From the Foreword "Getting CPS dependability right is essential to forming a solid foundation for a world that increasingly depends on such systems. This book represents the cutting edge of what we know about rigorous ways to ensure that our CPS designs are trustworthy. I recommend it to anyone who wants to get a deep look at these concepts that will form a cornerstone for future CPS designs." --Phil Koopman, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA Trustworthy Cyber-Physical Systems Engineering provides practitioners and researchers with a comprehensive introduction to the area of trustworthy Cyber Physical Systems (CPS) engineering. Topics in this book cover questions such as What does having a trustworthy CPS actually mean for something as pervasive as a global-scale CPS? How does CPS trustworthiness map onto existing knowledge, and where do we need to know more? How can we mathematically prove timeliness, correctness, and other essential properties for systems that may be adaptive and even self-healing? How can we better represent the physical reality underlying real-world numeric quantities in the computing system? How can we establish, reason about, and ensure trust between CPS components that are designed, installed, maintained, and operated by different organizations, and which may never have really been intended to work together? Featuring contributions from leading international experts, the book contains sixteen self-contained chapters that analyze the challenges in developing trustworthy CPS, and identify important issues in developing engineering methods for CPS. The book addresses various issues contributing to trustworthiness complemented by contributions on TCSP roadmapping, taxonomy, and standardization, as well as experience in deploying advanced system engineering methods in industry. Specific approaches to ensuring trustworthiness, namely, proof and refinement, are covered, as well as engineering methods for dealing with hybrid aspects.

A formal method is not the main engine of a development process, its contribution is to improve system dependability by motivating formalisation where useful. This book summarizes the results of the DEPLOY research project on engineering methods for dependable systems through the industrial deployment of formal methods in software development. The applications considered were in automotive, aerospace, railway, and enterprise information systems, and microprocessor design. The project introduced a formal method, Event-B, into several industrial organisations and built on the lessons learned to provide an ecosystem of better tools, documentation and support to help others to select and introduce rigorous systems engineering methods. The contributing authors report on these projects and the lessons learned. For the academic and research partners and the tool vendors, the project identified improvements required in the methods and supporting tools, while the industrial partners learned about the value of formal methods in general. A particular feature of the book is the frank assessment of the managerial and organisational challenges, the weaknesses in some current methods and supporting tools, and the ways in which they can be successfully overcome. The book will be of value to academic researchers, systems and software engineers developing critical systems, industrial managers, policymakers, and regulators.

A formal method is not the main engine of a development process, its contribution is to improve system dependability by motivating formalisation where useful. This book summarizes the results of the DEPLOY research project on engineering methods for dependable systems through the industrial deployment of formal methods in software development. The applications considered were in automotive, aerospace, railway, and enterprise information systems, and microprocessor design. The project introduced a formal method, Event-B, into several industrial organisations and built on the lessons learned to provide an ecosystem of better tools, documentation and support to help others to select and introduce rigorous systems engineering methods. The contributing authors report on these projects and the lessons learned. For the academic and research partners and the tool vendors, the project identified improvements required in the methods and supporting tools, while the industrial partners learned about the value of formal methods in general. A particular feature of the book is the frank assessment of the managerial and organisational challenges, the weaknesses in some current methods and supporting tools, and the ways in which they can be successfully overcome. The book will be of value to academic researchers, systems and software engineers developing critical systems, industrial managers, policymakers, and regulators.

