This document summarizes a seminar on achieving cost-effective software reliability through autonomic tuning of system resources. It discusses closed world systems which assume immutable environments and platforms. However, assumptions can clash with changing contexts over time. Open world software senses contexts and adapts assumptions. Examples given are adjusting redundancy and fault tolerance strategies like changing protocols or design patterns based on detected environmental conditions. Autonomic techniques like adaptive redundant data structures and normalized dissent in N-version programming are presented as ways to dynamically tune redundancy based on failure risk assessments. Simulations show such approaches improve reliability over static redundancy configurations.
Mixed Criticality Systems and Many-Core PlatformsAdaCore
An increasingly important trend in the design of real-time and embedded systems is the integration of components with different levels of criticality onto a common hardware platform. At the same time, these platforms are migrating from single cores to multi-cores and, in the future, manycore architectures. Criticality is a designation of the level of assurance against failure needed for a system component.
A mixed criticality system (MCS) is one that has two or more distinct levels (for example safety critical, mission critical and non-critical). Perhaps up to five levels may be identified (see, for example, the IEC 61508, DO-178B, DO-254 and ISO 26262 standards). In this talk some of the techniques being developed for MCS will be outlined, as will schemes by which the different assuance methods for each criticality level can be exploited to reduce resource usage.
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
Embedded Systems, Asset or Security Threat? (6 May 2014, (ICS)2 Secure Rotter...Jaap van Ekris
The focus of many information security methods are on office automation: protecting vulnerable data. When working in embedded software environments, the focus changes significantly to availability, and also the counter-measures against threats change dramatically. A major issue is that security will become an “IT problem” that industrial automation continues to ignore. In this presentation, the problem will be presented, as well as directions to embed security measures into the organisation.
Writing large error-free software is extremely challenging or even infeasible. In order to be able to assure critical security properties it is therefore necessary to decompose the system into small security critical subjects whose correctness has to be shown and other large uncritical parts which cannot endanger security. A separation kernel can be used to assure the independent execution of multiple subjects and the enforcement of pre-defined communication channels between subjects. The correctness of the separation kernel is therefore essential for overall security.
In this talk we describe the design and implementation of the Muen separation kernel which uses the SPARK language to enable light-weight formal methods for assurance. Besides a discussion of x86 virtualization, system integration, as well as present and planned verification we demonstrate how Muen enables the construction of high security systems on x86 hardware.
Mixed Criticality Systems and Many-Core PlatformsAdaCore
An increasingly important trend in the design of real-time and embedded systems is the integration of components with different levels of criticality onto a common hardware platform. At the same time, these platforms are migrating from single cores to multi-cores and, in the future, manycore architectures. Criticality is a designation of the level of assurance against failure needed for a system component.
A mixed criticality system (MCS) is one that has two or more distinct levels (for example safety critical, mission critical and non-critical). Perhaps up to five levels may be identified (see, for example, the IEC 61508, DO-178B, DO-254 and ISO 26262 standards). In this talk some of the techniques being developed for MCS will be outlined, as will schemes by which the different assuance methods for each criticality level can be exploited to reduce resource usage.
2011-05-02 - VU Amsterdam - Testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
Embedded Systems, Asset or Security Threat? (6 May 2014, (ICS)2 Secure Rotter...Jaap van Ekris
The focus of many information security methods are on office automation: protecting vulnerable data. When working in embedded software environments, the focus changes significantly to availability, and also the counter-measures against threats change dramatically. A major issue is that security will become an “IT problem” that industrial automation continues to ignore. In this presentation, the problem will be presented, as well as directions to embed security measures into the organisation.
Writing large error-free software is extremely challenging or even infeasible. In order to be able to assure critical security properties it is therefore necessary to decompose the system into small security critical subjects whose correctness has to be shown and other large uncritical parts which cannot endanger security. A separation kernel can be used to assure the independent execution of multiple subjects and the enforcement of pre-defined communication channels between subjects. The correctness of the separation kernel is therefore essential for overall security.
In this talk we describe the design and implementation of the Muen separation kernel which uses the SPARK language to enable light-weight formal methods for assurance. Besides a discussion of x86 virtualization, system integration, as well as present and planned verification we demonstrate how Muen enables the construction of high security systems on x86 hardware.
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)Jaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers..
A talk I gave about Meltdown and Specter to the Papers We Love SG meetup.
https://engineers.sg/v/2302
Meltdown Paper: https://meltdownattack.com/meltdown.pdf
Spectre Paper: https://spectreattack.com/spectre.pdf
2015 05-07 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers...
2016-04-28 - VU Amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Jaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers...
Exploiting Modern Microarchitectures: Meltdown, Spectre, and other Attacksinside-BigData.com
In this deck from the FOSDEM 2018 conference, Jon Masters from Red Hat presents: Exploiting modern microarchitectures Meltdown, Spectre, and other hardware attacks.
