Recent Publications

Moreno CB, Almeida PS, Menezes R.  2009.  Fast estimation of aggregates in unstructured networks. Fifth International Conference on Autonomic and Autonomous Systems - ICAS. :88–93. Abstractieeefastfinalicas2009.pdf

Aggregation of data values plays an important role on distributed computations, in particular over peer-to-peer and sensor networks, as it can provide a summary of some global system property and direct the actions of self-adaptive distributed algorithms. Examples include using estimates of the network size to dimension distributed hash tables or estimates of the average system load to direct loadbalancing. Distributed aggregation using non-idempotent functions, like sums, is not trivial as it is not easy to prevent a given value from being accounted for multiple times; this is especially the case if no centralized algorithms or global identifiers can be used.This paper introduces Extrema Propagation, a probabilistic technique for distributed estimation of the sum of positive real numbers. The technique relies on the exchange of duplicate insensitive messages and can be applied in flood and/or epidemic settings, where multi-path routing occurs; it is tolerant of message loss; it is fast, as the number of message exchange steps equals the diameter; and it is fully distributed, with no single point of failure and the result produced at every node.

Jesus P, Moreno CB, Almeida PS.  2009.  Fault-Tolerant Aggregation by Flow Updating. Distributed Applications and Interoperable Systems. 5523:73–86. Abstractflow_updating.pdf

Data aggregation plays an important role in the design of scalable systems, allowing the determination of meaningful system-wide properties to direct the execution of distributed applications. In the particular case of wireless sensor networks, data collection is often only practicable if aggregation is performed. Several aggregation algorithms have been proposed in the last few years, exhibiting different properties in terms of accuracy, speed and communication tradeoffs. Nonetheless, existing approaches are found lacking in terms of fault tolerance. In this paper, we introduce a novel fault-tolerant averaging based data aggregation algorithm. It tolerates substantial message loss (link failures), while competing algorithms in the same class can be affected by a single lost message. The algorithm is based on manipulating flows (in the graph theoretical sense), that are updated using idempotent messages, providing it with unique robustness capabilities. Furthermore, evaluation results obtained by comparing it with other averaging approaches have revealed that it outperforms them in terms of time and message complexity.

Moreno CB, Almeida PS, Cardoso J.  2009.  Probabilistic estimation of network size and diameter. Fourth Latin-American Symposium on Dependable Computing - LADC. :33–40. Abstractartigoladcfinal.pdf

Determining the size of a network and its diameter are important functions in distributed systems, as there are a number of algorithms which rely on such parameters, or at least on estimates of those values. The Extrema Propagation technique allows the estimation of the size of a network in a fast, distributed and fault tolerant manner. The technique was previously studied in a simulation setting where rounds advance synchronously and where there is no message loss.This work presents two main contributions. The first, is the study of the Extrema Propagation technique under asynchronous rounds and integrated in the Network Friendly Epidemic Multicast (NeEM) framework. The second, is the evaluation of a diameter estimation technique associated with the Extrema Propagation. This study also presents a small enhancement the Extrema Propagation in terms of communication cost and points out some other possible enhancements. Results show that there is a clear trade-off between time and communication that must be considered when configuring the protocol—a faster convergence time implies a higher communication cost. Results also show that its possible to reduce the total communication cost by more than 18% using a simple approach. The diameter estimation technique is shown to have a relative error of less than10% even when using a small sample of nodes.

Jesus P, Moreno CB, Almeida PS.  2009.  Using Less Links to Improve Fault-Tolerant Aggregation. 4th Latin-American Symposium on Dependable Computing - LADC. Abstractfast_abstract

Data aggregation plays a basal role in the design of scalable distributed applications, allowing the determination of meaningful system-wide properties to direct the execution of the system. For instance, aggregation can be used to estimate: the size of the network to dimension of Distributed Hash Table (DHT) structures, or to set a quorum in dynamic settings; the average system load to guide local loadbalancing decisions; the total network disk space in a P2P sharing system. In the particular case of Wireless Sensor Networks (WSN), due to energy constraints, data collection is often only practicable if aggregation is performed.

Moreno CB, Lopes N.  2009.  Search Optimizations in Structured Peer-to-Peer Systems. 18th International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises - WET ICE. :111–115. Abstract10.1.1.159.8669.pdf

DHT systems are structured overlay networks capable of using P2P resources as a scalable platform for very large data storage applications. However, their efficiency expects a level of uniformity in the association of data to index keys that is often not present in inverted indexes. Index data tends to follow non-uniform distributions, often power law distributions, creating intense local storage hotspots and network bottlenecks on specific hosts. Current techniques like caching cannot, alone, cope with this issue. We propose a distributed data structure based on a decentralized balanced tree to balance storage data and network load more uniformly across hosts. The results show that the data structure is capable of balancing resources, in particular when performing.