Concurrency in Dependable Computing focuses on concurrency related issues in the area of dependable computing. Failures of system components, be hardware units or software modules, can be viewed as undesirable events occurring concurrently with a set of normal system events. Achieving dependability therefore is closely related to, and also benefits from, concurrency theory and formalisms. This beneficial relationship appears to manifest into three strands of work. Application level structuring of concurrent activities. Concepts such as atomic actions, conversations, exception handling, view synchrony, etc., are useful in structuring concurrent activities so as to facilitate attempts at coping with the effects of component failures. Replication induced concurrency management. Replication is a widely used technique for achieving reliability. Replica management essentially involves ensuring that replicas perceive concurrent events identically. Application of concurrency formalisms for dependability assurance. Fault-tolerant algorithms are harder to verify than their fault-free counterparts due to the fact that the impact of component faults at each state need to be considered in addition to valid state transitions. CSP, Petri nets, CCS are useful tools to specify and verify fault-tolerant designs and protocols. Concurrency in Dependable Computing explores many significant issues in all three strands. To this end, it is composed as a collection of papers written by authors well-known in their respective areas of research. To ensure quality, the papers are reviewed by a panel of at least three experts in the relevant area.

The growing complexity of modern software systems increases the di?culty of ensuring the overall dependability of software-intensive systems. Complexity of environments, in which systems operate, high dependability requirements that systems have to meet, as well as the complexity of infrastructures on which they rely make system design a true engineering challenge. Mastering system complexity requires design techniques that support clear thinking and rigorous validation and veri?cation. Formal design methods help to achieve this. Coping with complexity also requires architectures that are t- erant of faults and of unpredictable changes in environment. This issue can be addressed by fault-tolerant design techniques. Therefore, there is a clear need of methods enabling rigorous modelling and development of complex fault-tolerant systems. This bookaddressessuchacuteissues indevelopingfault-tolerantsystemsas: - Veri?cation and re?nement of fault-tolerant systems - Integrated approaches to developing fault-tolerant systems - Formal foundations for error detection, error recovery, exception and fault handling - Abstractions, styles and patterns for rigorousdevelopment of fault tolerance - Fault-tolerant software architectures - Development and application of tools supporting rigorous design of depe- able systems - Integrated platforms for developing dependable systems - Rigorous approaches to speci?cation and design of fault tolerance in novel computing systems TheeditorsofthisbookwereinvolvedintheEU(FP-6)projectRODIN(R- orous Open Development Environment for Complex Systems), which brought together researchers from the fault tolerance and formal methods communi- 1 ties. In 2007 RODIN organized the MeMoT workshop held in conjunction with the Integrated Formal Methods 2007 Conference at Oxford University.

As software systems become ubiquitous, the issues of dependability become more and more crucial. Given that solutions to these issues must be considered from the very beginning of the design process, it is reasonable that dependability is addressed at the architectural level. This book was born of an effort to bring together the research communities of software architectures and dependability.

This state-of-the-art survey contains 18 expanded and peer-reviewed papers based on the carefully selected contributions to the Workshop on Architecting Dependable Systems (WADS 2006), organized at the 2006 International Conference on Dependable Systems and Networks (DSN 2006), held in Philadelphia, PA, USA, in June 2006. It also contains a number of invited papers written by recognized experts in the area. The papers are organized in topical sections on architectural description languages, architectural components and patterns, architecting distributed systems, and architectural assurances for dependability.

The papers selected for this volume present advances in software engineering approaches to develop dependable high-quality multi-agent systems. These papers describe experiences and techniques associated with large multi-agent systems in a wide variety of problem domains. They cover fault tolerance, exception handling and diagnosis, security and trust, verification and validation, as well as early development phases and software reuse.

Modern software systems are becoming more complex in many ways and are having to cope with a growing number of abnormal situations which, in turn, are increasingly complex to handle. Exception handling is an essential part of software and system architectures and a crucial element in the tool-set that enables the building of resilient, robust and safe software systems. Two ECOOP workshops on exception handling were held in 2003 and 2005. This book is primarily an outcome of these two events - several workshop participants as well as a number of other leading researchers in the field were invited to contribute a chapter each.

This book is composed of five parts; the first four deal with topics related to exception handling in the context of programming languages, concurrency and operating systems, pervasive computing systems, and requirements and specifications. The last part focuses on case studies, experimentation and qualitative comparisons. The 16 coherently written chapters by leading researchers competently address a wide range of issues in exception handling.