"Recently disclosed vulnerabilities against modern high performance computer microarchitectures known as 'Meltdown' and 'Spectre' are among an emerging wave of hardware-focused attacks. These include cache side-channel exploits against underlying shared resources, which arise as a result of common industry-wide performance optimizations. More broadly, attacks against hardware are entering a new phase of sophistication that will see more in the months ahead. This talk will describe several of these attacks, how they can be mitigated, and generally what we can do as an industry to bring performance without trading security."
Jon Masters is a Computer Architect at Red Hat, where he was tech lead for mitigation efforts against Meltdown and Spectre. Jon has worked closely with high performance microprocessor design teams for years on emerging alternative server platforms, and also currently leads the CCIX software working group helping to define high performance cache coherent interconnects for workload acceleration. Jon has been a Linux developer for 22 years, since beginning college at the age of 13, and has authored a number of books on Linux technology. He lives in Cambridge, MA, and will run his 11th marathon later this spring.
Watch the video: https://insidehpc.com/2018/02/exploiting-modern-microarchitectures-meltdown-spectre-attacks/
Learn more: https://fosdem.org/2018/
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
2017 03-10 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
Introduction to Reliability Evaluation Techniques –
Reliability Models for Hardware Redundancy –
Permanent faults only - Transient faults.
Introduction to clock synchronization –
A Non-Fault-Tolerant Synchronization Algorithm –
Fault-Tolerant Synchronization in Hardware –
Completely connected zero propagation time system –
Sparse interconnection zero propagation time system –
Fault tolerant analysis with Signal Propagation delays.
As the complexity of the scan algorithm is dependent on the number of design registers, large SoC scan
designs can no longer be verified in RTL simulation unless partitioned into smaller sub-blocks. This paper
proposes a methodology to decrease scan-chain verification time utilizing SCE-MI, a widely used
communication protocol for emulation, and an FPGA-based emulation platform. A high-level (SystemC)
testbench and FPGA synthesizable hardware transactor models are developed for the scan-chain ISCAS89
S400 benchmark circuit for high-speed communication between the host CPU workstation and the FPGA
emulator. The emulation results are compared to other verification methodologies (RTL Simulation,
Simulation Acceleration, and Transaction-based emulation), and found to be 82% faster than regular RTL
simulation. In addition, the emulation runs in the MHz speed range, allowing the incorporation of software
applications, drivers, and operating systems, as opposed to the Hz range in RTL simulation or submegahertz
range as accomplished in transaction-based emulation. In addition, the integration of scan
testing and acceleration/emulation platforms allows more complex DFT methods to be developed and
tested on a large scale system, decreasing the time to market for products.
xCORE products are designed from the ground up to solve problems that are beyond traditional microcontrollers:
- Multiple deterministic processor cores that can execute several tasks simultaneously and independently.
- External interfaces and peripherals are implemented in software – you choose the exact combination of interfaces you need.
- Perform static timing analysis and hardware-like simulations on your designs, using unique development tools that use the determinism of the architecture.
- Test on real hardware and collect real-time data from a running application.
The unparalleled responsiveness of the xCORE I/O ports is rooted in some fundamental features:
- Single cycle instruction execution
- No interrupts
- No cache
- Multiple cores allow concurrent independent task execution
- Hardware scheduler performs 'RTOS-like' functions
Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012TEST Huddle
EuroSTAR Software Testing Conference 2012 presentation on Innovations for Testing Parallel Software by Mike Bartley.
See more at: http://conference.eurostarsoftwaretesting.com/past-presentations/
Testing safety critical systems: Practice and Theory (14-05-2013, VU Amsterdam)Jaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers..
A talk I gave about Meltdown and Specter to the Papers We Love SG meetup.
https://engineers.sg/v/2302
Meltdown Paper: https://meltdownattack.com/meltdown.pdf
Spectre Paper: https://spectreattack.com/spectre.pdf
2015 05-07 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers...
2016-04-28 - VU Amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
Testing Safety Critical Systems (10-02-2014, VU amsterdam)Jaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers...
Exploiting Modern Microarchitectures: Meltdown, Spectre, and other Attacksinside-BigData.com
In this deck from the FOSDEM 2018 conference, Jon Masters from Red Hat presents: Exploiting modern microarchitectures Meltdown, Spectre, and other hardware attacks.
"Recently disclosed vulnerabilities against modern high performance computer microarchitectures known as 'Meltdown' and 'Spectre' are among an emerging wave of hardware-focused attacks. These include cache side-channel exploits against underlying shared resources, which arise as a result of common industry-wide performance optimizations. More broadly, attacks against hardware are entering a new phase of sophistication that will see more in the months ahead. This talk will describe several of these attacks, how they can be mitigated, and generally what we can do as an industry to bring performance without trading security."
Jon Masters is a Computer Architect at Red Hat, where he was tech lead for mitigation efforts against Meltdown and Spectre. Jon has worked closely with high performance microprocessor design teams for years on emerging alternative server platforms, and also currently leads the CCIX software working group helping to define high performance cache coherent interconnects for workload acceleration. Jon has been a Linux developer for 22 years, since beginning college at the age of 13, and has authored a number of books on Linux technology. He lives in Cambridge, MA, and will run his 11th marathon later this spring.