Campos JC, Machado J.  2009.  Pattern-based Analysis of Automated Production Systems. 13th IFAC Symposium on Information Control Problems in Manufacturing (INCOM 2009). :972-977. Abstractcamposm2009.pdf

As formal verification tools gain popularity, the problem arises of making them more accessible to engineers. A correct understanding of the logics in which properties are expressed is needed in order to guarantee that properties correctly encode the intent of the verification process. Writing appropriate properties, in a logic suitable for verification, is a skilful process. Errors in this step of the process can create serious problems since a false sense of security if gained with the analysis. However, when compared to the effort put into developing and applying modelling languages, little attention has been devoted to the process of writing properties that accurately capture verification requirements. This paper illustrates how a collection of property patterns, and its tool support, can help in simplifying the process of generating logical formulae from informally expressed requirements.

Campos JC, Mendes S.  2009.  FlexiXML: Um animador de modelos UsiXML. 17º Encontro Português de Computação Gráfica - EPCG. :185-194. Abstractcamposm09.pdf

Uma parte considerável do desenvolvimento de software é dedicada à camada de interacção com o utilizador. Face à complexidade inerente ao desenvolvimento desta camada, é importante possibilitar uma análise tão cedo quanto possível dos conceitos e ideias em desenvolvimento para uma dada interface. O desenvolvimento baseado em modelos fornece uma solução para este problema ao facilitar a prototipagem de interfaces a partir dos modelos desenvolvidos. Este artigo descreve uma abordagem à prototipagem de interfaces e apresenta a primeira versão da ferramenta FlexiXML que realiza a interpretação e animação de interfaces descritas em UsiXML.

Paulo R, Carrapatoso A, Lemos M, Bernardo R, Campos JC.  2009.  Advanced Engineering Tools for Next Generation Substation Automation Systems: The Added Value of IEC 61850 and the InPACT Project. 20th International Conference and Exhibition on Electricity Distribution - CIRED. PEP0550Z:0322/1-4. Abstractpauloclbc09.pdf

Automation systems according to IEC 61850 are a powerful solution for station automation. Engineering of such distributed systems is however a non-trivial task which requires different approaches and enhanced tool support. In this paper the authors (i) present how IEC 61850 is viewed and is being adopted by a utility and vendor, (ii) discuss its engineering potential and current issues, (iii) point-out global requirements for next generation tools, (iv) present the InPACTproject which is tackling some of these concerns and (v) propose key elements of visual languages as one contributing enhancement.

Campos JC, Harrison M.  2009.  Interaction engineering using the IVY tool. ACM Symposium on Engineering Interactive Computing Systems - EICS. :35-44. Abstracteics141-campos.pdf

This paper is concerned with support for the process of usability engineering. The aim is to use formal techniques to provide a systematic approach that is more traceable, and because it is systematic, repeatable. As a result of this systematic process some of the more subjective aspects of the analysis can be removed. The technique explores exhaustively those features of a specific design that fail to satisfy a set of properties. It also analyzes those aspects of the design where it is possible to quantify the cost of use. The method is illustrated using the example of a medical device. While many aspects of the approach and its tool support have already been discussed elsewhere, this paper builds on and contrasts an analysis of the same device provided by a third party and in so doing enhances the IVY tool.

Silva JL, Campos JC, Harrison M.  2009.  An infrastructure for experience centered agile prototyping of ambient intelligence. ACM Symposium on Engineering Interactive Computing Systems (EICS 2009). :79-84. Abstracteics131-silva.pdf

Ubiquitous computing poses new usability challenges that cut across design and development. We are particularly interested in "spaces" enhanced with sensors, public displays and personal devices. How can prototypes be used to explore the user's mobility and interaction, both explicitly and implicitly, to access services within these environments? Because of the potential cost of development and design failure, the characteristics of such systems must be explored using early versions of the system that could disrupt if used in the target environment. Being able to evaluate these systems early in the process is crucial to their successful development. This paper reports on an effort to develop a framework for the rapid prototyping and analysis of ambient intelligence systems.

