Abstract. Availability is an important security property for Internet services and a key ingredient of most service level agreements. It can be compromised by distributed Denial of Service (DoS) attacks. In this work we propose a formal pattern-based approach to study defense mechanisms against DoS attacks. We enhance pattern descriptions with formal models that allow the designer to give guarantees on the behavior of the proposed solution. The underlying executable specification formalism we use is the rewriting logic language Maude and its real-time and probabilistic extensions. We introduce the notion of stable availability, which means that with very high probability service quality remains very close to a threshold, regardless of how bad the DoS attack can get. Then we present two formal patterns which can serve as defenses against DoS attacks: the Adaptive Selective Verification (ASV) pattern, which enhances a communication protocol with a defense mechanism, and the Server Replicator (SR) pattern, which provisions additional resources on demand. However, ASV achieves availability without stability, and SR cannot achieve stable availability at a reasonable cost. As a main result we show, by statistical model checking with the PVeStA tool, that the composition of both patterns yields a new improved pattern which guarantees stable availability at a reasonable cost.
Software reuse is a challenging and multifaceted topic. Significant research effort has been spent to address technical and organizational aspects. However, adoption of proposed practices and novel approaches often proceeds slowly. Additionally, little is known on how reuse is currently effected in practice and which solutions have proven useful. This paper aims to shed light on the matter by studying the current practice of reuse at Google. We conduct an exploratory study with a total of 49 participants of which 39 answered our online questionnaire and 10 participated in our 1h interviews. We assess reuse practices, success factors and challenges and collect ideas for improvement.We distill our findings to provide practitioners with examples of scalable reuse practices and detail on prerequisites required to implement/tailor a similar reuse approach. Furthermore, we point out open issues to support researchers and practitioners alike to align their efforts for developing solutions.
The development of highly distributed Systems of Systems (SoS) poses a big challenge on the whole development process of such systems. Especially in Requirements Engineering, one has to cope with the resulting variety of stakeholders and their multitude of different and possibly contradictory goals. This is challenging for requirements elicitation, documentation, and management, especially with regard to communication and consistency.One promising means to this challenge is to use an artefactoriented requirements engineering approach that puts emphasis on artefacts and dependencies rather than dictating processes and methods for creating the artefacts.In this paper, we present a content model that facilitates collaboration between stakeholders from 30 companies in the research project ARAMiS and is used on a SoS; more specifically, on a so-called Cyber-Physical System that spans a variety of application domains. The content model was elaborated iteratively on the basis of models from preliminary work and in discussion with partner representatives. It is now under evaluation by the 30 project partners, so we present a preview of the evaluation.
Abstract. In this paper we propose the so-called composite actor model for specifying composed entities such as the Internet. This model extends the actor model of concurrent computation so that it follows the "Reflective Russian Dolls" pattern and supports an arbitrary hierarchical composition of entities. To enable statistical model checking we introduce a new scheduling approach for composite actor models which guarantees the absence of unquantified nondeterminism. The underlying executable specification formalism we use is the rewriting logic-based semantic framework Maude, its probabilistic extension PMaude, and the statistical model checker PVeStA. We formalize a model transformation which-given certain formal requirements-generates a scheduled specification. We prove the correctness of the scheduling approach and the soundness of the transformation by introducing the notions of strong zero-time rule confluence and time-passing bisimulation and by showing that the transformation is a time-passing bisimulation for strongly zero-time rule confluent composite actor specifications.
Non-functional requirements (NFRs) are commonly distinguished from functional requirements by differentiating how the system shall do something in contrast to what the system shall do. This distinction is not only prevalent in research, but also influences how requirements are handled in practice. NFRs are usually documented separately from functional requirements, without quantitative measures, and with relatively vague descriptions. As a result, they remain difficult to analyze and test. Several authors argue, however, that many so-called NFRs actually describe behavioral properties and may be treated the same way as functional requirements. In this paper, we empirically investigate this point of view and aim to increase our understanding on the nature of NFRs addressing system properties. We report on the classification of 530 NFRs extracted from 11 industrial requirements specifications and analyze to which extent these NFRs describe system behavior. Our results suggest that most "non-functional" requirements are not non-functional as they describe behavior of a system. Consequently, we argue that many so-called NFRs can be handled similarly to functional requirements.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.