Watch the video: https://insidehpc.com/2018/02/exploiting-modern-microarchitectures-meltdown-spectre-attacks/
Learn more: https://fosdem.org/2018/
Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter
2017 03-10 - vu amsterdam - testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Validating safety critical systems, as well as the test approach used. It goes beyond the simple processes, and also talks about the required safety culture and people required. The presentation contains examples of real-life IEC 61508 SIL 4 systems used on stormsurge barriers.
Introduction to Reliability Evaluation Techniques –
Reliability Models for Hardware Redundancy –
Permanent faults only - Transient faults.
Introduction to clock synchronization –
A Non-Fault-Tolerant Synchronization Algorithm –
Fault-Tolerant Synchronization in Hardware –
Completely connected zero propagation time system –
Sparse interconnection zero propagation time system –
Fault tolerant analysis with Signal Propagation delays.
As the complexity of the scan algorithm is dependent on the number of design registers, large SoC scan
designs can no longer be verified in RTL simulation unless partitioned into smaller sub-blocks. This paper
proposes a methodology to decrease scan-chain verification time utilizing SCE-MI, a widely used
communication protocol for emulation, and an FPGA-based emulation platform. A high-level (SystemC)
testbench and FPGA synthesizable hardware transactor models are developed for the scan-chain ISCAS89
S400 benchmark circuit for high-speed communication between the host CPU workstation and the FPGA
emulator. The emulation results are compared to other verification methodologies (RTL Simulation,
Simulation Acceleration, and Transaction-based emulation), and found to be 82% faster than regular RTL
simulation. In addition, the emulation runs in the MHz speed range, allowing the incorporation of software
applications, drivers, and operating systems, as opposed to the Hz range in RTL simulation or submegahertz
range as accomplished in transaction-based emulation. In addition, the integration of scan
testing and acceleration/emulation platforms allows more complex DFT methods to be developed and
tested on a large scale system, decreasing the time to market for products.
xCORE products are designed from the ground up to solve problems that are beyond traditional microcontrollers:
- Multiple deterministic processor cores that can execute several tasks simultaneously and independently.
- External interfaces and peripherals are implemented in software – you choose the exact combination of interfaces you need.
- Perform static timing analysis and hardware-like simulations on your designs, using unique development tools that use the determinism of the architecture.
- Test on real hardware and collect real-time data from a running application.
The unparalleled responsiveness of the xCORE I/O ports is rooted in some fundamental features:
- Single cycle instruction execution
- No interrupts
- No cache
- Multiple cores allow concurrent independent task execution
- Hardware scheduler performs 'RTOS-like' functions
Mike Bartley - Innovations for Testing Parallel Software - EuroSTAR 2012TEST Huddle
EuroSTAR Software Testing Conference 2012 presentation on Innovations for Testing Parallel Software by Mike Bartley.
See more at: http://conference.eurostarsoftwaretesting.com/past-presentations/
5 Techniques to Achieve Functional Safety for Embedded SystemsAngela Hauber
Failures of safety-critical electronic systems can result in loss of life, substantial financial damage or severe harm to the environment.
Safe computer systems are typically used in avionics or railway applications requiring particularly high reliability. This also goes for the medical market, while industrial automation environments demand more and more functional safety as technology becomes readily available.
5 Techniques to Achieve Functional Safety for Embedded SystemsMEN Micro
Failures of safety-critical electronic systems can result in loss of life, substantial financial damage or severe harm to the environment.
Safe computer systems are typically used in avionics or railway applications requiring particularly high reliability. This also goes for the medical market, while industrial automation environments demand more and more functional safety as technology becomes readily available.
Failures of safety-critical electronic systems can result in loss of life, substantial financial damage or severe harm to the environment.
Safe computer systems are typically used in avionics or railway applications requiring particularly high reliability. This also goes for the medical market, while industrial automation environments demand more and more functional safety as technology becomes readily available.
Software Architecture: Introduction to the abstraction (May 2014_Split)Henry Muccini
This is an introductory presentation on Software Architecture that I made at the University of Split, in Croatia.
It shows what does it mean abstraction and why it is so important.
Crash course on data streaming (with examples using Apache Flink)Vincenzo Gulisano
These are the slides I used for a crash course (4 hours) on data streaming. It contains both theory / research aspects as well as examples based on Apache Flink (DataStream API)
Industrial Ethernet Facts - The 5 major technologiesStephane Potier
Following the overwhelming success of "Industrial Ethernet Facts" and taking into account continued development of the protocols, this overview of the key features of the various systems has been revised. This third edition is taking into account the feedback submit by the Industrial Ethernet community and has been extended with a new chapter about OPC UA.
