Abstract

Today, many software systems are critical. Due to their tight integration into business and/or technical processes, any derivation from the specified service may have severe consequence. Often it does not even matter whether a fault within the complex software, unexpected hardware failures, not covered environmental conditions or an attack from outside are the source of the derivation. Therefore, identification and impact analysis for known threats are an important part of developing and evaluating the architecture for such critical systems. It should ensure that besides the pure functionality also a proper behavior concerning the relevant dependability and security attributes is achieved.

Predictability has therefore become a must in many related fields (in particular safety-critical systems) in order to be able to ensure that all known threats are properly addressed. However, many incident and accident reports witness that usually the set of identified threats as well as our understanding of the technical or organizational processes is incomplete. Therefore, we today have the situation that advanced approaches such as self-healing try on the one hand to also capture unanticipated threats rather than only anticipated ones due to their self-adaptive nature, but on the other hand result in systems which are hardly predictable in the classical sense due to their self-adaptive nature.

In this talk we will address the contradiction between predictability and coverage of anticipated threats and will discuss the potential and limitations of self-adaptive systems for architecting critical systems looking in particular into the roles of runtime models in self-adaptive systems.