|
Home
Summary
Introduction
DeSIRE
& DeFINE
DeSIRE
DeFINE
Initial
Steps
Events
Related
Projects
Links
Literature
|
DeFINE
(Dependability
Foundations for Information infrastructures
- Network of Excellence)
18 November
2002
Here we
provide a first expansion of what was said about the
proposed DeFINE NoE in the document “Dependability in
Framework Programme 6”, of 4 November 2002. As that
document explained, the DeFINE Network of Excellence (NoE)
will have a broad ranging program of long term research, and
of development of educational and training materials, aimed
at providing long-term foundations for future European
industrial activity.
DeFINE
will:
(i) contribute to the development of a coherent
set of theories and rigorous methods that will serve as
foundations for the establishment and exploitation of
truly dependable global information infrastructures, and
of appropriate educational material,
(ii)
work on a broad range of dependability attributes, in
co-operation wherever possible with NoEs that are
concentrating on particular attributes (e.g., security
and safety), and others working on such topics as
software engineering, distributed and embedded systems,
etc.,
(iii)
investigate a broad range of dependability technologies,
addressing a full range of technical and human-machine
interaction fault types, both accidental and
malicious.
This will
involve fundamental research of both a technical and
socio-technical nature, with inter-disciplinary links to
several other fields, such as risk assessment, immunology,
psychology, ergonomics, sociology, economics, forensics,
complex system theory, cognitive sciences, etc.
In
conformance with the very essence of NoEs, DeFINE will be
aimed at integrating research capacities in dependability.
The integration process that has already begun within a core
partnership over a series of FP4 and FP5 projects has to be
extended in order:
(i) to increase the resources devoted to solving
what has become evident as a ‘dependability gap’
between (legitimate) expectations and reality,
(ii)
that European research in dependability strengthens its
already prominent position in the world research in the
domain.
The
fulfillment of these aims will provide far-reaching bases
for DeSIRE, an IP that is being defined jointly with
DeFINE.
An FP6 NoE
has to define a Joint Program of Activities (JPA) as a
collective vehicle for achieving the objectives of the NoE.
According to the published working documents , the JPA has
several components: (i) a set of integrating activities,
(ii) a program of jointly executed research integrated by
its participants to support the network goals, and (iii) a
set of activities to spread the excellence. Integrating
activities will comprise in particular: (i) adaptation of
the participants' research activities in order to strengthen
their complementarity and (ii) development and utilisation
of electronic information and communication means, and
development of virtual and interactive working methods. The
integration of these various activities will be best
achieved via the sharing of research tools, platforms and
infrastructures, and also the exchange of personnel.
The jointly
executed research programme largely conditions the
integration and spreading of excellence activities. As a
consequence, this document is mainly dedicated to the
jointly executed research (JER). Its aim is to present, at a
very high level, a tentative definition of DeFINE. The
integrating and spread of excellence activities will be
addressed progressively together with the refinement of the
JER programme.
This
initial attempt at defining the components of the research
programme is based on: (i) our vision of technical
challenges our society is or will be faced with in the next
five to ten years and (ii) a careful examination of the
Expressions of Interest (EoIs) received from the technical
and scientific community in response to the invitation for
submission sent beginning of October. Needless to say, our
aim has also been to ensure that they are in total harmony
with the FP6, IST 2003-2004 Work-programme.
Rationale
There is no
need to stress that information infrastructures are becoming
central to all of our every day activities. Moreover, it is
widely recognized that their role will keep increasing.
Information infrastructures make use of communication media,
and mobile and wireless systems are becoming pervasive. The
increasing number of interconnected systems greatly
increases the human involvement required for system
maintenance and reconfiguration; such concerns lead to the
notion of proactive systems (also referred to as autonomic
or adaptable systems), in which even complex tuning and
maintenance procedures are automated so as to reduce human
intervention and to increase overall dependability.
Information infrastructures rely on embedded systems such as
those used in satellites or mobile systems providing
communication support. Information infrastructures are
usually interconnected with critical infrastructures such as
those providing power, transportation, and vital human
services. Finally, such systems are administrated, operated
and used by individuals whose interaction with them might
introduce additional sources of failure besides benefiting
from human skills.
Hence, the
dependability of information infrastructures (i) is affected
by the dependability of mobile, proactive and embedded
systems, and (ii) affects the dependability of other
critical infrastructures.
The above
paragraphs have helped introducing the first class of the
JER components, the central topics: a) open information
infrastructures, b) mobile computing and wireless
communications, c) proactive computing, d) embedded systems,
and e) critical infrastructure interdependencies.
In turns,
progress on these topics has to rely on progress in
dependability technologies, namely a) rigorous design, aimed
at fault prevention, b) verification and validation, that
enable fault removal, c) fault tolerance, and d) system
evaluation in order to perform fault forecasting. The
dependability technologies constitute the second class of
the JER components.
