Naeem Esfahani

FUSION: a framework for engineering self-tuning self-adaptive software systems

Self-adaptive software systems are capable of adjusting their behavior at run-time to achieve certain objectives. Such systems typically employ analytical models specified at design-time to assess their characteristics at run-time and make the appropriate adaptation decisions. However, prior to systems deployment, engineers often cannot foresee the changes in the environment, requirements, and systems operational profile. Therefore, any analytical model used in this setting relies on underlying assumptions that if not held at run-time make the analysis and hence the adaptation decisions inaccurate. We present and evaluate FeatUre-oriented Self-adaptatION (FUSION) framework, which aims to solve this problem by learning the impact of adaptation decisions on the systems goals. The framework (1) allows for automatic online fine-tuning of the adaptation logic to unanticipated conditions, (2) reduces the upfront effort required for building such systems, and (3) makes the run-time analysis of such systems very efficient.

Testing android apps through symbolic execution

There is a growing need for automated testing techniques aimed at Android apps. A critical challenge is the systematic generation of test cases. One method of systematically generating test cases for Java programs is symbolic execution. But applying symbolic execution tools, such as Symbolic Pathfinder (SPF), to generate test cases for Android apps is challenged by the fact that Android apps run on the Dalvik Virtual Machine (DVM) instead of JVM. In addition, Android apps are event driven and susceptible to path-divergence due to their reliance on an application development framework. This paper provides an overview of a two-pronged approach to alleviate these issues. First, we have developed a model of Android libraries in Java Pathfinder (JPF) to enable execution of Android apps in a way that addresses the issues of incompatibility with JVM and path-divergence. Second, we have leveraged program analysis techniques to correlate events with their handlers for automatically generating Android-specific drivers that simulate all valid events.

Taming uncertainty in self-adaptive software

Self-adaptation endows a software system with the ability to satisfy certain objectives by automatically modifying its behavior. While many promising approaches for the construction of self-adaptive software systems have been developed, the majority of them ignore the uncertainty underlying the adaptation decisions. This has been one of the key obstacles to wide-spread adoption of self-adaption techniques in risk-averse real-world settings. In this paper, we describe an approach, called POssIbilistic SElf-aDaptation (POISED), for tackling the challenge posed by uncertainty in making adaptation decisions. POISED builds on possibility theory to assess both the positive and negative consequences of uncertainty. It makes adaptation decisions that result in the best range of potential behavior. We demonstrate POISEDs application to the problem of improving a software systems quality of service via runtime reconfiguration of its customizable software components. We have extensively evaluated POISED using a prototype of a robotic software system.

A whitebox approach for automated security testing of Android applications on the cloud

By changing the way software is delivered to end-users, markets for mobile apps create a false sense of security: apps are downloaded from a market that can potentially be regulated. In practice, this is far from truth and instead, there has been evidence that security is not one of the primary design tenets for the mobile app stores. Recent studies have indicated mobile markets are harboring apps that are either malicious or vulnerable leading to compromises of millions of devices. The key technical obstacle for the organizations overseeing these markets is the lack of practical and automated mechanisms to assess the security of mobile apps, given that thousands of apps are added and updated on a daily basis. In this paper, we provide an overview of a multi-faceted project targeted at automatically testing the security and robustness of Android apps in a scalable manner. We describe an Android-specific program analysis technique capable of generating a large number of test cases for fuzzing an app, as well as a test bed that given the generated test cases, executes them in parallel on numerous emulated Androids running on the cloud.

Uncertainty in Self-Adaptive Software Systems

The ever-growing complexity of software systems coupled with their stringent availability requirements are challenging the manual management of software after its deployment. This has motivated the development of self-adaptive software systems. Self-adaptation endows a software system with the ability to satisfy certain objectives by automatically modifying its behavior at runtime. While many promising approaches for the construction of self-adaptive software systems have been developed, the majority of them ignore the uncertainty underlying the adaptation. This has been one of the key inhibitors to widespread adoption of self-adaption techniques in risk-averse real-world applications. Uncertainty in this setting is a vaguely understood term. In this paper, we characterize the sources of uncertainty in self-adaptive software system, and demonstrate its impact on the system’s ability to satisfy its objectives. We then provide an alternative notion of optimality that explicitly incorporates the uncertainty underlying the knowledge (models) used for decision making. We discuss the state-of-the-art for dealing with uncertainty in this setting, and conclude with a set of challenges, which provide a road map for future research.

