2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)最新文献

{"title":"Common Safety Method for Risk Evaluation and Assessment (CSM-RA) and Hazard Analysis Tutorial: Managing Effectively Significant Changes in a Railway System","authors":"Francisco Moreira, N. Silva","doi":"10.1109/DSN-W.2016.53","DOIUrl":"https://doi.org/10.1109/DSN-W.2016.53","url":null,"abstract":"Common Safety Method for Risk Evaluation andAssessment (CSM-RA) and Hazard Analysis Tutorial: Managing Effectively Significant Changes in a Railway System.","PeriodicalId":184154,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122158255","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Activating Protection and Exercising Recovery Against Large-Scale Outages on the Cloud","authors":"Long Wang, H. Ramasamy, R. Mahindru, R. Harper","doi":"10.1109/DSN-W.2016.55","DOIUrl":"https://doi.org/10.1109/DSN-W.2016.55","url":null,"abstract":"Cloud computing provides rapid provisioning, convenient deployment, and simplified management of computing resources and applications with pay-as-you-go pricing models [1]. As more and more workloads are created on the cloud or migrated to the cloud for economic and flexibility reasons, it is important for developers, users, and service providers alike to understand the challenges, opportunities, complexities, and benefits of building dependable systems and applications on the cloud. In this tutorial, we give participants first-hand experience in protecting and recovering against large-scale cloud outages, e.g., failure of an entire cloud site. The tutorial is organized as a full-day activity and is designed to be hands-on. The content is targeted towards a broad audience of users, developers, practitioners, and researchers in the area of cloud computing. The content level is beginner-to-intermediate, suited for anyone with an undergraduate background in computer science (or equivalent) and basic programming skills. In the theory part of the tutorial, we introduce terminology, concepts, and metrics for providing resiliency on a cloud platform. We catalog factors that make building resilient applications on the cloud easy in some cases and particularly complicated in other cases. We present a reference architecture and a standard set of use cases for resiliency on the cloud. The bulk of the tutorial focuses on educating the audience with a series of hands-on exercises. We use an example set of cloud requirements as the starting point, and then guide the participants through the process of creating a protection and recovery plan. The plan covers details such as how to prioritize different workloads based on their criticality during recovery, what protection and recovery technologies should be used, and whether they should be used at the server level or application level. During the hands-on exercises, participants form teams or work individually to access a pre-created cloud virtual infrastructure and applications hosted on the IBM Softlayer cloud [2], which is geographically distributed across multiple continents. Replication and recovery orchestration form the backbone of many cloud resiliency solutions. We guide the participants through the entire life cycle of a cloud resiliency solution: 1) activation of protection on a set of workloads, 2) recovery of protected workloads upon a large-scale outage, 3) failback of protected workloads from the recovery site to the original site upon restoration of the original site, and 4) test of the implemented protection and recovery solution to ensure the implementation conforms to the requirements. Using a real-world orchestration technology, participants activate protection against outages at multiple levels of the cloud stack, orchestrate recovery procedure for a simulated site-level outage, and orchestrate failback to the primary cloud site (simulating the reconstruction of that site). We perform exercis","PeriodicalId":184154,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)","volume":"206 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123266221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"An Uncrewed Aerial Vehicle Attack Scenario and Trustworthy Repair Architecture","authors":"Kate Highnam, K. Angstadt, Kevin Leach, Westley Weimer, Aaron M. Paulos, P. Hurley","doi":"10.1109/DSN-W.2016.63","DOIUrl":"https://doi.org/10.1109/DSN-W.2016.63","url":null,"abstract":"With the growing ubiquity of uncrewed aerial vehicles (UAVs), mitigating emergent threats in such systems has become increasingly important. In this short paper, we discuss an indicative class of UAVs and a potential attack scenario in which a benign UAV completing a mission can be compromised by a malicious attacker with an antenna and a commodity computer with open-source ground station software. We attest to the relevance of such a scenario for both enterprise and defense applications. We describe a system architecture for resiliency and trustworthiness in the face of these attacks. Our system is based on the quantitative assessment of trust from domain-specific telemetry data and the application of program repair techniques to UAV flight plans. We conclude with a discussion of restoring trust in post-repair UAV mission integrity.","PeriodicalId":184154,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116524608","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Evaluation of EEE Reliability Prediction Models for Space Applications","authors":"S. Bourbouse, J. Blanquart, J. Gajewski, C. Lahorgue","doi":"10.1109/DSN-W.2016.36","DOIUrl":"https://doi.org/10.1109/DSN-W.2016.36","url":null,"abstract":"The purpose of this paper is to report on a one-year study granted early 2015 by ESA/ESTEC to Airbus Defence and Space to identify and analyse the main reliability models available for evaluating the failure rate of each EEE component used in space systems, in order to assess their suitability in the space context for developing an improved reliability prediction approach.","PeriodicalId":184154,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130634095","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hierarchical Model and Sensitivity Analysis for a Cloud-Based VoD Streaming Service","authors":"J. Dantas, Rúbens de Souza Matos Júnior, J. Araujo, Danilo Oliveira, Andre Oliveira, P. Maciel","doi":"10.1109/DSN-W.2016.23","DOIUrl":"https://doi.org/10.1109/DSN-W.2016.23","url":null,"abstract":"Cloud computing environments provide storage capacity, processing power, and other computational resources in a flexible way, enabling fast adaptation to highly dynamic workloads. Multimedia services, such as video streaming, are examples of applications that can use cloud computing to leverage their provisioning capacity. This way, it is possible to offer a large variety of multimedia content in many formats, so the users will be able to watch videos as they wish, with a proper resolution and quality, according to his preferences and connection speed. Private infrastructures for Video on Demand (VoD) and live video streaming are especially useful for e-learning on large corporations, universities, and governments. Analytical models are effective tools to evaluate the availability of software, hardware, and other computational resources. In this paper, we study a VoD service hosted in a private cloud computing environment. We present availability models considering the VoD streaming server