Silva JC, Saraiva JA, Campos JC.  2009.  A Generic Library for GUI Reasoning and Testing. SAC - Proceedings of the ACM Symposium on Applied Computing. :121-128. Abstract2009-sachci-final.pdf

Graphical user interfaces (GUIs) make software easy to use by providing the user with visual controls. Therefore, correctness of GUI's code is essential to the correct execution of the overall software. Models can help in the evaluation of interactive applications by allowing designers to concentrate on its more important aspects. This paper presents a generic model for language-independent reverse engineering of graphical user interface based applications, and we explore the integration of model-based testing techniques in our approach, thus allowing us to perform fault detection. A prototype tool has been constructed, which is already capable of deriving and testing a user interface behavioral model of applications written in Java/Swing.

Almeida JB, Barbosa MB, Pinto JS, Vieira B.  2009.  Verifying Cryptographic Software Correctness with Respect to Reference Implementations. Formal Methods for Industrial Critical Systems - FMICS. 5825:37-52. Abstract09fmics.pdf

This paper presents techniques developed to check program equivalences in the context of cryptographic software development, where specifications are typically reference implementations. The techniques allow for the integration of interactive proof techniques (required given the difficulty and generality of the results sought) in a verification infrastructure that is capable of discharging many verification conditions automatically. To this end, the difficult results in the verification process (to be proved interactively) are isolated as a set of lemmas. The fundamental notion of natural invariant is used to link the specification level and the interactive proof construction process.

Barbosa MB, Farshim P.  2009.  Security Analysis of Standard Authentication and Key Agreement Protocols Utilising Timestamps. 2nd International Conference on Cryptology in Africa - AFRICACRYPT. 5580:235-253. Abstractts_cr.pdf

We propose a generic modelling technique that can be used to extend existing frameworks for theoretical security analysis in order to capture the use of timestamps. We apply this technique to two of the most popular models adopted in literature (Bellare-Rogaway and Canetti-Krawczyk). We analyse previous results obtained using these models in light of the proposed extensions, and demonstrate their application to a new class of protocols. In the timed CK model we concentrate on modular design and analysis of protocols, and propose a more efficient timed authenticator relying on timestamps. The structure of this new authenticator implies that an authentication mechanism standardised in ISO-9798 is secure. Finally, we use our timed extension to the BR model to establish the security of an efficient ISO protocol for key transport and unilateral entity authentication.

Leitão J, Marques J, Pereira JO, Rodrigues L.  2009.  X-BOT: A Protocol for Resilient Optimization of Unstructured Overlays. IEEE International Symposium On Reliable Distributed Systems - SRDS. Abstractsrds09-leitao.pdf

Gossip, or epidemic, protocols have emerged as a highly scalable and resilient approach to implement several application level services such as reliable multicast, data aggregation, publish-subscribe, among others. All these protocols organize nodes in an unstructured random overlay network. In many cases, it is interesting to bias the random overlay in order to optimize some efficiency criteria, for instance, to reduce the stretch of the overlay routing. In this paper we propose X-BOT, a new protocol that allows to bias the topology of an unstructured gossip overlay network. X-BOT is completely decentralized and, unlike previous approaches, preserves several key properties of the original (non-biased) overlay (most notably, the node degree and consequently, the overlay connectivity). Experimental results show that X-BOT can generate more efficient overlays than previous approaches.

Soares L, Pereira JO.  2009.  Do-It-Yourself Shared-Storage Cluster with an Off-the-Shelf {DBMS}. 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Abstractsp09a.pdf

Database server clustering, used ubiquitously for dependability and scalability, is commonly based on one of two competing approaches. The first, a shared storage cluster such as Oracle RAC, is based on distributed locking and a distributed cache invalidation protocol [3]. Its main advantage is flexibility, as one uses as many nodes as required for processing the workload and to ensure the desired availability, while the storage is configured solely according to the desired storage bandwidth and disk resilience. Unfortunately, it can be implemented only with a deep refactoring of server software; the reliance on distributed locking limits scalability; and by directly sharing a physical copy of data it becomes harder to ensure data integrity. These reasons make it costly to develop and deploy, as attested by most of the mainstream database servers not providing this option. The second, a shared nothing cluster such as C-JDBC, can be implemented strictly at the middleware level by intercepting client requests and propagating updates to all replicas [1]. The resulting performance and scalability is good, especially, with currently common mostly read-only workloads. Moreover, as each replica is physically independent, this strategy can easily cope with a wider range of faults [2]. The main problem is that in a shared-nothing cluster a separate physical copy of data is required for each node. Therefore, even if a only few copies are required for dependability, a large cluster with hundreds of nodes must be configured also with sufficient storage capacity for hundreds of copies of data. The naive combination of both approaches by simply sharing the data volume would obviously not work, as asynchronous propagation of updates and nondeterministic physical data layout would lead to data.