engineering (SOSE) has become a big challenge. An approach of configuration management based on service dependency is presented in this paper to analyze and optimize the survivability of applications. Three dimensions, i.e. distance, strength and criticality, are defined to describe the survivability of service dependency. A directed acyclic graph called weighted system configuration graph (WSCG) is proposed to model the survivability of an application, where each direct dependency between two services is assigned a weight which is calculated based on the three dimensions. Then we give an algorithm in WSCG to obtain the maximal survivability system configuration from redundant service configurations. The mobile video conference (MVC) scenario is illustrated to show the effectiveness and the soundness of our approach and algorithms. At last, the conclusion is drawn with future work given.

Jun Shen,Rida A. Bazzi

DOI: https://doi.org/10.48550/arXiv.1503.07235

2015-03-24

Software Engineering

Abstract:We study the dynamic software update problem for programs interacting with an environment that is not necessarily updated. We argue that such updates should be backward compatible. We propose a general definition of backward compatibility and cases of backward compatible program update. Based on our detailed study of real world program evolution, we propose classes of backward compatible update for interactive programs, which are included at an average of 32% of all studied program changes. The definitions of update classes are parameterized by our novel framework of program equivalence, which generalizes existing results on program equivalence to non-terminating executions. Our study of backward compatible updates is based on a typed extension of W language.

Tianxiao Gu,Zelin Zhao,Xiaoxing Ma,Chang Xu,Chun Cao,Jian Lu

DOI: https://doi.org/10.1109/apsec.2016.044

2016-01-01

Abstract:Dynamic software updating (DSU) is a technique that can update running software systems without stopping them. Most existing approaches require programmer participation to guarantee the correctness of dynamic updating. However, manually preparing dynamic updating is error-prone and time-consuming. Therefore, other approaches prefer to aggressively perform updating without programmer intervention, which may definitely lead to unanticipated runtime errors. To reduce human effort and enhance the reliability for dynamic updating, we leverage automatic runtime recovery (ARR) techniques to recover runtime errors caused by improper dynamic updating. This paper presents ADSU, a fully automatic DSU system using ARR. We evaluate ADSU with real updates from widely used open source software systems, i.e., Apache Tomcat, Apache FTP Server and jEdit. The preliminary results have shown that ADSU succeeds in automatically applying 11 of 16 real-world updates that existing counterparts cannot.

David Escorial Rico,Mark Hann

DOI: https://doi.org/10.48550/arXiv.1608.06133

2016-08-22

Abstract:Software components for on-board architectures in the space domain are increasingly reliant on Commercial Off-The-Shelf (COTS), Open Source (OSS) or other third party software products. However, these software components often have not been built with mission critical requirements in mind. Development project teams incorporating these products have limited knowledge of or control over the processes applied during the design, implementation, testing and maintenance of selected COTS/OSS software products. These constraints generate uncertainty of potential software induced failures. Moreover, the lack of information regarding security vulnerabilities increases the risks of their usage, since their exploitation might lead to undesired behaviour of the software and therefore to a system failure. The purpose of this paper is to present a combined approach that takes into account reliability and security enhancements for third party software, based on Time-Space Partitioning and Multiple Levels of Security.

Software Engineering

Ping LV,Qinrang LIU,Jiangxing WU,Hongchang CHEN,Jianliang SHEN

DOI: https://doi.org/10.1360/n112017-00204

2018-01-01

Scientia Sinica Informationis

Abstract:Architecture plays an important role in information systems.It not only determines the function and performance of a system, but the system efficiency and security as well.Therefore, the architecture directly determines the advanced nature of an information system.On the basis of introducing the concept of architecture, this paper summarizes the development of architecture, and points out that the rigidity of architecture is the essential reason behind why current information systems cannot tradeoff between flexibility and high efficiency.A new generation of software-defined architecture, which is characterized by software-defined interconnections and software-defined nodes, is proposed.Three typical systems, Web service, password recovery and image recognition, are realized based on a software-defined architecture.Compared with the traditional general systems, the comparison tests show that the performance of the software-defined architecture system increased by 29.4 to 344.5 times, and the efficiency increased by 13.7 to 315.4 times, which demonstrates the high flexibility and high efficiency of software-defined architecture.

