Checking Compatability of Programs on Shared Data

Pranavadatta, DN

January 2011

A large software system is built by composing multiple programs, possibly developed independently. The component programs communicate by sharing data. Data sharing involves creation of instances of the shared data by one program, called the producer, and its interpretation by another program, called the consumer. Valid instances of shared data and their correct interpretation is usually specified by a protocol or a standard that governs the communication. If a consumer misinterprets or does not handle some instances of data produced by a producer, it is called as a data compatibility bug. Such bugs manifest as various forms of runtime errors that are difficult to find and fix. In this work, we define various compatibility relations, between both producer-consumer programs and version-related programs, that characterize various subtle requirements for correct sharing of data. We design and implement a static analysis to infer types and guards over elements of shared data and the results are used for automatic compatibility checking. As case studies, we consider two widely used shared data-the TIFF structure, used to store TIFF directory attributes in memory, and IEEE 802. 11 MAC frame header which forms the layer 2 header in Wireless LAN communication. We analyze and check compatibility of 6 pairs of producer-consumer programs drawn from the transmit-receive code of Linux WLAN drivers of 3 different vendors. In the setting of version-related programs, we analyze a total of 48 library and utility routines of 2 pairs of TIFF image library (libtiff) versions. We successfully identify 5 known bugs and 1 new bug. For two of known bugs, bug fixes are available and we verify that they resolve the compatibility issues.

Data Sharing

Data Compatibility

Shared Data Programs - Compatability

Shared Data Software

Producer-Consumer Programs

Shared Data - Static Analysis

Data Compatibility Checking

Static Layout Inference Analysis

Octagon Abstract Domain

Compatibility Checking

Computer Science

Framework for Real-time collaboration on extensive Data Types using Strong Eventual Consistency

Masson, Constantin

12 1900

La collaboration en temps réel est un cas spécial de collaboration où les utilisateurs travaillent sur le même élément simultanément et sont au courant des modifications des autres utilisateurs en temps réel. Les données distribuées doivent rester disponibles et consistant tout en étant répartis sur plusieurs systèmes physiques. "Strong Consistency" est une approche qui crée un ordre total des opérations en utilisant des mécanismes tel que le "locking". Cependant, cela introduit un "bottleneck". Ces dix dernières années, les algorithmes de concurrence ont été étudiés dans le but de garder la convergence de tous les replicas sans utiliser de "locking" ni de synchronisation. "Operational Trans- formation" et "Conflict-free Replicated Data Types (CRDT)" sont utilisés dans ce but. Cependant, la complexité de ces stratégies les rend compliquées à intégrer dans des logicielles conséquents, comme les éditeurs de modèles, spécialement pour des data structures complexes comme les graphes. Les implémentations actuelles intègrent seulement des data linéaires tel que le texte. Dans ce mémoire, nous présentons CollabServer, un framework pour construire des environnements de collaboration. Il a une implémentation de CRDTs pour des data structures complexes tel que les graphes et donne la possibilité de construire ses propres data structures. / Real-time collaboration is a special case of collaboration where users work on the same artefact simultaneously and are aware of each other’s changes in real-time. Shared data should remain available and consistent while dealing with its physically distributed aspect. Strong Consistency is one approach that enforces a total order of operations using mechanisms, such as locking. This however introduces a bottleneck. In the last decade, algorithms for concurrency control have been studied to keep convergence of all replicas without locking or synchronization. Operational Transformation and Conflict free Replicated Data Types (CRDT) are widely used to achieve this purpose. However, the complexity of these strategies makes it hard to integrate in large software, such as modeling editors, especially for complex data types like graphs. Current implementations only integrate linear data, such as text. In this thesis, we present CollabServer, a framework to build collaborative environments. It features a CRDTs implementation for complex data types such as graphs and gives possibility to build other data structures.

Concurrency Control

Concurrent Algorithms

Distributed Systems

Optimistic concurrency control

Software Engineering

Shared Data

Strong Eventual Consistency

Algorithme de concurrence

Data distribuée

Génie logiciel

Gestion de concurrence

Strong Eventual Consistency

Système distribués

Challenges and opportunities with shared data for Water Treatment Plants / Utmaningar och möjligheter med delade data mellan vattenverk