2008-10-09 - Bits and Chips Conference - Embedded Systemen Architecture patternsJaap van Ekris
In the past, embedded software was intended to automate simple isolated tasks for dedicated purposes. However, there is a trend towards integrating embedded components into large networks which can perform complex tasks. Customers expect systems to be open and extensible, to prepare for future challenges. This introduces new challenges for embedded software engineers: the integration of components into larger integrated networks poses new demands upon component quality (how to prepare a component for all possible future assemblies) as well as an integrated system architecture viewpoint (how to construct a flexible but secure and reliable network).
In this presentation we show, based on practical examples, what the value of systematic thinking of software quality and systems architecture is in developing complex integrated embedded systems.
2010-03-31 - VU Amsterdam - Experiences testing safety critical systemsJaap van Ekris
Presentation about the steps required for Verifying and Vlaidating safety critical systems, as well as the test approach used. Contains examples of real-life IEC 61508 SIL 4 systems.
In the Fifties, Arnold Schönberg introduced a model for music composition that he called "Grundgestalt", the basic shape. In this seminar I show how I interpreted this concept as a generative music model that translates the orbits of dynamic systems into musical components. I also describe a family of experiments that led me to the creation of simple and not-so-simple musical compositions, which I call "my little Grundgestalten”. Excerpts from a selection of those compositions will be presented.
Models and Concepts for Socio-technical Complex Systems: Towards Fractal Soci...Vincenzo De Florio
We introduce fractal social organizations—a novel class of socio-technical complex systems characterized
by a distributed, bio-inspired, hierarchical architecture. Based on a same building block that is recursively
applied at different layers, said systems provide a homogeneous way to model collective behaviors of
different complexity and scale. Key concepts and principles are enunciated by means of a case study and a
simple formalism. As preliminary evidence of the adequacy of the assumptions underlying our systems here
we define and study an algebraic model for a simple class of social organizations. We show how despite its
generic formulation, geometric representations of said model exhibit the spontaneous emergence of complex
hierarchical and modular patterns characterized by structured addition of complexity and fractal nature—
which closely correspond to the distinctive architectural traits of our fractal social organizations. Some
reflections on the significance of these results and a view to the next steps of our research conclude this
contribution.
On the Role of Perception and Apperception in Ubiquitous and Pervasive Enviro...Vincenzo De Florio
Building on top of classic work on the perception of natural systems this paper addresses the role played by such quality in
environments where change is the rule rather than the exception. As in natural systems, perception in software systems takes two major forms: sensory perception and awareness (also known as apperception). For each of these forms we introduce semi-formal models that allow us to discuss and characterize perception and apperception failures in software systems evolving in environments subjected to rapid and sudden changes—such as those typical of ubiquitous and pervasive computing. Our models also provide us with two partial orders to compare such software systems with one another as well as with reference environments. When those
environments evolve or change, or when the software themselves evolve after their environments, the above partial orders may be used to compute new environmental fits and different strategic fits and gain insight on the degree of resilience achieved through the current adaptation steps.
Service-oriented Communities: A Novel Organizational Architecture for Smarter...Vincenzo De Florio
The seminar I shall present at Masaryk University in Brno on May 19, 2016. A video of this presentation is available at https://www.youtube.com/edit?video_id=Fu5kv0sFWG4
On codes, machines, and environments: reflections and experiencesVincenzo De Florio
Code explicitly refers to a reference machine and, implicitly, to a set of conditions often called the system model and the fault model.
If one wants to guarantee an agreed-upon quality of service, one needs to either make assumptions about those conditions or adapt to them.
In this lecture I present this problem and a number of solutions, both practical and theoretical, that I have devised in the course of my career.
Although the main accent is on programming languages, here I provide links and references to other approaches that operate at algorithmic- and system-level.
Tapping Into the Wells of Social Energy: A Case Study Based on Falls Identifi...Vincenzo De Florio
Are purely technological solutions the best answer we can get to the shortcomings our organizations are often experiencing today? The results we gathered in this work lead us to giving a negative answer to such question. Science and technology are powerful boosters, though when they are applied to the “local, static organization of an obsolete yesterday” they fail to translate in the solutions we need to our problems. Our stance here is that those boosters should be applied to novel, distributed, and dynamic models able to allow us to escape from the local minima our societies are currently locked in. One such model is simulated in this paper to demonstrate how it may be possible to tap into the vast basins of social energy of our human societies to realize ubiquitous computing sociotechnical services for the identification and timely response to falls.
Accompanying paper available at https://arxiv.org/abs/1508.06655
How Resilient Are Our Societies?Analyses, Models, Preliminary ResultsVincenzo De Florio
Traditional social organizations such as those for the management of healthcare and civil defense are the result of designs and realizations that matched well with an operational
context considerably different from the one we are experiencing today: A simpler world, characterized by a greater amount of resources to match less users producing lower peaks of requests.
The new context reveals all the fragility of our societies: unmanageability is just around the corner unless we do not complement the “old recipes” with smarter forms of social organization.
Here we analyze this problem and propose a refinement to our fractal social organizations as a model for resilient cyber-physical societies. Evidence to our claims is provided by simulating our model in terms of multi-agent systems.
This course teaches engineering students how to program in C. I gave this course for several years in the framework of the "Advanced Technology Higher Education Network" / SOCRATES program.