Tevfik Bultan,Coral Calero,Alessandro Marchetto,Mª Ángeles Moraga,Andrea Trentini,Silvia Abrahão,Carlo Bellettini,Cornelia Boldyreff,Cristina Cachero,Oscar Díaz,Howard Foster,Marcela Genero,Tiziana Margaria,Sandro Morasca,Mario Piattini,Marco Pistore,Lori Pollock,Antonio Vallecillo,Tao Xie,Andrea Zisman

2007-01-01

Abstract:Services and service-based applications enable new design practice. Many service-based applications are intrinsically multi-vendor, multi-platform, quickly evolving and changing to adapt to modifications in requirements, environmental conditions and user needs. Users and developers have little or no control on the whole code: different vendors can independently update services embedded in applications maintained by other parties, and applications can dynamically select alternative services to better meet the required quality of service [1]. Classic maintenance cycles that require expensive test and debugging activities, and that interrupt system operation to identify and remove faults, and check for the validity of updates and new functionality, may not work for service-based applications due to cost and time constraints. If for example an application fails in completing a transaction, suspending the application to diagnose and remove the fault can avoid future failures, but will not satisfy current users. In this new scenario, classic test and debugging techniques may not suffice anymore, since many of them do not adequately cope with evolving requirements, lack of access to source code, dynamically reconfiguring applications and environment dependent behaviors. Emerging results in autonomic and self-managed software systems may address many of the problems that characterize service-based applications. Although the terminology is not standardized yet, and some terms are overloaded, autonomic or self-managed refer to software systems that can identify problems, diagnose, and fix faults without human intervention.[4]. A self-mananged …

Kin Cheong Sou,Henrik Sandberg

2023-07-23

Abstract:In response to newly found security vulnerabilities, or as part of a moving target defense, a fast and safe control software update scheme for networked control systems is highly desirable. We here develop such a scheme for intelligent electronic devices (IEDs) in power distribution systems, which is a solution to the so-called software update rollout problem. This problem seeks to minimize the makespan of the software rollout, while guaranteeing safety in voltage and current at all buses and lines despite possible worst-case update failure where malfunctioning IEDs may inject harmful amounts of power into the system. Based on the nonlinear DistFlow equations, we derive linear relations relating software update decisions to the worst-case voltages and currents, leading to a decision model both tractable and more accurate than previous models based on the popular linearized DistFlow equations. Under reasonable protection assumptions, the rollout problem can be formulated as a vector bin packing problem and instances can be built and solved using scalable computations. Using realistic benchmarks including one with 10,476 buses, we demonstrate that the proposed method can generate safe and effective rollout schedules in real-time.

Systems and Control,Optimization and Control

Yingqiang Wang,Wei Han,ZhaoHua Nian

DOI: https://doi.org/10.1145/3403746.3403915

2020-01-01

Abstract:With the rapid development and construction of domestic remote sensing satellite ground systems, the traditional architecture is no longer able to meet the needs of future development. At the same time, technicians are also spending a lot of time when upgrading and maintaining. Widespread application of microservice architecture in recent years has provided a technological approach that can meet the requirements of rapid development, iterative upgrades and flexible deployment. This paper designs a satellite ground management system based on the microservice architecture, focusing on the overall architecture design and application system design based on this new architecture. The results show that the satellite ground management system based on the microservice architecture can have good availability and reliability, reducing the coupling degree of the system, can also meet the new business requirements of high availability, high concurrency, high fault tolerance, and good scalability.

Junrong Shen,Xi Sun,Gang Huang,Wenpin Jiao,Yanchun Sun,Hong Mei

DOI: https://doi.org/10.1145/1081706.1081720

2005-01-01

ACM SIGSOFT Software Engineering Notes

Abstract:The continuous requirements of evolving a delivered software system and the rising cost of shutting down a running software system are forcing researchers and practitioners to find ways of updating software as it runs. Dynamic update is a kind of software evolution that updates a running program without interruption. This paper covers the fundamental issues of the mechanisms of dynamic update theoretically. Based on a similarity analysis of many typical approaches to dynamic update during the past decades, we propose a unified formal model (namely, Dynamic Update Connector) to specify mechanisms of updating an architectural component, and reason about its properties. The model borrows the concept of connectors from software architecture community and is specified using process algebra CSP. We also demonstrate the applications of our DUC model.

