Advances in communications and networking technology have made it possible to devise 'ambient' systems in which mobile devices and software agents form ad hoc groups, trading data and services. However, the technology needed to engender trust in such complex systems, and their resilience to faults and attacks, is only in its infancy.
The TrAmS platform grant sustained a research group that created new projects on technical foundations, methods and tools to model, design and analyse Trustworthy Ambient Systems. TrAmS-2 is, however, shaped by new factors. First, power provision/consumption of devices, rather than cost, is becoming a limiting factor in the deployment of ambient systems. Second, novel paradigms such as cloud computing offer a new dimension of ambience in that data and programs can be migrated without physical movement of agents. Ambient systems can therefore mix mobile devices with mobile software and services, using resources on demand. This increases the significance of threats such as power loss/limitation, and lack of trust in an on-demand computing infrastructure. These factors mean that traditional assumptions underpinning the engineering of fault-tolerant, dependable systems will be challenged.
TrAmS enabled lines of enquiry on formal engineering methods, proof support, embedded systems design, dynamic coalitions and contract-based "systems of systems" architectures. These led to 9 EPSRC, EU, industry and other projects with applications in automotive, rail, space, business and other sectors. Concrete outputs included tools and patterns for fault tolerance modelling, advances in proof technology, simulation and evidence to support deployment of formal engineering methods.
In TrAmS-2, the group will focus on the most challenging aspects of resource-limited future ambient systems. This requires skills in other areas besides fault tolerance, so we have augmented the TrAmS team with researchers in systems and microelectronics to create a group with an international profile in dependability, data management and asynchronous systems. TrAmS-2 will provide continuity of research staff, encouraging new, risky, research in areas created by this new mix of expertise.
The design and management of trustworthy ambient systems is necessarily a cooperative, large-scale, and potentially error-prone undertaking, partly because they cannot be designed as a coherent whole. Mobility (physical and virtual) makes them open to malicious and accidental failures that are difficult to predict in design. Decentralisation makes controlled recovery and evolution difficult. Lack of power can crash components, but fault tolerance costs extra power. Complex ambient systems yield verification problems beyond state-of -the-art tools. TrAmS-2 addresses these challenges in four domains:
Foundations: work towards calculi that are rich enough to describe the architectures, functionality and stochastic properties of ambient systems composed of diverse services with multiple users and owners.
Tools: exploring the development of cooperative, cloud-enabled design environments that ease access to analytic services to allow the full range of interactive verification techniques to be applied on demand to ambient system designs.
Tractable Design: work towards making design of trustworthy ambient systems designs more tractable by adding facilities to manage the added complexity of error detection and recovery without losing the underlying system structure.
Energy-Aware Ambient Systems: exploring the interplay between energy-awareness and resilience, and the provision of predictable tolerance of energy-induced threats.
Finally, TrAmS-2 will allow the group to continue taking a strategic view of its research and will help develop the careers of its members by building a group of mentors for the team members at all levels, establishing new links and exchanges, leading to further projects.
|