The MoReTrust project aims at developing efficient methods and tools to support the design
and runtime adaptation of modern software systems to be resilient against potential security
threats. The ubiquity of smart software systems poses increasing demands for their trustworthiness. Unfortunately, due to their increasing complexity, fed also by networking capabilities, protecting smart
software systems from security threats is becoming extremely challenging, especially when only relying on proactive mechanisms designed to handle threats and vulnerabilities known at design time.
With the widespread and pervasive use of smart software systems in our daily lives, malfunctions
pose a significant threat to our safety and security. Beyond physical harm, they can lead to economic,
ecological, and emotional risks. The IEC standard 61508 on functional safety defines safety as “freedom from unacceptable risks”. Consequently, minimizing these risks has become a prominent area of research in software engineering.
Securing a system requires more than just addressing existing attacks; it also needs to consider the
system’s functionalities. As systems become increasingly interconnected, security plays a fundamental
role in the functional safety of complex systems. Manipulating an internal message within the system
through an exploit or causing a component to fail can push the system into a critical state. This scenario remains a possibility if these aforementioned cases are not accounted for from the very beginning of the development process.
The design of runtime adaptation strategies for computing systems is addressed in the literature
as self-awareness and self-adaptation, i.e., the ability of a computing system to reflect on its
own behavior or architecture and to dynamically adapt to changes. Self-Adaptive Systems (SASs)
have the potential to provide effective protection mechanisms, especially considering self-healing and
self-protection features, against uncertain and unforeseeable events such as security threats [1]. However, the design of SASs at the architectural level is an open research challenge and involves (at least) the following concerns: how to identify emergent security threats, how to reconfigure the system and deploy new security mechanisms, and how to execute the adaptation gracefully.
In MoReTrust, we explore exposing digital twins as system doubles providing the required features
through virtualization, and creating an intrinsic protection layer against security breaches. To accomplish this vision, we combine model-driven engineering (MDE), control theory, and digital twins to provide a holistic framework for trustworthy smart software systems. The MoReTrust framework enables the elicitation of uncertainty/threats, the design of self-* mechanisms (e.g., adaptation, healing, protection, reconfiguration), and the enactment of the two, i.e. the runtime detection of uncertainty/threats and the activation of corresponding reactions. In this respect, MDE provides the necessary instruments to represent the architecture of the system and its deployment, the uncertainties/threats, and the traceability links with self-* mechanisms; control theory provides the tools for designing robust adaptive physical systems with formally assured behavior by adopting enhanced “Monitor-Analyze-Plan-Execute over a shared Knowledge” (MAPE-K) loops; digital twins support the delivery of virtualized services as well as the advanced monitoring of actual systems at runtime.
First Name | Last Name | Title |
---|---|---|
Alessandro | Papadopoulos | Professor |
Antonio | Cicchetti | Associate Professor |
Federico | Ciccozzi | Associate Professor,Docent,Head of Research Education |
Digital Twins of Socio-Technical Ecosystems to Drive Societal Change (Sep 2024) Federico Bonetti , Antonio Bucchiarone , Judith Michael , Antonio Cicchetti, Annapaola Marconi , Bernhard Rumpe Systems Analysis and Modelling (SAM2024)