Zelin Zhao,Xiaoxing Ma,Chang Xu,Wenhua Yang

2004-01-01

Abstract:Due to the demand for bugs fixing and features enhancements, developers inevitably need to update in-use software systems. Instead of shutting down a running software before updating, it is often desirable and sometimes mandatory to patch the running software system on the fly, with a mechanism generally referred as dynamic software updating (DSU). Practical DSU strategies often require manual specification of update points in the program for performing dynamic updates. At these points DSU systems will update the program code, and also migrate the program state to the new version program (using state transformer functions). However, finding appropriate update points is non-trivial because the choice of update points has great influence on two competing factors: the timeliness of DSU and the complexity of state transformer functions; and to strike a good balance between them requires a deep understanding of both versions of the program. In this paper, we propose a technique that automates the recommendation of update points. We carried out a preliminary study about the feasibility and effectiveness of this technique. By conducting a set of experiments based on an actual DSU case, we found that our technique is automatic, wide-covered and efficient.

Shuqiao Zhou,Duo Li,Chao Guo,Fan Chen,Xiaojin Huang

DOI: https://doi.org/10.1115/icone29-90717

2022-01-01

Abstract:Abstract Digital instrumentation and control (I&C) systems are widely used in many industrial areas. In the recent years, the digitalization process for nuclear power plants has also been moving on rapidly. Full digitalized I&C systems are now adopted in almost all new constructed nuclear power plants. Moreover, for the advanced small modular reactors, both the high reliability and extendibility of I&C systems are especially required. The original architecture, which usually consists of centralized control cabinets and severs, of I&C systems cannot adequately provide the required extendibility. A novel hardware architecture of distributed control system aiming to enhance the reliability and extensibility was proposed and presented in the 26th International Conference on Nuclear Engineering (ICONE26). In this paper, we further focus on the considerations about the software design of this novel decentralized architecture. The hardware entities and their characters related to the software design are first introduced. Then the key considerations, including the design objective and software framework are described. Moreover, the related algorithms regarding the coordinate node selection and task assignment are proposed and demonstrated. At last the analysis about the software for the decentralized architecture are provided. The previously proposed decentralized architecture becomes feasible based on the software design introduced in this paper.

Alexandru Radovici,Ioana Culic,Daniel Rosner,Flavia Oprea

DOI: https://doi.org/10.3390/s20164393

IF: 3.9

2020-08-06

Sensors

Abstract:Internet of Things (IoT) systems deployments are becoming both ubiquitous and business critical in numerous business verticals, both for process automation and data-driven decision-making based on distributed sensors networks. Beneath the simplicity offered by these solutions, we usually find complex, multi-layer architectures—from hardware sensors up to data analytics systems. These rely heavily on software running on the on-location gateway devices designed to bridge the communication between the sensors and the cloud. This will generally require updates and improvements—raising deployment and maintenance challenges. Especially for large scale commercial solutions, a secure and fail-safe updating system becomes crucial for a successful IoT deployment. This paper explores the specific challenges for infrastructures dedicated to remote application deployment and management, addresses the management challenges related to IoT sensors systems, and proposes a mathematical model and a methodology for tackling this. To test the model’s efficiency, we implemented it as a software infrastructure system for complete commercial IoT products. As proof, we present the deployment of 100 smart soda dispensing machines in three locations. Each machine relies on sensors monitoring its status and on gateways controlling its behaviour, each receiving 133 different remote software updates through our solution. In addition, 80% of the machines ran non-interrupted for 250 days, with 20% failing due to external factors; out of the 80%, 30% experienced temporary update failures due to reduced hardware capabilities and the system successfully performed automatic rollback of the system, thus recovering in 100% of the temporary failures.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation