%
% GENERATED FROM http://acme.able.cs.cmu.edu
% by : anonymous
% IP : 216.73.216.80
% at : Wed, 16 Jul 2025 15:19:54 -0400 GMT
%
% Selection : Author: Bradley_Schmerl
%
@Article{DiscoTectTSE,
AUTHOR = {Schmerl, Bradley and Aldrich, Jonathan and Garlan, David and Kazman, Rick and Yan, Hong},
TITLE = {Discovering Architectures from Running Systems},
YEAR = {2006},
MONTH = {July},
JOURNAL = {IEEE Transactions on Software Engineering},
VOLUME = {32},
NUMBER = {7},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/discotect-tse.pdf},
ABSTRACT = {One of the challenging problems for software developers is guaranteeing that a system as built is consistent with its architectural design. In this paper, we describe a technique that uses runtime observations about an executing system to construct an architectural view of the system. In this technique, we develop mappings that exploit regularities in system implementation and architectural style. These mappings describe how low-level system events can be interpreted as more abstract architectural operations and are formally defined using Colored Petri Nets. In this paper, we describe a system, called DiscoTect, that uses these mappings and we introduce the DiscoSTEP mapping language and its formal definition. Two case studies showing the application of DiscoTect suggest that the tool is practical to apply to legacy systems and can dynamically verify conformance to a preexisting architectural specification.},
NOTE = {Also available from IEEE. Appendix A, Appendix B},
KEYWORDS = {DiscoTect, Rainbow, Self-Repair, Software Architecture}
}
@InProceedings{Garlan2006,
AUTHOR = {Garlan, David and Schmerl, Bradley},
TITLE = {An Architecture for Personal Cognitive Assistance},
YEAR = {2006},
MONTH = {5-7 July},
BOOKTITLE = {18th International Conference on Software Engineering and Knowledge Engineering},
ADDRESS = {San Francisco Bay, USA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/seke06.pdf},
ABSTRACT = {Current desktop environments provide weak support for carrying out complex user-oriented tasks. Although individual applications are becoming increasingly sophisticated and featurerich, users must map their high-level goals to the low-level operational vocabulary of applications, and deal with a myriad of routine tasks (such as keeping up with email, keeping calendars and web sites up-to-date, etc.). An alternative vision is that of a personal cognitive assistant. Like a good secretary, such an assistant would help users accomplish their high-level goals, coordinating the use of multiple applications, automatically handling routine tasks, and, most importantly, adapting to the individual needs of a user over time. In this paper we describe the architecture and its implementation for a personal cognitive assistant called RADAR. Key features include (a) extensibility through the use of a plug-in agent architecture (b) transparent integration with legacy applications and data of today?s desktop environments, and (c) extensive use of learning so that the environment adapts to the individual user over time.},
KEYWORDS = {Personal Assistance, RADAR, Software Architecture}
}
@Article{Poladian2006,
AUTHOR = {Sousa, Jo\~{a}o and Poladian, Vahe and Garlan, David and Schmerl, Bradley and Shaw, Mary},
TITLE = {Task-Based Adaptation for Ubiquitous Computing},
YEAR = {2006},
MONTH = {May},
JOURNAL = {IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews, Special Issue on Engineering Autonomic Systems},
VOLUME = {36},
NUMBER = {3},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/tbuc.pdf},
ABSTRACT = {An important domain for autonomic systems is the area of ubiquitous computing: users are increasingly surrounded by technology that is heterogeneous, pervasive, and variable. In this paper we describe our work in developing self-adapting computing infrastructure that automates the configuration and reconfiguration of such environments. Focusing on the engineering issues of self-adaptation in the presence of heterogeneous platforms, legacy applications, mobile users, and resource variable environments, we describe a new approach based on the following key ideas: (a) Explicit representation of user tasks allows us to determine what service qualities are required of a given configuration; (b) Decoupling task and preference specification from the lower level mechanisms that carry out those preferences provides a clean engineering separation of concerns between what is needed and how it is carried out; and (c) Efficient algorithms allow us to calculate in real time near-optimal resource allocations and reallocations for a given task.},
NOTE = {Also available at IEEE Xplore},
KEYWORDS = {Aura, Autonomic Systems, Ubiquitous Computing}
}
@InProceedings{Cheng2006,
AUTHOR = {Cheng, Shang-Wen and Garlan, David and Schmerl, Bradley},
TITLE = {Architecture-based Self-adaptation in the Presence of Multiple Objectives},
YEAR = {2006},
MONTH = {21-22 May},
BOOKTITLE = {ICSE 2006 Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)},
ADDRESS = {Shanghai, China},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/seams06.pdf},
ABSTRACT = {In the world of autonomic computing, the ultimate aim is to automate human tasks in system management to achieve high-level stakeholder objectives. One common approach is to capture and represent human expertise in a form executable by a computer. Techniques to capture such expertise in programs, scripts, or rule sets are effective to an extent. However, they are often incapable of expressing the necessary adaptation expertise and emulating the subtleties of trade-offs in high-level decision making. In this paper, we propose a new language of adaptation that is suffi-ciently expressive to capture the subtleties of choice, deriving its ontology from system administration tasks and its underlying formalism from utility theory.},
KEYWORDS = {Landmark, Rainbow, Self-adaptation, Self-Repair}
}
@TechReport{Antoun2006,
AUTHOR = {Abi-Antoun, Marwan and Aldrich, Jonathan and Nahas, Nagi and Schmerl, Bradley and Garlan, David},
TITLE = {Differencing and Merging of Architectural Views},
YEAR = {2005},
NUMBER = {CMU-ISRI-05-128},
INSTITUTION = {Carnegie Mellon University Institute for Software Research International},
URL = {http://reports-archive.adm.cs.cmu.edu/anon/isri2005/abstracts/05-128.html},
ABSTRACT = {As architecture-based techniques become more widely adopted, software architects face the problem of reconciling different versions of architectural models. However, existing approaches to differencing and merging architectural views are based on restrictive assumptions, such as requiring view elements to have unique identifiers or explicitly log changes between versions. To overcome some of the above limitations, we propose differencing and merging architectural views based on structural information. To that effect, we generalize a published polynomial-time tree-to-tree correction algorithm (that detects inserts, renames and deletes) into a novel algorithm to additionally detect restricted moves and support forcing and preventing matches between view elements. We implement a set of tools to compare and merge component-and-connector (C&C) architectural views, incorporating the algorithm. Finally, we provide an empirical evaluation of the algorithm and the tools on case studies with real software, illustrating the practicality of the approach to find and reconcile interesting divergences between architectural views.},
KEYWORDS = {Software Architecture}
}
@InProceedings{Sousa2005,
AUTHOR = {Sousa, Jo\~{a}o and Poladian, Vahe and Garlan, David and Schmerl, Bradley},
TITLE = {Capitalizing on Awareness of User Tasks for Guiding Adaptation.},
YEAR = {2005},
BOOKTITLE = {Proceedings of the First International Workshop on Adaptive and Self-managing Enterprise Applications, at CAISE'05},
ADDRESS = {Portugal},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/asmea05.pdf},
ABSTRACT = {Computers support more and more tasks in the personal and professional activities of users. Such user tasks increasingly span large periods of time and many locations across the enterprise space and beyond. Recently there has been a growing interest in developing applications that can cope with the specific environmental conditions at each location, and adapt to dynamic changes in system resources. However, in a given situation there may be many possible configuration solutions, and an awareness of the user's intent for each task is a critical element in knowing which one to pick. In this paper, we discuss the limitations of building such awareness into applications, and propose to factor the awareness of user tasks into a common software layer. That however, brings up the problem of coordinating the system-wide adaptation performed by such a layer with fine-grain adaptation performed by resource-aware applications. We summarize the main features of an architectural framework that incorporates such a layer, and distill some of the lessons learned in implementing the framework.},
KEYWORDS = {Aura, Autonomic Systems, Ubiquitous Computing}
}
@InProceedings{Schmerl2005,
AUTHOR = {Schmerl, Bradley and Yan, Hong and Garlan, David},
TITLE = {DiscoTect: A System for Discovering Architectures from Running Systems (Demonstration)},
YEAR = {2005},
MONTH = {September},
BOOKTITLE = {Proceedings of the Joint European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering},
ADDRESS = {Lisbon, Portugal},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/discotect.pdf},
ABSTRACT = {One of the challenges for software architects is ensuring that an implemented system faithfully represents its architecture. We describe and demonstrate a tool, called DiscoTect, that addresses this challenge by dynamically monitoring a running system and deriving the software architecture as that system runs. The derivation process is based on mappings that relate low level system-level events to higher-level architectural events. The resulting architecture is then fed into existing architectural design tools so that comparisons can be conducted with the design time architecture and architectural analyses can be re-run to ensure that they are still valid. In addition to the demonstration, we briefly describe the mapping language and formal definition of the language in terms of Colored Petri Nets.},
KEYWORDS = {DiscoTect}
}
@InProceedings{Antoun2005,
AUTHOR = {Abi-Antoun, Marwan and Aldrich, Jonathan and Garlan, David and Schmerl, Bradley and Nahas, Nagi and Tseng, Tony},
TITLE = {Software Architecture with Acme and ArchJava (Research Demonstration)},
YEAR = {2005},
MONTH = {May},
BOOKTITLE = {Proceedings of the 27th International Conference on Software Engineering},
ADDRESS = {St. Louis, MS},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/archjava-demo-icse05.pdf},
ABSTRACT = {We demonstrate a tool to incrementally synchronize an Acme architectural model described in the Acme Architectural Description Language (ADL) with an implementation in ArchJava, an extension of the Java programming language that includes explicit architectural modeling constructs.},
KEYWORDS = {Acme, ArchJava, Software Architecture}
}
@InProceedings{Antoun2005a,
AUTHOR = {Abi-Antoun, Marwan and Aldrich, Jonathan and Garlan, David and Schmerl, Bradley and Nahas, Nagi and Tseng, Tony},
TITLE = {Improving System Dependability by Enforcing Architectural Intent},
YEAR = {2005},
MONTH = {May},
BOOKTITLE = {Proceedings of the 2005 Workshop on Architecting Dependable Systems (WADS 2005)},
ADDRESS = {St. Louis, MS},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/WADS05-2.pdf},
ABSTRACT = {Developing dependable software systems requires enforcing conformance between architecture and implementation during software development and evolution. We address this problem with a multi-pronged approach: (a) automated refinement of a component-and-connector (C&C) architectural view into an initial implementation, (b) enforcement of architectural structure at the programming language level, (c) automated abstraction of a C&C view from an implementation, and (d) semi-automated incremental synchronization between the architectural and the implementation C&C views.
We use an Architecture Description Language (ADL), Acme, to describe the architecture, and ArchJava, an implementation language which embeds a C&C architecture specification within Java implementation code. Although both Acme and ArchJava specify C&C views, a number of structural differences may arise. Our approach can detect structural differences which correspond directly to implementation-level violations of the well thoughtout architectural intent. Furthermore, supplementing the C&C view extracted from the implementation with architectural types and styles can uncover additional violations. },
KEYWORDS = {Acme, ArchJava, Software Architecture}
}
@InProceedings{Garlan2005,
AUTHOR = {Garlan, David and Reinholtz, William K. and Schmerl, Bradley and Sherman, Nicholas and Tseng, Tony},
TITLE = {Bridging the Gap between Systems Design and Space Systems Software},
YEAR = {2005},
MONTH = {6-7 April},
BOOKTITLE = {Proceedings of the 29th Annual IEEE/NASA Software Engineering Workshop (SEW-29)},
ADDRESS = {Greenbelt, MD},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/sew-final.pdf},
ABSTRACT = {A challenging problem for software engineering practitioners is moving from high-level system architectures produced by system engineers to deployable software produced by software engineers. In this paper we describe our experience working with NASA engineers to develop an approach and toolset for automating the generation of space systems software from architectural specifications. Our experience shows that it is possible to leverage the space systems domain, formal architectural specifications, and component technology to provide retargetable code generators for this class of software.},
KEYWORDS = {Acme, Software Architecture}
}
@InProceedings{Cheng2005,
AUTHOR = {Cheng, Shang-Wen and Garlan, David and Schmerl, Bradley},
TITLE = {Making Self-Adaptation an Engineering Reality},
YEAR = {2005},
BOOKTITLE = {Proceedings of the Conference on Self-Star Properties in Complex Information Systems},
VOLUME = {3460},
EDITOR = {Babaoghu, Ozlap and Jelasity, Mark and Montroser, Alberto and Fetzer, Christof and Leonardi, Stefano and Van Moorsel, Aad},
SERIES = {LNCS},
PUBLISHER = {Springer-Verlag},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/self-star-2005.pdf},
ABSTRACT = {In this paper, we envision a world where a software engineer could take an existing software system, specify, for a set of properties of interest, an objective, conditions for change, and strategies for their adaptation and, within a few man weeks, make that system self-adaptive where it was not before. We describe how our approach generalizes to different classes of systems and holds promise for cost-effective, dynamic system self-adaptation to become an engineering reality.},
NOTE = {Also available from Springer-Verlag here},
KEYWORDS = {Autonomic Systems, Rainbow, Self-Repair}
}
@TechReport{Yan2004,
AUTHOR = {Yan, Hong and Aldrich, Jonathan and Garlan, David and Kazman, Rick and Schmerl, Bradley},
TITLE = {Discovering Architectures from Running Systems: Lessons Learned},
YEAR = {2004},
NUMBER = {CMU-SEI-2004-TR-016},
INSTITUTION = {Software Engineering Institute}
}
@InProceedings{Garlan/2009/ICSE/AEvol,
AUTHOR = {Garlan, David and Schmerl, Bradley},
TITLE = {Ævol: A tool for defining and planning architecture evolution},
YEAR = {2009},
MONTH = {20-22 May},
BOOKTITLE = {2009 International Conference on Software Engineering},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ICSE2009_FRD_0231_Schmerl_Bradley.pdf},
ABSTRACT = {Architecture evolution is a key feature of most software systems. There are few tools that help architects plan and execute these evolutionary paths. We demonstrate a tool to enable architects to describe evolution paths, associate properties with elements of the paths, and perform trade-off analysis over these paths.},
KEYWORDS = {Architecture Evolution}
}
@InProceedings{Garlan2004a,
AUTHOR = {Garlan, David and Poladian, Vahe and Schmerl, Bradley and Sousa, Jo\~{a}o},
TITLE = {Task-based Self-adaptation},
YEAR = {2004},
MONTH = {31 October - 1 November},
BOOKTITLE = {Proceedings of the ACM SIGSOFT 2004 Workshop on Self-Managing Systems (WOSS'04)},
ADDRESS = {Newport Beach, CA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/woss04.pdf},
ABSTRACT = {Recently there has been increasing interest in developing systems that can adapt dynamically to cope with changing environmental conditions and unexpected system errors. Most efforts for achieving self-adaptation have focused on the mechanisms for detecting opportunities for improvement and then taking appropriate action. However, such mechanisms beg the question: what is the system trying to achieve? In a given situation there may be many possible adaptations, and knowing which one to pick is a difficult question. In this paper we advocate the use of explicit representation of user task as a critical element in addressing this missing link.},
KEYWORDS = {Autonomic Systems, Self-Repair}
}
@InProceedings{Roshandel2004,
AUTHOR = {Roshandel, Roshanak and Schmerl, Bradley and Medvidovic, Nenad and Garlan, David},
TITLE = {Understanding Tradeoffs among Different Architectural Modelling Approaches},
YEAR = {2004},
MONTH = {11-14 June},
BOOKTITLE = {Proceedings of the 4th Working IEEE/IFIP Conference on Software Architectures (WICSA4)},
ADDRESS = {Oslo, Norway},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/wicsa4-roshandel.pdf},
ABSTRACT = {Over the past decade a number of architecture description languages (ADLs) have been proposed to facilitate modeling and analysis of software architecture. While each claims to have various benefits, to date there have been few studies to assess the relative merits of these approaches. In this paper we describe our experience using two ADLs to model a system initially described in UML, and compare their effectiveness in identifying system design flaws. We also describe the techniques we used for extracting architectural models from a UML system description.},
KEYWORDS = {Software Architecture}
}
@InProceedings{Cheng2004,
AUTHOR = {Cheng, Shang-Wen and Huang, An-Cheng and Garlan, David and Schmerl, Bradley and Steenkiste, Peter},
TITLE = {An Architecture for Coordinating Multiple Self-Management Systems},
YEAR = {2004},
MONTH = {11-14 June},
BOOKTITLE = {Proceedings of the 4th Working IEEE/IFIP Conference on Software Architectures (WICSA4)},
ADDRESS = {Oslo, Norway},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/wicsa4-cheng.pdf},
ABSTRACT = {A common approach to adding self-management capabilities to a system is to provide one or more external control modules, whose responsibility is to monitor system behavior, and adapt the system at run time to achieve various goals (configure the system, improve performance, recover from faults, etc.). An important problem arises when there is more than one such self-management module: how can one make sure that they are composed to provide consistent and complementary benefits? In this paper we describe a solution that introduces a self-management coordination architecture and infrastructure to support such composition. We focus on the problem of coordinating self-configuring and self-healing capabilities, particularly with respect to global configuration and incremental repair. We illustrate the approach in the context of a self-managing video teleconference system that composes two pre-existing adaptation modules to achieve synergistic benefits of both.},
KEYWORDS = {Autonomic Systems, Coordination, Rainbow, Self-adaptation}
}
@TechReport{Ivers2004,
AUTHOR = {Ivers, James and Clements, Paul and Garlan, David and Nord, Robert and Schmerl, Bradley and Silva, Jaime Rodrigo Oviedo},
TITLE = {Documenting Component and Connector Views with UML 2.0},
YEAR = {2004},
NUMBER = {CMU/SEI-2004-TR-008},
INSTITUTION = {Software Engineering Institute},
KEYWORDS = {UML, Software Architecture}
}
@InProceedings{Yan2004a,
AUTHOR = {Yan, Hong and Garlan, David and Schmerl, Bradley and Aldrich, Jonathan and Kazman, Rick},
TITLE = {DiscoTect: A System for Discovering Architectures from Running Systems},
YEAR = {2004},
MONTH = {23-28 May},
BOOKTITLE = {Proceedings of the 26th International Conference on Software Engineering},
ADDRESS = {Edinburgh, Scotland},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/icse04-discotect/discotect.pdf},
ABSTRACT = {One of the challenging problems for software developers is guaranteeing that a system as built is consistent with its architectural design. In this paper we describe a technique that uses run time observations about an executing system to construct an architectural view of the system. With this technique we develop mappings that exploit regularities in system implementation and architectural style. These mappings describe how low-level system events can be interpreted as more abstract architectural operations. We describe the current implementation of a tool that uses these mappings, and show that it can highlight inconsistencies between implementation and architecture.},
KEYWORDS = {DiscoTect, Software Architecture}
}
@InProceedings{Schmerl2004,
AUTHOR = {Schmerl, Bradley and Garlan, David},
TITLE = {AcmeStudio: Supporting Style-Centered Architecture Development (Research Demonstration)},
YEAR = {2004},
MONTH = {23-28 May},
BOOKTITLE = {Proceedings of the 26th International Conference on Software Engineering},
ADDRESS = {Edinburgh, Scotland},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/icse04-acmestudio/acmestudio.pdf},
ABSTRACT = {Software architectural modeling is crucial to the development of high-quality software. Software engineering tool support is required for this activity, so that models can be developed, viewed, analyzed, and refined to implementations. This support needs to be provided in a flexible and extensible manner so that the tools can fit into a company s process and can use particular, perhaps company-defined, domain-specific architectural styles. Early architecture development environments were restricted to supporting particular architectural styles, and were not easy to tailor to other styles or domains. In this research demonstration, we describe AcmeStudio, a styleneutral architecture development environment that can (1) allow architects to tailor the environment for particular domains; (2) be used as a framework for integrating domain-specific architectural analyses; and (3) can be extended to integrate with other tools that are used in a company s software development process. We illustrate the main features of AcmeStudio and provide some insight into how we have tailored it to real-world domains specific to NASA and Ford Motor Company.},
KEYWORDS = {Acme, AcmeStudio, Software Architecture}
}
@InProceedings{Garlan2004b,
AUTHOR = {Garlan, David and Schmerl, Bradley},
TITLE = {Using Architectural Models at Runtime: Research Challenges},
YEAR = {2004},
MONTH = {May},
BOOKTITLE = {Proceedings of the European Workshop on Software Architectures},
ADDRESS = {St. Andrews, Scotland},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/EWSA/paper-final.pdf},
ABSTRACT = {One crucial aspect of high quality software engineering is the development of a welldefined software architectural model. Despite advances in using software architectural models to clarify system design, there remains the problem of determining whether the system as implemented has the architecture as designed? One approach is to to this is to monitor the running system and translate observed events to events that construct and update an architectural model that reflects the actual running system. One can then compare this dynamically-determined model to the correct architectural model. Discrepancies can be used to flag implementation errors, or, possibly, to effect run-time adaptations to correct certain kinds of flaws.At Carnegie Mellon University, our research group has been investigating the use of system monitoring and reflection using architectural models. In the process of exploring this area we have identified a number of significant research challenges. In this paper we outline our experience, and use that as a way to lay out an agenda for architecture-based approaches to system monitoring and system self-repair.},
KEYWORDS = {Autonomic Systems, Dynamic Configuration, Self-Repair, Software Architecture}
}
@InProceedings{Steppe2004,
AUTHOR = {Steppe, Kevin and Garlan, David and Bylenok, Greg and Schmerl, Bradley and Shevchenko, Nataliya},
TITLE = {Tool Support for Model Based Architectural Design for Automotive Control Systems},
YEAR = {2004},
MONTH = {17-19 March},
BOOKTITLE = {First European Workshop on Model Driven Architecture with Emphasis on Industrial Application},
ADDRESS = {Enschede, The Netherlands},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/MDAEIA2004/MDAEIA2004.pdf},
ABSTRACT = {In conjunction with Ford Motor Company, we built a tool to support multilevel architectural design. The tool, called Synergy, allows Ford to visually design architectures of vehicle control components. The components are imported from existing Simulink models; then the tool automatically generates a detailed view showing all required connections and ports. The resulting model is exported to Simulink for further analysis. In this paper we describe the conceptual and technical challenges encountered in building Synergy and our design choices for solving them.},
KEYWORDS = {Acme, Software Architecture}
}
@InProceedings{Steppe2004a,
AUTHOR = {Steppe, Kevin and Bylenok, Greg and Garlan, David and Schmerl, Bradley and Abirov, Kanat and Shevchenko, Nataliya},
TITLE = {Two-tiered Architectural Design for Automotive Control Systems: An Experience Report},
YEAR = {2004},
MONTH = {10-12 January},
BOOKTITLE = {Automotive Software Workshop on Future Generation Software Architectures in the Automotive Domain},
ADDRESS = {San Diego, CA},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/ASW04/ASW04.pdf},
ABSTRACT = {An attractive approach to architecture-based design is to structure the development process into two tiers. The top tier represents the abstract design (or architecture) of a system in terms of abstract components. The bottom tier refines that design by making specific implementation decisions, such as platform, middleware, and component implementations. While attractive in principle, there has been relatively little industrial-based experience to shed light on problems and solutions involved in such an approach. In this paper we describe our experience in developing tools to introduce a two-tiered model-based approach to the design of Ford Motor Company s automotive control systems, highlighting the principle challenges, and evaluating the effectiveness of our solutions for them.},
NOTE = {(Workshop Proceedings)},
KEYWORDS = {Acme, Software Architecture}
}
@TechReport{Roshandel2003,
AUTHOR = {Roshandel, Roshanak and Schmerl, Bradley and Medvidovic, Nenad and Garlan, David and Zhang, Dehua},
TITLE = {Using Multiple Views to Model and Analyze Software Architecture: An Experience Report},
YEAR = {2003},
NUMBER = {USC-CSE-2003-508},
INSTITUTION = {University of Southern California, Center for Software Engineering},
PDF = {http://sunset.usc.edu/publications/TECHRPTS/2003/usccse2003-508/usccse2003-508.pdf},
ABSTRACT = {Architectural modeling and analysis is a critical phase in developing large and complex software systems. The usefulness of multiple views has likewise long been recognized. In this experience report, we explain how we used two ADLs to model a system initially described in UML. The system (SCRover) itheir Mission Data System technology. We describe (a) the processes that we used to extract architectural models from the UML description, (b) the way in which each ADL was used to model the system, (c) a classification of the architectural defects we uncovered, and (d) a comparison of the relative benefits of the two ADLs in terms of the different classes of defects they uncovered.},
KEYWORDS = {Software Architecture}
}
@InBook{Garlan2003,
AUTHOR = {Garlan, David and Cheng, Shang-Wen and Schmerl, Bradley},
TITLE = {Increasing System Dependability through Architecture-based Self-repair},
YEAR = {2003},
BOOKTITLE = {Architecting Dependable Systems},
EDITOR = {de Lemos, Rog\'{e}rio and Gacek, Cristina and Romanovsky, Alexander},
PUBLISHER = {Springer-Verlag},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/WADS/WADS-architecture.pdf},
PS = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/WADS/WADS-architecture.ps},
ABSTRACT = {One increasingly important technique for improving system dependability is to provide mechanisms for a system to adapt at run time in order to accommodate varying resources, system errors, and changing requirements. For such 'self-repairing' systems one of the hard problems is determining when a change is needed, and knowing what kind of adaptation is required. In this paper we describe a partial solution in which stylized architectural design models are maintained at run time as a vehicle for automatically monitoring system behavior, for detecting when that behavior falls outside of acceptable ranges, and for deciding on a high-level repair strategy. The main innovative feature of the approach is the ability to specialize a generic run time adaptation framework to support particular architectural styles and properties of interest. Specifically, a formal description of an architectural style defines for a family of related systems the conditions under which adaptation should be considered, provides an analytic basis for detecting anomalies, and serves as a basis for developing sound repair strategies.},
KEYWORDS = {Rainbow, Self-Repair, Software Architecture}
}
@InProceedings{Garlan2002,
AUTHOR = {Garlan, David and Schmerl, Bradley},
TITLE = {Model-based Adaptation for Self-Healing Systems},
YEAR = {2002},
MONTH = {18-19 November},
BOOKTITLE = {ACM SIGSOFT Workshop on Self-Healing Systems (WOSS'02),},
ADDRESS = {Charleston, SC},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/WOSS02/paper-submitted.pdf},
ABSTRACT = {Traditional mechanisms that allow a system to detect and recover from errors are typically wired into applications at the level of code where they are hard to change, reuse, or analyze. An alterna-tive approach is to use externalized adaptation: one or more mod-els of a system are maintained at run time and external to the ap-plication as a basis for identifying problems and resolving them. In this paper we provide an overview of recent research in which we use architectural models as the basis for such problem diagno-sis and repair. These models can be specialized to the particular style of the system, the quality of interest, and the dimensions of run time adaptation that are permitted by the running system.},
KEYWORDS = {Autonomic Systems, Self-Repair, Software Architecture}
}
@InProceedings{Cheng2002,
AUTHOR = {Cheng, Shang-Wen and Garlan, David and Schmerl, Bradley and Steenkiste, Peter and Hu, Ningning},
TITLE = {Software Architecture-based Adaptation for Grid Computing},
YEAR = {2002},
MONTH = {July},
BOOKTITLE = {The 11th IEEE Conference on High Performance Distributed Computing (HPDC},
ADDRESS = {Edinburgh, Scotland},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/hpdc02/hpdc02.pdf},
PS = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/hpdc02/hpdc02.ps},
ABSTRACT = {Grid applications must increasingly self-adapt dynamically to changing environments. In most cases, adaptation has been implemented in an ad hoc fashion, on a perapplication basis. This paper describes work which generalizes adaptation so that it can be used across applications by providing an adaptation framework. This framework uses a software architectural model of the system to analyze whether the application requires adaptation, and allows repairs to be written in the context of the architectural model and propagated to the running system. In this paper, we exemplify our framework by applying it to the domain of load-balancing a client-server system. We report on an experiment conducted using our framework, which illustrates that this approach maintains architectural requirements.},
KEYWORDS = {Autonomic Systems, Self-Repair, Software Architecture}
}
@InProceedings{Schmerl2002,
AUTHOR = {Schmerl, Bradley and Garlan, David},
TITLE = {Exploiting Architectural Design Knowledge to Support Self-repairing Systems},
YEAR = {2002},
MONTH = {15-19 July},
BOOKTITLE = {The 14th International Conference on Software Engineering and Knowledge Engineering},
ADDRESS = {Ischia, Italy},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/seke02/paper.pdf},
PS = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/seke02/paper.ps},
ABSTRACT = {In an increasing number of domains software is now required to be self-adapting and self-healing. While in the past such abilities were incorporated into software on a per system basis, proliferation of such systems calls for more generalized mechanisms to manage dynamic adaptation. General mechanisms have the advantage that they can be reused in numerous systems, analyzed separately from the system being adapted, and easily changed to incorporate new adaptations. Moreover, they provide a natural home for encoding the expertise of system designers and implementers about adaptation strategies and policies. In this paper, we show how architecture description languages and tools can be extended to provide such generalized dynamic adaptation mechanisms.},
KEYWORDS = {AcmeStudio, Self-Repair, Software Architecture}
}
@InProceedings{Cheng2002a,
AUTHOR = {Cheng, Shang-Wen and Garlan, David and Schmerl, Bradley and Sousa, Jo\~{a}o and Spitznagel, Bridget and Steenkiste, Peter},
TITLE = {Using Architectural Style as a Basis for Self-repair},
YEAR = {2002},
MONTH = {25-31 August},
BOOKTITLE = {Software Architecture: System Design, Development, and Maintenance (Proceedings of the 3rd Working IEEE/IFIP Conference on Software Architecture)},
PAGES = {45-59},
EDITOR = {Bosch, Jan and Gentleman, Morven and Hofmeister, Christine and Kuusela, Juha},
PUBLISHER = {Kluwer Academic Publishers},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/wicsa3-arch/WICSA-web.pdf},
PS = {http://www.cs.cmu.edu/afs/cs/project/able/ftp//wicsa3-arch/WICSA-web.ps},
ABSTRACT = {An increasingly important requirement for software systems is the capability to adapt at run time in order to accommodate varying resources, system errors, and changing requirements. For such self-repairing systems, one of the hard problems is determining when a change is needed, and knowing what kind of adaptation is required. Recently several researchers have explored the possibility of using architectural models as a basis for run time monitoring, error detection, and repair. Each of these efforts, however, has demonstrated the feasibility of using architectural models in the context of a specific style. In this paper we show how to generalize these solutions by making architectural style a parameter in the monitoring/repair framework and its supporting infrastructure. The value of this generalization is that it allows one to tailor monitoring/ repair mechanisms to match both the properties of interest (such as performance or security), and the available operators for run time adaptation.},
KEYWORDS = {Architectural Analysis, Autonomic Systems, Self-Repair, Software Architecture}
}
@InProceedings{Cheng2002b,
AUTHOR = {Cheng, Shang-Wen and Garlan, David and Schmerl, Bradley and Sousa, Jo\~{a}o and Spitznagel, Bridget and Steenkiste, Peter and Hu, Ningning},
TITLE = {Software Architecture-based Adaptation for Pervasive Systems},
YEAR = {2002},
MONTH = {8-11 April},
BOOKTITLE = {International Conference on Architecture of Computing Systems (ARCS'02): Trends in Network and Pervasive Computing},
VOLUME = {2299},
EDITOR = {Schmeck, H and Ungerer, T and Wolf, L},
SERIES = {Lecture Notes in Computer Science},
ADDRESS = {Karlsruhe, Germany},
PUBLISHER = {Springer-Verlag},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/arch-arcs02/arcs-final.pdf},
PS = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/arch-arcs02/arcs-final.ps},
ABSTRACT = { An important requirement for pervasive computing systems is the ability to adapt at runtime to handle varying resources, user mobility, changing user needs, and system faults. In this paper we describe an approach in which dynamic adaptation is supported by the use of software architectural models to monitor an application and guide dynamic changes to it. The use of externalized models permits one to make reconfiguration decisions based on a global per-spective of the running system, apply analytic models to determine correct re-pair strategies, and gauge the effectiveness of repair through continuous system monitoring. We illustrate the application of this idea to pervasive computing systems, focusing on the need to adapt based on performance-related criteria and models.},
KEYWORDS = {Software Architecture, Ubiquitous Computing}
}
@InProceedings{Garlan2001,
AUTHOR = {Garlan, David and Schmerl, Bradley and Chang, Jichuan},
TITLE = {Using Gauges for Architecture-Based Monitoring and Adaptation},
YEAR = {2001},
MONTH = {12-14 December},
BOOKTITLE = {Proceedings of the Working Conference on Complex and Dynamic Systems Architecture},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/cdsa01/cdsa.pdf},
PS = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/cdsa01/cdsa.ps},
ABSTRACT = {An increasingly important requirement for complex systems is the capability to adapt at runtime in order to accommodate variable resources, system errors, and changing requirements. An essential aspect of adaptation is the ability to observe a system's runtime behavior and interpret those observations in terms that permit a high-level understanding of the system's status. In this paper we describe mechanisms for monitoring a running system, interpreting monitored data in terms of the system's architecture, and analyzing the system architecture to ascertain if the system's runtime behavior fits within the envelope of acceptable behavior. We illustrate the use of these mechanisms for the important special case of system performance monitoring. },
KEYWORDS = {Self-Repair, Software Architecture}
}
@InProceedings{Garlan2001a,
AUTHOR = {Garlan, David and Schmerl, Bradley},
TITLE = {Component-Based Software Engineering in a Pervasive Computing Environment},
YEAR = {2001},
MONTH = {14-15 May},
BOOKTITLE = {The 4th ICSE Workshop on Component-Based Software Engineering: Component Certification and System Prediction},
ADDRESS = {Toronto, Canada},
PDF = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/cbse01/cbse01-submission.pdf},
PS = {http://www.cs.cmu.edu/afs/cs/project/able/ftp/cbse01/cbse01-submission.ps},
ABSTRACT = {Being able to find, adapt, and incorporate disparate components to form working, reliable applications is the goal of component-based software engineering. To date, there has been a lot of research, among other things, on locating components, reasoning about component compatibility, and methods for interoperability. Pervasive computing raises a number of new challenges for component-based software engineering that heretofore have been given little attention, such as mobility, adaptability, and resource awareness. In this paper we motivate and discuss the need for research in these areas, and discuss how our work in the Aura group at Carnegie Mellon University helps to address these issues. },
KEYWORDS = {Aura, Software Architecture, Ubiquitous Computing}
}
@Article{Kaplan2002,
AUTHOR = {Kaplan, Alan and Schmerl, Bradley and Veeraraghaven, Rajesh},
TITLE = {Toward Automated Support for Transparent Interoperable Queries},
YEAR = {2002},
MONTH = {October},
JOURNAL = {Journal of Information Technology and Management},
VOLUME = {3},
NUMBER = {4},
PAGES = {387-406},
URL = {http://www.ingentaconnect.com/content/klu/item/2002/00000003/00000004/05093521;jsessionid=h7vv7b6cf8uk.victoria},
NOTE = {A shorter version of this paper appeared in the Ninth Workshop on Information Technologies and Systems (WITS99)(Charlotte, USA, December 1999)}
}
@InProceedings{Kaplan2000,
AUTHOR = {Kaplan, Alan and Ridgeway, John and Schmerl, Bradley and Sridar, Krishnan and Wileden, Jack},
TITLE = {Toward Pure Polylingual Persistence},
YEAR = {2000},
MONTH = {September},
BOOKTITLE = {Ninth International Workshop on Persistent Object Systems: Design, Implementation and Use (POS9)},
ADDRESS = {Lillehammer, Norway}
}
@PhdThesis{Schmerl1997,
AUTHOR = {Schmerl, Bradley},
TITLE = {Designing Configuration Management Tools for Dynamically Composed Systems},
YEAR = {1997},
MONTH = {October},
ADDRESS = {Adelaide, South Australia},
SCHOOL = {Flinders University},
PDF = {http://www.cs.cmu.edu/~schmerl/publications/thesis.pdf}
}
@InProceedings{Schmerl1997a,
AUTHOR = {Schmerl, Bradley and Marlin, Chris},
TITLE = {Versioning and Consistency for Dynamically Composed Configurations},
YEAR = {1997},
MONTH = {May},
BOOKTITLE = {The 7th International Workshop on Software Configuration Management},
VOLUME = {1235},
PAGES = {49-65},
SERIES = {Lecture Notes in Computer Science},
ADDRESS = {Boston, MA},
PUBLISHER = {Springer, Berlin},
ABSTRACT = {Dynamically composed software systems are constructed as they execute. Although these systems are of increasing importance and arise in a number of application areas, configuration management tools do not provide much support for them. This paper presents progress towards providing enhanced configuration management techniques for dynamically composed systems. The paper commences with an example of dynamically composed systems, which is used to motivate the relevance of dynamically composed systems, and to highlight various design issues and requirements for configuration management in this domain. A model, and its associated notation DCDL, is then presented to describe particular aspects of the example. This model seamlessly integrates the notions of consistency, specified in terms of complete configurations, and version families, which are relevant to the incomplete configurations of crucial importance in understanding configurations of dynamically composed systems. DCDL is then used to provide insight into the requirements for configuration management tools for dynamically composed systems.}
}
@TechReport{Schmerl1996,
AUTHOR = {Schmerl, Bradley and Marlin, Chris},
TITLE = {Modelling Dynamic Configurations to Guide Tool Design},
YEAR = {1996},
NUMBER = {97-01},
INSTITUTION = {Flinders University Department of Computer Science},
PDF = {http://www.cs.cmu.edu/~schmerl/publications/schmerl97modelling},
ABSTRACT = {The ability to update a software system as it is being used is increasingly important and manifests itself in systems that must be maintained while executing, in systems where choices about which components comprise a system are deferred until their use, and where systems can be customised. Systems that fit one or more of these characteristics we call Dynamically Composed Systems (DCSs). Although some attention has been given to providing tools to support dynamic updates, and models of such dynamic updates have been constructed, little work as been done in examining this from a configuration management perspective. This paper describes a model of configuration management for dynamically composed systems, based on an existing model of configuration management for statically composed systems. The model includes a dynamic configuration description language, DCDL, and a formalization in terms of many-sorted algebraic specification techniques. The use of this model to design tools to support configuration management for dynamically composed systems is then discussed.}
}
@InProceedings{Schmerl1996a,
AUTHOR = {Schmerl, Bradley and Marlin, Chris},
TITLE = {Consistency issues in partially bound dynamically composed systems},
YEAR = {1996},
MONTH = {June},
BOOKTITLE = {Proceedings of the 1996 Australian Software Engineering Conference},
PAGES = {183-191},
ADDRESS = {Melbourne, Australia},
PDF = {http://www.cs.cmu.edu/~schmerl/publications/schmerl96consistency,pdf},
ABSTRACT = {Dynamically composed systems are able to incorporate new components as they execute. Therefore, configurations of these systems are not fully elaborated until at least the time that they are executed, and they are perhaps never fully elaborated. Such incomplete configurations are termed partially bound configurations. Although partially bound, it is still important to be able to analyse these configurations to ascertain whether they meet certain assumptions about their composition. We are endevouring to provide such support for the construction of dynamically composed systems through the application of configuration management concepts. One way in which these concepts can be applied in this domain is to explicitly state such assumptions and hence be able to validate partially bound configurations against these assumptions; in this way, inconsistencies can be reported as soon as they arise. This paper disucsses the issues involved in providing this kind of consistency mechanism for dynamically composed systems.}
}
@InProceedings{Schmerl1996b,
AUTHOR = {Schmerl, Bradley and Marlin, Chris},
TITLE = {Defining consistency in the context of partially bound configurations of dynamically composed systems},
YEAR = {1996},
MONTH = {March},
BOOKTITLE = {6th International Workshop on Software Configuration Management - Preprint of Proceedings},
ADDRESS = {Berlin, Germany}
}
@InProceedings{Schmerl1995,
AUTHOR = {Schmerl, Bradley and Marlin, Chris},
TITLE = {Configuration management for dynamically bound systems},
YEAR = {1995},
MONTH = {April},
BOOKTITLE = {Proceedings of the 5th Workshop on Software Configuration Management},
ADDRESS = {Seattle, WA}
}
@InCollection{Schmerl1995a,
AUTHOR = {Schmerl, Bradley and Marlin, Chris},
TITLE = {Designing configuration management facilities for dynamically bound systems},
YEAR = {1995},
BOOKTITLE = {Software Configuration Management: ICSE SCM-4 and SCM-5 Workshops - Selected Papers},
VOLUME = {1005},
PAGES = {88-100},
EDITOR = {Estublier, Jacky},
SERIES = {Lecture Notes in Computer Science},
PUBLISHER = {Spring-Verlag}
}
@InProceedings{Glastonbury1997,
AUTHOR = {Glastonbury, Dan and Marlin, Chris and Read, Michael and Schmerl, Bradley},
TITLE = {Run-time views as a debugging aid in an integrated software development environment},
YEAR = {1997},
MONTH = {December},
BOOKTITLE = {1997 Software Visualisation Workshop},
PAGES = {51-59},
ADDRESS = {Adelaide, South Australia},
PUBLISHER = {Flinders University, South Australia}
}
@Unpublished{Garlan2000c,
AUTHOR = {Garlan, David and Kompanek, Andrew and Kenney, John and Luckham, David and Schmerl, Bradley and Wile, David},
TITLE = {An Activity Language for the ADL Toolkit},
YEAR = {2000},
MONTH = {August},
PDF = {http://www.cs.cmu.edu/~able/publications/ActivityLanguage/ActivityLanguageProposal0800.pdf},
PS = {http://www.cs.cmu.edu/~able/publications/ActivityLanguage/ActivityLanguageProposal0800.ps},
ABSTRACT = {With an eye toward sharing event-based behavior in architectural descriptions, a number of researchers at ISI (Wile), CMU (Garlan & Kompanek) and Stanford (Luckham & Kenney) started a dialogue to converge on an event standard. The results are summarized in this working report. The main idea of the proposal is to adopt an Acme-like approach: a simple base-level event representation would capture the minimal, core aspects of events. Additionally, other more tool-specific information could be added to those event representations in the form of annotations. In this report we outline the proposed scheme. We begin by enumerating some of the requirements that we identified early in our discussions. Next we discuss the basic ontology of events, activities and their types. Then we introduce two proposals for concrete representation: one based on XML, the other on an Acme-like syntax. Finally, we illustrate how collections of events derived from existing ADLs can be mapped into the activity language. },
NOTE = {Working draft},
KEYWORDS = {Software Architecture}
}
@Unpublished{Schmerl2006a,
AUTHOR = {Schmerl, Bradley and Butler, Shawn and Garlan, David},
TITLE = {Architecture-based Simulation for Security and Performance},
YEAR = {2006},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/simulator.pdf},
ABSTRACT = {Architectural analysis is key to producing high quality architectures. In this demonstration we present two extensions to AcmeStudio, and domain-neutral Architecture Development Environment, to add Performance and Security Simulation. Using AcmeStudio as the integration platform for these analyses allows comparisons and trade-offs between these different
quality attributes.},
NOTE = {Submitted for publication.},
KEYWORDS = {AcmeStudio, Architectural Analysis, Architectural Style, Software Architecture}
}
@Article{garlan2007,
AUTHOR = {Garlan, David and Schmerl, Bradley},
TITLE = {The RADAR Architecture for Personal Cognitive Assistance},
YEAR = {2007},
MONTH = {April},
JOURNAL = {International Journal of Software Engineering and Knowledge Engineering},
VOLUME = {17},
NUMBER = {2},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/IJSEKE-paper-submission.pdf},
ABSTRACT = {Current desktop environments provide weak support for carrying out complex user-oriented tasks. Although individual applications are becoming increasingly sophisticated and feature-rich, users must map their high-level goals to the low-level operational vocabulary of applications, and deal with a myriad of routine tasks (such as keeping up with email, keeping calendars and web sites up-to-date, etc.). An alternative vision is that of a personal cognitive assistant. Like a good secretary, such an assistant would help users accomplish their high-level goals, coordinating the use of multiple applications, automatically handling routine tasks, and, most importantly, adapting to the individual needs of a user over time. In this paper we describe the architecture and its implementation for a personal cognitive assistant called RADAR. Key features include (a) extensibility through the use of a plug-in agent architecture (b) transparent integration with legacy applications and data of today?s desktop environments, and (c) extensive use of learning so that the environment adapts to the individual user over time.},
NOTE = {A shorter version of this paper appeared in the 2006 Conference on Software Engineering and Knowledge Engineering (SEKE 2006).},
KEYWORDS = {Personal Assistance, RADAR, Software Architecture}
}
@InProceedings{Garlan2006c,
AUTHOR = {Garlan, David and Schmerl, Bradley},
TITLE = {Architecture-driven Modelling and Analysis},
YEAR = {2006},
BOOKTITLE = {Proceedings of the 11th Australian Workshop on Safety Related Programmable Systems (SCS'06)},
VOLUME = {69},
EDITOR = {Cant, Tony},
SERIES = {Conferences in Research and Practice in Information Technology},
ADDRESS = {Melbourne, Australia},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/aSCSa-final.pdf},
ABSTRACT = {Over the past 15 years there has been increasing recognition that careful attention to the design of a system?s software architecture is critical to satisfying its requirements for quality attributes such as performance, security, and dependability. As a consequence, during this period the field of software architecture has matured significantly. However, current practices of software architecture rely on relatively informal methods, limiting the potential for fully exploiting architectural designs to gain insight and improve the quality of the resulting system. In this paper we draw from a variety of research results to illustrate how formal approaches to software architecture can lead to enhancements in software quality, including improved clarity of design, support for analysis, and assurance that implementations conform to their intended architecture.},
KEYWORDS = {Acme, AcmeStudio, Architectural Analysis, Architectural Style, Landmark, Software Architecture}
}
@InProceedings{Poladian2007,
AUTHOR = {Poladian, Vahe and Garlan, David and Shaw, Mary and Schmerl, Bradley and Sousa, Jo\~{a}o and Satyanarayanan, Mahadev},
TITLE = {Leveraging Resource Prediction for Anticipatory Dynamic Configuration},
YEAR = {2007},
MONTH = {8-11 July},
BOOKTITLE = { Proceedings of the First IEEE International Conference on Self-Adaptive and Self-Organizing Systems, SASO-2007},
PAGES = {214-223},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/predictive_configuration_16_marked.pdf},
ABSTRACT = {Self-adapting systems based on multiple concurrent applications must decide how to allocate scarce resources to
applications and how to set the quality parameters of each
application to best satisfy the user. Past work has made
those decisions with analytic models that used current resource availability information: they react to recent changes in resource availability as they occur, rather than anticipating future availability. These reactive techniques may model each local decision optimally, but the accumulation of decisions over time nearly always becomes less than optimal.
In this paper, we propose an approach to self adaptation, called anticipatory configuration that leverages
predictions of future resource availability to improve utility for the user over the duration of the task. The approach solves the following technical challenges: (1) how to express resource availability prediction, (2) how to combine prediction from multiple sources, and (3) how to leverage predictions continuously while improving utility to the user. Our experiments show that when certain adaptation operations are costly, anticipatory configuration provides better utility to the user than reactive configuration, while being comparable in resource demand.},
KEYWORDS = {Aura, Dynamic Configuration, Resource Aware Computing, Service Composition, Ubiquitous Computing}
}
@InBook{Sousa2008,
AUTHOR = {Sousa, Jo\~{a}o and Schmerl, Bradley and Steenkiste, Peter and Garlan, David},
TITLE = {Activity Oriented Computing},
YEAR = {2008},
BOOKTITLE = {Advances in Ubiquitous Computing: Future Paradigms and Directions},
EDITOR = {Mostefaoui, Soraya Kouadri and Maamar, Zakaria and Giaglis, George},
ADDRESS = {Herschey, PA},
PUBLISHER = {IGI Publishing},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/AOC.pdf},
ABSTRACT = {This chapter introduces a new way of thinking about software systems for supporting the activities of end-users. In this approach, models of user activities are promoted to first class entities, and software systems are assembled and configured dynamically based on activity models. This constitutes a fundamental change of perspective over traditional applications: activities take the main stage and may be long-lived, whereas the agents that carry them out are plentiful and interchangeable. The core of the chapter describes a closed-loop control design that enables activity-oriented systems to become self-aware and self-configurable, and to adapt to dynamic changes both in the requirements of user activities and in the environment resources. The chapter discusses how that design addresses challenges such as user mobility, resolving conflicts in accessing scarce resources, and robustness in the broad sense of responding adequately to user expectations, even in unpredictable situations, such as random failures, erroneous user input, and continuously changing resources. The chapter further summarizes challenges and ongoing work related to managing activities where humans and automated agents collaborate, human-computer interactions for managing activities, and privacy and security aspects.},
NOTE = {Book link: http://www.igi-pub.com/books/details.asp?ID=7314},
KEYWORDS = {Aura, Ubiquitous Computing}
}
@InProceedings{Celiku2007a,
AUTHOR = {Celiku, Orieta and Garlan, David and Schmerl, Bradley},
TITLE = {Augmenting Architectural Modeling to Cope with Uncertainty},
YEAR = {2007},
MONTH = {5 November},
BOOKTITLE = {Proceedings of the International Workshop on Living with Uncertainties (IWLU'07), co-located with the 22nd International Conference on Automated Software Engineering (ASE'07)},
ADDRESS = {Atlanta, GA, USA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/uncertainty-web.pdf},
ABSTRACT = {Notations and techniques for architectural modeling and analysis have matured considerably over the past two decades. However, to date these approaches have primarily focused on architectural properties and behavior that can be precisely defined. In this paper we argue that it is possible to augment existing architecture description languages (ADLs) to support reasoning and analysis in the presence of uncertainty. Specifically, we outline two basic extensions to formal architecture descriptions that take advantage of probabilistic specifications to support architecture-based analyses such as simulation, detection of behavioral drift, and reasoning about the expected outcomes of uncertain behavior. An important property of these specifications is that they allow incremental refinement � as more is known about the behavior of the system, specifications can be extended without invalidating previous analyses.},
NOTE = {<a href=http://godzilla.cs.toronto.edu/IWLU/program.html>http://godzilla.cs.toronto.edu/IWLU/program.html</a>;},
KEYWORDS = {Acme, AcmeStudio, Architectural Analysis, Software Architecture}
}
@InProceedings{Sousa2008-WICSA,
AUTHOR = {Sousa, Jo\~{a}o and Schmerl, Bradley and Poladian, Vahe and Brodsky, Alex},
TITLE = {UDesign: End-User Design Applied to Monitoring and Control Applications for Smart Spaces},
YEAR = {2008},
MONTH = {18-22 February},
BOOKTITLE = {Proceedings of the 2008 Working IFIP/IEEE Conference on Software Architecture},
ADDRESS = {Vancouver, BC, Canada},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/uDesign-final.pdf},
ABSTRACT = {This paper introduces an architectural style for enabling end-users to quickly design and deploy software systems in domains characterized by highly personalized and dynamic requirements.