Bredhe, Johanna, Hashi, Abdulahi Ismail

January 2022

The Swedish water sector faces many challenges in terms of climate change, worn out facilities and distribution systems as many of them were built in the 50-, 60- and 70s, but also increased cyber security concerns. Collaborations between different actors are therefore required to address these challenges. This thesis work's purpose is to examine the opportunities a collaboration between water treatment plants could bring for the water sector to achieve a more sustainable drinking water production. The purpose is also to examine the most efficient way to establish a collaboration between them through digital means. A workshop and several interviews with representatives from different water treatment plants were conducted to gather information on possibilities of data/information sharing between them, but also to make a security classification of data/information generated at the water treatment plants. The representatives included process engineers, process technicians, security associates and an associate at Svenskt vatten, an interest organization for the water sector. The result showed that data/information sharing is already taking place in the sector under limited conditions. Smaller VA organizations have more challenges due to lack of skilled workers, partners and time. It is difficult for many in the sector to know where to turn to when in need of help, particularly for smaller VA organizations who usually are the ones with fewer contact networks. It is not to say that only smaller VA organizations are affected but they are more likely to lack contact with other water organizations. The majority of water treatment plants agree on that data/information on treatment processes would be allowed to share under limited conditions. The information classification is a matter for each plant due to different security realities which determines the information classification. This makes it difficult to decide on what parameters could be shared by every water treatment plant. This needs to be investigated further in order to determine what data/information could be shared by most water treatment plants on a platform. Most participants thought that a platform of some kind would be the best solution to simplify data/information sharing between water treatment plants. The suggested platform is a good start for making contacts between water treatment plants and has the potential to enable storage and sharing of data/information in the future. / Den svenska VA sektorn står inför många utmaningar så som klimatförändringar, slitna anläggningar och distributionsnät då många av dem byggdes under 50-, 60- och 70-talet. Även oron kring cybersäkerheten ökar. Samarbeten mellan olika aktörer krävs för att lösa dessa utmaningar. Syftet med examensarbetet är att undersöka de möjligheter som samarbeten mellan vattenverk skulle medföra för att nå en mer hållbar dricksvattenproduktion. Syftet är också att undersöka det mest effektiva sättet att få till ett samarbete mellan vattenverken med digitala medel. En workshop och flertalet intervjuer genomfördes med olika representanter från vattenverk för att samla information om möjligheten med att dela data/information mellan dem. Men också för att göra en säkerhetsklassning av data/information som genereras på vattenverken. Representanterna inkluderade processingenjörer, processtekniker, säkerhetsansvariga samt en medarbetare från Svenskt vatten, en intresseorganisation för vattensektorn. Resultatet visade att delning av data/information redan sker inom sektorn, dock under begränsade former. Mindre VA organisationer har fler utmaningar på grund av brist på anställda med rätt kompetens, samarbetspartners och tid. Många inom sektorn har utmaningar när det kommer till att söka och få hjälp, särskilt för de mindre VA organisationerna som vanligtvis har färre kontakter. Men de är inte bara de små som är påverkade av detta problem, men det är vanligare att de inte har kontakter med andra VA organisationer. De flesta vattenverken ansåg att data/information från reningssteg skulle vara möjligt att dela under begränsade former. Informationssäkerhetsklassning är en enskild fråga för varje vattenverk som baseras på de hot som varje vattenverk står inför. Detta medför att det är svårt att bestämma vilken data/information som kan delas av varje vattenverk. Detta område behöver vidare utredas innan ett beslut kan fattas om vilken data/information alla vattenverk ska dela på en plattform. De flesta deltagarna tyckte att en plattform av något slag skulle vara lösningen för att förenkla delning av data/information mellan vattenverken. Den föreslagna plattformen är en bra start för vattenverk att skapa kontakter och har potentialen att möjliggöra lagring och delning av data/information i framtiden.

