Dependability analysis in the Ambient Assisted Living Domain: An exploratory case study

https://doi.org/10.1016/j.jss.2011.07.037Get rights and content

Abstract

Ambient Assisted Living (AAL) investigates the development of systems involving the use of different types of sensors, which monitor activities and vital signs of lonely elderly people in order to detect emergency situations or deviations from desirable medical patterns. Instead of requiring the elderly person to manually push a button to request assistance, state-of-the-art AAL solutions automate the process by ‘perceiving’ lonely elderly people in their home environment through various sensors and performing appropriate actions under the control of the underlying software. Dependability in the AAL domain is a critical requirement, since poor system availability, reliability, safety, or integrity may cause inappropriate emergency assistance to potentially have fatal consequences. Nevertheless, contemporary research has not focused on assessing dependability in this domain. This work attempts to fill this gap presenting an approach which relies on modern quantitative and qualitative dependability analysis techniques based on software architecture. The analysis method presented in this paper consists of conversion patterns from Unified Modeling Language (UML) behavior models of the AAL software architecture into a formal executable specification, based on a probabilistic process algebra description language, which enables a sound quantitative and qualitative analysis. The UML models specify system component interactions and are annotated with component failure probabilities and system usage profile information. The resulting formal specification is executed on PRISM, a model checking tool adequate for the purpose of our analysis in order to identify a set of domain-specific dependability properties expressed declaratively in Probabilistic Computational Tree Logic (PCTL). The benefits of using these techniques are twofold. Firstly, they allow us to seamlessly integrate the analysis during subsequent software lifecycle stages in critical scenarios. Secondly, we identify the components which have the highest impact on software system dependability, and therefore, be able to address software architecture and individual software component problems prior to implementation and the occurrence of critical errors.

Highlights

► We provide detailed notations, models and tools involved in our process of AAL dependability analysis. ► We classify the failures that arise between hardware and software components, according to a standard failure classification. ► We present results that validate the synchronization between AAL modules expressed by means of PRISM primitives. ► The hardware component was included to the sensitivity analysis and its impact assessed on the overall system reliability. ► We re-structure the exploratory case study with the Goal-Question-Metric method for a consistent empirical assessment.

Introduction

Ambient Assisted Living (AAL) (Nehmer et al., 2006) investigates the development of systems that monitor activities and vital signs of lonely elderly people in order to detect emergency situations or deviations from desirable medical patterns. Instead of requiring the elderly person to manually push a button to request assistance, state-of-the-art AAL solutions automate the process by perceiving the needs of lonely elderly people in their household environment through various sensors and carrying out appropriate actions under the control of the underlying software.

A key issue in the AAL domain is dependability. The dependability of a system “is the ability to deliver service that can justifiably be trusted” or simply “the dependence being placed on that system” (Avižienis et al., 2004). Also, dependability is an integrating concept that encompasses the following attributes: availability—readiness for correct service; reliability—continuity of correct service; safety—absence of catastrophic consequences to the user and the environment; integrity—absence of improper system alteration; and maintainability—ability to undergo modifications and repair (Avižienis et al., 2004).

The need to assess the dependability of AAL systems, and ensure it meets specifications, is clearly stated by the fact that the well-being of the assisted person is at stake when an emergency situation occurs, being dependent on the proper functioning of the system. This circumstance ratifies that AAL systems are safety-critical systems in which system malfunction can negatively impact human lives. When dependability is of such importance, conducting a dependability analysis in the early stages of the development cycle becomes a must  (Hoffman, 2008). Such analysis would provide early identification of system deficiencies and prevent unforeseen and much higher expenditures of cost, time, and effort in later stages of system development. In the worst case scenario lives could even be lost if the system were to be deployed with critical modules not having received the due efforts concerning design and testing (fault avoidance), or concerning the addition of redundancy for fault tolerance. The results of this analysis would help identify the most critical system components and to direct developers to devote more time and effort in designing and testing them, or in adding redundancy and the intelligence to tolerate or mask faults to them. The work in this paper does not touch fault avoidance or fault tolerance, per se, but can be a tool to identify the target system modules on which these efforts should be focused.