The style offers an intuitive metaphor based on boxes, pipes, and wires, but retains enough preciseness that systems can be automatically assembled and dynamically reconfigured based on uDesign descriptions. uDesign was primarily motivated and validated within monitoring and control applications for smart spaces, but we envision possible extensions to other domains.
Our contribution differs from early attempts at end-user programming in the level of abstraction, software architecture rather than programming, and in the subject of description: run-time rather than code structures.
To validate the approach, the paper presents (a) two case studies, one in health care and one in home security, (b) the formal semantics of uDesigns primitives, and (c) a mapping of those primitives to an existing software infrastructure: the Aura infrastructure.},
KEYWORDS = {Architectural Style, Aura, Service Composition, Ubiquitous Computing}
}
@Article{AANSG08,
AUTHOR = {Abi-Antoun, Marwan and Aldrich, Jonathan and Nahas, Nagi and Schmerl, Bradley and Garlan, David},
TITLE = {Differencing and Merging of Architectural Views},
YEAR = {2008},
MONTH = {March},
JOURNAL = {Automated Software Engineering Journal},
VOLUME = {15},
NUMBER = {1},
ABSTRACT = {Differencing and merging architectural views is an important activity in software engineering. However, existing approaches are still based on restrictive assumptions, such as requiring view elements to have unique identiers or exactly matching types, which is often not the case in many application domains.
We propose an approach based on structural information. We generalize a published polynomial-time tree-to-tree correction algorithm that detects inserts, renames and deletes, into a novel algorithm that additionally detects restricted moves.
Our algorithm also supports forcing and preventing matches between view elements. We incorporate the algorithm into tools to compare and merge Component-and-Connector (C&C) architectural views. We provide an empirical evaluation of the algorithm. We illustrate the tools using extended examples, and use them to detect and reconcile interesting differences between real architectural views.},
NOTE = {Final version available online at http://dx.doi.org/10.1007/s10515-007-0023-3.},
KEYWORDS = {Acme, ArchJava, Software Architecture}
}
@InProceedings{Sousa2008a,
AUTHOR = {Sousa, Jo\~{a}o and Poladian, Vahe and Garlan, David and Schmerl, Bradley and Steenkiste, Peter},
TITLE = {Steps toward Activity-Oriented Computing},
YEAR = {2008},
MONTH = {14 April},
BOOKTITLE = {Proceedings of the 2008 NSF Next Generation Software Program Workshop},
ADDRESS = {Miami, FL},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/IPDPS-web.pdf},
ABSTRACT = {Most pervasive computing technologies focus on helping users with computer-oriented tasks. In this NSF-funded project, we instead focus on using computers to support user-centered activities that normally do not involve the use of computers. Examples may include everyday tasks around such as answering the doorbell or doing laundry. A focus on activity-based computing brings to the foreground a number of unique challenges. These include activity definition and representation, system design, interfaces for managing activities, and ensuring robust operation. Our project focuses on the first two challenges.},
KEYWORDS = {Aura, Ubiquitous Computing}
}
@InBook{2009:AdaptationChapter,
AUTHOR = {Garlan, David and Schmerl, Bradley and Cheng, Shang-Wen},
TITLE = {Software Architecture-Based Self-Adaptation},
YEAR = {2009},
BOOKTITLE = {Autonomic Computing and Networking},
NUMBER = {ISBN 978-0-387-89827-8},
EDITOR = {Denko, Mieso and Yang, Laurence and Zhang, Yan},
PUBLISHER = {Springer},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/chapter-final.pdf},
ABSTRACT = {Increasingly, systems must have the ability to self-adapt
to meet changes in their execution environment. Unfortunately, existing solutions require human oversight, or are limited in the kinds of systems and the set of quality-of-service concerns they address. Our approach, embodied in a system called Rainbow, uses software architecture models and architectural styles to overcome
existing limitations. It provides an engineering approach and a framework of mechanisms to monitor a target system and its environment, reflect observations into a system's architecture model, detect opportunities for improvements, select a course of action, and effect changes in a closed loop. The framework provides general and reusable infrastructures with well-defined customization points, allowing engineers to systematically customize Rainbow
to particular systems and concerns. },
NOTE = {Springer Link},
KEYWORDS = {Autonomic Systems, Rainbow, Self-adaptation, Self-Repair}
}
@InProceedings{2010/Faulring/Radar,
AUTHOR = {Faulring, Andrew and Myers, Brad and Mohnkern, Ken and Schmerl, Bradley and Steinfeld, Aaron and Zimmerman, John and Smailagic, Asim and Hansen, Jeffery and Siewioreck, Daniel},
TITLE = {Agent-Assisted Task Management that Reduces Email Overhead},
YEAR = {2010},
MONTH = {7-10 February},
BOOKTITLE = {Proceedings of the 14th International Conference on Intelligent User Interfaces},
PAGES = {61-70},
ADDRESS = {Hong Kong, China},
PUBLISHER = {ACM Press},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/radar-iui10.pdf},
ABSTRACT = {RADAR is a multiagent system with a mixed-initiative user
interface designed to help office workers cope with email
overload. RADAR agents observe experts to learn models
of their strategies and then use the models to assist other
people who are working on similar tasks. The agents assistance helps a person to transition from the normal email-centric workflow to a more efficient task-centric workflow.
The Email Classifier learns to identify tasks contained within emails and then inspects new emails for similar tasks. A
novel task-management user interface displays the found
tasks in a to-do list, which has integrated support for performing the tasks. The Multitask Coordination Assistant
learns a model of the order in which experts perform tasks
and then suggests a schedule to other people who are working on similar tasks. A novel Progress Bar displays the suggested schedule of incomplete tasks as well as the completed tasks. A large evaluation demonstrated that novice
users confronted with an email overload test performed
significantly better (a 37% better overall score with a factor
of four fewer errors) when assisted by the RADAR agents.
},
NOTE = {Honorable Mention Award in the Best Paper
Contest. DOI},
KEYWORDS = {RADAR}
}
@Article{Garlan2004,
AUTHOR = {Garlan, David and Cheng, Shang-Wen and Huang, An-Cheng and Schmerl, Bradley and Steenkiste, Peter},
TITLE = {Rainbow: Architecture-Based Self Adaptation with Reusable Infrastructure},
YEAR = {2004},
MONTH = {October},
JOURNAL = {IEEE Computer},
VOLUME = {37},
NUMBER = {10},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/computer04.pdf},
ABSTRACT = {The Rainbow framework uses software architectures and a reusable infrastructure to support self-adaptation of software systems. The use of external adaptation mechanisms allows the explicit specification of adaptation strategies for multiple system concerns.},
KEYWORDS = {Autonomic Systems, Landmark, Rainbow, Self-adaptation}
}
@InProceedings{Cheng:2009:RAIDE/icse,
AUTHOR = {Cheng, Shang-Wen and Garlan, David and Schmerl, Bradley},
TITLE = {RAIDE for Engineering Architecture-Based Self-Adaptive Systems},
YEAR = {2009},
BOOKTITLE = {2009 International Conference on Software Engineering},
ADDRESS = {Vancouver, BC, Canada},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ICSE2009_IRD_0659_Cheng_Shang-Wen.pdf},
ABSTRACT = {Rainbow is an approach for engineering self-adaptive systems, with run-time, closed-loop control over target systems to monitor, detect, decide, and act on opportunities for system improvement. RAIDE enables adaptation engineers to customize the Rainbow framework, simulate adaptation behavior, and deploy Rainbow run-time components.},
KEYWORDS = {Rainbow}
}
@InProceedings{Garlan/2009/SOA,
AUTHOR = {Garlan, David and Carley, Kathleen M. and Schmerl, Bradley and Bigrigg, Michael W. and Celiku, Orieta},
TITLE = {Using Service-Oriented Architectures for Socio-Cultural Analysis},
YEAR = {2009},
MONTH = {1-3 July},
BOOKTITLE = {Proceedings of the 21st International Conference on Software Engineering and Knowledge Engineering (SEKE2009)},
ADDRESS = {Boston, USA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/SORASCS-SEKE09.pdf},
ABSTRACT = {An emergent domain that raises some unique engineering challenges is that of software architectures to convert large bodies of unstructured data to human-usable knowledge, such as in the domain of socio-cultural information analysis. We report on an architecture based on Service-Oriented Architectures that we are applying in this domain. We list the requirements that such an architecture must support, describe our architecture for addressing them, and outline what we believe are the important engineering and research issues that must still be overcome.},
KEYWORDS = {SORASCS, Service Composition, Software Architecture}
}
@InProceedings{Cheng:2009:benchmark/znn:seams,
AUTHOR = {Cheng, Shang-Wen and Garlan, David and Schmerl, Bradley},
TITLE = {Evaluating the Effectiveness of the Rainbow Self-Adaptive System},
YEAR = {2009},
MONTH = {18-19 May},
BOOKTITLE = {ICSE 2009 Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS\'09), Vancouver, BC, Canada},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ICSE2009_SEAMS_2528_Cheng_Shang-Wen.pdf},
ABSTRACT = {Rainbow is a framework for engineering a system with run-time, self-adaptive capabilities to monitor, detect, decide, and act on opportunities for system improvement. We applied Rainbow to a system, Znn.com, and evaluated its effectiveness to self-adapt on three levels: its effectiveness to maintain quality attribute in the face of changing conditions, run-time overheads of adaptation, and the engineering effort to use it to add self-adaptive capabilities to Znn.com. We make Znn.com and the associated evaluation tools available to the community so that other researchers can use it to evaluate their own systems and the community can compare different systems. In this paper, we report on our evaluation experience, reflect on some principles for benchmarking self-adaptive systems, and discuss the suitability of our evaluation tools for this purpose.},
NOTE = {Awarded Most Influential Paper for SEAMS 2009},
KEYWORDS = {Benchmark, Rainbow}
}
@InProceedings{Garlan/2009/ArchEvol,
AUTHOR = {Garlan, David and Barnes, Jeffrey M. and Schmerl, Bradley and Celiku, Orieta},
TITLE = {Evolution Styles: Foundations and Tool Support for Software Architecture Evolution},
YEAR = {2009},
MONTH = {14-17 September},
BOOKTITLE = {Proceedings of the Joint Working IEEE/IFIP Conference on Software Architecture 2009 & European Conference on Software Architecture 2009},
ADDRESS = {Cambridge, UK},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/wicsa-09-camera-web.pdf},
ABSTRACT = {As new market opportunities, technologies, platforms, and frameworks become available, systems require large-scale and systematic architectural restructuring to accommodate them. Todays architects have few tools and techniques to help them plan this architecture evolution. In particular, they have little assistance in planning alternative evolution paths, trading-off various aspects of the different paths, or knowing best practices for particular domains. In this paper we describe an approach for assisting architects in developing and reasoning about architectural evolution paths. The key in-sight of our approach is that, architecturally, many system evolutions follow certain common patterns or evolution styles. We define what we mean by an evolution style, and show how it can be used to provide automated assistance for expressing architectural evolution, and for reasoning about both the correctness and quality of evolution paths.},
KEYWORDS = {Architecture Evolution}
}
@InProceedings{SOAR2009,
AUTHOR = {Raheja, Rahul and Cheng, Shang-Wen and Garlan, David and Schmerl, Bradley},
TITLE = {Improving Architecture-Based Self-Adaptation using Preemption},
YEAR = {2009},
MONTH = {14 September},
BOOKTITLE = {Proceedings of the Workshop on Self-Organizing Architecture},
ADDRESS = {Cambridge, UK},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/SOAR-web.pdf},
ABSTRACT = {One common approach to self-adaptive systems is to incorporate a control layer that monitors a system, supervisorily detects problems, and applies adaptation strategies to fix problems or improve system behavior. While such approaches have been found to be quite effective, they are typically limited to carrying out a single adaptation at a time, delaying other adaptations until the current one finishes. This in turn leads to a problem in which a time-critical adaptation may have to wait for an existing long-running adaptation to complete, thereby missing a window of opportunity for that adaptation. In this paper we improve on existing practice through an approach in which adaptations can be preempted to allow for other time-critical adaptations to be scheduled. Scheduling is based on an algorithm that maximizes time-related utility for a set of concurrently executing adaptations.},
KEYWORDS = {Autonomic Systems, Rainbow, Self-adaptation, Software Architecture, Software Engineering}
}
@Article{RajhansMPM2009,
AUTHOR = {Rajhans, Akshay and Cheng, Shang-Wen and Schmerl, Bradley and Garlan, David and Krogh, Bruce and Agbi, Clarence and Bhave, Ajinkya Y.},
TITLE = {An Architectural Approach to the Design and Analysis of Cyber-Physical Systems},
YEAR = {2009},
JOURNAL = {Electronic Communications of the EASST},
VOLUME = {21: Multi-Paradigm Modeling},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/286-855-1-PB.pdf},
ABSTRACT = {This paper presents an extension of existing software architecture tools to model physical systems, their interconnections, and the interactions between physical and cyber components. A new CPS architectural style is introduced to support the principled design and evaluation of alternative architectures for cyber-physical systems (CPSs). The implementation of the CPS architectural style in AcmeStudio includes behavioral annotations on components and connectors using either ?nite state processes (FSP) or linear hybrid automata (LHA) with plug-ins to perform behavior analysis using the Labeled Transition System Analyzer (LTSA) or Polyhedral Hybrid Automata Veri?er (PHAVer), respectively. The CPS architectural style and analysis plug-ins are illustrated with an example.
},
KEYWORDS = {Cyberphysical Systems}
}
@InProceedings{Bhave/ERTS2010,
AUTHOR = {Bhave, Ajinkya Y. and Garlan, David and Krogh, Bruce and Rajhans, Akshay and Schmerl, Bradley},
TITLE = {Augmenting Software Architectures with Physical Components},
YEAR = {2010},
MONTH = {19-21 May},
BOOKTITLE = {Proceedings of the Embedded Real Time Software and Systems Conference (ERTS^2 2010)},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ERTS2_2010.pdf},
ABSTRACT = {This paper presents an extension of existing software architecture tools to model physical systems, their interconnections, and the interactions between physical and cyber components. We introduce a new cyber-physical system (CPS) architectural style to support the construction of architectural descriptions of complete systems and to serve as the reference context for analysis and evaluation of design alternatives using existing model-based tools. The implementation of the CPS architectural style in AcmeStudio includes behavioral annotations on components and connectors using either finite state processes (FSP) or linear hybrid automata (LHA) with plug-ins to perform behavior analysis. The application of the CPS architectural style is illustrated for the STARMAC quadrotor.},
KEYWORDS = {Cyberphysical Systems}
}
@Misc{2010/Vishal/EUO,
AUTHOR = {Dwivedi, Vishal and Garlan, David and Schmerl, Bradley},
TITLE = {End User Orchestrations},
YEAR = {2010},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/EndUserOrchestrations.pdf},
ABSTRACT = {Service-orchestrations define how services can be composed
together and are widely used to execute applications based on Service Oriented Architectures (SOAs). However, the various special purpose orchestration languages used today require code-level constructs that force the users to provide excessive technical detail. For many SOA domains
end-users of these orchestrations have limited technical expertise, and hence these users find it difficult to specify orchestrations in current languages. Additionally, users specifying orchestrations would often like
to reason about architectural attributes such as performance, security and composability - capabilities that current languages and tools do not support. In this paper we provide an improved technique for modeling orchestrations that allows users to focus primarily on the functional
composition of services that is guided by tool supported domain-specific analyses. We introduce an abstract architectural specification language called SCORE (Simple Compositional ORchestration for End users) that defines the vocabulary of elements that can be used in a service
composition. SCORE not only allows users to create correct service orchestrations, but it also removes the need for technical detail, most of which is auto-generated by tool support. We demonstrate the use of our approach to specify service-orchestrations in SORASCS (Service ORiented Architectures for Socio-Cultural Systems), which is a SOA
system for the intelligence analysis domain. SORASCS users are analysts, who are involved with domain-specific analysis workflows that are represented using SCORE and executed.},
NOTE = {Submitted for publication},
KEYWORDS = {Service Composition, Software Architecture}
}
@InProceedings{Views/Bhave/2010,
AUTHOR = {Bhave, Ajinkya Y. and Krogh, Bruce and Garlan, David and Schmerl, Bradley},
TITLE = {Multi-domain Modeling of Cyber-Physical Systems using Architectural Views},
YEAR = {2010},
MONTH = {30 November},
BOOKTITLE = {Proceedings of the 1st Analytic Virtual Integration of Cyber-Physical Systems Workshop.},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/MMCPSAV.pdf},
ABSTRACT = {Designing cyber-physical systems(CPSs)increasingly requires the use of multi-domain models throughout the development process. Ensuring consistent relationships between various system models is an important part of an integrated design methodology. This paper describes an architectural approach to reasoning about relations between heterogeneous system models. The runtime base architecture of the system is used as a unifying representation to compare the structure and semantics of the associated models. Each model is related to the base architecture through the abstraction of an architectural view, which captures structural and semantic correspondences between model elements and system entities. The use of the architectural view framework to relate system models from different domains is illustrated in the context of a quadrotor air vehicle.},
NOTE = {Co-located with RTSS 2010.},
KEYWORDS = {Architectural Style, Cyberphysical Systems}
}
@InBook{Prediction2008,
AUTHOR = {Poladian, Vahe and Cheng, Shang-Wen and Garlan, David and Schmerl, Bradley},
TITLE = {Improving Architecture-Based Self-Adaption Through Resource Prediction},
YEAR = {2008},
BOOKTITLE = {Software Engineering for Self-Adaptive Systems},
VOLUME = {5525},
EDITOR = {Cheng, Betty H.C. and de Lemos, Rog\'{e}rio and Giese, Holger and Inverardi, Paola and Magee, Jeff},
SERIES = {Lecture Notes in Computer Science},
PUBLISHER = {LNCS},
CHAPTER = {15},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/LNCS-SEfSASChapter-2009-0222-web.pdf},
ABSTRACT = {An increasingly important concern for modern systems design is how best to incorporate self-adaptation into systems so as to improve their ability to dynamically respond to faults, resource variation, and changing user needs. One promising approach is to use architectural models as a basis for monitoring, problem detection, and repair selection. While this approach has been shown to yield positive results, current systems use a reactive approach: they respond to problems only when they occur. In this paper we argue that self-adaptation can be improved by adopting an anticipatory approach in which predictions are used to inform adaptation strategies. We show how such an approach can be incorporated into an architecture-based adaptation framework and demonstrate the benefits of the approach.},
KEYWORDS = {Rainbow, Resource prediction, Self-adaptation}
}
@InProceedings{Schmerl/2011/ICSE,
AUTHOR = {Schmerl, Bradley and Garlan, David and Dwivedi, Vishal and Bigrigg, Michael W. and Carley, Kathleen M.},
TITLE = {SORASCS: A Case Study in SOA-based Platform Design for Socio-Cultural Analysis},
YEAR = {2011},
BOOKTITLE = {Proceedings of the 33rd International Conference on Software Engineering.},
ADDRESS = {Hawaii, USA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/SORASCS-ICSE2011-cr-final.pdf},
ABSTRACT = {An increasingly important class of software-based systems is plat-forms that permit integration of third-party components, services, and tools. Service-Oriented Architecture (SOA) is one such plat-form that has been successful in providing integration and distri-bution in the business domain, and could be effective in other domains (e.g., scientific computing, healthcare, and complex deci-sion making). In this paper, we discuss our application of SOA to provide an integration platform for socio-cultural analysis, a domain that, through models, tries to understand, analyze and predict relationships in large complex social systems. In developing this platform, called SORASCS, we had to overcome issues we believe are generally applicable to any application of SOA within a domain that involves technically nave users and seeks to establish a sustainable software ecosystem based on a common integration platform. We discuss those issues and the lessons learned about the kinds of problems that occur, and pathways toward a solution.},
KEYWORDS = {Architectural Style, SORASCS}
}
@InProceedings{Bhave/CPS/2011,
AUTHOR = {Bhave, Ajinkya Y. and Krogh, Bruce and Garlan, David and Schmerl, Bradley},
TITLE = {View Consistency in Architectures for Cyber-Physical Systems},
YEAR = {2011},
MONTH = {April},
BOOKTITLE = {Proceedings of the 2nd ACM/IEEE International Conference on Cyber-Physical Systems},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ICCPS11_BKGS.pdf},
ABSTRACT = {Current methods for modeling, analysis, and design
of cyber-physical systems lack a unifying framework due to the
complexity and heterogeneity of the constituent elements and
their interactions. Our approach is to define relationships between
system models at the architectural level, which captures the
structural interdependencies and some semantic interdependencies
between representations without attempting to comprehend
all of the details of any particular modeling formalism. This
paper addresses the issue of defining and evaluating consistency
between architectural views imposed by various heterogeneous
models and a base architecture (BA) for the complete system. This
notion of structural consistency ensures that the model elements
adhere to the cyber and physical types and the connections
between components present in the BA, which serves as the
unifying framework for model-based development. Consistency
checking between a model and the underlying system architecture
is formulated as a typed graph matching problem between
the connectivity graphs of the corresponding architectural view
and the systems BA. The usefulness of the approach to check
system modeling assumptions is illustrated in the context of two
heterogeneous views of a quadrotor air vehicle.},
KEYWORDS = {Architecture View Consistency, Cyberphysical Systems}
}
@InProceedings{Velasco/Mismatch/2013,
AUTHOR = {Velasco Elizondo, Perla and Dwivedi, Vishal and Garlan, David and Schmerl, Bradley and Maria Fernandes, Jose},
TITLE = {Resolving Data Mismatches in End-User Compositions},
YEAR = {2013},
MONTH = {10-13 June},
BOOKTITLE = {Proceedings of the 4th International Symposium on End-User Development},
ADDRESS = {IT University of Copenhagen, Denmark},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/resolvingDataMismatchesVelasco_Mismatch_2013.pdf},
ABSTRACT = {Many domains such as scientific computing and neuroscience require
end users to compose heterogeneous computational entities to automate their professional
tasks. However, an issue that frequently hampers such composition is
data-mismatches between computational entities. Although, many composition
frameworks today provide support for data mismatch resolution through specialpurpose
data converters, end users still have to put significant effort in dealing
with data mismatches, e.g., identifying the available converters and determining
which of them meet their QoS expectations. In this paper we present an approach
that eliminates this effort by automating the detection and resolution of data mismatches.