water treatment plants

shared data

water treatment processes

oxidation

chemical treatment

filtration

disinfection

open data

vattenverk

delade data

vattenreningsprocesser

oxidation

kemisk fällning

filtration

desinfektion

öppna data

Engineering and Technology

Teknik och teknologier

On Safe Usage of Shared Data in Safety-Critical Control Systems

Jäger, Georg

16 September 2022

Prognostiziert durch Konzepte der Industrie 4.0 und den Cyber-Physischen-Systemen, können autonome Systeme zukünftig dynamisch auf Datenquellen in ihrer Umgebung zugreifen. Während die gemeinsame Nutzung solcher Datenquellen ein enormes Performanzpotenzial bietet, stellt die benötigte Systemarchitektur vorherrschende Sicherheitsprozesse vor neue Herausforderungen. Die vorliegende Arbeit motiviert zunächst, dass diese nur zur Laufzeit des Systems adressiert werden könne, bevor sie daraus zwei zentrale Ziele ableitet und verfolgt. Zum einen wird ein Beschreibungsmodel für die Darstellung von Fehlercharakteristika gemeinsam genutzter Daten vorgestellt. Dieses generische Fehlermodell erlaubt es zum anderen eine Sicherheitsanalyse zu definieren, die eine spezifische, dynamische Systemkomposition zur Laufzeit mit Hinblick auf die zu erwartenden Unsicherheiten bewerten kann. Die als Region of Safety betitelte Analysestrategie erlaubt, in Kombination mit dem generischen Fehlermodell, die Sicherheit der auf gemeinsam genutzten Daten basierenden Kollisionsvermeidungsstrategie zweier Roboter noch zur Designzeit zu garantieren, obwohl die spezifischen Fehlercharakteristika der Daten erst zur Laufzeit bekannt werden.:List of Acronyms List of Theorems List of Definitions List of Figures List of Tables 1. Introduction – Safety in Future Smart Industries 1.1. The Example of Smart Warehouses 1.2. Functional Safety Standards 1.2.1. Overview of Functional Safety Standards 1.2.2. IEC 61508 1.3. Scope of this Thesis 1.3.1. Objectives 1.3.2. Contributions 1.3.3. Outline 1.4. Related Publications by the Author 1.5. Mathematical Notation 2. State of the Art 2.1. State of the Art in Run-Time Safety Assessment 2.1.1. Approaches at the Functional Level 2.1.2. Approaches at the Technical Level 2.1.3. Conclusions 2.2. State of the Art in Failure Modeling 2.2.1. The Definition of (Sensor) Failure Model 2.2.2. Interval-Based Failure Modeling 2.2.3. Distribution-Based Failure Modeling 2.2.4. Failure-Type-Based Failure Modeling 2.2.5. Conclusions 2.3. Conclusions from the State of the Art 3. Generic Failure Model 3.1. Defining the Generic Failure Model 3.1.1. Time- and Value-Correlated Random Distribution 3.1.2. A Failure Type’s Failure Amplitudes 3.1.3. A Failure Type’s State Function 3.1.4. Polynomial Representation of a Failure Type 3.1.5. Discussion on the Fulfillment of the Predefined Criteria 3.2. Converting a Generic Failure Model to an Interval 3.2.1. Converting a Time- and Value-Correlated Random Distribution 3.2.2. A Failure Type’s Interval 3.3. Processing Chain for Generating Generic Failure Models 3.3.1. Identifying Failure Types 3.3.2. Parameterizing Failure Types 3.3.3. Confidence Calculation 3.4. Exemplary Application to Artificial Failure Characteristics 3.4.1. Generating the Artificial Data Set – Manually Designing GFMs 3.4.2. Identifying Failure Types 3.4.3. Parameterizing Failure Types 3.4.4. Confidence Calculation 3.4.5. Comparison to State-of-the-Art Models 3.5. Summary 4. Region of Safety 4.1. Explicitly Modeling Uncertainties for Dynamically Composed Systems 4.2. Regions of Safety for Dynamically Composed Systems 4.2.1. Estimating Regions of Attraction in Presence of Uncertainty 4.2.2. Introducing the Concept of Region of Safety 4.2.3. Discussion on the Fulfillment of the Predefined Criteria 4.3. Evaluating the Concept of Region of Safety 4.3.1. Defining the Scenario and Considered Uncertainties 4.3.2. Designing a Control Lyapunov Function 4.3.3. Determining an Appropriate Value for λc 4.3.4. The Effect of Varying Sensor Failures on Regions of Safety 4.4. Summary 5. Evaluation and Integration 5.1. Multi-Robot Collision Avoidance 5.1.1. Assumptions 5.1.2. Design of the Circle and Navigation Scenarios 5.1.3. Kinematics 5.1.4. Control Policy 5.1.5. Intention Modeling by Model Uncertainty 5.1.6. Fusing Regions of Safety of Multiple Stability Points 5.2. Failure Modeling for Shared Data – A Marker Detection Failure Model 5.2.1. Data Acquisition 5.2.2. Failure Model Generation 5.2.3. Evaluating the Quality of the Failure Model 5.3. Safe Handling of Shared Data in a Collision Avoidance Strategy 5.3.1. Configuration for Region of Safety Estimation 5.3.2. Estimating Regions of Safety 5.3.3. Evaluation Using the Circle Scenario 5.3.4. Evaluation Using the Navigation Scenario 5.4. Summary 6. Conclusions and Future Work 6.1. Summary 6.2. Limitations and Future Work 6.2.1. Limitations and Future Work on the Generic Failure Model 6.2.2. Limitations and Future Work on Region of Safety 6.2.3. Future Work on Safety in Dynamically