A Systematic Survey of Self-Protecting Software Systems

Self-protecting software systems are a class of autonomic systems capable of detecting and mitigating security threats at runtime. They are growing in importance, as the stovepipe static methods of securing software systems have been shown to be inadequate for the challenges posed by modern software systems. Self-protection, like other self-* properties, allows the system to adapt to the changing environment through autonomic means without much human intervention, and can thereby be responsive, agile, and cost effective. While existing research has made significant progress towards autonomic and adaptive security, gaps and challenges remain. This article presents a significant extension of our preliminary study in this area. In particular, unlike our preliminary study, here we have followed a systematic literature review process, which has broadened the scope of our study and strengthened the validity of our conclusions. By proposing and applying a comprehensive taxonomy to classify and characterize the state-of-the-art research in this area, we have identified key patterns, trends and challenges in the existing approaches, which reveals a number of opportunities that will shape the focus of future research efforts.

A Modeling Language for Activity-Oriented Composition of Service-Oriented Software Systems

The proliferation of smart spaces and emergence of new standards, such as Web Services, have paved the way for a new breed of software systems. Often the complete functional and QoS requirements of such software systems are not known a priori at design-time, and even if they are, they may change at run-time. Unfortunately, the majority of existing software engineering techniques rely heavily on human reasoning and manual intervention, making them inapplicable for automatic composition of such software systems at run-time. Moreover, these approaches are primarily intended to be used by technically knowledgeable software engineers, as opposed to domain users. In this paper, we present Service Activity Schemas (SAS) , an activity-oriented language for modeling software systems functional and QoS requirements. SAS targets service-oriented software systems, and relies on an ontology to provide domain experts with modeling constructs that are intuitively understood. SAS forms the centerpiece of a framework intended for user-driven composition and adaptation of service-oriented software systems in a pervasive setting. We provide a detailed description of SAS in the context of a case study and formally specify its structural and dynamic properties.

GuideArch: guiding the exploration of architectural solution space under uncertainty

A systems early architectural decisions impact its properties (e.g., scalability, dependability) as well as stakeholder concerns (e.g., cost, time to delivery). Choices made early on are both difficult and costly to change, and thus it is paramount that the engineer gets them “right”. This leads to a paradox, as in early design, the engineer is often forced to make these decisions under uncertainty, i.e., not knowing the precise impact of those decisions on the various concerns. How could the engineer make the “right” choices in such circumstances? This is precisely the question we have tackled in this paper. We present GuideArch, a framework aimed at quantitative exploration of the architectural solution space under uncertainty. It provides techniques founded on fuzzy math that help the engineer with making informed decisions.

Self-Architecting Software SYstems (SASSY) from QoS-annotated activity models

As the complexity associated with software development has increased, software engineers have sought novel ways to represent, reason about, and compose large-scale software systems. However, the majority of these approaches are geared to technically well versed engineers, making them unwieldy for use in a growing class of real-world pervasive computing systems. In this paper, we propose a new approach intended to address the current shortcomings in service-oriented software systems. Given the functional and QoS requirements specified by a domain expert in an activity oriented modeling language, an architecture satisfying the requirements is generated. We describe our approach in the context of a framework, entitled Self-Architecting Software SYstems (SASSY), which shapes our ongoing research and aims to automate the composition, analysis, adaptation, and evolution of service-oriented software systems.

On the role of architectural styles in improving the adaptation support of middleware platforms

Modern middleware platforms provide the applications deployed on top of them with facilities for their adaptation. However, the level of adaptation support provided by the state-of-the-art middleware solutions is often limited to dynamically loading and off-loading of software components. Therefore, it is left to the application developers to handle the details of change such that the systems consistency is not jeopardized. In this paper, we present an approach that addresses the current shortcomings by utilizing the information encoded in a software systems architectural style. This information drives the development of adaptation patterns, which could be employed to enhance the adaptation support in middleware platforms. The patterns specify both the exact sequence of changes and the time at which those changes need to occur.