Specifically, it uses architectural abstractions to automatically detect
different types of data mismatches, model-generation techniques to fix those mismatches,
and utility theory to decide the best fix based on QoS constraints. We
illustrate our approach in the neuroscience domain where data-mismatches can
be fixed in an efficient manner on the order of few seconds.},
KEYWORDS = {End-user Architecture, SORASCS}
}
@Unpublished{Garlan/SWiFT/2011,
AUTHOR = {Garlan, David and Schmerl, Bradley and Dwivedi, Vishal and Banerjee, Aparup and Glendenning, Laura and Nakayama, Mai and Patel, Nina},
TITLE = {SWiFT: A Tool for Constructing Workflows for Dynamic Network Analysis},
YEAR = {2011},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/Paper.pdf},
ABSTRACT = {AbstractDynamic Network Analysis is a domain of computation
that refers to the analysis of complex social systems that change
over time. Within this domain, analysts need to be able to carry
out workflows, involving composition of various tools and procedures
that they use to extract and analyze social systems. Typically
these workflows require the incorporation of heterogeneous
tools in distributed locations, are interactive in that they allow
dynamic parameterization and exploration, and can be shared
with and reused by other analysts in different contexts. Furthermore,
because such analysts are not computer programmers,
they require an approach for constructing workflows that allows
them to focus on their analysis task, and that provides them with
appropriate guidance in constructing and reusing workflows. In
this paper, we describe a tool, called SWiFT, that provides a
workflow construction environment for dynamic network analysis,
built on a service oriented architecture, that provides these
features.},
NOTE = {http://acme.able.cs.cmu.edu/pubs/show.php?id=333},
KEYWORDS = {Service Composition, SORASCS}
}
@InProceedings{Garlan/EUA/2012,
AUTHOR = {Garlan, David and Dwivedi, Vishal and Ruchkin, Ivan and Schmerl, Bradley},
TITLE = {Foundations and Tools for End-User Architecting},
YEAR = {2012},
BOOKTITLE = {Large-Scale Complex IT Systems. Development, Operation and Management, 17th Monterey Workshop 2012, Oxford, UK, March 19-21, 2012},
VOLUME = {7539},
PAGES = {157-182},
EDITOR = {Garlan, David and Calinescu, Radu},
SERIES = {Lecture Notes in Computer Science},
PUBLISHER = {Springer},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/EUA-LNCS.pdf},
ABSTRACT = {Within an increasing number of domains an important emerging need
is the ability for technically naive users to compose computational elements into
novel configurations. Examples include astronomers who create new analysis
pipelines to process telescopic data, intelligence analysts who must process diverse
sources of unstructured text to discover socio-technical trends, and medical
researchers who have to process brain image data in new ways to understand
disease pathways. Creating such compositions today typically requires low-level
technical expertise, limiting the use of computational methods and increasing the
cost of using them. In this paper we describe an approach -- which we term
end-user architecting -- that exploits the similarity between such compositional
activities and those of software architects. Drawing on the rich heritage of software
architecture languages, methods, and tools, we show how those techniques
can be adapted to support end users in composing rich computational systems
through domain-specific compositional paradigms and component repositories,
without requiring that they have knowledge of the low-level implementation details
of the components or the compositional infrastructure. Further, we outline a
set of open research challenges that the area of end-user architecting raises.},
NOTE = {Book Reference: http://www.springer.com/computer/swe/book/978-3-64234058-1},
KEYWORDS = {End-user Architecture, Landmark, Service Composition, SORASCS}
}
@InProceedings{Casonova/2011/ARFD,
AUTHOR = {Casanova, Paulo and Schmerl, Bradley and Garlan, David and Abreu, Rui},
TITLE = {Architecture-based Run-time Fault Diagnosis},
YEAR = {2011},
MONTH = {13-16 September},
BOOKTITLE = {Proceedings of the 5th European Conference on Software Architecture},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ecsa2011-abrtfd.pdf},
ABSTRACT = {An important step in achieving robustness to run-time faults is the ability
to detect and repair problems when they arise in a running system. Effective
fault detection and repair could be greatly enhanced by run-time fault diagnosis
and localization, since it would allow the repair mechanisms to focus adaptation
effort on the parts most in need of attention. In this paper we describe
an approach to run-time fault diagnosis that combines architectural models with
spectrum-based reasoning for multiple fault localization. Spectrum-based reasoning
is a lightweight technique that takes a form of trace abstraction and produces
a list (ordered by probability) of likely fault candidates. We show how this technique
can be combined with architectural models to support run-time diagnosis
that can (a) scale to modern distributed software systems; (b) accommodate the
use of black-box components and proprietary infrastructure for which one has
neither a specification nor source code; and (c) handle inherent uncertainty about
the probable cause of a problem even in the face of transient faults and faults that
arise only when certain combinations of system components interact.},
KEYWORDS = {Rainbow, Self-adaptation}
}
@InProceedings{2011:Dwivedi:SCORE,
AUTHOR = {Dwivedi, Vishal and Velasco Elizondo, Perla and Maria Fernandes, Jose and Garlan, David and Schmerl, Bradley},
TITLE = {An Architectural Approach to End User Orchestrations},
YEAR = {2011},
MONTH = {13-16 September},
BOOKTITLE = {Proceedings of the 5th European Conference on Software Architecture},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ECSA-EndUserOrchestrations.pdf},
ABSTRACT = {Computations are pervasive across many domains, where end users have to compose various heterogeneous computational entities to perform professional activities. Service-Oriented Architecture (SOA) is a widely used mechanism that can support such forms of compositions as it allows heterogeneous systems to be wrapped as services that can then be combined with each other. However, current SOA orchestration languages require writing scripts that are typically too low-level for end users to write, being targeted at professional programmers and business analysts. To address this problem, this paper proposes an approach based on an architectural-style for service orchestration using an end user specification style called SCORE. SCORE uses high-level constructs that can be tailored for different domains and automatically translated into executable constructs by tool support. We demonstrate the usefulness of SCORE across two domains dynamic network analysis and neuroscience, where users are intelligence analysts and scientists respectively. They can use an architectural style based vocabulary as a basis of their domain-specific},
KEYWORDS = {Architectural Style, Service Composition, Software Architecture, SORASCS}
}
@Article{Barnes/AEVol/2012,
AUTHOR = {Barnes, Jeffrey M. and Garlan, David and Schmerl, Bradley},
TITLE = {Evolution styles: foundations and models for software architecture evolution},
YEAR = {2014},
MONTH = {May},
JOURNAL = {Journal of Software and Systems Modeling},
VOLUME = {13},
NUMBER = {2},
PAGES = {649-678},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/sosym.pdf},
ABSTRACT = {As new market opportunities, technologies, platforms, and frameworks become available, systems require large-scale and systematic architectural restructuring to accommodate them. Todays architects have few techniques to help them plan this architecture evolution. In particular, they have little assistance in planning alternative evolution paths, trading off various aspects of the different paths, or knowing best practices for particular domains. In this paper we describe an approach for planning and reasoning about architecture evolution. Our approach focuses on providing architects with the means to model prospective evolution paths and supporting analysis to select among these candidate paths. To demonstrate the usefulness of our approach, we show how it can be applied to an actual architecture evolution. In addition, we present some theoretical results about our evolution path constraint specification language.},
NOTE = {DOI 10.1007/s10270-012-0301-9},
KEYWORDS = {Architecture Evolution, Landmark}
}
@Article{2012:Cheng:Stitch,
AUTHOR = {Cheng, Shang-Wen and Garlan, David},
TITLE = {Stitch: A Language for Architecture-Based Self-Adaptation},
YEAR = {2012},
MONTH = {December},
JOURNAL = {Journal of Systems and Software, Special Issue on State of the Art in Self-Adaptive Systems},
VOLUME = {85},
NUMBER = {12},
EDITOR = {Weyns, Danny and Andersson, Jesper and Malek, Sam and Schmerl, Bradley},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/JSS-S-11-00544.pdf},
ABSTRACT = {Requirements for high availability in computing systems today demand that
systems be self-adaptive to maintain expected qualities-of-service in the presence
of system faults, variable environmental conditions, and changing user
requirements. Autonomic computing tackles the challenge of automating
tasks that humans would otherwise have to perform to achieve this goal.
However, existing approaches to autonomic computing lack the ability to
capture routine human repair tasks in a way that takes into account the
business context that humans use in selecting an appropriate form of adaptation,
while dealing with timing delays and uncertainties in outcome of
repair actions. In this article, we present Stitch, a language for representing
repair strategies within the context of an architecture-based self-adaptation
framework. Stitch supports the explicit representation of repair decision
trees together with the ability to express business objectives, allowing a
self-adaptive system to select a strategy that has optimal utility in a given
context, even},
NOTE = {http://dx.doi.org/10.1016/j.jss.2012.02.060
},
KEYWORDS = {Landmark, Rainbow, Self-adaptation, Self-Repair, Stitch}
}
@InBook{Weyns/Schmerl/2012,
AUTHOR = {Weyns, Danny and Schmerl, Bradley and Grassi, Vincenzo and Malek, Sam and Mirandola, Raffaela and Prehofer, Christian and Wuttke, Jochen and Andersson, Jesper and Giese, Holger and Goeschka, Karl},
TITLE = {On Patterns for Decentralized Control in
Self-Adaptive Systems},
YEAR = {2012},
BOOKTITLE = {Software Engineering for Self-Adaptive Systems II},
VOLUME = {7475},
EDITOR = {de Lemos, Rog\'{e}rio and Giese, Holger and Muller, Hausi and Shaw, Mary},
SERIES = { LNCS },
PUBLISHER = {Springer},
ABSTRACT = {Self-adaptive systems have the ability to adapt themselves to changes in the environment and internal dynamics to achieve particular goals. Self-adaptation is typically realized using control loops. When systems are large, complex, and heterogeneous, a single control loop may not be sufficient. Given the central role control loops play in the way we conceptualize, design, and implement self-adaptive systems, their patterns of interaction should be made explicit to foster comprehension and analysability, and to serve as the basis for developing guidelines and documenting common design choices for engineers. Because of the diversity of ways that existing self-adaptive systems organize the various self-adaptation activities, it is timely to reflect on these systems to: (a) consolidate the knowledge in this area, and (b) to develop a systematic approach for describing different control schema. In this paper, we contribute with a simple notation for describing control schema with multiple control loops, which we believe helps in achieving (b), and we use this notation to describe a number of existing self-adaptation patterns, to begin to fulfill (a). From our study, we outline numerous remaining research challenges and future work in this area.},
KEYWORDS = {Coordination, Self-adaptation}
}
@InProceedings{2013:Camara/Correia,
AUTHOR = {C\'{a}mara, Javier and Correia, Pedro and de Lemos, Rog\'{e}rio and Garlan, David and Gomes, Pedro and Schmerl, Bradley and Ventura, Rafael},
TITLE = {Evolving an Adaptive Industrial Software System to Use Architecture-based Self-Adaptation},
YEAR = {2013},
MONTH = {20-21 May},
BOOKTITLE = {Proceedings of the 8th International Symposium on Software Engineering for Adaptive and Self-Managing Systems},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/eaisabsa.pdf},
ABSTRACT = {Although architecture-based self-adaptation has
been widely used, there is still little understanding about
the validity and tradeoffs of incorporating it into real-world software-intensive systems which already feature built-in adaptation mechanisms. In this paper, we report on our experience in integrating Rainbow, a platform for architecture-based self-adaptation, and an industrial middleware employed to monitor and manage highly populated networks of devices. Concretely, we reflect on aspects such as the effort required for framework customization and legacy code refactoring, performance improvement, and the impact of architecture-based self-adaptation on system evolution.},
KEYWORDS = {Rainbow}
}
@InProceedings{2013:Casanova/Garlan,
AUTHOR = {Casanova, Paulo and Garlan, David and Schmerl, Bradley and Abreu, Rui},
TITLE = {Diagnosing architectural run-time failures},
YEAR = {2013},
MONTH = {20-21 May},
BOOKTITLE = {Proceedings of the 8th International Symposium on Software Engineering for Adaptive and Self-Managing Systems},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/darf.pdf},
ABSTRACT = {Self-diagnosis is a fundamental capability of self-adaptive
systems. In order to recover from faults, systems need
to know which part is responsible for the incorrect behavior. In
previous work we showed how to apply a design-time diagnosis
technique at run time to identify faults at the architectural level
of a system. Our contributions address three major shortcomings
of our previous work: 1) we present an expressive, hierarchical
language to describe system behavior that can be used to
diagnose when a system is behaving different to expectation; the
hierarchical language facilitates mapping low level system events
to architecture level events; 2) we provide an automatic way to
determine how much data to collect before an accurate diagnosis
can be produced; and 3) we develop a technique that allows the
detection of correlated faults between components. Our results
are validated experimentally by injecting several failures into a
system and accurately diagnosing them using our algorithm.},
NOTE = {Received SEAMS 2013 Best Paper Award},
KEYWORDS = {Diagnosis, Self-adaptation}
}
@InProceedings{Yuan/2013/ABSS,
AUTHOR = {Yuan, Eric and Malek, Sam and Schmerl, Bradley and Garlan, David and Gennari, Jeffrey},
TITLE = {Architecture-Based Self-Protecting Software Systems},
YEAR = {2013},
MONTH = {17-21 June},
BOOKTITLE = {Proceedings of the Ninth International ACM Sigsoft Conference on the Quality of Software Architectures (QoSA 2013)},
PAGES = {33-42},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/p33-yuan.pdf},
ABSTRACT = {Since conventional software security approaches are often manually developed and statically deployed, they are no longer sufficient against today's sophisticated and evolving cyber security threats. This has motivated the development of self-protecting software that is capable of detecting security threats and mitigating them through runtime adaptation techniques. In this paper, we argue for an architecture-based self- protection (ABSP) approach to address this challenge. In ABSP, detection and mitigation of security threats are informed by an architectural representation of the running system, maintained at runtime. With this approach, it is possible to reason about the impact of a potential security breach on the system, assess the overall security posture of the system, and achieve defense in depth. To illustrate the effectiveness of this approach, we present several architecture adaptation patterns that provide reusable detection and mitigation strategies against well-known web application security threats. Finally, we describe our ongoing work in realizing these patterns on top of Rainbow, an existing architecture-based adaptation framework.},
NOTE = {DOI: 10.1145/2465478.2465479},
KEYWORDS = {Rainbow, Science of Security, Self-adaptation}
}
@Article{Rajhans/TAC/2013,
AUTHOR = {Rajhans, Akshay and Bhave, Ajinkya Y. and Ruchkin, Ivan and Krogh, Bruce and Garlan, David and Platzer, Andre and Schmerl, Bradley},
TITLE = {Supporting Heterogeneity in Cyber-Physical Systems Architectures},
YEAR = {2014},
MONTH = {December},
JOURNAL = {IEEE Transactions on Automatic Control},
VOLUME = {59},
NUMBER = {12},
PAGES = {3178--3193},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/TAS-Dec-2014.pdf},
ABSTRACT = {Cyber-physical systems (CPS) are heterogeneous, because
they tightly couple computation, communication and control along with
physical dynamics, which are traditionally considered separately. Without
a comprehensive modeling formalism, model-based development of CPS
involves using a multitude of models in a variety of formalisms that
capture various aspects of the system design, such as software design,
networking design, physical models, and protocol design. Without a
rigorous unifying framework, system integration and integration of the
analysis results for various models remains ad hoc. In this paper, we
propose a multi-view architecture framework that treats models as views
of the underlying system structure and uses structural and semantic
mappings to ensure consistency and enable system-level veri?cation
from that of the models in a hierarchical and compositional manner.
Throughout the paper, the theoretical concepts are illustrated using two
examples, an automotive intersection collision avoidance system and a
quadrotor.},
NOTE = {Also available at http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6882828},
KEYWORDS = {Cyberphysical Systems, Landmark}
}
@TechReport{2013:Casanova/Samsung,
AUTHOR = {Casanova, Paulo and Schmerl, Bradley and Garlan, David and Abreu, Rui and Ahn, Jungsik},
TITLE = {Applying Autonomic Diagnosis at Samsung Electronics},
YEAR = {2013},
MONTH = {September},
NUMBER = {CMU-ISR-13-111},
INSTITUTION = {Institute for Software Research, Carnegie Mellon University},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/cmu-isr-13-111.pdf},
ABSTRACT = {An increasingly essential aspect of many critical software
systems is the ability to quickly diagnose and locate
faults so that appropriate corrective measures can
be taken. Large, complex software systems fail unpredictably
and pinpointing the source of the failure is a
challenging task. In this paper we explore how our recently
developed technique for automatic diagnosis performs
in the automatic detection of failures and fault localization
in a critical manufacturing control system of
Samsung Electronics, where failures can result in large
financial and schedule losses. We show how our approach
can scale to such systems to diagnose intermittent
faults, connectivity problems, protocol violations,
and timing failures. We propose a set of measures of
accuracy and performance that can be used to evaluate
run-time diagnosis. We present lessons learned from this
work including how instrumentation limitations may impair
diagnosis accuracy: without overcoming these, there
is a limit to the kinds of faults that can be detected.},
KEYWORDS = {Autonomic Systems, Diagnosis}
}
@InCollection{Lemos13,
AUTHOR = {de Lemos, Rog\'{e}rio and Giese, Holger and Muller, Hausi A. and Shaw, Mary and Andersson, Jesper and Baresi, Luciano and Becker, Basil and Bencomo, Nelly and Brun, Yuriy and Cukic, Bojan and Desmarais, Ron and Dustdar, Schahram and Engels, Gregor and Geihs, Kurt and Goeschka, Karl M. and Gorla, Alessandra and Grassi, Vincenzo and Inverardi, Paola and Karsai, Gabor and Kramer, Jeff and Litoiu, Marin and Lopes, Ant\'{o}nia and Magee, Jeff and Malek, Sam and Mankovskii, Serge and Mirandola, Raffaela and Mylopoulos, John and Nierstrasz, Oscar and Pezz, Mauro and Prehofer, Christian and Schafer, Wilhelm and Schlichting, Rick and Schmerl, Bradley and Smith, Dennis B. and Sousa, Jo\~{a}o and Tamura, Gabriel and Tahvildari, Ladan and Villegas, Norha M. and Vogel, Thomas and Weyns, Danny and Wong, Kenny and Wuttke, Jochen},
TITLE = {Software engineering for self-adaptive systems: A second research roadmap},
YEAR = {2013},
BOOKTITLE = {Software Engineering for Self-Adaptive Systems II},
VOLUME = {7475},
PAGES = {1--32},
EDITOR = {de Lemos, Rog\'{e}rio and Giese, Holger and Muller, Hausi A. and Shaw, Mary},
PUBLISHER = {Springer-Verlag},
ABSTRACT = {The goal of this roadmap paper is to summarize the state-of-the-art and identify research challenges when developing, deploying and managing self-adaptive software systems. Instead of dealing with a wide range of topics associated with the field, we focus on four essential topics of self-adaptation: design space for self-adaptive solutions, software engineering processes for self-adaptive systems, from centralized to decentralized control, and practical run-time verification & validation for self-adaptive systems. For each topic, we present an overview, suggest future directions, and focus on selected challenges. This paper complements and extends a previous roadmap on software engineering for self-adaptive systems published in 2009 covering a different set of topics, and reflecting in part on the previous paper. This roadmap is one of the many results of the Dagstuhl Seminar 10431 on Software Engineering for Self-Adaptive Systems, which took place in October 2010.},
KEYWORDS = {Self-adaptation}
}
@TechReport{ruchkin_architectural_2014,
AUTHOR = {Ruchkin, Ivan and Dwivedi, Vishal and Garlan, David and Schmerl, Bradley},
TITLE = {Architectural Modeling of Ozone Widget Framework End-User Compositions},
YEAR = {2014},
MONTH = {June},
NUMBER = {CMU-ISR-14-108},
ADDRESS = {Pittsburgh, PA},
TYPE = {Technical Report},
INSTITUTION = {Institute for Software Research, Carnegie Mellon University},
URL = {http://reports-archive.adm.cs.cmu.edu/anon/isr2014/abstracts/14-108.html},
ABSTRACT = {Ozone Widget Framework (OWF) is an event-based web platform for lightweight integration of widget applications. This technical report presents a formal model of OWFs widget composition mechanism. First, we present a detailed description of Ozones end user composition mechanism. Then, we describe our architectural modeling approach and its value for analysis of OWF widget compositions. We go through the process of creating an architectural style to represent assemblies of Ozone widgets, reviewing modeling decision points and style alternatives.}
}
@InProceedings{2014/Schmerl/ABSP-DoS,
AUTHOR = {Schmerl, Bradley and C\'{a}mara, Javier and Gennari, Jeffrey and Garlan, David and Casanova, Paulo and Moreno, Gabriel A. and Glazier, Thomas J. and Barnes, Jeffrey M.},
TITLE = {Architecture-Based Self-Protection: Composing and Reasoning about Denial-of-Service Mitigations},
YEAR = {2014},
MONTH = {8-9 April},
BOOKTITLE = {HotSoS 2014: 2014 Symposium and Bootcamp on the Science of Security},
ADDRESS = {Raleigh, NC, USA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/absp-dos2014_Schmerl_ABSP-DoS.pdf},
ABSTRACT = {Security features are often hardwired into software
applications, making it diffi�cult to adapt security responses to
reflect changes in runtime context and new attacks. In prior
work, we proposed the idea of architecture-based self-protection
as a way of separating adaptation logic from application logic
and providing a global perspective for reasoning about security
adaptations in the context of other business goals. In this paper,
we present an approach, based on this idea, for combating denial-of-
service (DoS) attacks. Our approach allows DoS-related tactics
to be composed into more sophisticated mitigation strategies
that encapsulate possible responses to a security problem. Then,
utility-based reasoning can be used to consider diff�erent business
contexts and qualities. We describe how this approach forms the
underpinnings of a scientific approach to self-protection, allowing
us to reason about how to make the best choice of mitigation
at runtime. Moreover, we also show how formal analysis can
be used to determine whether the mitigations cover the range
of conditions the system is likely to encounter, and the e�ffect of
mitigations on other quality attributes of the system. We evaluate
the approach using the Rainbow self-adaptive framework and
show how Rainbow chooses DoS mitigation tactics that are
sensitive to diff�erent business contexts.},
KEYWORDS = {Assurance, Autonomic Systems, Landmark, Model Checking, Rainbow, Science of Security, Self-adaptation, Stitch}
}
@InProceedings{2014/Dwivedi/Mutlifidelity,
AUTHOR = {Dwivedi, Vishal and Garlan, David and Pfeffer, J\"{u}rgen and Schmerl, Bradley},
TITLE = {Model-based Assistance for Making Time/Fidelity Trade-offs in Component Compositions},
YEAR = {2014},
MONTH = {7-9 April},
BOOKTITLE = {11th International Conference on Information Technology : New Generations (ITNG 2014), Special track on: MDCBSE: Model-Driven, Component-Based Software Engineering},
ADDRESS = {Las Vegas, NV},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ITNGpaper.pdf},
ABSTRACT = {In many scientific fields, simulations and analyses
require compositions of computational entities such as web services,
programs, and applications. In such fields, users may
want various trade-offs between different qualities. Examples
include: (i) performing a quick approximation vs. an accurate, but
slower, experiment, (ii) using local slower execution environments
vs. remote, but advanced, computing facilities, (iii) using quicker
approximation algorithms vs. computationally expensive algorithms
with smaller data. However, such trade-offs are difficult
to make as many such decisions today are either (a) wired into
a fixed configuration and cannot be changed, or (b) require
detailed systems knowledge and experimentation to determine
what configuration to use. In this paper we propose an approach
that uses architectural models coupled with automated design
space generation for making fidelity and timeliness trade-offs. We
illustrate this approach through an example in the intelligence
analysis domain.},
KEYWORDS = {Acme, End-user Architecture, Model Checking, Mult-fidelity Applications, Resource Aware Computing}
}
@InProceedings{2013/Casanova/Unobserved,
AUTHOR = {Casanova, Paulo and Garlan, David and Schmerl, Bradley and Abreu, Rui},
TITLE = {Diagnosing Unobserved Components in Self-Adaptive Systems},
YEAR = {2014},
MONTH = {2-3 June},
BOOKTITLE = {9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems},
ADDRESS = {Hyderabad, India},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/unobserved2013_Casanova_Unobserved.pdf},
ABSTRACT = {Availability is an increasingly important quality for today's
software-based systems and it has been successfully addressed
by the use of closed-loop control systems in self-adaptive systems.
Probes are inserted into a running system to obtain
information and the information is fed to a controller that,
through provided interfaces, acts on the system to alter its
behavior. When a failure is detected, pinpointing the source
of the failure is a critical step for a repair action. However,
information obtained from a running system is commonly
incomplete due to probing costs or unavailability of probes.