This book presents a coherent, well-balanced survey of recent advances in software engineering approaches to the design and analysis of realistic large-scale multi-agent systems (MAS). The chapters included are devoted to various techniques and methods used to cope with the complexity of real-world MAS. Reflecting the importance of agent properties in today's software systems, the power of agent-based software engineering is illustrated using examples that are representative of successful applications.

As software systems become ubiquitous, the issues of dependability become more and more crucial. Given that solutions to these issues must be considered from the very beginning of the design process, it is reasonable that dependability is addressed at the architectural level. This book comes as a result of an effort to bring together the research communities of software architectures and dependability.

This state-of-the-art survey contains 16 carefully selected papers originating from the Twin Workshops on Architecting Dependable Systems (WADS 2004) accomplished as part of the International Conference on Software Engineering (ICSE 2004) in Edinburgh, UK and of the International Conference on Dependable Systems and Networks (DSN 2004) in Florence, Italy. The papers are organised in topical sections on architectures for dependable services, monitoring and reconfiguration in software architectures, dependability support for software architectures, architectural evaluation, and architectural abstractions for dependability.

This book presents a coherent and well-balanced survey of recent advances in software engineering approaches to the design and analysis of realistic large-scale multi-agent systems (MAS). The chapters included are devoted to various techniques and methods used to cope with the complexity of real-world MAS. The power of agent-based software engineering is illustrated using examples that are representative of successful applications.

The 16 thoroughly reviewed and revised full papers are organized in topical sections on agent methodologies and processes, requirements engineering and software architectures, modeling languages, and dependability and coordination. Most of the papers were initially presented at the 3rd International Workshop on Software Engineering for Large-Scale Multi-agent Systems, SELMAS 2004, held in Edinburgh, UK in May 2004 in association with ICSE 2004. Other papers were invited to complete coverage of all relevant aspects.

FIDJI 2004 was an international forum for researchers and practitioners int- estedinthe advancesin,andapplicationsof,softwareengineeringfordistributed application development. Concerning the technologies, the workshop focused on "Java-related" technologies. It was an opportunity to present and observe the latest research, results, and ideas in these areas. Allpaperssubmittedtothisworkshopwerereviewedbyatleasttwomembers of the International Program Committee. Acceptance was based primarily on originality and contribution. We selected, for these post-workshop proceedings, 11 papers amongst 22 submitted, a tutorial and two keynotes. FIDJI2004aimedatpromotingascienti?capproachtosoftwareengineering. The scope of the workshop included the following topics: - design of distributed applications - development methodologies for software and system engineering - UML-based development methodologies - development of reliable and secure distributed systems - component-based development methodologies - dependability support during system life cycle - fault tolerance re?nement, evolution and decomposition - atomicity and exception handling in system development - software architectures, frameworks and design patterns for developing d- tributed systems - integration of formal techniques in the development process - formal analysis and grounding of modelling notation and techniques (e. g. , UML, metamodelling) - supporting the security and dependability requirements of distributed app- cations in the development process - distributed software inspection - refactoring methods - industrial and academic case studies - development and analysis tools The organization of such a workshop represents an important amount of work.

As software systems become ubiquitous, the issues of dependability become more and more critical. Given that solutions to these issues must be taken into account from the very beginning of the design process, it is appropriate that dependability is addressed at the architectural level.

This book results from an effort to bring together the research communities of software architectures and dependability. Inspired by the ICSE 2003 Workshop on Software Architectures for Dependable Systems, the book focuses on topics relevant to improving the state of the art in architecting dependable systems. The 15 thoroughly reviewed papers originate partly from the workshop; others were solicited in order to achieve complete coverage of all relevant aspects. The papers are organized into topical sections on architectures for dependability, fault-tolerance in software architectures, dependability analysis in software architectures, and industrial experience.