A framework for trustworthiness assessment based on fidelity in cyber and phy...Vincenzo De Florio
We introduce a method for the assessment of trust for n-open systems based on a measurement of fidelity and present a prototypic implementation of a complaint architecture. We construct a MAPE loop which monitors the compliance between corresponding figures of interest in cyber- and physical domains; derive measures of the system’s trustworthiness; and use them to plan and execute actions aiming at guaranteeing system safety and resilience. We conclude with a view on our future work.
Presented at ANTIFRAGILE'15
Companion paper available at http://www.sciencedirect.com/science/article/pii/S1877050915008923
A behavioural model for the discussion of resilience, elasticity, and antifra...Vincenzo De Florio
Resilience is one of those "general systems attributes" that appear to play a central role in several disciplines - including ecology, business, psychology, industrial safety, microeconomics, computer networks, security, management science, cybernetics, control theory, crisis and disaster management. Resilience thus seems to be "needed" everywhere; and yet, even in the framework of a same discipline, it is not easy to define it precisely and consensually. To add to the confusion, other terms such as elasticity, change tolerance, and antifragility, although clearly related to resilience, cannot be easily differentiated.
In this talk I tackle this problem by introducing a behavioural model of resilience. I interpret resilience as the property emerging from the interaction of the behaviours produced by two "players": a system and a hosting environment. The outcome of said interaction depends on both intrinsic and extrinsic factors, including the systemic "traits" of the system but also how the system's endowment matches the requirements expressed by the behaviours of the environment. I show how the behavioural approach provides a unifying framework within which it is possible to express coherent definitions for elasticity, change tolerance, and antifragility.
A Behavioral Interpretation of Resilience and AntifragilityVincenzo De Florio
In this presentation I discuss resilience and antifragility as behaviors resulting from the coupling of a system and its environment(s). Depending on the interactions between these two "ends" and on the quality of the individual behaviors that they may exercise, different strategies may be chosen: elasticity (change masking); entelechism (change tolerance); and antifragility (adapting to & learning from change). When the environment is very simple and only capable of so-called "random behavior", often the only effective strategy towards resilience is off-line dimensioning of redundancy as a result of a worst-case assessment of disturbances and/or threats. Much more complex and variegated is the case when both systems and environments are "intelligent" -- or at least able to exercise complex teleological and extrapolatory behaviors. In this case both system and ambient may choose among a variety of strategies in what could be regarded as a complex evolutionary game theory setting.
Community Resilience: Challenges, Requirements, and Organizational ModelsVincenzo De Florio
An important challenge for human societies is that of mastering the complexity of Community Resilience, namely “the sustained ability of a community to utilize available resources to respond to, withstand, and recover from adverse situations”. The above concise definition puts the accent on an important requirement: a community’s ability to
make use in an intelligent way of the available resources, both institutional and spontaneous, in order to match the complex evolution of the “significant multi-hazard threats characterizing a crisis”. Failing to address such requirement exposes a community to extensive failures that are known to exacerbate the consequences of natural and human-induced crises. As a consequence, we experience today an urgent need to respond to the challenges of community resilience engineering. This problem, some reflections, and preliminary prototypical contributions constitute
the topics of this presentation.
A companion article is available at https://dl.dropboxusercontent.com/u/67040428/Articles/serene14.pdf
On the Behavioral Interpretation of System-Environment Fit and Auto-ResilienceVincenzo De Florio
Already 71 years ago Rosenblueth, Wiener, and Bigelow introduced the concept of the “behavioristic study of natural events” and proposed a classification of systems according to the quality of the behaviors they are able to exercise. In this presentation we consider the problem of the resilience of a system when deployed in a changing environment, which we tackle by considering the behaviors both the system organs and the environment mutually exercise. We then introduce a partial order and a metric space for those behaviors, and we use them to define a behavioral interpretation of the concept of system-environment fit. Moreover we suggest that behaviors based on the extrapolation of future environmental requirements would allow systems to proactively improve their own system-environment fit and optimally evolve their resilience. Finally we describe how we plan to express a complex optimization strategy in terms of the concepts introduced in this presentation.
The paper accompanying this presentation is available at https://dl.dropboxusercontent.com/u/67040428/Articles/DF14b_Wiener21stA.pdf
Antifragility = Elasticity + Resilience + Machine Learning. Models and Algori...Vincenzo De Florio
Presentation for the ANTIFRAGILE 2014 workshop, https://sites.google.com/site/resilience2antifragile/
Abstract: We introduce a model of the fidelity of open systems—fidelity being interpreted here as the compliance between corresponding
figures of interest in two separate but communicating domains. A special case of fidelity is given by real-timeliness and synchrony,
in which the figure of interest is the physical and the system’s notion of time. Our model covers two orthogonal aspects of fidelity,
the first one focusing on a system’s steady state and the second one capturing that system’s dynamic and behavioral characteristics.