In this paper we address the problem of fault localization
in the presence of incomplete system monitoring. We may
not be able to directly observe a component but we may be
able to infer its health state. We provide formal criteria to
determine when health states of unobservable components
can be inferred and establish formal theoretical bounds for
accuracy when using any spectrum-based fault localization
algorithm.},
KEYWORDS = {Diagnosis, Self-adaptation}
}
@TechReport{Cataldo:2013/SBE,
AUTHOR = {Cataldo, Marcelo and Garlan, David and Herbsleb, James and McConahy, Amber Lynn and Park, Young-Suk Ahn and Schmerl, Bradley},
TITLE = {Software Platforms for Smart Building Ecosystems: Understanding the Key Architectural Capabilities and Trade-offs},
YEAR = {2013},
NUMBER = {CMU-ISR-13-104},
INSTITUTION = {Institute for Software Research, Carnegie Mellon University},
KEYWORDS = {Software Architecture}
}
@Article{Camara:2016:50,
AUTHOR = {C\'{a}mara, Javier and Lopes, Ant\'{o}nia and Garlan, David and Schmerl, Bradley},
TITLE = {Adaptation impact and environment models for architecture-based self-adaptive systems},
YEAR = {2016},
JOURNAL = {Science of Computer Programming, Special issue of the 11th International Symposium on Formal Aspects of Component Software },
VOLUME = {127},
PAGES = {50-75},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/LGC-IMCamara_2016_50.pdf},
ABSTRACT = {Self-adaptive systems have the ability to adapt their behavior to dynamic operating conditions. In reaction to changes in the environment, these systems determine the appropriate corrective actions based in part on information about which action will have the best impact on the system. Existing models used to describe the impact of adaptations are either unable to capture the underlying uncertainty and variability of such dynamic environments, or are not compositional and described at a level of abstraction too low to scale in terms of specification effort required for non-trivial systems. In this paper, we address these shortcomings by describing an approach to the specification of impact models based on architectural system descriptions, which at the same time allows us to represent both variability and uncertainty in the outcome of adaptations, hence improving the selection of the best corrective action. The core of our approach is a language equipped with a formal semantics defined in terms of Discrete Time Markov Chains that enables us to describe both the impact of adaptation tactics, as well as the assumptions about the environment. To validate our approach, we show how employing our language can improve the accuracy of predictions used for decision-making in the Rainbow framework for architecture-based self-adaptation.},
NOTE = {doi:10.1016/j.scico.2015.12.006},
KEYWORDS = {Self-adaptation, uncertainty}
}
@InProceedings{Camara/FACS2014,
AUTHOR = {C\'{a}mara, Javier and Lopes, Ant\'{o}nia and Garlan, David and Schmerl, Bradley},
TITLE = {Impact Models for Architecture-Based Self-Adaptive Systems},
YEAR = {2014},
MONTH = {10-12 September},
BOOKTITLE = {Proceedings of the 11th International Symposium on Formal Aspects of Component Software (FACS2014)},
ADDRESS = {Bertinoro, Italy},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/LGC-IM-submitted.pdf},
ABSTRACT = {Self-adaptive systems have the ability to adapt their behavior to dynamic operation conditions. In reaction to changes in the environment, these systems determine the appropriate corrective actions based in part on information
about which action will have the best impact on the system. Existing models used to describe the impact of adaptations are either unable to capture the underlying uncertainty and variability of such dynamic environments, or are not compositional and described at a level of abstraction too low to scale in terms of specification effort required for non-trivial systems. In this paper, we address these
shortcomings by describing an approach to the specification of impact models based on architectural system descriptions, which at the same time allows us to represent both variability and uncertainty in the outcome of adaptations, hence improving the selection of the best corrective action. The core of our approach is an impact model language equipped with a formal semantics defined in terms
of Discrete Time Markov Chains. To validate our approach, we show how employing our language can improve the accuracy of predictions used for decision-making in the Rainbow framework for architecture-based self-adaptation.},
KEYWORDS = {Autonomic Systems, Benchmark, Rainbow, Self-adaptation, Self-awareness & Adaptation, Stitch}
}
@TechReport{Schmerl/MTD/2014,
AUTHOR = {Schmerl, Bradley and C\'{a}mara, Javier and Moreno, Gabriel A. and Garlan, David and Mellinger, Andrew},
TITLE = {Architecture-Based Self-Adaptation for Moving Target Defense},
YEAR = {2014},
NUMBER = {CMU-ISR-14-109},
INSTITUTION = {Institute for Software Research, Carnegie Mellon University},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/CMU-ISR-14-109.pdf},
ABSTRACT = {The fundamental premise behind Moving Target Defense (MTD) is to create a dynamic and shifting system that is more difficult to attack than a static system because a constantly changing attack surface at least reduces the chance of an attacker finding and exploiting the weakness. However, MTD approaches are
typically chosen without regard to other qualities of the system, such as performance or cost. This report explores the use of self-adaptive systems, in particular those based on the architecture of the running system. A systems software architecture can be used to trade off different quality dimensions of the system. In particular, this report describes the first steps in reasoning formally about MTD approaches, and elevating this reasoning to an architectural level, along three thrusts: (1) creating an initial catalog of MTD tactics that can be used at the architectural level, along with the impacts on security and other quality concerns, (2) using this information to inform proactive self-adaptation that uses predictions of tactic duration to improve the self-adaptation, and (3) using stochastic multiplayer games to verify the the behavior of a variety of MTD scenarios, from uninformed to predictive-reactive. This work is applied in the context of the Rainbow self-adaptive framework.},
KEYWORDS = {Rainbow, Science of Security, Self-adaptation, Software Architecture}
}
@Book{Schmerl:MASA:2016,
TITLE = {Managing Trade-offs in Adaptable Software Architectures},
YEAR = {2016},
MONTH = {August},
EDITOR = {Mistrik, Ivan and Ali, Nour and Grundy, John and Schmerl, Bradley},
PUBLISHER = {Morgan Kaufmann},
KEYWORDS = {Self-adaptation, Software Architecture}
}
@InProceedings{Camara2015DADS,
AUTHOR = {C\'{a}mara, Javier and Garlan, David and Schmerl, Bradley and Pandey, Ashutosh},
TITLE = {Optimal Planning for Architecture-Based Self-Adaptation via Model Checking of Stochastic Games},
YEAR = {2015},
MONTH = {13-17 April},
BOOKTITLE = {Proceedings of the 10th DADS Track of the 30th ACM Symposium on Applied Computing},
ADDRESS = {Salamanca, Spain},
ABSTRACT = {Architecture-based approaches to self-adaptation rely on architectural descriptions to reason about the best way of adapting the structure and behavior of software-intensive systems at run time, either by choosing among a set of predefined adaptation strategies, or by automatically generating adaptation plans. Predefined strategy selection has allow computational overhead and facilitates dealing with uncertainty (e.g., by accounting explicitly for contingencies derived from unexpected outcomes of actions), but requires additional designer effort regarding the specification of strategies and is unable to guarantee optimal solutions. In contrast, run time plan generation is able to explore a richer
solution space and provide optimal solutions in some cases,
but is more limited when dealing with uncertainty, and incurs higher computational overheads. In this paper, we
propose an approach to optimal adaptation plan generation for architecture-based self-adaptation via model checking of stochastic multiplayer games (SMGs). Our approach
enables: (i) trade-off analysis among different qualities by means of utility functions and preferences, and (ii) explicit modeling of uncertainty in the outcome of adaptation actions and the behavior of the environment. Basing on the concepts embodied in the Rainbow framework for self-adaptation, we illustrate our approach in Znn.com, a case study
that reproduces the infrastructure for a news website.},
KEYWORDS = {Assurance, Model Checking, Planning, Self-adaptation, Stochastic Games}
}
@Article{Camara/ISS/2015,
AUTHOR = {C\'{a}mara, Javier and Correia, Pedro and de Lemos, Rog\'{e}rio and Garlan, David and Gomes, Pedro and Schmerl, Bradley and Ventura, Rafael},
TITLE = {Incorporating Architecture-Based Self-Adaptation into an Adaptive Industrial Software System},
YEAR = {2015},
JOURNAL = {Journal of Systems and Software},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ABSA-DCASc.pdf},
ABSTRACT = {Complex software-intensive systems are increasingly relied upon for all kinds
of activities in society, leading to the requirement that these systems should be
resilient to changes that may occur to the system, its environment, or its goals.
Traditionally, resilience has been achieved either through: (i) low-level mechanisms embedded in the implementation (e.g., exception handling, timeouts,
redundancies), which are unable to detect subtle but important anomalies (e.g.,
progressive performance degradation); or (ii) human oversight, which is costly
and unreliable. Architecture-based self-adaptation (ABSA) is regarded as a
promising approach to improve the resilience and reduce the development/operation costs of such systems. Although researchers have illustrated the benefits
of ABSA through a number of small-scale case studies, it remains to be seen whether ABSA is truly effective in handling changes at run-time in industrial-scale systems. In this paper, we report on our experience applying an ABSA
framework (Rainbow) to a large-scale commercial software system, called Data
Acquisition and Control Service (DCAS), which is used to monitor and manage
highly populated networks of devices in renewable energy production plants. In the approach followed, we have replaced some of the existing adaptive mechanisms embedded in DCAS by those advocated by ABSA proponents. This has
allowed us to assess the development costs associated with the reengineering
of adaptive mechanisms when using an ABSA solution, and to make effective
comparisons, in terms of operational performance, between a baseline industrial system and one that uses ABSA. Our results show that using the ABSA
concepts as embodied in Rainbow enabled an independent team of developers
to: (i) effectively implement the adaptation behavior required from such industrial systems; and (ii) obtain important benefits in terms of maintainability and extensibility of adaptation mechanisms.},
NOTE = {Available on-line http://dx.doi.org/10.1016/j.jss.2015.09.021},
KEYWORDS = {Rainbow, Self-adaptation, Software Engineering}
}
@InProceedings{Ruchkin:2015:AAHP,
AUTHOR = {Ruchkin, Ivan and Schmerl, Bradley and Garlan, David},
TITLE = {Architectural Abstractions for Hybrid Programs},
YEAR = {2015},
MONTH = {4-8 May},
BOOKTITLE = {Proceedings of the 18th International ACM Sigsoft Symposium on Component-Based Software Engineering (CBSE 2015)},
ADDRESS = {Montreal, QC, Canada},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/AAHP.pdf},
ABSTRACT = {Modern cyber-physical systems interact closely with continuous physical processes like kinematic movement. Software component frameworks do not provide an explicit way to represent or reason about these processes. Meanwhile, hybrid program models have been successful in proving critical properties of discrete-continuous systems. These programs deal with diverse aspects of a cyber-physical system such as controller decisions, component communication protocols, and mechanical dynamics, requiring several programs to address the variation. However, currently these aspects are often intertwined in mostly monolithic hybrid programs, which are difficult to understand, change, and organize. These issues can be addressed by component-based engineering, making hybrid modeling more practical. This paper lays the foundation for using architectural models to provide component-based benefits to developing hybrid programs. We build formal architectural abstractions of hybrid programs and formulas, enabling analysis of hybrid programs at the component level, reusing parts of hybrid programs, and automatic transformation from views into hybrid programs and formulas. Our approach is evaluated in the context of a robotic collision avoidance case study. },
NOTE = {CBSE Best Paper Award},
KEYWORDS = {Architecture View Consistency, Cyberphysical Systems, Landmark, Software Architecture}
}
@InBook{Camara/2016/SMGs,
AUTHOR = {C\'{a}mara, Javier and Garlan, David and Moreno, Gabriel A. and Schmerl, Bradley},
TITLE = {Analyzing Self-Adaptation via Model Checking of Stochastic Games},
YEAR = {2017},
BOOKTITLE = {Software Engineering for Self-Adaptive Systems III. Assurances},
NUMBER = {9640},
EDITOR = {de Lemos, Rog\'{e}rio and Garlan, David and Ghezzi, Carlo and Giese, Holger},
PUBLISHER = {Springer},
TYPE = {Lecture Notes in Computer Science},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/SEfSAS3-SMGs.pdf},
ABSTRACT = {Design decisions made during early development stages of self-adaptive systems tend to have a significant impact upon system properties at runtime
(e.g., safety, QoS). However, understanding the implications of these decisions
a priori is difficult due to the different types and degrees of uncertainty that affect such systems (e.g., simplifying assumptions, human-in-the-loop). To provide
some assurances about self-adaptive system designs, evidence can be gathered
from activities such as simulations and prototyping, but these demand a significant effort and do not provide a systematic way of dealing with uncertainty. In this chapter, we describe an approach based on model checking of stochastic multiplayer games (SMGs) that enables developers to approximate the behavioral envelope of a self-adaptive system by analyzing best- and worst-case scenarios of alternative designs for self-adaptation mechanisms. Compared to other sources of evidence, such as simulations or prototypes, our approach provides developers with a preliminary understanding of adaptation behavior with less effort, and without the need to have any specific adaptation algorithms or infrastructure in place. We illustrate our approach by showing how it can be used to mitigate different types of uncertainty in contexts such as self-protecting systems, proactive
latency-aware adaptation, and human-in-the-loop.},
KEYWORDS = {Assurance, Formal Methods, Human-in-the-loop, Model Checking, Science of Security, Self-adaptation, Stochastic Games}
}
@InProceedings{2015/Moreno/PMC,
AUTHOR = {Moreno, Gabriel A. and C\'{a}mara, Javier and Garlan, David and Schmerl, Bradley},
TITLE = {Proactive Self-Adaptation under Uncertainty: a Probabilistic Model Checking Approach},
YEAR = {2015},
MONTH = {30 August - 4 September},
BOOKTITLE = {Proceedings of the 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering},
ADDRESS = {Bergamo, Italy},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/fse15main-mainid213-p-1d01012-24621-final.pdf},
ABSTRACT = {Self-adaptive systems tend to be reactive and myopic, adapting
in response to changes without anticipating what the
subsequent adaptation needs will be. Adapting reactively
can result in ineffi�ciencies due to the system performing a
suboptimal sequence of adaptations. Furthermore, when
adaptations have latency, and take some time to produce
their e�ffect, they have to be started with su�fficient lead time
so that they complete by the time their eff�ect is needed.
Proactive latency-aware adaptation addresses these issues
by making adaptation decisions with a look-ahead horizon
and taking adaptation latency into account. In this paper we
present an approach for proactive latency-aware adaptation
under uncertainty that uses probabilistic model checking for
adaptation decisions. The key idea is to use a formal model
of the adaptive system in which the adaptation decision is
left underspeci�fied through nondeterminism, and have the
model checker resolve the nondeterministic choices so that
the accumulated utility over the horizon is maximized. The
adaptation decision is optimal over the horizon, and takes
into account the inherent uncertainty of the environment
predictions needed for looking ahead. Our results show that
the decision based on a look-ahead horizon, and the factoring
of both tactic latency and environment uncertainty, considerably
improve the eff�ectiveness of adaptation decisions.},
KEYWORDS = {Latency-aware, Model Checking, Self-adaptation, Self-awareness & Adaptation, Stochastic Games}
}
@Article{Camara:2016:ALS:2872308.2774222,
AUTHOR = {C\'{a}mara, Javier and Moreno, Gabriel A. and Garlan, David and Schmerl, Bradley},
TITLE = {Analyzing Latency-Aware Self-Adaptation Using Stochastic Games and Simulations},
YEAR = {2016},
MONTH = {February},
JOURNAL = {ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2014 and Regular Articles},
VOLUME = {10},
NUMBER = {4},
PAGES = {23:1--23:28},
ADDRESS = {New York, NY, USA},
PUBLISHER = {ACM},
URL = {http://doi.acm.org/10.1145/2774222},
ABSTRACT = {Self-adaptive systems must decide which adaptations to apply and when. In reactive approaches, adaptations are chosen and executed after some issue in the system has been detected (e.g., unforeseen attacks or failures). In proactive approaches, predictions are used to prepare the system for some future event (e.g., traffic spikes during holidays). In both cases, the choice of adaptation is based on the estimated impact it will have on the system. Current decision-making approaches assume that the impact will be instantaneous, whereas it is common that adaptations take time to produce their impact. Ignoring this latency is problematic because adaptations may not achieve their effect in time for a predicted event. Furthermore, lower impact but quicker adaptations may be ignored altogether, even if over time the accrued impact is actually higher. In this article, we introduce a novel approach to choosing adaptations that considers these latencies. To show how this improves adaptation decisions, we use a two-pronged approach: (i) model checking of Stochastic Multiplayer Games (SMGs) enables us to understand best- and worst-case scenarios of optimal latency-aware and non-latency-aware adaptation without the need to develop specific adaptation algorithms. However, since SMGs do not provide an algorithm to make choices at runtime, we propose a (ii) latency-aware adaptation algorithm to make decisions at runtime. Simulations are used to explore more detailed adaptation behavior and to check if the performance of the algorithm falls within the bounds predicted by SMGs. Our results show that latency awareness improves adaptation outcomes and also allows a larger set of adaptations to be exploited.},
NOTE = {ISSN 1556-4665},
KEYWORDS = {Latency-aware, Self-adaptation, Stochastic Games}
}
@InProceedings{Glazier/2015/CAS,
AUTHOR = {Glazier, Thomas J. and C\'{a}mara, Javier and Schmerl, Bradley and Garlan, David},
TITLE = {Analyzing Resilience Properties of Different Topologies of Collective Adaptive Systems},
YEAR = {2015},
MONTH = {21 September},
BOOKTITLE = {Proceedings of the 3rd FoCAS Workshop on the Fundamentals of Collective Adaptive Systems},
ADDRESS = {Boston, MA, USA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/PID3850133.pdf},
ABSTRACT = {Modern software systems are often compositions
of entities that increasingly use self-adaptive capabilities to
improve their behavior to achieve systematic quality goals. Self-adaptive
managers for each component system attempt to provide
locally optimal results, but if they cooperated and potentially
coordinated their efforts it might be possible to obtain more
globally optimal results. The emergent properties that result
from such composition and cooperation of self-adaptive systems
are not well understood, difficult to reason about, and
present a key challenge in the evolution of modern software
systems. For example, the effects of coordination patterns and
protocols on emergent properties such as the resiliency of the
collectives need to be understood when designing these systems.
In this paper we propose that probabilistic model checking
of stochastic multiplayer games (SMG) provides a promising
approach to analyze, understand, and reason about emergent
properties in collectives of adaptive systems (CAS). Probabilistic
Model Checking of SMGs is a technique particularly suited
to analyzing emergent properties in CAS, since SMG models
capture: (i) the uncertainty and variability intrinsic to the CAS
and its execution environment in the form of probabilistic and
nondeterministic choices, and (ii) the competitive/cooperative
aspects of the interplay among the constituent systems of the
CAS. Analysis of SMGs allows us to reason about things like
the worst case scenarios, which constitutes a new contribution
to understanding emergent properties in CAS. We investigate
the use of SMGs to show how they can be useful in analyzing
the impact of communication topology for collections of fully
cooperative systems defending against an external attack.
},
KEYWORDS = {Assurance, Coordination, Model Checking, Self-adaptation, Stochastic Games}
}
@InProceedings{Ruchkin/2015/loops,
AUTHOR = {Ruchkin, Ivan and Schmerl, Bradley and Garlan, David},
TITLE = {Analytic Dependency Loops in Architectural Models of Cyber-Physical Systems},
YEAR = {2015},
MONTH = {28 September},
BOOKTITLE = {Proceedings of the 8th International Workshop on Model-based Architecting of Cyber-Physical and Embedded Systems},
ADDRESS = {Ottawa, Canada},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/MBA-CPS.pdf},
ABSTRACT = {Rigorous engineering of safety-critical Cyber-
Physical Systems (CPS) requires integration of heterogeneous
modeling methods from different disciplines. It is often necessary
to view this integration from the perspective of analyses
algorithms that read and change models. Although analytic
integration supports formal contract-based verification of model
evolution, it suffers from the limitation of analytic dependency
loops. Dependency loops between analyses cannot be resolved
based on the existing contract-based verification. This paper
makes a step towards using rich architectural description to
resolve circular analytic dependencies. We characterize the dependency
loop problem and discuss three algorithmic approaches
to resolving such loops: analysis iteration, constraint solving, and
genetic search. These approaches take advantage of information
in multi-view architectures to resolve analytic dependency loops.},
KEYWORDS = {Architecture View Consistency, Cyberphysical Systems}
}
@InBook{MASA/HuIL2016,
AUTHOR = {C\'{a}mara, Javier and Garlan, David and Moreno, Gabriel A. and Schmerl, Bradley},
TITLE = {Evaluating Trade-Offs of Human Involvement in Self-Adaptive Systems},
YEAR = {2016},
MONTH = {September},
BOOKTITLE = {Managing Trade-Offs in Self-Adaptive Systems},
EDITOR = {Mistrik, Ivan and Ali, Nour and Grundy, John and Kazman, Rick and Schmerl, Bradley},
PUBLISHER = {Elsevier},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/HuIL-MASA.pdf},
ABSTRACT = {Software systems are increasingly called upon to autonomously manage their goals in changing contexts and environments, and under evolving requirements. In some circumstances, autonomous systems cannot be fully automated but instead cooperate with human operators to maintain and adapt themselves. Furthermore, there are times when a choice should be made between doing a manual or automated repair. Involving operators in self-adaptation should itself be adaptive, and consider aspects such as the training, attention, and ability of operators. Not only do these aspects change from person to person, but they may change with the same person. These aspects make the choice of whether to involve humans non-obvious. Self-adaptive systems should trade-off whether to involve operators, taking these aspects into consideration along with other business qualities it is attempting to achieve. In this chapter, we identify
the various roles that operators can perform in cooperating with self-adaptive systems. We focus on humans as effectors - doing tasks which are difficult or infeasible to automate. We describe how we modified our self-adaptive framework, Rainbow, to involve operators in this way, which involved choosing suitable human models and integrating them into the existing utility trade-off decision models of Rainbow. We use probabilistic modeling and quantitative verification to analyze the trade-offs of involving humans in adaptation, and complement our study with experiments to show how different business preferences and modalities of human involvement may result in different outcomes.},
KEYWORDS = {Human-in-the-loop, Self-adaptation, Stochastic Games}
}
@InBook{MASA/HuIL2016,
AUTHOR = {C\'{a}mara, Javier and Garlan, David and Moreno, Gabriel A. and Schmerl, Bradley},
TITLE = {Evaluating Trade-Offs of Human Involvement in Self-Adaptive Systems},
YEAR = {2016},
MONTH = {September},
BOOKTITLE = {Managing Trade-Offs in Self-Adaptive Systems},
EDITOR = {Mistrik, Ivan and Ali, Nour and Grundy, John and Kazman, Rick and Schmerl, Bradley},
PUBLISHER = {Elsevier},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/HuIL-MASA.pdf},
ABSTRACT = {Software systems are increasingly called upon to autonomously manage their goals in changing contexts and environments, and under evolving requirements. In some circumstances, autonomous systems cannot be fully automated but instead cooperate with human operators to maintain and adapt themselves. Furthermore, there are times when a choice should be made between doing a manual or automated repair. Involving operators in self-adaptation should itself be adaptive, and consider aspects such as the training, attention, and ability of operators. Not only do these aspects change from person to person, but they may change with the same person. These aspects make the choice of whether to involve humans non-obvious. Self-adaptive systems should trade-off whether to involve operators, taking these aspects into consideration along with other business qualities it is attempting to achieve. In this chapter, we identify
the various roles that operators can perform in cooperating with self-adaptive systems. We focus on humans as effectors - doing tasks which are difficult or infeasible to automate. We describe how we modified our self-adaptive framework, Rainbow, to involve operators in this way, which involved choosing suitable human models and integrating them into the existing utility trade-off decision models of Rainbow. We use probabilistic modeling and quantitative verification to analyze the trade-offs of involving humans in adaptation, and complement our study with experiments to show how different business preferences and modalities of human involvement may result in different outcomes.},
KEYWORDS = {Human-in-the-loop, Self-adaptation, Stochastic Games}
}
@Unpublished{Garg/2008,
AUTHOR = {Garg, Kirti and Garlan, David and Schmerl, Bradley},
TITLE = {Architecture Based Information Flow Analysis for Software Security},
YEAR = {2008},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ArchSTRIDE08.pdf},
ABSTRACT = {Using information flow modeling to perform security analysis is a common technique used during software design. While much theoretical work has been conducted in this area, there are few tools to assist with such analysis. In many instances the security analysis must be done by hand, requiring consid-erable expertise, time, and effort. Most available tools require custom code to be written for the analysis, and are consequently not well integrated with the software process, and not easily tailored to different security requirements. In this paper we describe the use of an Architecture Description Language (ADL) to (a) represent information flow in a software system, and (b) analyze the security-related properties of a system. We use a formal predicate-based de-scription of the security properties and policies, which allows for automated analysis of the information flow to uncover common security vulnerabilities. A key advantage to using ADLs is that security properties become declarative and can be automatically checked by constraint-based tools and without the need to write custom code.},
KEYWORDS = {Architectural Analysis, Science of Security}
}
@Article{2016/Franco/JSS,
AUTHOR = {Franco, Jo\~{a}o and Correia, Francisco and Barbosa, Raul and Zenha-Rela, Mario and Schmerl, Bradley and Garlan, David},
TITLE = {Improving Self-Adaptation Planning through Software Architecture-based Stochastic Modeling},
YEAR = {2016},
MONTH = {May},
JOURNAL = {Journal of Systems and Software},
VOLUME = {115},
PAGES = {42-60},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/images.pdf},
ABSTRACT = {The ever-growing complexity of software systems makes it increasingly challenging to foresee at design time all interactions between a system and its environment.
Most self-adaptive systems trigger adaptations through operators that are statically confi�gured for specifi�c environment and system conditions. However, in the occurrence of uncertain conditions, self-adaptive decisions may not be eff�ective and might lead to a disruption of the desired non-functional attributes.
To address this, we propose an approach that improves the planning stage by predicting the outcome of each strategy. In detail, we automatically derive a
stochastic model from a formal architecture description of the managed system with the changes imposed by each strategy. Such information is used to optimize the self-adaptation decisions to ful�fill the desired quality goals.
To assess the eff�ectiveness of our approach we apply it to a cloud-based news system and predicted the reliability for each possible adaptation strategy. The results obtained from our approach are compared to a representative static planning algorithm as well as to an oracle that always makes the ideal decision.
Experiments show that our method improves both availability and cost when compared to the static planning algorithm, while being close to the oracle.
Our approach may therefore be used to optimize self-adaptation planning.},
KEYWORDS = {Self-adaptation}
}
@InProceedings{2016/Lamba/MBAD,
AUTHOR = {Lamba, Hemank and Glazier, Thomas J. and Schmerl, Bradley and C\'{a}mara, Javier and Garlan, David and Pfeffer, J\"{u}rgen},
TITLE = {A Model-based Approach to Anomaly Detection in Software Architectures (Poster)},
YEAR = {2016},
MONTH = {19-21 April},
BOOKTITLE = {Symposium and Bootcamp on the Science of Security},
ADDRESS = {Pittsburgh, PA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ModelBasedAnomalyDetection.pdf},
ABSTRACT = {In an organization, the interactions users have with software leaves patterns or traces of the parts of the systems accessed. These interactions can be associated with the underlying software architecture. The first step in detecting problems like insider threat is to detect those traces that are anomalous.
In this paper, we present a method to find anomalous users leveraging these interaction traces, categorized by user roles. We propose a model based approach to cluster user sequences and find outliers. Such a technique could be useful in finding potentially anomalous users, insiders, or compromised accounts.We show that the approach works on a simulation of a large scale system based on and Amazon Web application style.},
KEYWORDS = {Science of Security, Software Architecture}
}
@InProceedings{2016:Schmerl:Raindroid,
AUTHOR = {Schmerl, Bradley and Gennari, Jeffrey and C\'{a}mara, Javier and Garlan, David},
TITLE = {Raindroid - A System for Run-time Mitigation of Android Intent Vulnerabilities (Poster)},
YEAR = {2016},
MONTH = {19-21 April},
BOOKTITLE = {Symposium and Bootcamp on the Science of Security},
ADDRESS = {Pittsburgh, PA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/raindroid-poster.pdf},
ABSTRACT = {Modern frameworks are required to be extendable as well
as secure. However, these two qualities are often at odds.
In this poster we describe an approach that uses a combination of static analysis and run-time management, based
on software architecture models, that can improve security
while maintaining framework extendability. We implement
a prototype of the approach for the Android platform. Static
analysis identifi�es the architecture and communication patterns among the collection of apps on an Android device
and which communications might be vulnerable to attack.
Run-time mechanisms monitor these potentially vulnerable
communication patterns, and adapt the system to either
deny them, request explicit approval from the user, or allow them.},
KEYWORDS = {Human-in-the-loop, Rainbow, Science of Security}
}
@InProceedings{2016:Moreno:plasdp,
AUTHOR = {Moreno, Gabriel A. and C\'{a}mara, Javier and Garlan, David and Schmerl, Bradley},
TITLE = {Efficient Decision-Making under Uncertainty for Proactive Self-Adaptation},
YEAR = {2016},
MONTH = {19-22 July},
BOOKTITLE = {Proceedings of the 13th IEEE International Conference on Autonomic Computing (ICAC 2016)},
ADDRESS = {W\"{u}rzburg, Germany},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/gmoreno-icac2016.pdf},
ABSTRACT = {Proactive latency-aware adaptation is an approach
for self-adaptive systems that improves over reactive adaptation
by considering both the current and anticipated adaptation needs
of the system, and taking into account the latency of adaptation
tactics so that they can be started with the necessary lead time.