Indeed, one can find in the literature a number of case studies and experiment reports on AAL systems  (Nehmer et al., 2006, Kleinberger et al., 2009). However, these reports have not included a dependability analysis. This work attempts to fill this gap. In particular, the analysis method presented in this paper consists of conversion patterns from Unified Modeling Language (UML) behavior models (specifically Activity and Sequence Diagrams) of the AAL software architecture into a formal executable specification. This specification is based on a probabilistic process algebra description language, which enables a sound quantitative and qualitative analysis. The UML models specify system component interactions and are annotated with component failure probabilities and system usage profile information. The resulting formal specification is executed on a model checking (Baier and Katoen, 2008) tool adequate for the purpose of our analysis in order to identify a set of domain-specific dependability properties expressed declaratively in Probabilistic Computational Tree Logic (PCTL) (Baier and Katoen, 2008, Hansson and Jonsson, 1994). PCTL is used to query the aforementioned process algebra model and elicit a quantitative dependability evaluation and sensitivity analysis. As a result, critical components requiring special design attention can be identified and thus, project resources can be judiciously allocated early in the AAL development life cycle.

This paper is an extended version of the work presented in Rodrigues et al. (2010). It includes the following extensions and corresponding contributions. Section 4.4.1 explores the types of failures that arise from the connection between hardware and software components, according to a standard failure classification (Avižienis et al., 2004). Section 4.5 clarifies aspects of synchronization between Probabilistic Symbolic Model Checker's (PRISM) modules, which were not addressed in the original work. This was necessary to ensure that the traces originally specified in the UML behavior models of the AAL system were preserved, an essential property of critical domains such as AAL. In addition, Section 4.6.1 presents results that validate the synchronization between AAL modules expressed by means of PRISM primitives. Moreover, Section 4.6.2, extends the sensitivity analysis included in the original work by including a hardware component and assessing its impact on the overall system reliability. This makes for a more realistic dependability analysis, which ultimately also must consider hardware components. Finally, the exploratory case study has been restructured, with the help of the Goal-Question-Metric (GQM) method (Basili et al., 1994), to ensure a systematic mapping between measured data and the goals stated in this study. This provides for a consistent empirical assessment, which is still rare in the AAL domain.

The remainder of this paper is structured as follows: Section 2 covers background on AAL, on the formal language, and on the environment employed in the dependability and sensitivity analysis. Next, Section 3 presents a step-by-step description of the method. Section 4 then explores the applicability of the method on an AAL domain case study. In particular, Section 4.6 gives a qualitative and quantitative analysis of the results obtained in the case study. Moreover, Section  5 conducts evaluation and elaborates on lessons learned. Related work is discussed in Section 6. Finally, Section 7 offers concluding remarks.

Section snippets

AAL

AAL systems are by definition assistance systems. The assistance functionality comprises two aspects: (i) a user-initiated access to services, e.g., home control, social interaction, etc., and (ii) a system-initiated (proactive) provision of services, e.g., emergency support, home automation, activity coaching. In order to support the anticipatory assistance, the system must include some kind of closed loop controller that senses its environment (especially the persons living therein) and

Method

In this section we describe a method to analyze AAL system dependability as a function of component reliability estimates. We annotate a scenario specification with probabilistic properties and use a probabilistic model checking tool (PRISM) to make a qualitative and quantitative dependability analysis before implementation takes place. The method is depicted in Fig. 2 as eight steps: (1) scenarios specification, (2) model annotation, (3) conversion to PRISM, and steps (4) to (8) compose the

The exploratory case study

We carried out an exploratory case study (Yin, 2003). Accordingly, we present the context, the object of focus in the study, the application of the method, and the lessons learned, highlighting resulting hypotheses to be assessed in future work. In order to refine the study, we apply the Goal-Question-Metric (GQM) method (Basili et al., 1994), which helps to define the context, the object of study, its properties, the goal, and how the latter can be operationalized and answered.

Lessons learned and evaluation

Based on the results of the exploratory case study (Section 4), this section synthesizes the experience obtained with the application of the method to a particular system (Section 5.1), assesses its overall applicability (Section 5.2), discusses the usefulness of the collected results (Section 5.3), presents emerging hypotheses that could be useful for further empirical work (Section 5.4), and discusses threats to validity (Section 5.5).