Furthermore,
dependability technologies and central topics will be
sustained by research activities on global issues related to
basic dependability concepts, dependability policy and
cognitive ergonomics. The extremely fruitful existing
framework for basic concepts has to be updated, and the
relationship between dependability and security deserves to
be elaborated. Dependability research needs to relate not
just to commercial and societal needs and to technology
developments, but also to the world of government and
multi-national industry policy-making. Finally, the role of
humans in the exploitation of computing systems is all too
often reduced to its negative side, i.e., as fault
generators. Integrating the positive contribution of human
operators is needed; furthermore, a cognitive ergonomics
approach to the design process is needed. Hence the
pervasive role we view for this domain in the activities of
the NoE, and thus its positioning as a global issue.
As a
consequence of the above, the content of the planned
research activities can be presented according to three
complementary viewpoints: (i) the dependability
technologies, (ii) the central topics and (iii) the global
issues.
The
following figure summarizes this view of the currently
identified activities for the network.
All types
of faults will be taken into consideration: hardware and
software faults, human-machine interaction faults including
intrusions and malicious acts by corrupt insiders.
Components
of the DeFINE programme of jointly executed
research
The Pisa
workshop will be the starting event for defining the
programme of the JER. We however give some further
indications on the dependability technologies and the
central topics, as an elaboration on the rationale presented
beforehand.
Dependability
technologies
These
technologies are grouped in four classes:
- Rigorous design, including all development activities
aiming at preventing the occurrence or the introduction
of faults (i.e., developing systems in such a way as to
avoid design and implementation faults, and to prevent
faults from occurring during operation). Rigorous design
technologies comprise for example formal specification
and security policies.
- Verification & validation, including static
analyses, model-checking and testing.
- Fault tolerance, to ensure that a system provides a
service fulfilling the system function despite all
classes of faults, with emphasis on malicious
faults.
- System evaluation, that includes evaluation of system
performance and dependability measures based on modelling
and simulation, controlled experiments, and field
measurements.
Central
topics
The
development of the various dependability technologies will
target the following central topics:
- Open information infrastructures: the main issues
relate to security and high availability of large-scale
distributed infrastructures that should be able to cope
with both malicious and accidental faults, and that are
increasingly based on de-facto global industry standards.
With this respect, the impact of open-source software
components needs to be elaborated (both as solutions and
problems).
- Mobile computing and wireless communications: it is
expected that an increasing number of systems will
include portable devices and wireless communications. New
sources of failures such as temporary failure of radio
links and interference should be taken into account in
addition to the more “classical” accidental
and malicious faults. Mobile systems interact with fixed
infrastructures. The challenge is to improve the
performance, dependability, and adaptive capabilities of
the overall information infrastructure including wireless
communications and mobile systems.
- Proactive computing: the challenge is to build
proactive systems that regulate themselves and reduce the
involvement of humans, whether these be administrators,
operators or end-users. Humans can thus concentrate on
the main tasks instead of dedicating unnecessary effort
to tasks that can be performed by the computers.
- Embedded systems: embedded systems are interconnected
to cooperate for distributed task accomplishment. In
information infrastructures, it is essential to integrate
additional embedded systems (i.e., expand the
infrastructures), improve and upgrade existing embedded
systems without decreasing the overall dependability. The
challenge is not only to ensure that the embedded system
functions correctly but also to ensure that it operates
correctly in interaction with the whole, evolving,
information infrastructure.
- Critical infrastructure interdependencies: the
information technology revolution has led to
substantially interconnected and interdependent
infrastructures, leaving reduced margins for tolerable
error in these infrastructures. The challenge is to
assess the survivability of critical infrastructures
under all conditions (change of environment, failures of
components, malicious attacks). This can be achieved
through measurements and experimentation as well as via
modelling and simulation approaches at various levels:
strategic business level, organisational level, cyber
level, physical level, etc.
The
Structure of DeFINE
The
progressive definition of the JPA will address its various
components as well as their interactions, that should guide
the identification of the structure of DeFINE.
The aim of
the joint research activities of DeFINE is to contribute to
the development of a coherent set of theories and rigorous
methods that will serve as foundations for the establishment
and exploitation of truly dependable global information
infrastructures. Hence, it is likely that the dependability
technologies will play a central role in the structure of
the NoE, and are equally likely to provide synchronization
with DeSIRE.
Conclusion
This
document has been prepared as an additional input to the
discussions to be held at the upcoming DeSIRE/DeFINE
Workshop (Pisa, 25-27 November). We must re-iterate that the
above discussion is aimed merely at conveying in somewhat
more detail than hitherto the general aims and intended
style of the proposed DeFINE NoE, not at pre-empting
decisions regarding its final definition, detailed
preparation of which will start after the Workshop.
Karama Kanoun
Jean-Claude Laprie
|