Advances in networking technology have revitalized the investigation of agent technologyasapromisingparadigmforengineeringcomplexdistributedsoftware systems. Agent technology has been applied to a wide range of application - mains, including e-commerce, human-computer interfaces, telecommunications, and software assistants. Multi-agent systems (MASs) and their underlying t- ories provide a more natural support for ensuring important properties such as autonomy, mobility, environment heterogeneity, organization, openness, and intelligence. As a consequence, agent-based systems are likely to provide new - proaches to dealing with the complexity of developing and maintaining modern software. However, developing robust large-scale agent-based systems will - quire new software engineering approaches. There are currently many methods and techniques for working with individual agents or with systems built using only a few agents. Unfortunately, agent-based software engineering is still in its infancy and existing software engineering approaches are unable to cope with large MASs. The complexity associated with a large MAS is considerable. When a huge number of agents interact over heterogeneous environments, various phenomena occur which are not as easy to capture as when only a few agents are working together. As the multiple software agents are highly collaborative and operate in networked environments, they have to be context-aware and deal with - vironment uncertainty. This makes their coordination and management more di?cult and increases the likelihood of exceptional situations, such as security holes, privacy violations, and unexpected global e?ects. Moreover, as users and softwareengineersdelegatemoreautonomytotheirMASs, andputmoretrustin their results, new concerns arise in real-life applications

As software systems become more and more ubiquitous, the issues of dependability become more and more critical. Given that solutions to these issues must be planned at the beginning of the design process, it is appropriate that these issues be addressed at the architectural level. This book is inspired by the ICSE 2002 Workshop on Architecting Dependable Systems; it is devoted to current topics relevant for improving the state of the art for architecting dependability. Some of the 13 peer-reviewed papers presented were initially presented at the workshop, others were invited in order to achieve competent and complete coverage of all relevant aspects. The papers are organized in topical sections on - architectures for dependability - fault tolerance in software architectures - dependability analysis in software architectures - industrial experience.

Concurrency in Dependable Computing focuses on concurrency related issues in the area of dependable computing. Failures of system components, be hardware units or software modules, can be viewed as undesirable events occurring concurrently with a set of normal system events. Achieving dependability therefore is closely related to, and also benefits from, concurrency theory and formalisms. This beneficial relationship appears to manifest into three strands of work. Application level structuring of concurrent activities. Concepts such as atomic actions, conversations, exception handling, view synchrony, etc., are useful in structuring concurrent activities so as to facilitate attempts at coping with the effects of component failures. Replication induced concurrency management. Replication is a widely used technique for achieving reliability. Replica management essentially involves ensuring that replicas perceive concurrent events identically. Application of concurrency formalisms for dependability assurance. Fault-tolerant algorithms are harder to verify than their fault-free counterparts due to the fact that the impact of component faults at each state need to be considered in addition to valid state transitions. CSP, Petri nets, CCS are useful tools to specify and verify fault-tolerant designs and protocols. Concurrency in Dependable Computing explores many significant issues in all three strands. To this end, it is composed as a collection of papers written by authors well-known in their respective areas of research. To ensure quality, the papers are reviewed by a panel of at least three experts in the relevant area.

Modern software systems are becoming more complex in many ways and have to cope with a growing number of abnormal situations which, in turn, are increasingly complex to handle. The most general way of dealing with these problems is by incorporating exception handling techniques in software design. In the past, various exception handling models and techniques have been proposed and many of them are part of practical languages and software composition technologies.
This book is composed of five parts, which deal with topics related to exception handling in the context of programming language models, design methodologies, concurrent and distributed systems, applications and experiences, and large-scale systems such as database and workflow process mangagement systems. The 17 coherently written chapters by leading researchers competently address a wide range of issues in exception handling.

This book constitutes the proceedings of the 38th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2019, held in Turku, Finland, in September 2019. The 16 full and 5 short papers included in this volume were carefully reviewed and selected from 65 submissions. They were organized in topical sections named: formal verification; autonomous driving; safety and reliability modeling; security engineering and risk assessment; safety argumentation; verification and validation of autonomous systems; and interactive systems and design validation.

