Architecting Trustworthy Self-Adaptive Systems (Tutorial)

Abstract

Architecting self-adaptive software systems is challenging. These systems must achieve their goals not only in the environment in which they are deployed initially, but also as this environment changes over time. When self-adaptive systems are used in safety-critical and business-critical applications, this challenge is compounded by the need to also provide guarantees that the system operates correctly at all times. For traditional software systems, such guarantees are provided through assurance cases. These are structured arguments which use comprehensive development-time evidence to explain why a system can be trusted when used for its planned application in a given environment. This tutorial presents the ENTRUST methodology for achieving a similar level of trust in self-adaptive systems [1]. ENTRUST is the first end-to-end methodology for architecting trustworthy self-adaptive systems and dynamic assurance cases guaranteeing the suitability of the software for its intended applications. As advocated by major research initiatives such as the UK-led Assuring Autonomy International Programme (https://www.york.ac.uk/assuring-autonomy/). ENTRUST dynamic assurance cases seamlessly combine evidence obtained during the development of a self-adaptive software system with evidence obtained from its additional verification at runtime. As such, each reconfiguration of an ENTRUST self-adaptive system is accompanied by a new version of the assurance case that confirms the trustworthiness of the reconfigured system architecture.