Making an adaptation decision with these characteristics requires
solving an optimization problem to select the adaptation path that
maximizes an objective function over a finite look-ahead horizon.
Since this is a problem of selecting adaptation actions in the
context of the probabilistic behavior of the environment, Markov
decision processes (MDP) are a suitable approach. However, given
all the possible interactions between the different and possibly
concurrent adaptation tactics, the system, and the environment,
constructing the MDP is a complex task. Probabilistic model
checking can be used to deal with this problem since it takes
as input a formal specification of the stochastic system, which
is internally translated into an MDP, and solved. One drawback
of this solution is that the MDP has to be constructed every
time an adaptation decision has to be made to incorporate the
latest predictions of the environment behavior. In this paper
we present an approach that eliminates that run-time overhead
by constructing most of the MDP offline, also using formal
specification. At run time, the adaptation decision is made by
solving the MDP through stochastic dynamic programming,
weaving in the stochastic environment model as the solution
is computed. Our experimental results show that this approach
reduces the adaptation decision time by an order of magnitude
compared to the probabilistic model checking approach, while
producing the same results.},
NOTE = {Selected as a best paper.},
KEYWORDS = {Latency-aware, Self-adaptation}
}
@InProceedings{2016/Neves/IoTBD,
AUTHOR = {Neves, Pedro Caldeira and Schmerl, Bradley and Bernardino, Jorge and C\'{a}mara, Javier},
TITLE = {Big Data in Cloud Computing: features and issues},
YEAR = {2016},
MONTH = {23-25 April},
BOOKTITLE = {Proceedings of the 2016 International Conference on Internet of Things and Big Data},
ADDRESS = {Rome, Italy},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/IoTBD_2016_10.pdf},
ABSTRACT = {The term big data arose under the explosive increase of global data as a technology that is able to store and process big and varied volumes of data, providing both enterprises and science with deep insights over its clients/experiments. Cloud computing provides a reliable, fault-tolerant, available and scalable environment to harbour big data distributed management systems. Within the context of this paper we present an overview of both technologies and cases of success when integrating big data and cloud frameworks. Although big data solves much of our current problems it still presents some gaps and issues that raise concern and need improvement. Security, privacy, scalability, data governance policies, data heterogeneity, disaster recovery mechanisms, and other challenges are yet to be addressed. Other concerns are related to cloud computing and its ability to deal with exabytes of information or address exaflop computing efficiently. This paper presents an overview of both cloud and big data technologies describing the current issues with these technologies.},
KEYWORDS = {Big data}
}
@InBook{2017:Schmerl:Decomp,
AUTHOR = {Schmerl, Bradley and Andersson, Jesper and Vogel, Thomas and Cohen, Myra and Rubira, Cecilia M. F. and Brun, Yuriy and Gorla, Alessandra and Zambonelli, Franco and Baresi, Luciano},
TITLE = {Challenges in Composing and Decomposing Assurances for Self-Adaptive Systems},
YEAR = {2017},
BOOKTITLE = {Software Engineering for Self-Adaptive Systems III. Assurances},
NUMBER = {9640},
EDITOR = {de Lemos, Rog\'{e}rio and Garlan, David and Ghezzi, Carlo and Giese, Holger},
PUBLISHER = {Springer},
TYPE = {Lecture Notes in Computer Science},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/decomp-challenges.pdf},
ABSTRACT = {Self-adaptive software systems adapt to changes in the environment,
in the system itself, in their requirements, or in their business objectives. Typically,
these systems attempt to maintain system goals at run time and often
provide assurance that they will meet their goals under dynamic and uncertain
circumstances. While significant research has focused on ways to engineer selfadaptive
capabilities into both new and legacy software systems, less work has
been conducted on how to assure that self-adaptation maintains system goals.
For traditional, especially safety-critical software systems, assurance techniques
decompose assurances into sub-goals and evidence that can be provided by parts
of the system. Existing approaches also exist for composing assurances, in terms
of composing multiple goals and composing assurances in systems of systems.
While some of these techniques may be applied to self-adaptive systems, we argue
that several significant challenges remain in applying them to self-adaptive
systems in this chapter. We discuss how existing assurance techniques can be applied
to composing and decomposing assurances for self-adaptive systems, highlight
the challenges in applying them, summarize existing research to address
some of these challenges, and identify gaps and opportunities to be addressed by
future research.},
KEYWORDS = {Assurance, Self-adaptation}
}
@InProceedings{2016/Schmerl/AndroidSecurity,
AUTHOR = {Schmerl, Bradley and Gennari, Jeffrey and Sadeghi, Alireza and Bagheri, Hamid and Malek, Sam and C\'{a}mara, Javier and Garlan, David},
TITLE = {Architecture Modeling and Analysis of
Security in Android Systems},
YEAR = {2016},
MONTH = {30 November - 2 December},
BOOKTITLE = {Proceedings of the 10th European Conference on Software Architecture (ECSA 2016)},
VOLUME = {9839},
SERIES = {Lecture Notes in Computer Science},
ADDRESS = {Copenhagen, Denmark},
PUBLISHER = {Springer},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/architecture-modeling-analysis-cr.pdf},
ABSTRACT = {Software architecture modeling is important for analyzing system quality
attributes, particularly security. However, such analyses often assume that the
architecture is completely known in advance. In many modern domains, especially
those that use plugin-based frameworks, it is not possible to have such
a complete model because the software system continuously changes. The Android
mobile operating system is one such framework, where users can install
and uninstall apps at run time. We need ways to model and analyze such architectures
that strike a balance between supporting the dynamism of the underlying
platforms and enabling analysis, particularly throughout a system�s lifetime. In
this paper, we describe a formal architecture style that captures the modifiable
architectures of Android systems, and that supports security analysis as a system
evolves. We illustrate the use of the style with two security analyses: a predicatebased
approach defined over architectural structure that can detect some common
security vulnerabilities, and inter-app permission leakage determined by model
checking. We also show how the evolving architecture of an Android device can
be obtained by analysis of the apps on a device, and provide some performance
evaluation that indicates that the architecture can be amenable for use throughout
the system�s lifetime.},
KEYWORDS = {Acme, Architectural Analysis, Architectural Style, Science of Security}
}
@InProceedings{MARTCPS16,
AUTHOR = {Ruchkin, Ivan and Samuel, Selva and Schmerl, Bradley and Rico, Amanda and Garlan, David},
TITLE = {Challenges in Physical Modeling for Adaptation of Cyber-Physical Systems},
YEAR = {2016},
MONTH = {12-14 December},
BOOKTITLE = {Workshop on MARTCPS Models at Runtime and Networked Control for Cyber Physical Systems at IEEE World Forum on the Internet of Things},
ADDRESS = {Reston, Virginia},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/MARTCPS2016.pdf},
ABSTRACT = {Cyber-physical systems (CPSs) mix software,
hardware, and physical aspects with equal importance. Typically,
the use of models of such systems during run time
has concentrated only on managing and controlling the cyber
(software) aspects. However, to fully realize the goals of a
CPS, physical models too have to be treated as first-class
models. This approach gives rise to three main challenges:
(a) identifying and integrating physical and software models
with different characteristics and semantics; (b) obtaining
instances of physical models at a suitable level of abstraction
for adaptation; and (c) using and adapting physical models to
control CPSs. In this position paper, we elaborate on these three
challenges and describe our vision of making physical models
first-class entities in adaptation. We illustrate this vision in the
context of power adaptation for a service robotic system.},
NOTE = {Winner of the IEEE World Forum on the Internet of Things Best Paper Award},
KEYWORDS = {Cyberphysical Systems}
}
@InProceedings{2017/Lamba/Cluster,
AUTHOR = {Lamba, Hemank and Glazier, Thomas J. and C\'{a}mara, Javier and Schmerl, Bradley and Garlan, David and Pfeffer, J\"{u}rgen},
TITLE = {Model-based cluster analysis for identifying suspicious activity sequences in software},
YEAR = {2017},
MONTH = {24 March},
BOOKTITLE = {Proceedings of the 3rd International Workshop on Security and Privacy Analytics (IWSPA 2017)},
ADDRESS = {Scottsdale, AZ},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/model-based-cluster-submitted.pdf},
ABSTRACT = {Large software systems have to contend with a significant number of
users who interact with different components of the system in various
ways. The sequences of components that are used as part of an interaction
define sets of behaviors that users have with the system. These
can be large in number. Among these users, it is possible that there are
some who exhibit anomalous behaviors – for example, they may have
found back doors into the system and are doing something malicious.
These anomalous behaviors can be hard to distinguish from normal
behavior because of the number of interactions a system may have,
or because traces may deviate only slightly from normal behavior. In
this paper we describe a model-based approach to cluster sequences of
user behaviors within a system and to find suspicious, or anomalous,
sequences. We exploit the underlying software architecture of a system
to define these sequences. We further show that our approach is better at
detecting suspicious activities than other approaches, specifically those
that use unigrams and bigrams for anomaly detection. We show this on
a simulation of a large scale system based on Amazon Web application
style architecture.},
KEYWORDS = {Science of Security}
}
@InProceedings{2017:Moreno:CobRAPLA,
AUTHOR = {Moreno, Gabriel A. and Papadopoulos, Alessandro V. and Angelopoulo, Konstantinos and C\'{a}mara, Javier and Schmerl, Bradley},
TITLE = {Comparing Model-Based Predictive Approaches to Self-Adaptation: CobRA and PLA},
YEAR = {2017},
MONTH = {22-23 May},
BOOKTITLE = {Proceedings of the 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2017)},
ADDRESS = {Buenos Aires, Argentina},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/PLAvsCobRA.pdf},
ABSTRACT = {Modern software-intensive systems must often guarantee
certain quality requirements under changing run-time
conditions and high levels of uncertainty. Self-adaptation has
proven to be an effective way to engineer systems that can
address such challenges, but many of these approaches are purely
reactive and adapt only after a failure has taken place. To
overcome some of the limitations of reactive approaches (e.g.,
lagging behind environment changes and favoring short-term
improvements), recent proactive self-adaptation mechanisms apply
ideas from control theory, such as model predictive control
(MPC), to improve adaptation. When selecting which MPC
approach to apply, the improvement that can be obtained with
each approach is scenario-dependent, and so guidance is needed
to better understand how to choose an approach for a given
situation. In this paper, we compare CobRA and PLA, two
approaches that are inspired by MPC. CobRA is a requirements-based
approach that applies control theory, whereas PLA is
architecture-based and applies stochastic analysis. We compare
the two approaches applied to RUBiS, a benchmark system for
web and cloud application performance, discussing the required
expertise needed to use both approaches and comparing their
run-time performance with respect to different metrics.},
KEYWORDS = {Self-adaptation}
}
@InProceedings{2017:Pandey:HybridPlanningFormalization,
AUTHOR = {Pandey, Ashutosh and Ruchkin, Ivan and Schmerl, Bradley and C\'{a}mara, Javier},
TITLE = {Towards a Formal Framework for Hybrid Planning in Self-Adaptation},
YEAR = {2017},
MONTH = {22-23 May},
BOOKTITLE = {Proceedings of the 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2017)},
ADDRESS = {Buenos Aires, Argentina},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/hybrid-planning-seams2017.pdf},
ABSTRACT = {Approaches to self-adaptation face a fundamental
trade-off between quality and timeliness in decision-making. Due
to this trade-off, designers of self-adaptive systems often have
to find a fixed and suboptimal compromise between these two
requirements. Recent work has proposed the hybrid planning approach
that can resolve this trade-off dynamically and potentially
in an optimal way. The promise of hybrid planning is to combine
multiple planners at run time to produce adaptation plans of
the highest quality within given time constraints. However, since
decision-making approaches are complex and diverse, the problem
of combining them is even more difficult, and no frameworks for
hybrid planning. This paper makes an important step in simplifying
the problem of hybrid planning by formalizing it and decomposing
it into four simpler subproblems. These formalizations
will serve as a foundation for creating and evaluating engineering
solutions to the hybrid planning problem.},
KEYWORDS = {Planning, Self-adaptation}
}
@InProceedings{2017:Camara:ArchitectureSynthesis,
AUTHOR = {C\'{a}mara, Javier and Garlan, David and Schmerl, Bradley},
TITLE = {Synthesis and Quantitative Verification of Tradeoff Spaces for Families of Software Systems},
YEAR = {2017},
MONTH = {11-15 September},
BOOKTITLE = {Proceedings of the 11th European Conference on Software Architecture},
ADDRESS = {Cantebury, UK},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/cgsecsa17.pdf},
ABSTRACT = {Designing software in a way that provides guarantees about run-time behavior while achieving an acceptable balance between multiple extra-functional properties is still an open problem. Tools and techniques to inform engineers about poorly-understood design spaces are needed. To tackle this problem, we propose an approach that combines synthesis of spaces of system design alternatives from formal specifications of architectural styles with quantitative verification applied to every point of the generated solution space. The main contribution of this paper is a formal framework for specification-driven synthesis and analysis of design spaces that provides formal guarantees about the correctness of system behaviors and satisfies quantitative properties (e.g., defined over system qualities). We illustrate our proposal by analyzing the configuration space of a Tele Assistance System (TAS) using a prototype implementation of our approach.},
NOTE = {Winner of the ECSA Best Paper Award},
KEYWORDS = {Architectural Style, Formal Methods, Model Checking, Software Architecture}
}
@InProceedings{2017:Uncertainty:Camara,
AUTHOR = {C\'{a}mara, Javier and Peng, Wenxin and Garlan, David and Schmerl, Bradley},
TITLE = {Reasoning about Sensing Uncertainty in Decision-Making for Self-Adaptation},
YEAR = {2017},
MONTH = {5 September},
BOOKTITLE = {Proceedings of the 15th International Workshop on Foundations of Coordination Languages and Self-Adaptive Systems (FOCLASA 2017)},
VOLUME = {10729},
SERIES = {Lecture Notes in Computer Science},
PUBLISHER = {Springer},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/CPGS-CR-foclasa17.pdf},
ABSTRACT = {Self-Adaptive systems are expected to adapt to unanticipated run-time
events using imperfect information about their environment. This entails handling
the effects of uncertainties in decision-making, which are not always considered
as a first-class concern. This paper contributes a formal analysis technique that
explicitly considers uncertainty in sensing when reasoning about the best way to
adapt. We illustrate our approach on a Denial of Service (DoS) attack scenario
and present some preliminary results that show the benefits of uncertainty-aware
decision-making with respect to using an uncertainty-ignorant approach.},
KEYWORDS = {Self-adaptation, uncertainty}
}
@Article{2018/Moreno/FlexibleLatency,
AUTHOR = {Moreno, Gabriel A. and C\'{a}mara, Javier and Garlan, David and Schmerl, Bradley},
TITLE = {Flexible and Efficient Decision-Making for Proactive
Latency-Aware Self-Adaptation},
YEAR = {2018},
MONTH = {May},
JOURNAL = {ACM Transactions on Autonomous and Adaptive Systems},
VOLUME = {13},
NUMBER = {1},
ABSTRACT = {Proactive latency-aware adaptation is an approach for self-adaptive systems that considers both the current
and anticipated adaptation needs when making adaptation decisions, taking into account the latency of the
available adaptation tactics. Since this is a problem of selecting adaptation actions in the context of the
probabilistic behavior of the environment, Markov decision processes (MDP) are a suitable approach. However,
given all the possible interactions between the different and possibly concurrent adaptation tactics, the system,
and the environment, constructing the MDP is a complex task. Probabilistic model checking has been used
to deal with this problem, but it requires constructing the MDP every time an adaptation decision is made
to incorporate the latest predictions of the environment behavior. In this article, we describe PLA-SDP, an
approach that eliminates that run-time overhead by constructing most of the MDP offine. At run time, the
adaptation decision is made by solving the MDP through stochastic dynamic programming, weaving in the
environment model as the solution is computed. We also present extensions that support different notions
of utility, such as maximizing reward gain subject to the satisfaction of a probabilistic constraint, making
PLA-SDP applicable to systems with different kinds of adaptation goals.},
NOTE = {https://doi.org/10.1145/3149180},
KEYWORDS = {Latency-aware, Self-adaptation}
}
@InProceedings{2017:Pandey:IBLHP,
AUTHOR = {Pandey, Ashutosh and Schmerl, Bradley and Garlan, David},
TITLE = {Instance-based Learning for Hybrid Planning},
YEAR = {2017},
MONTH = {18-22 September},
BOOKTITLE = {Proceedings of the 3rd International Workshop on Data-driven Self-regulating Systems (DSS 2017)},
ADDRESS = {Tucson, AZ, USA},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/IBL-DSS2017.pdf},
ABSTRACT = {Due to the fundamental trade-off between quality and timeliness of planning, designers of self-adaptive systems often have to compromise between an approach that is quick to find an adaptation plan and an approach that is slow but finds a quality adaptation plan. To deal with this trade-off, in our previous work, we proposed a hybrid planning approach that combines a deliberative and a reactive planning approach to find a balance between quality and timeliness of planning.
However, when reactive and deliberative planning is combined to
instantiate a hybrid planner, the key challenge is to decide which
approach(es) should be invoked to solve a planning problem. To
this end, this paper proposes to use a data-driven instance-based
learning to find an appropriate combination of the two planning
approaches when solving a planning problem. As an initial proof
of concept, the paper presents results of a small experiment that
demonstrates the potential of the proposed approach to identify a
combination of the two planning approaches to solve a planning
problem.},
KEYWORDS = {Planning, Self-adaptation}
}
@TechReport{Camara/UncertaintyTR/2017,
AUTHOR = {C\'{a}mara, Javier and Garlan, David and Kang, Won Gu and Peng, Wenxin and Schmerl, Bradley},
TITLE = {Uncertainty in Self-Adaptive Systems},
YEAR = {2017},
MONTH = {July},
NUMBER = {CMU-ISR-17-110},
INSTITUTION = {Institute for Software Research, Carnegie Mellon University},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/CMU-ISR-17-110.pdf},
ABSTRACT = {Self-Adaptive systems are expected to adapt to unanticipated run-time events using imperfect information
about their environment. This entails handling the effects of uncertainties in decision-making, which are
not always considered as a first-class concern. This technical report summarizes a set of existing techniques
and insights into addressing uncertainty in self-adaptive systems and outlines a future research agenda on
uncertainty management in self-adaptive systems. The material in this report is strongly informed by our
own research in the area, and is therefore not necessarily representative of other works.},
NOTE = {http://reports-archive.adm.cs.cmu.edu/anon/isr2017/abstracts/17-110.html},
KEYWORDS = {Human-in-the-loop, Self-adaptation, uncertainty}
}
@TechReport{CMU-ISR-17-119,
AUTHOR = {Glazier, Thomas J. and Schmerl, Bradley and C\'{a}mara, Javier and Garlan, David},
TITLE = {Utility Theory for Self-Adaptive Systems},
YEAR = {2017},
MONTH = {December},
NUMBER = {CMU-ISR-17-119},
INSTITUTION = {Carnegie Mellon University Institute for Software Research},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/CMU-ISR-17-119.pdf},
ABSTRACT = {Self-adaptive systems choose adaptations to perform on a running system. Typically, the self-adaptive system must choose the "best" adaptation to perform in a given circumstance from a set of adaptations that may apply. Utility functions are typically used to encode some measure of goodness or badness the result of choosing a particular adaptation. Within the area of utility theory, there are a set of theories that could be used to help choose the best adaptation, that vary in the assumptions and requirements made about the system, the environment, and the business context of use. By understanding some of the formalities and advanced concepts in Utility Theory, engineers and administrators of self-adaptive systems can create more effective utility functions for their purposes, enable new forms of analysis, and potentially move into new frontiers in self-adaptive systems. In this report, we survey some of the more interesting topics in Utility Theory relevant to self-adaptive systems include objective and subjective expected utility, stochastic and fuzzy utility, and changing and state dependent utility functions.},
NOTE = {http://reports-archive.adm.cs.cmu.edu/anon/isr2017/abstracts/17-119.html},
KEYWORDS = {Self-adaptation}
}
@Article{2018:Camara:UncertaintyReduction,
AUTHOR = {C\'{a}mara, Javier and Peng, Wenxin and Garlan, David and Schmerl, Bradley},
TITLE = {Reasoning about Sensing Uncertainty and its Reduction in Decision-Making for Self-Adaptation},
YEAR = {2018},
MONTH = {1 December},
JOURNAL = {Science of Computer Programming},
VOLUME = {167},
PAGES = {51-69},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/scp-uncertainty.pdf},
ABSTRACT = {Adaptive systems are expected to adapt to unanticipated run-time events using imperfect information about themselves, their environment, and goals. This entails
handling the effects of uncertainties in decision-making, which are not always
considered as a first-class concern. This paper contributes a formal analysis technique that explicitly considers uncertainty in sensing when reasoning about the
best way to adapt, together with uncertainty reduction mechanisms to improve
system utility. We illustrate our approach on a Denial of Service (DoS) attack
scenario and present results that demonstrate the benefits of uncertainty-aware
decision-making in comparison to using an uncertainty-ignorant approach, both
in the presence and absence of uncertainty reduction mechanisms.},
KEYWORDS = {Formal Methods, Self-adaptation}
}
@InProceedings{Ruchkin/2018/IPL,
AUTHOR = {Ruchkin, Ivan and Sunshine, Joshua and Iraci, Grant and Schmerl, Bradley and Garlan, David},
TITLE = {IPL: An Integration Property Language for Multi-Model Cyber-Physical Systems},
YEAR = {2018},
MONTH = {15-17 July},
BOOKTITLE = {22nd International Symposium on Formal Methods (FM2018)},
ADDRESS = {Oxford, UK},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/fm2018-paper-camera-ready-1.pdf},
ABSTRACT = {Design and verification of modern systems requires diverse models,
which often come from a variety of disciplines, and it is challenging to manage
their heterogeneity – especially in the case of cyber-physical systems. To check
consistency between models, recent approaches map these models to flexible static
abstractions, such as architectural views. This model integration approach, however, comes at a cost of reduced expressiveness because complex behaviors of the
models are abstracted away. As a result, it may be impossible to automatically
verify important behavioral properties across multiple models, leaving systems
vulnerable to subtle bugs. This paper introduces the Integration Property Language (IPL) that improves integration expressiveness using modular verification of
properties that depend on detailed behavioral semantics while retaining the ability
for static system-wide reasoning. We prove that the verification algorithm is sound
and analyze its termination conditions. Furthermore, we perform a case study on a
mobile robot to demonstrate IPL is practically useful and evaluate its performance.},
NOTE = {Appendices},
KEYWORDS = {Cyberphysical Systems, Formal Methods, Model Checking}
}
@InProceedings{SEAMS:SWIM:2018,
AUTHOR = {Moreno, Gabriel A. and Schmerl, Bradley and Garlan, David},
TITLE = {SWIM: An Exemplar for Evaluation and Comparison of
Self-Adaptation Approaches for Web Applications},
YEAR = {2018},
MONTH = {28-29 May},
BOOKTITLE = {Proceedings of the 13th International Symposium on Software Engineering for Adaptive and Self-Managing Systems},
ADDRESS = {Gothenburg, Sweden},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/seams18-swim-cr.pdf},
ABSTRACT = {Research in self-adaptive systems often uses web applications as
target systems, running the actual software on real web servers.
This approach has three drawbacks. First, these systems are not
easy and/or cheap to deploy. Second, run-time conditions cannot
be replicated exactly to compare diferent adaptation approaches
due to uncontrolled factors. Third, running experiments is time-
consuming. To address these issues, we present SWIM, an exemplar
that simulates a web application. SWIM can be used as a target
system with an external adaptation manager interacting with it
through its TCP-based interface. Since the servers are simulated,
this use case addresses the irst two problems. The full beneit
of SWIM is attained when the adaptation manager is built as a
simulation module. An experiment using a simulated 60-server
cluster, processing 18 hours of traic with 29 million requests takes
only 5 minutes to run on a laptop computer. SWIM has been used
for evaluating self-adaptation approaches, and for a comparative
study of model-based predictive approaches to self-adaptation.},
NOTE = {Best Artifact Paper Award Winner},
KEYWORDS = {Self-adaptation}
}
@Article{2019:Camara:Synthesis,
AUTHOR = {C\'{a}mara, Javier and Garlan, David and Schmerl, Bradley},
TITLE = {Synthesizing Tradeoff Spaces of Quantitative Guarantees for Families of Software Systems},
YEAR = {2019},
MONTH = {June},
JOURNAL = {Journal of Systems and Software},
VOLUME = {152},
PAGES = {33-49},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/CGS-JSS19.pdf},
ABSTRACT = {Designing software in a way that guarantees run-time behavior while achieving an acceptable balance among multiple quality attributes is an open problem. Providing guarantees about the satisfaction of the same requirements under uncertain environments is even more challenging. Tools and techniques to inform engineers about poorly-understood design spaces in the presence of uncertainty are needed, so that engineers can explore the design space, especially when tradeoffs are crucial. To tackle this problem, we describe an approach that combines synthesis of spaces of system design alternatives from formal specifications of architectural styles with probabilistic formal verification. The main contribution of this paper is a formal framework for specification-driven synthesis and analysis of design spaces that provides formal guarantees about the correctness of system behaviors and satisfies quantitative properties (e.g., defined over system qualities) subject to uncertainty, which is treated as a first-class entity. We illustrate our approach in two case studies: a service-based adaptive system and a mobile robotics architecture. Our results show how the framework can provide useful insights into how average case probabilistic guarantees can differ from worst case guarantees, emphasizing the relevance of combining quantitative formal verification methods with structural synthesis, in contrast with techniques based on simulation and dynamic analysis that can only provide estimates about average case probabilistic properties.},
NOTE = {https://doi.org/10.1016/j.jss.2019.02.055},
KEYWORDS = {Architectural Analysis, Architectural Style, Assurance}
}
@Unpublished{2018:Pandey:Hybrid,
AUTHOR = {Pandey, Ashutosh and Ruchkin, Ivan and Schmerl, Bradley and C\'{a}mara, Javier and Garlan, David},
TITLE = {Formalizing the Hybrid Planning Problem for Self-Adaptation},
YEAR = {2019},
ABSTRACT = {Planning approaches in self-adaptation face the fundamental trade-off between quality and timeliness of
adaptation plans. Due to this trade-off, today designers often have to compromise between a planning approach
that is quick to find a plan and an approach that is slow but finds a quality plan. To deal with this trade-off,
researchers have proposed a hybrid planning approach that combines more than one planning approaches
to find a balance between quality and timeliness. However, the diversity of planning approaches makes the
problem of hybrid planning complex and multi-faceted. This paper advances the theory of hybrid planning by
formalizing the central concepts and four subproblems of hybrid planning. This formalization can serve as
a foundation for not only understanding and comparing existing hybrid planners, but also for developing
new hybrid planners in the future. Moreover, to illustrate practicality of the formal model, the paper uses
it to analyze two hybrid planning instantiations that have shown to effective in their respective contexts.