Related work

Research on AAL is still in its early stages. Current efforts focus mainly on specification and design with few actual systems built (Nehmer et al., 2006, Kleinberger et al., 2009). Within specification, dependability has been promptly identified as a key system quality and as an architecture driver (Gross et al., 2009). Nevertheless, there is a lack of work, that uses sound qualitative and quantitative methods, assessing dependability in this domain.

System architectures for Ambient

Conclusion

Ambient Assisted Living investigates the development of systems involving the use of different types of sensors, which monitor activities and vital signs of lonely elderly people in order to detect emergency situations or deviations of desirable medical patterns. Dependability is a crucial system requirement in this domain which, to date, has not been adequately modeled and evaluated. The contribution in this work was to use modern quantitative and qualitative dependability analysis techniques

Acknowledgements

The authors would like to thank the anonymous reviewers for invaluable feedback and the Fraunhofer Institute for Experimental Software Engineering for granting access to EMERGE's documents. This work has been partially supported by CNPq, under Edital MCT/CNPq 14/2009 - Universal - Faixa A, grant number 482481/2009-9.

Genaína Rodrigues is an assistant professor at the Computer Science Department of University of Brasília since August 2009. Prior to that period, she was a postdoctoral researcher at Federal University of Minas Gerais where she participated on projects in the performance modelling for multi-tier server platforms since June 2008. She has a BSc, a MSc and a PhD in Computer Science. The latter was awarded in 2008 from University College London. Genaína has worked in various areas of Computer

References (30)

  • Goševa-PopstojanovaK. et al.

    Architecture-based approach to reliability assessment of software systems

    Performance Evaluation

    (2001)
  • AvižienisA. et al.

    Basic concepts and taxonomy of dependable and secure computing

    IEEE Transactions on Dependable Secure and Computing

    (2004)
  • BaierC. et al.

    Principles of Model Checking (Representation and Mind Series)

    (2008)
  • BasiliV.R. et al.

    The goal question metric approach

    Encyclopedia of Software Engineering

    (1994)
  • Becker, M., Alves, V., Vajda, L., Latour, L., Kyriazanos, D., Mitilineos, S., Thomopoulos, S., 2008. Emergency...
  • BiancoA. et al.

    Model checking of probabilistic and nondeterministic systems

    Foundations of Software Technology and Theoretical Computer Science

    (1995)
  • CheungR.C.

    A user-oriented software reliability model

    IEEE Transactions on Software Engineering

    (1980)
  • Gross, A., Steinbach-Nordmann, S., Jedlitschka, A., Becker, M., Steinke, I., Bloice, M., 2009. Emergency Monitoring and...
  • HanssonH. et al.

    A logic for reasoning about time and reliability

    Formal Aspects of Computing

    (1994)
  • HeymansP. et al.

    Scenario-based techniques for supporting the elaboration and the validation of formal requirements

    Requirements Engineering

    (1998)
  • HoareC.A.R.

    Communicating Sequential Processes

    Communications of the ACM

    (1978)
  • HoffmanL.

    Search of dependable design

    Communications of the ACM

    (2008)
  • ImmonenA. et al.

    Survey of reliability and availability prediction methods from the viewpoint of software architecture

    Software and System Modeling

    (2008)
  • KleinbergerT. et al.

    An approach to and evaluations of assisted living systems using ambient intelligence for emergency monitoring and prevention

  • KramerJ. et al.

    Modelling for mere mortals

  • Cited by (23)

    • IoRT cloud survivability framework for robotic AALs using HARMS

      2018, Robotics and Autonomous Systems
      Citation Excerpt :

      In the case of verification during runtime for AAL systems, it has not been studied deeply. Efforts on dependability analysis in the AAL domain was explored in a case study converting UML patterns of behavior models of AALs architecture to a formal executable specification which is later verified in a model checking tool denominated PRISM [19]. Although it is interesting to transform the UML diagrams to code that can be executed in a formal verification tool.