We discuss how the two aspects correspond respectively to elasticity and resilience and we highlight each aspect’s qualities and
limitations. Finally we sketch the elements of a new model coupling both of the first model’s aspects and complementing them
with machine learning. Finally, a conjecture is put forward that the new model may represent a first step towards compositional
criteria for antifragile systems.
Service-oriented Communities and Fractal Social Organizations - Models and co...Vincenzo De Florio
Presentation given by Vincenzo De Florio at the Ceremony for the handing of the 2013 Faculty Awards.
Keywords: Fractal social organizations; service oriented communities; mutual assistance communities
Seminarie Computernetwerken 2012-2013: Lecture I, 26-02-2013Vincenzo De Florio
Seminarie Computernetwerken is a course given at Universiteit Antwerpen, Belgium
A series of seminars focusing on various themes changing from year to year.
This year's themes are: resilience, behaviour, evolvability; in systems, networks, and organizations
In what follows we describe:
themes of the course
view to the seminars
rules of the game
TOWARDS PARSIMONIOUS RESOURCE ALLOCATION IN CONTEXT-AWARE N-VERSION PROGRAMMINGVincenzo De Florio
Adopting classic redundancy-based fault-tolerant schemes in
highly dynamic distributed computing systems does not
necessarily result in the anticipated improvement in
dependability. This primarily stems from statically predefined
redundancy configurations employed within many classic
dependability strategies, which as well known may negatively
impact the schemes' overall effectiveness. In this paper, a
novel dependability strategy is introduced encompassing
advanced redundancy management, aiming to autonomously
tune its internal configuration in function of disturbances
observed. Policies for parsimonious resource allocation are
presented thereafter, intent upon increasing the scheme's cost
effectiveness without breaching its availability objective. Our
experimentation suggests that the suggested solution can
achieve a substantial improvement in availability, compared
to traditional, static redundancy strategies, and that tuning the
adopted degree of redundancy to the actual observed
disturbances allows unnecessary resource expenditure to be
reduced, therefore enhancing cost-effectiveness.
A Formal Model and an Algorithm for Generating the Permutations of a MultisetVincenzo De Florio
This paper may be considered as a mathematical divertissement as well as a didactical tool for
undergraduate students in a universitary course on algorithms and computation. The well-known problem of
generating the permutations of a multiset of marks is considered. We define a formal model and an abstract
machine (an extended Turing machine). Then we write an algorithm to compute on that machine the successor
of a given permutation in the lexicographically ordered set of permutations of a multiset. Within the model we
analyze the algorithm, prove its correctness, and show that the algorithm solves the above problem. Then we
describe a slight modification of the algorithm and we analyze in which cases it may result in an improvement of
execution times.
This paper, the ideas in it, and its realization are the work of the first author only.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Cost-effective software reliability through autonomic tuning of system resources
1. IMEC Academy / SSET Seminar:
Cost-effective software reliability
through autonomic tuning
of system resources
Vincenzo De Florio
vincenzo.deflorio@ua.ac.be
3. Introduction – main actors in the play
Software reliability – an important,
elusive requirement
Redundancy – an effective way to
achieve reliability
Autonomic software evolution – a costeffective method to parameterize
reliability in software
4 May 2011
Imec academy
3
4. Part 1: Closed world systems
Key problem & a classic solution
Given an unreliable “channel,” how do we
use it reliably?
Common solution: redundancy + upper
bounds estimation
◦ Off-line analysis of the maximal disturbance
◦ Off-line dimensioning redundancy such that
any disturbance is tolerated
A closed world approach
4 May 2011
Imec academy
4
5. Closed world systems
Systems built on immutable hypotheses
regarding their deployment environments
& platforms
Context-agnostic , ataraxic systems
‘Virtual’ agents that operate irrespective of
any physical world property
◦ Time, temperature, humidity, user’s quality of
experience, attacks, …
4 May 2011
Imec academy
5
6. When does it make sense?
Whenever the designer has strong
confidence that assumptions will hold
Whenever there is
“strong and certified control” on
◦ The platform
◦ The environment
E.g. synchronous systems
4 May 2011
Imec academy
6
7. Example
I have a problem of interference, but
◦ I have full confidence on my platform and its
state
◦ I have “full control” on the environment:
◦ e.g., I can make sure that, during certain
critical operational stages, interference will
stay minimal
Do you recognize which case is this?
4 May 2011
Imec academy
7
8. “Please be advised that all electronic devices
must be switched off and remain switched off until further notice.”
“Most personal devices transmit a signal and all of them emit
electromagnetic waves which, in theory, could interfere with the
plane’s electronics.”
4 May 2011
Imec academy
8
9. There’s no full control as
fools’ control of course…
How can we make sure that passengers will
comply?
2. System & environment compliance
refers to the past
“…the deterioration of planes and advance
or decline of electronic devices over time
is the immeasurable factor that is never
taken into account by passengers”
Or companies! “A plane is designed to the
right specs, but nobody goes back and
checks if it is still robust.”
[p3air]
1.