Furthermore, grounded on the formal model, the paper formalizes explicit/implicit assumptions about these
instantiations that must hold for them to be sound.},
NOTE = {Submitted for publication},
KEYWORDS = {Formal Methods, Planning, Self-adaptation}
}
@Article{2018/MOSAICO,
AUTHOR = {C\'{a}mara, Javier and Schmerl, Bradley and Moreno, Gabriel A. and Garlan, David},
TITLE = {MOSAICO: Offline Synthesis of Adaptation Strategy Repertoires with Flexible Trade-Offs},
YEAR = {2018},
MONTH = {September},
JOURNAL = {Automated Software Engineering},
VOLUME = {25},
NUMBER = {3},
PAGES = { 595–626},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/Cámara2018_Article_MOSAICOOfflineSynthesisOfAdapt.pdf},
ABSTRACT = {Self-adaptation improves the resilience of software-intensive systems, enabling them to adapt their structure and behavior to run-time changes
(e.g., in workload and resource availability). Many of these approaches reason
about the best way of adapting by synthesizing adaptation plans online via
planning or model checking tools. This method enables the exploration of a
rich solution space, but optimal solutions and other guarantees (e.g., constraint
satisfaction) are computationally costly, resulting in long planning times during which changes may invalidate plans. An alternative to online planning
involves selecting at run time the adaptation best suited to the current system
and environment conditions from among a predefined repertoire of adaptation
strategies that capture repair and optimization tasks. This method does not incur run-time overhead but requires additional effort from engineers, who have
to specify strategies and lack support to systematically assess their quality. In
this article, we present MOSAICO, an approach for offline synthesis of adaptation strategy repertoires that makes a novel use of discrete abstractions of the
state space to flexibly adapt extra-functional behavior in a scalable manner.
The approach supports making trade-offs: (i) among multiple extra-functional
concerns, and (ii) between computation time and adaptation quality (varying
abstraction resolution). Our results show a remarkable improvement on system qualities in contrast to manually-specified repertoires. More interestingly,
moderate increments in abstraction resolution can lead to pronounced quality improvements, whereas high resolutions yield only negligible improvement
over medium resolutions.},
NOTE = {Springer Link},
KEYWORDS = {Formal Methods, Planning, Rainbow, Self-adaptation}
}
@Misc{2018:Ruchkin:IPL,
AUTHOR = {Ruchkin, Ivan and Sunshine, Joshua and Iraci, Grant and Schmerl, Bradley and Garlan, David},
TITLE = {Appendix for IPL: An Integration Property Language for
Multi-Model Cyber-Physical Systems},
YEAR = {2018},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/fm2018-appendix.pdf},
NOTE = {Paper Reference}
}
@InProceedings{Mendonca:AKSAS:2018,
AUTHOR = {Mendon\c{c}a, Nabor C. and Garlan, David and Schmerl, Bradley and C\'{a}mara, Javier},
TITLE = {Generality vs. Reusability in Architecture-Based Self-Adaptation:
The Case for Self-Adaptive Microservices},
YEAR = {2018},
MONTH = {24-28 September},
BOOKTITLE = {The 12th European Conference on Software Architecture: Companion Proceedings},
ADDRESS = {Madrid, Spain},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/aksas2018-final.pdf},
ABSTRACT = {Why is it so difficult to build self-adaptive systems by reusing existing
self-adaptation services and frameworks? In this paper, we
argue that one possible explanation is that there is a fundamental
mismatch between the adaptation needs of modern software
systems, and the architectural models and adaptation mechanisms
supported by current self-adaptation solutions. We identify and
discuss the main reasons leading to this problem by looking into a
number of representative self-adaptation solutions that have been
proposed in recent years, including open source frameworks and
cloud-based services, from two perspectives: generality, i.e., their
ability to support a variety of architectural models and adaptation
mechanisms, and reusability, i.e., their ability to be reused without
requiring substantial effort from software developers. We then make
the case that recent industry progress toward microservices and
their enabling technologies can open the way to the development
of more general and reusable self-adaptation solutions.},
KEYWORDS = {Self-adaptation}
}
@InProceedings{2019/Jamshidi/ML,
AUTHOR = {Jamshidi, Pooyan and C\'{a}mara, Javier and Schmerl, Bradley and K\"astner, Christian and Garlan, David},
TITLE = {Machine Learning Meets Quantitative Planning: Enabling Self-adaptation in Autonomous Robots},
YEAR = {2019},
MONTH = {25-26 May},
BOOKTITLE = {Proceedings of the 14th Symposium on Software Engineering for Adaptive and Self-Managing Systems},
ADDRESS = {Montreal, Canada},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/SEAMS2019-ML.pdf},
ABSTRACT = {Modern cyber-physical systems (e.g., robotics systems) are typically composed of physical and software components, the characteristics of which are likely to change over time.
Assumptions about parts of the system made at design time may not hold at run time, especially when a system is deployed for long periods (e.g., over decades).
Self-adaptation is designed to find reconfigurations of systems to handle such run-time inconsistencies. Planners can be used to find and enact optimal reconfigurations in such an evolving context. However, for systems that are highly configurable, such planning becomes intractable due to the size of the adaptation space.
To overcome this challenge, in this paper we explore an approach that (a) uses machine learning to find Pareto-optimal configurations without needing to explore every configuration, and (b) restricts the search space to such configurations to make planning tractable.
We explore this in the context of robot missions that need to consider task timeliness and energy consumption. An independent evaluation shows that our approach results in high quality adaptation plans in uncertain and adversarial environments. },
KEYWORDS = {Cyberphysical Systems, Self-adaptation}
}
@Article{2019:IEEESoftware:BRASS,
AUTHOR = {Aldrich, Jonathan and Garlan, David and K\"astner, Christian and Le Goues, Claire and Mohseni-Kabir, Anahita and Ruchkin, Ivan and Samuel, Selva and Schmerl, Bradley and Timperley, Christopher Steven and Veloso, Manuela and Voysey, Ian and Biswas, Joydeep and Guha, Arjun and Holtz, Jarrett and C\'{a}mara, Javier and Jamshidi, Pooyan},
TITLE = {Model-Based Adaptation for Robotics Software},
YEAR = {2019},
MONTH = {March},
JOURNAL = {IEEE Software},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/brass-mars-ieee-software2019.pdf},
ABSTRACT = {We have developed model-based adaptation, an approach that leverages models of software and its environment to enable automated adaptation. The goal of our approach is to build long-lasting mobile software systems that can effectively adapt to changes in their environment.},
KEYWORDS = {Self-adaptation}
}
@InProceedings{2019:Kubow,
AUTHOR = {Aderaldo, Carlos and Mendon\c{c}a, Nabor C. and Schmerl, Bradley and Garlan, David},
TITLE = {Kubow: An Architecture-Based Self-Adaptation Service for
Cloud Native Applications},
YEAR = {2019},
MONTH = {9-13 September},
BOOKTITLE = {Proceedings of the 2019 European Conference on Software Architecture: Tools Track},
ADDRESS = {Paris, France},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ecsa2019-tools-final.pdf},
ABSTRACT = {This paper presents Kubow, an extensible architecture-based selfadaptation
service for cloud native applications. Kubow itself was
implemented by customizing and extending the Rainbow self-adaptation
framework with support for Docker containers and Kubernetes.
The paper highlights Kubow’s architecture and main design
decisions, and illustrates its use and configuration through a simple
example. An accompanying demo video is available at the project’s
web site: https://ppgia-unifor.github.io/kubow/.},
NOTE = {Awarded Best Demo},
KEYWORDS = {Self-adaptation}
}
@InProceedings{2020:ICSE:RobotArchitecture,
AUTHOR = {Malavolta, Ivano and Lewis, Grace A. and Schmerl, Bradley and Lago, Patricia and Garlan, David},
TITLE = {How do you Architect your Robots? State of the Practice and Guidelines for ROS-based System},
YEAR = {2020},
MONTH = {23-29 May},
BOOKTITLE = {Proceedings of the 42nd International Conference on Software Engineering: Software Engineering in Practice},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ICSE_SEIP_20202020_ICSE_RobotArchitecture.pdf},
ABSTRACT = {The Robot Operating System (ROS) is the de-facto standard for robotic software.
If on one hand ROS is helping roboticists, e.g., by providing a standardized communication platform, on the other hand ROS-based systems are getting larger and more complex and could benefit from good software architecture practices.
This paper presents an observational study aimed at (i) unveiling the state of the practice for architecture of ROS-based systems and (ii) providing guidance to roboticists about how to properly architect ROS-based systems. To achieve these goals, we (i) build a dataset of 335 GitHub repositories containing real open-source ROS-based systems, (ii) mine the repositories for extracting the state of the practice about how roboticists are architecting them, and (iii) synthesize a catalog of 49 evidence-based guidelines for architecting ROS-based systems.
The guidelines have been validated by 77 roboticists working on real-world open-source ROS-based systems. },
KEYWORDS = {Architectural Analysis, Software Architecture}
}
@InProceedings{2020:SEAMS:CoAdaptation,
AUTHOR = {C\'{a}mara, Javier and Schmerl, Bradley and Garlan, David},
TITLE = {Software Architecture and Task Plan Co-Adaptation for Mobile Service Robots},
YEAR = {2020},
MONTH = {29 June - 3 July},
BOOKTITLE = {Proceedings of the 15th International Symposium on Software Engineering for Adaptive and Self-managing Systems (SEAMS)},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/SEAMS2020_Mobile_Robots.pdf},
ABSTRACT = {Self-adaptive systems increasingly need to reason about and adapt both structural and behavioral system aspects, such as in mobile service robots, which must reason about missions that they need to achieve and the architecture of the software executing them. Deciding how to best adapt these systems to run time changes is challenging because it entails considering mutual dependencies between the software architecture that the system is running and the outcome of plans for completing tasks, while also considering multiple trade-offs and uncertainties. Considering all these aspects in planning for adaptation often yields large solution spaces which cannot be adequately explored at run time.
We address this challenge by proposing a planning approach able to consider the impact of mutual dependencies between software architecture and task planning on the satisfaction of mission goals. The approach is able to reason quantitatively about the outcome of adaptation decisions handling both the reconfiguration of the system's architecture and adaptation of task plans under uncertainty and in a rich trade-off space.
Our results show: (i) feasibility of run-time decision-making for self-adaptation in an otherwise intractable solution space by dividing-and-conquering adaptation into architecture reconfiguration and task planning sub-problems, and (ii) improved quality of adaptation decisions with respect to decision making that does not consider dependencies between architecture and task planning.},
NOTE = {Talk},
KEYWORDS = {Cyberphysical Systems, Formal Methods, Model Checking, Planning, Rainbow, Robot Adaptation, Self-adaptation, Software Architecture}
}
@InProceedings{2020:Venaro:BPMDS,
AUTHOR = {Venero, Sheila and Schmerl, Bradley and Montecchi, Leonardo and Dos Reis, Julio Cesar and Rubira, Cecilia M. F.},
TITLE = {Automated Planning for supporting Knowledge-intensive Processes},
YEAR = {2020},
MONTH = {8-9 June},
BOOKTITLE = {Proceedings of the 20th Business Process Modeling, Development and Support (BPMDS) Working Conference},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/Automated_Planning_for_supporting__Knowledge_intensive_Processes.pdf},
ABSTRACT = {Knowledge-intensive processes (KiPs) are processes characterized by high levels of unpredictability and dynamism. Their process structure may not be known before their execution. One way to cope with this uncertainty is to defer decisions regarding the process structure until run time. In this paper, we consider the definition of the process structure as a planning problem. Our approach uses automated planning techniques to generate plans that define process models according to the current context. The generated plan model relies on a metamodel called METAKIP that represents the basic elements of KiPs.
Our solution explores Markov Decision Processes (MDP) to generate plan models. This technique allows uncertainty representation by defining state transition probabilities, which gives us more flexibility than traditional approaches. We construct an MDP model and solve it with the help of the PRISM model-checker. The solution is evaluated by means of a proof of concept in the medical domain and reveals the feasibility of our approach.},
KEYWORDS = {Model Checking, Stochastic Games}
}
@InProceedings{2020:Pandey:Hybrid,
AUTHOR = {Pandey, Ashutosh and Ruchkin, Ivan and Schmerl, Bradley and Garlan, David},
TITLE = {Hybrid Planning Using Learning and Model Checking for Autonomous Systems},
YEAR = {2020},
MONTH = {19-23 August},
BOOKTITLE = {Proceedings of the 2020 IEEE Conference on Autonomic Computing and Self-organizing Systems (ACSOS)},
ADDRESS = {Washington, D.C.},
ABSTRACT = {Self-adaptive software systems rely on planning to
make adaptation decisions autonomously. Planning is required
to produce high-quality adaptation plans in a timely manner;
however, quality and timeliness of planning are conflicting in
nature. This conflict can be reconciled with hybrid planning,
which can combine reactive planning (to quickly provide an
emergency response) with deliberative planning that take time
but determine a higher-quality plan. While often effective, reactive
planning sometimes risks making the situation worse. Hence,
a challenge in hybrid planning is to decide whether to invoke
reactive planning until the deliberative planning is ready with a
high-quality plan. To make this decision, this paper proposes a
novel learning-based approach. We demonstrate that this learning-based
approach outperforms existing techniques that are based
on specifying fixed conditions to invoke reactive planning in two
domains: enterprise cloud systems and unmanned aerial vehicles.},
NOTE = {Supplemental Material | Presentation Video},
KEYWORDS = {Formal Methods, Machine Learning, Self-adaptation}
}
@InProceedings{2020:Li:HIL-Model,
AUTHOR = {Li, Nianyu and C\'{a}mara, Javier and Garlan, David and Schmerl, Bradley},
TITLE = {Reasoning about When to Provide Explanation for Human-in-the-loop Self-Adaptive Systems},
YEAR = {2020},
MONTH = {19-23 August},
BOOKTITLE = {Proceedings of the 2020 IEEE Conference on Autonomic Computing and Self-organizing Systems (ACSOS)},
ADDRESS = {Washington, D.C.},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ExplanationInLoop2020.pdf},
ABSTRACT = {Many self-adaptive systems benefit from human involvement, where a human operator can provide expertise not available to the system and perform adaptations involving physical changes that cannot be automated.
However, a lack of transparency and intelligibility of system goals and the autonomous behaviors enacted to achieve them may hinder a human operator's effort to make such involvement effective.
Explanation is sometimes helpful to allow the human to understand why the system is making certain decisions. However, explanations come with costs in terms of, e.g., delayed actions.
Hence, it is not always obvious whether explanations will improve the satisfaction of system goals and, if so,
when to provide them to the operator. In this work, we define a formal framework for reasoning about explanations of adaptive system behaviors and the conditions under which they are warranted. Specifically, we characterize explanations in terms of their impact on a human operator's ability to effectively engage in adaptive actions.
We then present
a decision-making approach for planning in self-adaptation
that leverages a probabilistic reasoning tool to determine when the explanation should be used
in an adaptation strategy in order to improve overall system utility.
We illustrate our approach in a representative scenario for the application of an adaptive news website in the context of potential denial-of-service attacks. },
NOTE = {Presentation Video},
KEYWORDS = {Formal Methods, Human-in-the-loop, Self-adaptation, Stochastic Games}
}
@InProceedings{2020:Google:TJ,
AUTHOR = {Glazier, Thomas J. and Garlan, David and Schmerl, Bradley},
TITLE = {Case Study of an Automated Approach to Managing Collections of Autonomic Systems},
YEAR = {2020},
MONTH = {19-23 August},
BOOKTITLE = {Proceedings of the 2020 IEEE Conference on Autonomic Computing and Self-organizing Systems (ACSOS)},
ADDRESS = {Washington, D.C.},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ACSOS_2020_Automated_Management_of_Collections_of_Autonomic_Systems.pdf},
ABSTRACT = {Many applications have taken advantage of cloud
provided autonomic capabilities, commonly auto-scaling, to harness
easily available compute capacity to maintain performance
against defined quality objectives. This has caused the management
complexity of enterprise applications to increase. It is
now common for an application to be a collection of autonomic
sub-systems. However, combining individual autonomic systems
to create an application can lead to behaviors that negatively
impact the global aggregate utility of the application and in
some cases can be conflicting and self-destructive. Commonly,
human administrators address these behaviors as part of a design
time analysis of the situation or a run time mitigation of the
undesired effects. However, the task of controlling and mitigating
undesirable behaviors is complex and error prone. To handle the
complexity of managing a collection of autonomic systems we
have previously proposed an automated approach to the creation
of a higher level autonomic management system, referred to as a
Meta-Manager. In this paper, we improve upon prior work with
a more streamlined and understandable formal representation of
the approach, expand its capabilities to include global knowledge,
and test its potential applicability and effectiveness by managing
the complexity of a collection of autonomic systems in a case
study of a major outage suffered by the Google Cloud Platform.},
NOTE = {Presentation Video},
KEYWORDS = {Meta-management, Self-adaptation}
}
@InProceedings{2020:REACT,
AUTHOR = {Pfannm\"{u}ller, Martin and Breitbach, Martin and Krupitzer, Christian and Weckesser, Marcus and Becker, Christian and Schmerl, Bradley and Sch\"{u}rr, Andy},
TITLE = {REACT: A Model-Based Runtime Environment for Adapting Communication Systems},
YEAR = {2020},
MONTH = {19-23 August},
BOOKTITLE = {Proceedings of the 2020 IEEE Conference on Autonomic Computing and Self-organizing Systems (ACSOS)},
ADDRESS = {Washington, D.C.},
ABSTRACT = {Trends such as the Internet of Things or edge
computing lead to a growing number of networked devices.
Hence, it is becoming increasingly important to manage communication
systems at runtime. Adding self-adaptive capabilities
is one approach to reduce administrative effort and cope with
changing execution contexts. Existing frameworks for building
self-adaptive software can help to reduce development effort
in general. Yet, they are neither tailored towards the use
in communication systems nor easily usable without profound
knowledge in self-adaptive systems development. In this paper, we
propose REACT, a reusable, model-based runtime environment
to complement communication systems with adaptive behavior. It
addresses the heterogeneity and distribution aspects of networks
and reduces development effort. REACT empowers developers
of communication systems to add adaptive behavior without
having experience in self-adaptive systems development. We
show the effectiveness and efficiency of our prototype in an
experimental evaluation based on two distinct use cases from
the communication systems domain: cloud resource management
and software-defined networking. The first use case includes a
comparison with Rainbow, which represents a state-of-the-art
model-based framework for building self-adaptive systems. The
second use case applies REACT in a sophisticated, real-world
communication system scenario.},
KEYWORDS = {Self-adaptation}
}
@InProceedings{2021:MAPECTML,
AUTHOR = {Weyns, Danny and Schmerl, Bradley and Kishida, Masako and Leva, Alberto and Litoiu, Marin and Ozay, Necmiye and Paterson, Colin and Tei, Kenji},
TITLE = {Towards Better Adaptive Systems by Combining MAPE, Control Theory, and Machine Learning},
YEAR = {2021},
MONTH = {17-24 May},
BOOKTITLE = {Proceedings of the 16th Symposium on Software Engineering for Adaptive and Self-Managing Systems},
ADDRESS = {Virtual},
ABSTRACT = {Two established techniques to engineer adaptive systems are architecture-based adaptation that uses a Monitor-Analysis-Planning-Executing (MAPE) loop that reasons over architectural models (aka Knowledge) to make adaptation decisions, and control-based adaptation that relies on principles of control theory (CT) to realize adaptation.
Recently, we also observe a rapid growing interest in applying machine learning (ML) to support different adaptation mechanisms.
While MAPE and CT have particular characteristics and strengths to be applied independently, in this paper we are concerned with the question of how these techniques are related with one another and whether combining them and supporting them with ML can produce better adaptive systems.
We motivate the combined use of different adaptation techniques using scenarios from two different domains and illustrate the analysis involved in combining different adaptation techniques. The paper concludes with suggestions for further research in this interesting area.},
KEYWORDS = {Control Theory, Machine Learning, Self-adaptation}
}
@InProceedings{2021:Li:HeyPreparatory,
AUTHOR = {Li, Nianyu and C\'{a}mara, Javier and Garlan, David and Schmerl, Bradley and Jin, Zhi},
TITLE = {Hey! Preparing Humans to do Tasks in Self-adaptive Systems},
YEAR = {2021},
MONTH = {18-21 May},
BOOKTITLE = {Proceedings of the 16th Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2021)},
ADDRESS = {Virtual},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/Preparatory_SEAMS.pdf},
ABSTRACT = {Many self-adaptive systems benefit from human involvement, where human operators can complement the capabilities of systems (e.g., by supervising decisions, or performing adaptations and tasks involving physical changes that cannot be automated). However, insufficient preparation (e.g., lack of task context comprehension) may hinder the effectiveness of human involvement, especially when operators are unexpectedly interrupted to perform a new task. Preparatory notification of a task provided in advance can sometimes help human operators focus their attention on the forthcoming task and understand its context before task execution, hence improving effectiveness. Nevertheless, deciding when to use preparatory notification as a tactic is not obvious and entails considering different factors that include uncertainties induced by human operator behavior (who might ignore the notice message), human attributes (e.g., operator training level), and other information that refers to the state of the system and its environment.
In this paper, informed by work in cognitive science on human attention and context management, we introduce a formal framework to reason about
the usage of preparatory notifications
in self-adaptive systems involving human operators. Our framework characterizes the effects of managing attention via task notification in terms of task context comprehension. We also build on our framework to develop an automated probabilistic reasoning technique able to determine when and in what form a preparatory notification tactic should be used to optimize system goals. We illustrate our approach in a representative scenario of human-robot collaborative goods delivery. },
NOTE = {Awarded Best Student Paper for SEAMS 2021},
KEYWORDS = {Explainable Software, Formal Methods, Robot Adaptation, Self-adaptation}
}
@Article{2021:ROSArch:JSS,
AUTHOR = {Malavolta, Ivano and Lewis, Grace A. and Schmerl, Bradley and Lago, Patricia and Garlan, David},
TITLE = {Mining Guidelines for Architecting Robotics Software},
YEAR = {2021},
MONTH = {August},
JOURNAL = {Journal of Systems and Software},
VOLUME = {178},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/JSS_ROS_2020.pdf},
ABSTRACT = {Context. The Robot Operating System (ROS) is the de-facto standard for robotics software.However, ROS-based systems are getting larger and more complex and could benefit from good software architecture practices.Goal. We aim at (i) unveiling the state-of-the-practice in terms of targeted quality attributes and architecture documentation in ROS-based systems, and (ii) providing empirically-grounded guidance to roboticists about how to properly architect ROS-based systems.Method. We designed and conducted an observational study where we (i) built a dataset of335 GitHub repositories containing real open-source ROS-based systems, and (ii) mined the repositories to extract and synthesize quantitative and qualitative findings about how roboticists are architecting ROS-based systems.Results. First, we extracted an empirically-grounded overview of the state of the practice for architecting and documenting ROS-based systems. Second, we synthesized a catalog of 47architecting guidelines for ROS-based systems. Third, the extracted guidelines were validated by119 roboticists working on real-world open-source ROS-based systems.Conclusions. Roboticists can use our architecting guidelines for applying good design principles to develop robots that meet quality requirements, and researchers can use our results as evidence-based indications about how real-world ROS systems are architected today, thus inspiring future research contributions},
NOTE = {https://doi.org/10.1016/j.jss.2021.110969},
KEYWORDS = {Software Architecture}
}
@InProceedings{ECSA21,
AUTHOR = {C\'{a}mara, Javier and Silva, Mariana and Garlan, David and Schmerl, Bradley},
TITLE = {Explaining Architectural Design Tradeoff Spaces: a Machine Learning Approach},
YEAR = {2021},
MONTH = {13-17 September},
BOOKTITLE = {Proceedings of the 15th European Conference on Software Architecture},
ADDRESS = {Virtual (Originally, V\"axjö Sweden)},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/Explaining_Architectural_Tradeoff_Spaces__a_Machine_Learning_Approach.pdf},
ABSTRACT = {In software design, guaranteeing the correctness of run-time system behavior while achieving an acceptable balance among multiple quality attributes remains a challenging problem.