Composed Systems Appendices A. Defining Factors of Risk According to IEC 61508 B. Evaluation Results for the Identification Stage C. Overview of Failure Amplitudes of Marker Detection Results Bibliography / The concepts of Cyber-Physical-Systems and Industry 4.0 prognosticate autonomous systems to integrate sources of shared data dynamically at their run-time. While this promises substantial increases in their performance, the openness of the required system architecture poses new challenges to processes guaranteeing their safety. This thesis firstly motivates that these can be addressed only at their run-time, before it derives and pursues two corresponding goals. Firstly, a model for describing failure characteristics of shared data is presented. Secondly, this Generic Failure Model is built upon to define a run-time safety assessment methodology that enables analyzing dynamic system compositions integrating shared data with respect to the expected uncertainties at run-time. This analysis strategy, entitled Region of Safety, allows in combination with the generic failure model to guarantee the safety of robots sharing position data for collision avoidance already at design-time, although specific failure characteristics become available only at run-time.:List of Acronyms List of Theorems List of Definitions List of Figures List of Tables 1. Introduction – Safety in Future Smart Industries 1.1. The Example of Smart Warehouses 1.2. Functional Safety Standards 1.2.1. Overview of Functional Safety Standards 1.2.2. IEC 61508 1.3. Scope of this Thesis 1.3.1. Objectives 1.3.2. Contributions 1.3.3. Outline 1.4. Related Publications by the Author 1.5. Mathematical Notation 2. State of the Art 2.1. State of the Art in Run-Time Safety Assessment 2.1.1. Approaches at the Functional Level 2.1.2. Approaches at the Technical Level 2.1.3. Conclusions 2.2. State of the Art in Failure Modeling 2.2.1. The Definition of (Sensor) Failure Model 2.2.2. Interval-Based Failure Modeling 2.2.3. Distribution-Based Failure Modeling 2.2.4. Failure-Type-Based Failure Modeling 2.2.5. Conclusions 2.3. Conclusions from the State of the Art 3. Generic Failure Model 3.1. Defining the Generic Failure Model 3.1.1. Time- and Value-Correlated Random Distribution 3.1.2. A Failure Type’s Failure Amplitudes 3.1.3. A Failure Type’s State Function 3.1.4. Polynomial Representation of a Failure Type 3.1.5. Discussion on the Fulfillment of the Predefined Criteria 3.2. Converting a Generic Failure Model to an Interval 3.2.1. Converting a Time- and Value-Correlated Random Distribution 3.2.2. A Failure Type’s Interval 3.3. Processing Chain for Generating Generic Failure Models 3.3.1. Identifying Failure Types 3.3.2. Parameterizing Failure Types 3.3.3. Confidence Calculation 3.4. Exemplary Application to Artificial Failure Characteristics 3.4.1. Generating the Artificial Data Set – Manually Designing GFMs 3.4.2. Identifying Failure Types 3.4.3. Parameterizing Failure Types 3.4.4. Confidence Calculation 3.4.5. Comparison to State-of-the-Art Models 3.5. Summary 4. Region of Safety 4.1. Explicitly Modeling Uncertainties for Dynamically Composed Systems 4.2. Regions of Safety for Dynamically Composed Systems 4.2.1. Estimating Regions of Attraction in Presence of Uncertainty 4.2.2. Introducing the Concept of Region of Safety 4.2.3. Discussion on the Fulfillment of the Predefined Criteria 4.3. Evaluating the Concept of Region of Safety 4.3.1. Defining the Scenario and Considered Uncertainties 4.3.2. Designing a Control Lyapunov Function 4.3.3. Determining an Appropriate Value for λc 4.3.4. The Effect of Varying Sensor Failures on Regions of Safety 4.4. Summary 5. Evaluation and Integration 5.1. Multi-Robot Collision Avoidance 5.1.1. Assumptions 5.1.2. Design of the Circle and Navigation Scenarios 5.1.3. Kinematics 5.1.4. Control Policy 5.1.5. Intention Modeling by Model Uncertainty 5.1.6. Fusing Regions of Safety of Multiple Stability Points 5.2. Failure Modeling for Shared Data – A Marker Detection Failure Model 5.2.1. Data Acquisition 5.2.2. Failure Model Generation 5.2.3. Evaluating the Quality of the Failure Model 5.3. Safe Handling of Shared Data in a Collision Avoidance Strategy 5.3.1. Configuration for Region of Safety Estimation 5.3.2. Estimating Regions of Safety 5.3.3. Evaluation Using the Circle Scenario 5.3.4. Evaluation Using the Navigation Scenario 5.4. Summary 6. Conclusions and Future Work 6.1. Summary 6.2. Limitations and Future Work 6.2.1. Limitations and Future Work on the Generic Failure Model 6.2.2. Limitations and Future Work on Region of Safety 6.2.3. Future Work on Safety in Dynamically Composed Systems Appendices A. Defining Factors of Risk According to IEC 61508 B. Evaluation Results for the Identification Stage C. Overview of Failure Amplitudes of Marker Detection Results Bibliography

info:eu-repo/classification/ddc/004

ddc:004

Autonomes System

Sensor

Daten

Gemeinschaftliche Nutzung

Fehlermodell

Computersicherheit