    • Building reliable and maintainable Dynamic Software Product Lines: An investigation in the Body Sensor Network domain

      2017, Information and Software Technology
      Citation Excerpt :

      Nevertheless, ensuring dependability in DSPLs has been insufficiently explored [20,28]. Various approaches for ensuring dependability of single software systems and non-dynamic SPL have been proposed [8,22,48,53,55]. The former usually models the behavior of the system and checks reachability properties specifying dependability attributes in such model [8,53,55].

    • Relevance and perspectives of AAL in Brazil

      2013, Journal of Systems and Software
      Citation Excerpt :

      Therefore, high quality is undoubtedly an essential requirement. We have observed that in various works related to AAL, such as Antonino et al. (2011), Beringer et al. (2011), Rodrigues et al. (2012) and Broek et al. (2010), it is possible to find a diversity of quality attributes that are considered relevant or essential. The main ones cited are interoperability, usability, reliability, security, adaptability, and portability.

    • Reliability of IoT-Aware BPMN Healthcare Processes

      2019, Securing the Internet of Things: Concepts, Methodologies, Tools, and Applications
    View all citing articles on Scopus

    Genaína Rodrigues is an assistant professor at the Computer Science Department of University of Brasília since August 2009. Prior to that period, she was a postdoctoral researcher at Federal University of Minas Gerais where she participated on projects in the performance modelling for multi-tier server platforms since June 2008. She has a BSc, a MSc and a PhD in Computer Science. The latter was awarded in 2008 from University College London. Genaína has worked in various areas of Computer Science including dependability analysis for concurrent component-based systems (her current focus of study) and on Software Product Line, performability evaluation, Model Driven Engineering and object oriented middleware platforms, such as CORBA and EJB. Since 2008 she has reviewed submissions to world-class journals such as Software, Practice & Experience, Journal of Systems and Software and IEEE Transactions on Software Engineering. She is currently a member of ACM SIGSOFT.

    Dr. Vander Alves is an Assistant Professor at the Computer Science Department of University of Brasilia. Previously he was a post-doctoral researcher at the Product Line Architectures department of the Fraunhofer Institute for Experimental Software Engineering, Germany, where he participated in projects in the Ambient Assisted Living domain. Prior to that, he was a post doctoral researcher at Lancaster University, England, having worked in the EU AMPLE project in the field of Aspect-Orientation, Model-Driven development, and Software Product Lines. He also worked at the IBM Silicon Valley laboratory in San Jose, California, in the implementation of the Information Integration product line, which led to a registered patent at the US Patent Office. He holds a doctoral degree in Computer Science (Software Engineering) from the Federal University of Pernambuco. His major areas of research are Software Product Lines, Aspect-Oriented Software Development, and Ambient Intelligence.

    Renato Silveira graduated from the Computer Science Department at University of Brasilia in 2010. His topic of interest includes dependability analysis of software systems. Currently, he is working at the headquarter of SERPRO, the data processing center of the Brazilian government in Brasilia, DF.

    Luiz A. Laranjeira is an assistant professor of Software Engineering and critical systems in the Gama College of Engineering, the University of Brasília, Brazil, since 2009. He holds a PhD degree in Computer Engineering (1992) from the University of Texas at Austin, an MSc degree in Electrical Engineering (1983) from the Federal University of Rio de Janeiro (COPPE), and a BSc degree in Electrical Engineering from the University of Brasília. He has published a number of research papers in international journals and conferences in the areas of software engineering and fault-tolerant computing. He has 26 years of experience in the software industry where he held technical and management positions in the field of carrier-grade highly available computer platforms (18 years) and in the field of communications security (8 years). He worked from 1988 to 2009 in the US telecommunications industry for large companies such as Sun Micro Systems, Compaq and Tandem Computer, and for small companies such as Narus, SS8, Xtera and Xcerla, as well as in a government research center in Brazil from 1984 to 1987.

    This article is an extended version of the paper entitled “Dependability analysis in the Ambient Assisted Living Domain: An exploratory case study”, that received the Best Papers Award of the 4th Brazilian Symposium on Software Components, Architectures, and Reuse (27–29 September 2010, Salvador, Brazil).

    View full text