components that are necessary for viewers access. Hierarchical modeling techniques are used to deal with the complexity of representing such system. Sensitivity analysis is used to determine the parameters that cause greatest impact on the availability, identifying which components require attention when attempting to achieve increased availability in a system. The proposed models are useful for planning private cloud infrastructures for VoD services.","PeriodicalId":184154,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133197827","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Error Monitoring for Legacy Mission-Critical Systems","authors":"M. Cinque, Raffaele Della Corte, S. Russo","doi":"10.1109/DSN-W.2016.41","DOIUrl":"https://doi.org/10.1109/DSN-W.2016.41","url":null,"abstract":"Error data collected at runtime play a key role for dependability analysis and improvement of software systems. The use of monitoring frameworks for legacy mission-critical systems is hindered by limited intervention degree and low intrusiveness requirements. We present the design and experimentation of an error monitoring service for a legacy large-scale critical system in the Air Traffic Control (ATC) domain. We describe the details of the API realized to collect both direct data (event logs, execution traces) and indirect data (system resources' utilization). We present experiments with the ATC industrial case study, showing the efficacy of combining different data sources for error detection and propagation analysis, with an acceptable overhead at high monitoring rates for such a class of systems.","PeriodicalId":184154,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)","volume":"222 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133479838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"In-Vehicle Real-Time Fog Computing","authors":"H. Kopetz, S. Poledna","doi":"10.1109/DSN-W.2016.15","DOIUrl":"https://doi.org/10.1109/DSN-W.2016.15","url":null,"abstract":"Considering the technical advances and economicadvantages of integrated architectures and cloud computing we conjecture that the realization of a real-time cloud, called a fog that provides reliable electronic services with temporalguarantees on board a vehicle efficiently and flexibly will be thelogical next step in the development of an automotive electronic architecture. In this paper we introduce the concept of a time-triggered virtual machine (TTVM) that provides a precisely specified virtual interface between a real-time software component and its underlying hardware infrastructure. The flexible allocation of TTVMs on different node computers provides the means to implement fault-tolerance, evolution and on-line validation effectively in such a time-triggered distributed architecture. In this paper this new architecture and the associated design methodology are explained by referring to an example of a driver assistance system onboard a car.","PeriodicalId":184154,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132202743","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Use of Similarity Measure to Suggest the Existence of Duplicate User Stories in the Srum Process","authors":"R. Barbosa, A. E. Silva, Regina L. O. Moraes","doi":"10.1109/DSN-W.2016.27","DOIUrl":"https://doi.org/10.1109/DSN-W.2016.27","url":null,"abstract":"In the Scrum process, Product Backlog consists of a prioritized list of desired software functionalities recorded in the form of user stories. As the software product is developed, new functionalities are discovered and included in the Product Backlog. However, in large-scale projects, duplicate stories may arise because of the large number of generated stories, the lack of communication among team members, and due to the speed of development imposed by the Scrum process. In this case, it is important to detect such story as being duplicate, in order to avoid the rework of the software feature. This paper presents an approach that uses semantic similarity measures to suggest possible cases of duplication between user stories. This alert can help Product Owners and Scrum Masters in the decision about excluding duplicate user stories from the Product Backlog.","PeriodicalId":184154,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114443170","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Code Change History and Software Vulnerabilities","authors":"Marcus Pianco, B. Neto, Nuno Antunes","doi":"10.1109/DSN-W.2016.50","DOIUrl":"https://doi.org/10.1109/DSN-W.2016.50","url":null,"abstract":"Usually, the most critical modules of the system receive extra attention. But even these modules might be too large to be thoroughly inspected so it is useful to know where to apply the majority of the efforts. Thus, knowing which code changes are more prone to contain vulnerabilities may allow security experts to concentrate on a smaller subset of submitted code changes. In this paper we discuss the change history of functions and its impact on the existence of vulnerabilities. For this, we analyzed the commit history of two software projects widely exposed to attacks (Mozilla and Linux Kernel). Starting from security bugs, we analyzed more than 95k functions (with and without vulnerabilities), and systematized the changes in each function according to a subset of the patterns described in the Orthogonal Defects Classification. The results show that the frequency of changes can allow to distinguish functions more prone to have vulnerabilities.","PeriodicalId":184154,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128265239","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Ground Control to Major Faults: Towards a Fault Tolerant and Adaptive SDN Control Network","authors":"Liron Schiff, S. Schmid, M. Canini","doi":"10.1109/DSN-W.2016.48","DOIUrl":"https://doi.org/10.1109/DSN-W.2016.48","url":null,"abstract":"To provide high availability and fault-tolerance, SDN control planes should be distributed. However, distributed control planes are challenging to design and bootstrap, especially if to be done in-band, without dedicated control network, and without relying on legacy protocols. This paper promotes a distributed systems approach to build and maintain connectivity between a distributed control plane and the data plane. In particular, we make the case for a self-stabilizing distributed control plane, where from any initial configuration, controllers self-organize, and quickly establish a communication channel among themselves. Given the resulting managed control plane, arbitrary network services can be implemented on top. This paper presents a model for the design of such self-stabilizing control planes, and identifies fundamental challenges. Subsequently, we present techniques which can be used to solve these challenges, and implement a plug & play distributed control plane which supports automatic topology discovery and management, as well as flexible controller membership: controllers can be added and removed dynamically. Interestingly, we argue that our approach can readily be implemented in today's OpenFlow protocol. Moreover, our approach comes with interesting security features.","PeriodicalId":184154,"journal":{"name":"2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (DSN-W)","volume":"452 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133775903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}