Moreover, providing guarantees about the satisfaction of those requirements when systems are subject to uncertain environments is even more challenging.
While recent developments in architectural analysis techniques can assist architects in exploring the satisfaction of quantitative guarantees across the design space, existing approaches are still limited because they do not explicitly link design decisions to satisfaction of quality requirements.
Furthermore, the amount of information they yield can be overwhelming to a human designer, making it difficult to distinguish the forest through the trees.
In this paper, we present an approach to analyzing architectural design spaces that addresses these limitations and provides a basis to enable the explainability of design tradeoffs.
Our approach combines dimensionality reduction techniques employed in machine learning pipelines with quantitative verification to enable architects to understand how design decisions contribute to the satisfaction of strict quantitative guarantees under uncertainty across the design space.
Our results show feasibility of the approach in two case studies and evidence that dimensionality reduction is a viable approach to facilitate comprehension of tradeoffs in poorly-understood design spaces.},
KEYWORDS = {Explainable Software, Machine Learning, Self-adaptation}
}
@InProceedings{2021:SISSY,
AUTHOR = {Weyns, Danny and Bures, Tomas and Calinescu, Radu and Craggs, Barnaby and Fitzgerald, John and Garlan, David and Nuseibeh, Bashar and Pasquale, Liliana and Rashid, Awais and Ruchkin, Ivan and Schmerl, Bradley},
TITLE = {Six Software Engineering Principles for Smarter Cyber-Physical Systems},
YEAR = {2021},
MONTH = {27 September},
BOOKTITLE = {Proceedings of the Workshop on Self-Improving System Integration},
ABSTRACT = {Cyber-Physical Systems (CPS) integrate computational and physical components. With the digitisation of society
and industry and the progressing integration of systems, CPS
need to become “smarter” in the sense that they can adapt and
learn to handle new and unexpected conditions, and improve
over time. Smarter CPS present a combination of challenges that
existing engineering methods have difficulties addressing: inter-
twined digital, physical and social spaces, need for heterogeneous
modelling formalisms, demand for context-tied cooperation to
achieve system goals, widespread uncertainty and disruptions in
changing contexts, inherent human constituents, and continuous
encounter with new situations. While approaches have been put
forward to deal with some of these challenges, a coherent perspective on engineering smarter CPS is lacking. In this paper, we
present six engineering principles for addressing the challenges
of smarter CPS. As smarter CPS are software-intensive systems,
we approach them from a software engineering perspective with
the angle of self-adaptation that offers an effective approach to
deal with run-time change. The six principles create an integrated
landscape for the engineering and operation of smarter CPS.},
KEYWORDS = {Cyberphysical Systems}
}
@Article{2020:REACT-ION,
AUTHOR = {Pfannm\"{u}ller, Martin and Breitbach, Martin and Weckesser, Marcus and Becker, Christian and Schmerl, Bradley and Sch\"{u}rr, Andy and Krupitzer, Christian},
TITLE = {REACT-ION: A Model-based Runtime Environment for Situation-aware Adaptations},
YEAR = {2020},
MONTH = {December},
JOURNAL = {ACM Transactions on Autonomous and Adaptive Systems},
VOLUME = {15},
NUMBER = {4},
PAGES = {1-29},
ABSTRACT = {Trends such as the Internet of Things lead to a growing number of networked devices and to a variety of communication systems. Adding self-adaptive capabilities to these communication systems is one approach to reducing administrative effort and coping with changing execution contexts. Existing frameworks can help reducing development effort but are neither tailored toward the use in communication systems nor easily usable without knowledge in self-adaptive systems development. Accordingly, in previous work, we proposed REACT, a reusable, model-based runtime environment to complement communication systems with adaptive behavior. REACT addresses heterogeneity and distribution aspects of such systems and reduces development effort. In this article, we propose REACT-ION—an extension of REACT for situation awareness. REACT-ION offers a context management module that is able to acquire, store, disseminate, and reason on context data. The context management module is the basis for (i) proactive adaptation with REACT-ION and (ii) self-improvement of the underlying feedback loop. REACT-ION can be used to optimize adaptation decisions at runtime based on the current situation. Therefore, it can cope with uncertainty and situations that were not foreseeable at design time. We show and evaluate in two case studies how REACT-ION’s situation awareness enables proactive adaptation and self-improvement.},
KEYWORDS = {Cyberphysical Systems, Self-adaptation, Self-awareness & Adaptation}
}
@InProceedings{2022:ICSA:ROSDiscover,
AUTHOR = {Timperley, Christopher Steven and D\"{u}rschmid, Tobias and Schmerl, Bradley and Garlan, David and Le Goues, Claire},
TITLE = {ROSDiscover: Statically Detecting Run-Time Architecture Misconfigurations in Robotics Systems},
YEAR = {2022},
MONTH = {12-15 March},
BOOKTITLE = {Proceedings of the 19th International Conference on Software Architecture (ICSA 2022)},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ROSDiscover_Statically_Detecting_Run-Time_Architecture_Misconfigurations_in_Robotics_Systems__Artifact_Paper.pdf},
ABSTRACT = {Robot systems are growing in importance and complexity. Ecosystems for robot software, such as the ROS, provide libraries of reusable software components that can be configured and composed into larger systems. To support compositionality, ROS uses late binding and architecture configuration via "launch files" that describe how to initialize the components in a system.
However, late binding often leads to systems failing silently due to misconfiguration, for example by misrouting or dropping messages entirely.
In this paper we present ROSDiscover, which statically recovers the run-time architecture of ROS systems to find such architecture misconfiguration bugs. First, ROSDiscover constructs component level architectural models (ports, parameters) from source code. Second, architecture configuration files are analyzed to compose the system from these component models and derive the connections in the system. Finally, the reconstructed architecture is checked against architectural rules described in first-order logic to identify potential misconfigurations.
We present an evaluation of ROSDiscover on real world, off-the-shelf robotic systems, measuring the accuracy, effectiveness, and practicality of our approach. To that end, we collected the first data set of architecture configuration bugs in ROS from popular open-source systems and measure how effective our approach is for detecting configuration bugs in that set.},
KEYWORDS = {Acme, Architectural Analysis, Publish Subscribe Systems, Software Architecture}
}
@Article{2022:SoSym:UIP,
AUTHOR = {C\'{a}mara, Javier and Troya, Javier and Vallecillo, Antonio and Bencomo, Nelly and Calinescu, Radu and Cheng, Betty H.C. and Garlan, David and Schmerl, Bradley},
TITLE = {The uncertainty interaction problem in self-adaptive systems},
YEAR = {2022},
MONTH = {August},
JOURNAL = {Software System and Modelling},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/Sosym2022.pdf},
ABSTRACT = {The problem of mitigating uncertainty in self-adaptation has driven much of the research proposed in the area of software
engineering for self-adaptive systems in the last decade. Although many solutions have already been proposed, most of
them tend to tackle specific types, sources, and dimensions of uncertainty (e.g., in goals, resources, adaptation functions)
in isolation. A special concern are the aspects associated with uncertainty modeling in an integrated fashion. Different
uncertainties are rarely independent and often compound, affecting the satisfaction of goals and other system properties in
subtle and often unpredictable ways. Hence, there is still limited understanding about the specific ways in which uncertainties
from various sources interact and ultimately affect the properties of self-adaptive, software-intensive systems. In this SoSym
expert voice, we introduce the Uncertainty Interaction Problem as a way to better qualify the scope of the challenges with
respect to representing different types of uncertainty while capturing their interaction in models employed to reason about
self-adaptation. We contribute a characterization of the problem and discuss its relevance in the context of case studies taken
from two representative application domains. We posit that the Uncertainty Interaction Problem should drive future research
in software engineering for autonomous and self-adaptive systems, and therefore, contribute to evolving uncertainty modeling
towards holistic approaches that would enable the construction of more resilient self-adaptive systems.},
NOTE = {Expert Voice Paper (https://doi.org/10.1007/s10270-022-01037-6)},
KEYWORDS = {Self-adaptation, uncertainty}
}
@Article{2022:JSS:ExpSAS,
AUTHOR = {Wohlrab, Rebekka and C\'{a}mara, Javier and Garlan, David and Schmerl, Bradley},
TITLE = {Explaining quality attribute tradeoffs in automated planning for self-adaptive systems},
YEAR = {2022},
MONTH = {October},
JOURNAL = {The Journal of Systems and Software},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/xplanqasas.pdf},
ABSTRACT = {Self-adaptive systems commonly operate in heterogeneous contexts and need to consider multiple quality attributes. Human stakeholders often express their quality preferences by defining utility func- tions, which are used by self-adaptive systems to automatically generate adaptation plans. However, the adaptation space of realistic systems is large and it is obscure how utility functions impact the generated adaptation behavior, as well as structural, behavioral, and quality constraints. Moreover, human stakeholders are often not aware of the underlying tradeoffs between quality attributes. To address this issue, we present an approach that uses machine learning techniques (dimensionality reduction, clustering, and decision tree learning) to explain the reasoning behind automated planning. Our approach focuses on the tradeoffs between quality attributes and how the choice of weights in utility functions results in different plans being generated. We help humans understand quality attribute tradeoffs, identify key decisions in adaptation behavior, and explore how differences in utility functions result in different adaptation alternatives. We present two systems to demonstrate the approach’s applicability and consider its potential application to 24 exemplar self-adaptive systems. Moreover, we describe our assessment of the tradeoff between the information reduction and the amount of explained variance retained by the results obtained with our approach.},
KEYWORDS = {Explainable Software, Planning, Self-adaptation}
}
@Article{2022:JSS:Extra,
AUTHOR = {C\'{a}mara, Javier and Wohlrab, Rebekka and Garlan, David and Schmerl, Bradley},
TITLE = {ExTrA: Explaining architectural design tradeoff spaces via dimensionality reduction.},
YEAR = {2022},
MONTH = {December},
JOURNAL = {Journal of Systems and Software},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/ExTrA__Explaining_Architectural_Design_Tradeoff_Spaces_via_Dimensionality_Reduction.pdf},
ABSTRACT = {In software design, guaranteeing the correctness of run-time system behavior while achieving an acceptable balance among multiple quality attributes remains a challenging problem. Moreover, providing guarantees about the satisfaction of those requirements when systems are subject to uncertain environments is even more challenging. While recent developments in architectural analysis techniques can assist architects in exploring the satisfaction of quantitative guarantees across the design space, existing approaches are still limited because they do not explicitly link design decisions to satisfaction of quality requirements. Furthermore, the amount of information they yield can be overwhelming to a human designer, making it difficult to see the forest for the trees. In this paper we present ExTrA (Explaining Tradeoffs of software Architecture design spaces), an approach to analyzing architectural design spaces that addresses these limitations and provides a basis for explaining design tradeoffs. Our approach employs dimensionality reduction techniques employed in machine learning pipelines like Principal Component Analysis (PCA) and Decision Tree Learning (DTL) to enable architects to understand how design decisions contribute to the satisfaction of extra-functional properties across the design space. Our results show feasibility of the approach in two case studies and evidence that combining complementary techniques like PCA and DTL is a viable approach to facilitate comprehension of tradeoffs in poorly-understood design spaces.},
NOTE = {https://doi.org/10.1016/j.jss.2022.111578},
KEYWORDS = {Architectural Analysis, Explainable Software}
}
@Article{IEEE:CaRE:2023,
AUTHOR = {Hossen, Md Abir and Kharade, Sonam and Schmerl, Bradley and C\'{a}mara, Javier and O\'Kane, Jason M. and Czaplinski, Ellen C. and Dzurilla, Katherine A. and Garlan, David and Jamshidi, Pooyan},
TITLE = {CaRE: Finding Root Causes of Configuration Issues in Highly-Configurable Robots},
YEAR = {2023},
MONTH = {May},
JOURNAL = {IEEE Robotics and Automation Letters},
PAGES = {1-8},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/CaRE_Finding_Root_Causes_of_Configuration_Issues_in_Highly-Configurable_Robots.pdf},
ABSTRACT = {Robotic systems have subsystems with a combinatorially large configuration space and hundreds or thousands of possible software and hardware configuration options interacting non-trivially. The configurable parameters are set to target specific objectives, but they can cause functional faults when incorrectly configured. Finding the root cause of such faults is challenging due to the exponentially large configuration space and the dependencies between the robot's configuration settings and performance. This paper proposes CaRE —a method for diagnosing the root cause of functional faults through the lens of causality. CaRE abstracts the causal relationships between various configuration options and the robot's performance objectives by learning a causal structure and estimating the causal effects of options on robot performance indicators. We demonstrate CaRE 's efficacy by finding the root cause of the observed functional faults and validating the diagnosed root cause by conducting experiments in both physical robots ( Husky and Turtlebot 3 ) and in simulation ( Gazebo ). Furthermore, we demonstrate that the causal models learned from robots in simulation (e.g., Husky in Gazebo ) are transferable to physical robots across different platforms (e.g., Husky and Turtlebot 3 ).},
NOTE = {doi: 10.1109/LRA.2023.3280810}
}
@InProceedings{2023:Sedghpour:IC2E,
AUTHOR = {Sedghpour, Mohammad Reza Saleh and Garlan, David and Schmerl, Bradley and Klein, Cristian and Tordsson, Johan},
TITLE = {Breaking the Vicious Circle: Self-Adaptive Microservice Circuit Breaking and Retry},
YEAR = {2023},
MONTH = {25-28 September},
BOOKTITLE = {Proceedings of the 11th IEEE International conference on Cloud Engineering (IC2E)},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/Mohammad___Paper___6.pdf},
ABSTRACT = {Microservice-based architectures consist of numer- ous, loosely coupled services with multiple instances. Service meshes aim to simplify traffic management and prevent mi- croservice overload through circuit breaking and request retry mechanisms. Previous studies have demonstrated that the static configuration of these mechanisms is unfit for the dynamic environment of microservices. We conduct a sensitivity analysis to understand the impact of retrying across a wide range of scenarios. Based on the findings, we propose a retry controller that can also work with dynamically configured circuit breakers. We have empirically assessed our proposed controller in various scenarios, including transient overload and noisy neighbors while enforcing adaptive circuit breaking. The results show that our proposed controller does not deviate from a well-tuned configura- tion while maintaining carried response time and adapting to the changes. In comparison to the default static retry configuration that is mostly used in practice, our approach improves the carried throughput up to 12x and 32x respectively in the cases of transient overload and noisy neighbors.},
NOTE = {Best Paper Award},
KEYWORDS = {Self-adaptation, Self-Repair}
}
@Article{Camara:Expl:IEEESoftware:2024,
AUTHOR = {C\'{a}mara, Javier and Wohlrab, Rebekka and Garlan, David and Schmerl, Bradley},
TITLE = {Focusing on What Matters: Explaining Quality Tradeoffs in Software-Intensive Systems via Dimensionality Reduction},
YEAR = {2024},
MONTH = {January},
JOURNAL = {IEEE Software},
VOLUME = {41},
PAGES = {64-73},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/IEEE_Software__Tradeoff_Focused_ExplanationsCamara_Expl_IEEESoftware_2024.pdf},
ABSTRACT = {Building and operating software-intensive systems often involves exploring decision spaces made up of large numbers of variables and complex relations among them. Understanding such spaces is often overwhelming to human decision makers, who have limited capacity to digest large amounts of information, making it difficult to distinguish the forest through the trees. In this article, we report on our experience in which we used dimensionality reduction techniques to enable decision makers in different domains (software architecture, smart manufacturing, automated planning for service robots) to focus on the elements of the decision space that explain most of the quality variation, filtering out noise, and thus reducing cognitive complexity.},
NOTE = {DOI: https://doi.ieeecomputersociety.org/10.1109/MS.2023.3320689},
KEYWORDS = {Explainable Software, Planning, Self-adaptation, Software Architecture}
}
@InProceedings{Garlan:2024:Designing,
AUTHOR = {Garlan, David and Schmerl, Bradley and Wohlrab, Rebekka and C\'{a}mara, Javier},
TITLE = {Challenges in Creating Effective Automated Design Environments: An experience report from the domain of generative manufacturing},
YEAR = {2024},
MONTH = {15 April},
BOOKTITLE = {Proc. the 1st International Workshop on Designing Software},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/DesigningLMCO-2.pdf},
ABSTRACT = {The emergence of powerful automated design tools in many domains is changing the nature of design, as human-intensive activities can be increasingly off-loaded to those tools. Rather than having a human consider only handful of options, as has been done historically, such tools now enable the generation of a large space of potential designs, exhibiting different tradeoffs among competing qualities of merit, and supporting systematic exploration of the design space. At the same time, this paradigm raises new challenges centered on enabling humans to effectively navigate that generated space in order to select a design that best meets their requirements. In this paper we describe our experience in the domain of generative manufacturing, in which we developed a novel design environment for airplane parts manufacturing that incorporates a number of sophisticated design tools and attempts to tackle the emergent problems of design space exploration that are faced by designers of those parts. We use this experience to highlight the challenges that we faced and reflect on their applicability more generally to tool-assisted software design environments.},
KEYWORDS = {Explainable Software}
}
@Article{2024:Hossen:CURE,
AUTHOR = {Hossen, Md Abir and Kharade, Sonam and O\'Kane, Jason M. and Schmerl, Bradley and Garlan, David and Jamshidi, Pooyan},
TITLE = {CURE: Simulation-Augmented Auto-Tuning in Robotics},
YEAR = {2025},
MONTH = {March},
JOURNAL = {IEEE Transactions on Robotics},
ABSTRACT = {Robotic systems are typically composed of vari-
ous subsystems, such as localization and navigation, each en-
compassing numerous configurable components (e.g., selecting
different planning algorithms). Once an algorithm has been
selected for a component, its associated configuration options
must be set to the appropriate values. Configuration options
across the system stack interact non-trivially. Finding optimal
configurations for highly configurable robots to achieve desired
performance poses a significant challenge due to the interactions
between configuration options across software and hardware
that result in an exponentially large and complex configuration
space. These challenges are further compounded by the need
for transferability between different environments and robotic
platforms. Data efficient optimization algorithms (e.g., Bayesian
optimization) have been increasingly employed to automate the
tuning of configurable parameters in cyber-physical systems.
However, such optimization algorithms converge at later stages,
often after exhausting the allocated budget (e.g., optimization
steps, allotted time) and lacking transferability. This paper
proposes CURE—a method that identifies causally relevant con-
figuration options, enabling the optimization process to operate
in a reduced search space, thereby enabling faster optimization
of robot performance. CURE abstracts the causal relationships
between various configuration options and robot performance
objectives by learning a causal model in the source (a low-cost
environment such as the Gazebo simulator) and applying the
learned knowledge to perform optimization in the target (e.g.,
Turtlebot 3 physical robot). We demonstrate the effectiveness and
transferability of CURE by conducting experiments that involve
varying degrees of deployment changes in both physical robots
and simulation},
KEYWORDS = {Cyberphysical Systems, Machine Learning, Robot Adaptation, Self-adaptation}
}
@Article{Sousa:2024:Security,
AUTHOR = {Sousa, Bruno and Dias, Duarte and Antunes, Nuno and C\'{a}mara, Javier and Wagner, Ryan and Schmerl, Bradley and Garlan, David and Fidalgo, Pedro},
TITLE = {MONDEO-Tactics5G: Multistage botnet detection and tactics for 5G/6G networks},
YEAR = {2024},
MONTH = {May},
JOURNAL = {Computers & Security},
VOLUME = {140},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/MONDEO_AIDA.pdf},
ABSTRACT = {Mobile malware is a malicious code specifically designed to target mobile devices to perform multiple types of fraud. The number of attacks reported each day is increasing constantly and is causing an impact not only at the end-user level but also at the network operator level. Malware like FluBot contributes to identity theft and data loss but also enables remote Command & Control (C2) operations, which can instrument infected devices to conduct Distributed Denial of Service (DDoS) attacks. Current mobile device-installed solutions are not effective, as the end user can ignore security warnings or install malicious software. This article designs and evaluates MONDEO-Tactics5G - a multistage botnet detection mechanism that does not require software installation on end-user devices, together with tactics for 5G network operators to manage infected devices. We conducted an evaluation that demonstrates high accuracy in detecting FluBot malware, and in the different adaptation strategies to reduce the risk of DDoS while minimising the impact on the clients' satisfaction by avoiding disrupting established sessions.},
NOTE = {https://doi.org/10.1016/j.cose.2024.103768},
KEYWORDS = {Rainbow}
}
@InProceedings{Canelas:ISSTA:2024,
AUTHOR = {Canelas, Paulo and Schmerl, Bradley and Fonesca, Alcides and Timperley, Christopher Steven},
TITLE = {Understanding Misconfigurations in ROS: An Empirical Study
and Current Approaches},
YEAR = {2024},
MONTH = {16-20 September},
BOOKTITLE = {The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA)},
ADDRESS = {Vienna, Austria},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/study_misconfigurations_paper.pdf},
ABSTRACT = {The Robot Operating System (ROS) is a highly popular framework and ecosystem that allows developers to build robot software sys- tems from reusable, off-the-shelf components. Systems are often built by customizing and connecting components into a working ensemble via configuration files. While reusable components allow developers to quickly prototype working robots in theory, in prac- tice, ensuring that those components are configured and connected appropriately is fundamentally challenging, as evidenced by the large number of questions asked on developer forums. Developers must be careful to abide by the assumptions of individual compo- nents, which are often unchecked and unstated when building their systems. Failure to do so can result in misconfigurations that are only discovered once the robot is deployed in the field, at which point errors may lead to unpredictable and dangerous behavior. De- spite misconfigurations having been studied in the broader context of software engineering, robotics software (and ROS in particular) poses domain-specific challenges with potentially disastrous conse- quences. To understand and improve the reliability of ROS projects, it is critical to identify the types of misconfigurations developers face. To that end, we study ROS Answers, a Q&A platform, to iden- tify and categorize misconfigurations during ROS development. We then conduct a literature review to assess the coverage of these misconfigurations using existing detection techniques. In total, we find 12 high-level categories and 50 sub-categories of misconfigura- tions. Of these categories, 27 are not covered by existing techniques. To conclude, we discuss how to tackle those misconfigurations in future work.},
KEYWORDS = {Robot Adaptation}
}
@Article{2024:GM:All,
AUTHOR = {Chen, Hongrui and Joglekar, Aditya and Rubenstein, Zack and Schmerl, Bradley and Fedder, Gary and De Nijs, Jan and Garlan, David and Smith, Stephen and Burak Kara, Levant},
TITLE = {Generative Manufacturing: A requirements and resource-driven approach to part making},
YEAR = {2025},
MONTH = {June},
JOURNAL = {Computers in Industry},
VOLUME = {168},
ABSTRACT = {Advances in CAD and CAM have enabled engineers and design teams to digitally design parts with unprecedented ease. Software solutions now come with a range of modules for optimizing designs for performance requirements, generating instructions for manufacturing, and digitally tracking the entire process from design to procurement in the form of product life-cycle management tools. However, existing solutions force design teams and corporations to take a primarily serial approach where manufacturing and procurement decisions are largely contingent on design, rather than being an integral part of the design process. In this work, we propose a new approach to part making where design, manufacturing, and supply chain requirements and resources can be jointly considered and optimized. We present the Generative Manufacturing compiler that accepts as input the following: 1) An engineering part requirements specification that includes quantities such as loads, domain envelope, mass, and compliance, 2) A business part requirements specification that includes production volume, cost, and lead time, 3) Contextual knowledge about the current manufacturing state such as availability of relevant manufacturing equipment, materials, and workforce, both locally and through the supply chain. Based on these factors, the compiler generates and evaluates manufacturing process alternatives and the optimal derivative designs that are implied by each process, and enables a user guided iterative exploration of the design space. As part of our initial implementation of this compiler, we demonstrate the effectiveness of our approach on examples of a cantilever beam problem and a rocket engine mount problem and showcase its utility in creating and selecting optimal solutions according to the requirements and resources.},
KEYWORDS = {Explainable Software}
}
@InProceedings{Canelas:RospecADL:2025,
AUTHOR = {Canelas, Paulo and Schmerl, Bradley and Fonesca, Alcides and Timperley, Christopher Steven},
TITLE = {The Usability Argument for ROS-based Robot Architectural Description Languages},
YEAR = {2025},
MONTH = {17-18 February},
BOOKTITLE = {Proc. the 15th annual workshop on the intersection of HCI and PL},
PDF = {http://acme.able.cs.cmu.edu/pubs/uploads/pdf/2024_plateau_rospecusabilityCanelas_RospecADL_2025.pdf},
ABSTRACT = {Component-based architectures in robotics, like the Robot Operating System (ROS), simplify system development by integrating reusable, off-the-shelf components.
However, these components often lack sufficient documentation on their use and the architectures they form, leading to architectural misconfigurations.
General-purpose Architectural Description Languages (ADLs) effectively provide properties to detect misconfigurations but are burdensome to use, as they require mapping new language-specific concepts to the ROS domain.
This work introduces rospec, a novel ADL embedding ROS-specific knowledge to help developers specify and detect architectural misconfigurations.
By mapping the language's syntax with ROS concepts, we argue that practitioners can more easily understand and reason about specifications written in the language.
We provide an example and compare it with a general-purpose ADL.},
KEYWORDS = {Software Architecture, Usability}
}