4 May 2011
Imec academy
9
10. “Nobody goes back & checks again…”
Closed world systems are “frozen in time”
Their certification implicitly refers to a
scenario that may differ from the real one
◦ Ariane-5, Therac-25,…
◦ You can only rely on the fact that the
certification was valid yesterday
◦ Scenario = hw/sw/nw technologies, hci
4 May 2011
Imec academy
10
11. Conclusions part 1
Closed world systems:
“sitting ducks” to change!
“Frozen ducks,” actually
Service = Platform(t) + Environment(t)
Design sometimes results in systematic
assumptions hiding and “clashes”
4 May 2011
Imec academy
11
12. Part 2: Open-world Software
Other option: Open-world
Software that
◦ senses endogenous state & exogenous conditions
◦ makes use of gathered context to optimize its
behavior
Choices must be made of what to make
translucent and what to leave transparent
Certain events will be detected and treated,
some others won't
Basic feature: detection of
assumption vs. context clashes
4 May 2011
Imec academy
12
13. Two typical cases
Platform Assumption vs. Context Clashes
◦ PC
Environmental Clashes
◦ EC
4 May 2011
Imec academy
13
14. PC
Clashes related to our assumptions on
the platform
E.g.
◦ Memory chip technology
◦ Presence/absence of hw component
4 May 2011
Imec academy
14
15. PC in memory chips
Failure semantics may differ considerably
CMOS failures: mostly single bit errors
SDRAM failures: Single-Event Effects
◦ Single-event latchup loss of all data on chip
◦ Single-event upset soft errors
◦ Single-event functional interrupt device left in
either test mode, halt, or undefined state
Even from lot to lot error and failure rates
can vary more than one order of magnitude
[Lad02]
4 May 2011
Imec academy
15
16. PC in memory chips
Open-world systems may detect this
clash
E.g. Configure-like scripts that check
hypotheses at compile / deployment time
Exploiting hardware / OS support
[DF10]
4 May 2011
Imec academy
16
19. PC: 2nd case
Presence/absence of features
(MMU)? Access : Deny
– w/o MMU, memory faults may stay uncovered
Policies (e.g. for security issues)
– Standards, e.g. WS-Policy
20. Second class of clashes: EC
Re: assumptions on the environment
Two examples:
1. Choice of protocol
2. Choice of design pattern
4 May 2011
Imec academy
20
21. EC-1: choice of protocol
c: vi
s
...
...
...
...
…
…
• Client c invokes service vi to get an
object from server s
4 May 2011
Imec academy
21
22. EC-1: choice of protocol
c: vi
s
t
t
...
...
…
…
• vi uses transport protocol t to transfer
that object
• Nature & properties of t : unknown to c
4 May 2011
Imec academy
22
23. EC-1: a possible scenario
Appl.
Appl.
c
Appl.
Appl.
s
TCP
TCP
TCP
TCP
TCP
TCP
IP
IP
IP
IP
IP
IP
…
…
…
…
…
…
• One momentary disruption breaks
all TCP connections
4 May 2011
Imec academy
23
25. Clash EC-2: Choice of design pattern
•
•
Fault-tolerance design patterns can be
applied to reach higher reliability
Design choices include e.g.
– Redoing
(time redundancy scheme)
– Reconfiguration (design redundancy scheme)
•
Any choice implies an assumption
– Here: fault model assumption:
transient vs. permanent faults
Closed
world “hardwired” assumption
4 May 2011
Imec academy
25
26. EC-2
Hardwiring assumptions is hazard hiding
Experienced fault
Transient
Design
pattern
Permanent
Redoing
Reconfiguration
4 May 2011
Imec academy
26
28. Conclusions part 2
•
Depending on the context c(t), the chosen
assumptions:
– May be valid / invalid
– May clash with other assumptions.
•
Clashes software is bound to
– Experience failures
– Waste useful assets
Autonomic revision of assumptions in the
face / probability of a context clash
4 May 2011
Imec academy
28
29. Part 3: Autonomic Redundancy Management
Autonomic
assumptions failure avoidance
Context clash avoidance
One or (if time allows!) two examples
◦ Adaptively redundant data structures
◦ Adaptive N-version programming
4 May 2011
Imec academy
29
30. Redundant data structures
Goal: tolerate transient faults affecting
program memory
Method: transparent memory cells
replication + voting
[TaMB80]
– Writing to a redundant variable = writing to n
replicas [EC], located somewhere and
according to some strategy [PC]
– Reading from a redundant variable = reading
the n cells, performing majority voting
4 May 2011
Imec academy
30
31. Design & Contextual Redundancy
1.
2.
Design redundancy: our fixed choice
(e.g. , n=3 replicas)
Contextual redundancy: the “right choice”
at time t
◦ A model of the environment
Dynamic system cr(t)
◦ cr(34)=5 “5 replicas is what we need at t=34”
4 May 2011
Imec academy
31
33. Tackling EC in RDS
•
Dynamically redundant data structures
– Autonomic management of redundancy
– RDS where redundancy is not fixed once and
for all, but changes dynamically after cr(t)
How to estimate cr(t)?