This book constitutes the refereed proceedings of the Third International Conference on Reliability, Safety, and Security of Railway Systems, RSSRail 2019, held in Lille, France in June 2019. The 18 full papers presented in this book were carefully reviewed and selected from 38 submissions. They cover a range of topics including railways system and infrastructure advance modelling; scheduling and track planning; safety process and validation; modelling; formal verification; and security.

This volume constitutes the proceedings of the Second International Conference on Reliability, Safety and Security of Railway Systems, RRSRail 2017, held in Pistoia, Italy, in November 2017. The 16 papers presented in this volume were carefully reviewed and selected from 34 submissions. They are organized in topical sections named: communication challenges in railway systems; formal modeling and verification for safety; light rail and urban transit; and engineering techniques and standards. The book also contains one keynote talk in full-paper length.

This book constitutes the refereed proceedings of the International Workshop on Software Engineering for Resilient Systems, SERENE 2017, held in Geneva; Switzerland, in September 2017. The 11 papers presented together with 2 invited talks were carefully reviewed and selected from 16 submissions. They cover the following areas: modeling and specification; safety and security; fault tolerance, resilience and robustness software.

This book constitutes the refereed proceedings of the FirstInternational Conference on Reliability, Safety, and Security of RailwaySystems, RSSRail 2016, held in Paris, France, in June 2016. The 15 revised full papers presented were carefully reviewed andselected from 36 initial submissions. The papers cover a wide range oftopics including failure analysis, interlocking verification, formalsystem specification and refinement, security analysis of ERTMS, safetyverification, formalisation of requirements, proof automation,operational security, railway system reliability, risk assessment forERTMS, and verification of EN-50128 safety requirements.

This book constitutes the refereed proceedings of the 5th International Workshop on Software Engineering for Resilient Systems, SERENE 2013, held in Kiev, Ukraine, in October 2013. The 13 revised full papers were carefully reviewed and selected from 21 submissions. The papers are organized in topical sections on resilient software and design, rigorous reasoning, applications, concepts, and analysis.

Many software systems have reached a level of complication, mainly because of their size, heterogeneity and distribution, which results in faults appearing that cannot be traced back easily to the code. Some of these "faults" could also be unexpected program behavior that appears as a result of interactions between different parts of the program; this is commonly known as complexity. New methods, approaches, tools and techniques are needed to cope with the increasing complexity in software systems; amongst them, fault-tolerance techniques and formal methods, supported by the corresponding tools, are promising solutions. This book brings together papers focusing on the application of rigorous design techniques to the development of fault-tolerant, software-based systems.

This volume is an outcome of the REFT 2005 Workshop on Rigorous Engineering of Fault-Tolerant Systems held in conjunction with the Formal Methods 2005 conference at Newcastle upon Tyne, UK, in July 2005. The authors of the best workshop papers were asked to enhance and expand their work and a number of well-established researchers working in the area contributed invited chapters. From the 19 refereed and revised papers presented, 12 are versions reworked from the workshop; 9 of them are totally new. The book is rounded off by two provocatively different position on the role of programming languages.

This book constitutes the proceedings of the Workshops held in conjunction with SAFECOMP 2019, 38th International Conference on Computer Safety, Reliability and Security, in September 2019 in Turku, Finland. The 32 regular papers included in this volume were carefully reviewed and selected from 43 submissions; the book also contains two invited papers. The workshops included in this volume are: ASSURE 2019: 7th International Workshop on Assurance Cases for Software-Intensive Systems DECSoS 2019: 14th ERCIM/EWICS/ARTEMIS Workshop on Dependable Smart Embedded and Cyber-Physical Systems and Systems-of-Systems SASSUR 2019: 8th International Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems STRIVE 2019: Second International Workshop on Safety, securiTy, and pRivacy In automotiVe systEms WAISE 2019: Second International Workshop on Artificial Intelligence Safety Engineering