Direct measurement or
indirect deduction
4 May 2011
Imec academy
33
35. Distance-to-failure
n (design redundancy) in function of dtof
• Under normal conditions, n=3
•
– System triplicates cells of redundant variables
– Up to one memory fault is tolerated
Under more critical situations, dtof decreases
amount of redundancy is automatically
adjusted
• Adjustment logic should select the ideal degree
of redundancy matching the current
disturbances
•
4 May 2011
Imec academy
35
36. Risk of failure
n(i) = redundancy at voting round i
= 2p(i)+1 (p(i)>0)
m(i) = card {replicas that agree after
voting round i }
1 ≤ m(i) ≤ n(i)
Then
(n(i) – m(i))/p(i) when m(i) > p(i)
risk(i) =
1
otherwise
Here, linear evolution (not very efficient)
4 May 2011
Imec academy
36
37. Evolution engine
Algorithm responsible for taking decisions
on how/when to adapt
In what follows, trivial example:
if risk(t-1) was high, then
redundancy redundancy + 2
if risk(t-1000 … t-1) were low, then
redundancy redundancy – 2
A static formulation!
4 May 2011
Imec academy
37
39. Simulations
scrambler + aRDS + reader
aRDS “protects” 20,000 4-byte variables
◦ Fixed allocation stride = 20
( no protection against PC in this case)
reader: round robin read accesses
Experiments record
◦ number of scrambled cells
◦ number of read failures
4 May 2011
Imec academy
39
45. A second case – aNVP
Generalization of DTOF:
Normalized dissent
4 May 2011
Imec academy
45
46. Normalized Dissent
Quantifies the detrimental impact of a
single version in NVP/MV composite
Two sub-models:
◦ Penalization mechanism: ND↑
“Fine” faulty replicas
Omission – performance – value response
failures
◦ Reward model: ND↓
Reward replicas behaving correctly
Weigh down i.f.o. time (absolution)
47. Conclusions
Open-world: in some cases, the only
option
Transparency vs. translucency: two
conflicting requirements
Mechanisms are needed to hide
complexity without hiding intelligence
E.g. via autonomic assumption failure
detection and treatment, or policies
[DF10]
4 May 2011
Imec academy
49
48. Next steps
•
•
•
Tuning the fault-tolerance design pattern
to the experienced fault class
Mechanisms to express and assert the
design time hypotheses about platform
and environment
Ultimate challenges:
– Intelligent management of the (dependability)
strategies
– Autonomic tuning of time and design
redundancy
– Resilience (robust evolution)
49. References
[TaMB80] David Taylor et al., “Redundancy in Data Structures:
Improving Software Fault Tolerance,” IEEE Trans. on Software
Engineering 6:6 (1980)
[p3air] http://www.p3air.com/2011/electronic-devices-caninterfere-with-aircraft-instrumnts-to-create-perfectstorm?wpmp_switcher=mobile
[HGS11] Joe Hoffert, Aniruddha Gokhale, and Douglas C.
Schmidt ,“Timely Autonomic Adaptation of Publish/Subscribe
Middleware in Dynamic Environments”, IJARAS Vol.2 No.4
(2011)
[GD11] N. Gui, V. De Florio, and C. Blondia,“Toward
Architecture-based Context-Aware Deployment and
Adaptation, Journal of Systems and Software, 84:2. Elsevier,
February 2011
[DF10] De Florio, V. : "Software Assumptions Failure
Tolerance: Role, Strategies, and Visions," chapter
in Architecting Dependable Systems, Vol. 7, LNCS Vol. 6420,
pp. 249-272. Springer, 2010.
4JMay 2011
Imec academy
51
50. Where to Get More information
•
•
•
•
•
•
•
•
K. Boulding (1956): “General Systems Theory – The Skeleton of Science”.
Management Science, 2(3).
V. De Florio (2009): “Application-layer Fault-tolerance Protocols”. Information
Science Reference, IGI-Global.
V. De Florio & C. Blondia (2010): “Adaptation and dependability and their key role in
modern software engineering”, International Journal of Adaptive, Resilient and
Autonomic Systems (IJARAS), 1(2).
C. Esposito & D. Cotroneo (2010): “Resilient and Timely Event Dissemination in
Publish/Subscribe Middleware”, IJARAS, 1(1).
N. Gui, V. De Florio, H. Sun & C. Blondia (2009): "ACCADA: A Framework for
Continuous Context-Aware Deployment and Adaptation," Proc. of 11th Int.l Symp.
on Stabilization, Safety, and Security of Distributed Systems, Lyon.
E. Hollnagel, D. Woods, N.G. Leveson (2006): “Resilience engineering: Concepts and
precepts”, Aldershot, UK.
J. Horning (1998): “ACM Fellow Profile”, ACM Software Eng. Notes 23(4).
N. G. Leveson (1995): “Safeware: Systems Safety and Computers”, Addison.
51. Where to Get More information:
www.igi-global.com/reference/details.asp?ID=32917