Trustworthy Ambient Systems: Resource Constrained Ambience

Advances in communications and networking technology have made it possible to devise 'ambient' systems in which mobile devices and software agents form ad hoc groups, trading data and services. However, the technology needed to engender trust in such complex systems, and their resilience to faults and attacks, is only in its infancy.
The TrAmS platform grant sustained a research group that created new projects on technical foundations, methods and tools to model, design and analyse Trustworthy Ambient Systems. TrAmS-2 is, however, shaped by new factors. First, power provision/consumption of devices, rather than cost, is becoming a limiting factor in the deployment of ambient systems. Second, novel paradigms such as cloud computing offer a new dimension of ambience in that data and programs can be migrated without physical movement of agents. Ambient systems can therefore mix mobile devices with mobile software and services, using resources on demand. This increases the significance of threats such as power loss/limitation, and lack of trust in an on-demand computing infrastructure. These factors mean that traditional assumptions underpinning the engineering of fault-tolerant, dependable systems will be challenged.
TrAmS enabled lines of enquiry on formal engineering methods, proof support, embedded systems design, dynamic coalitions and contract-based "systems of systems" architectures. These led to 9 EPSRC, EU, industry and other projects with applications in automotive, rail, space, business and other sectors. Concrete outputs included tools and patterns for fault tolerance modelling, advances in proof technology, simulation and evidence to support deployment of formal engineering methods.
In TrAmS-2, the group will focus on the most challenging aspects of resource-limited future ambient systems. This requires skills in other areas besides fault tolerance, so we have augmented the TrAmS team with researchers in systems and microelectronics to create a group with an international profile in dependability, data management and asynchronous systems. TrAmS-2 will provide continuity of research staff, encouraging new, risky, research in areas created by this new mix of expertise.
The design and management of trustworthy ambient systems is necessarily a cooperative, large-scale, and potentially error-prone undertaking, partly because they cannot be designed as a coherent whole. Mobility (physical and virtual) makes them open to malicious and accidental failures that are difficult to predict in design. Decentralisation makes controlled recovery and evolution difficult. Lack of power can crash components, but fault tolerance costs extra power. Complex ambient systems yield verification problems beyond state-of -the-art tools. TrAmS-2 addresses these challenges in four domains:

Foundations: work towards calculi that are rich enough to describe the architectures, functionality and stochastic properties of ambient systems composed of diverse services with multiple users and owners.

Tools: exploring the development of cooperative, cloud-enabled design environments that ease access to analytic services to allow the full range of interactive verification techniques to be applied on demand to ambient system designs.

Tractable Design: work towards making design of trustworthy ambient systems designs more tractable by adding facilities to manage the added complexity of error detection and recovery without losing the underlying system structure.

Energy-Aware Ambient Systems: exploring the interplay between energy-awareness and resilience, and the provision of predictable tolerance of energy-induced threats.

Finally, TrAmS-2 will allow the group to continue taking a strategic view of its research and will help develop the careers of its members by building a group of mentors for the team members at all levels, establishing new links and exchanges, leading to further projects.

Our goal is to ensure TrAmS-2 enables the impact of the new projects that result from the platform grant. Our approach is therefore to ensure that the TrAmS-2 group interacts with potential beneficiaries of these "offspring projects", and takes account of their needs when formulating research strategy and developing project proposals.
The extension of TrAmS into resource-constrained and cloud-based ambience offers great potential for impact in broad areas of industry and society. Beneficiaries include businesses providing infrastructure, devices and services for ambient systems, and end users for whom major concerns are the security, safety and quality of experience provided by the system as a whole. The entire ICT sector is being strongly influenced by societal and economic demands for systems to be energy-frugal and power-proportional, and businesses of all sizes have identified the huge potential of cloud computing but are unable to commit to clouds because they do not trust them. The projects created from TrAmS-2 address these problems by researching methods, models and tools that support developers in assessing designs both in terms of their resource usage, costs, resilience to faults and the quality of the user experience.
A major impact route is through tools supporting the well-founded modelling and analysis methods for dependable ambient systems that TrAmS-2 offspring projects will generate. We will build on our extensive experience at developing usable tools that have achieved industry deployment. To overcome the difficulty of accessing formal methods tools, we will set up the infrastructure to allow new and existing tools to be wrapped in a service-based interface and deployed on a cloud, so that users can access them without the need to install and maintain them. This approach is intended to increase, by orders of magnitude, the number and range of organisations that can then benefit from these tools. In particular it will allow SMEs to benefit from tooling that has hitherto been limited to large organisations with expertise and computing power.
We will encourage other research groups to follow our example, and make their tools available in the same cloud-based framework that we envisage way. To stimulate this, offspring projects will make test and anonymised data sets available in the cloud so that others can evaluate their tools, encouraging productive competition between tool-providers taking different approaches. For this, we will utilise the expertise of the commercial cloud companies with which we have a close relationship.
TrAmS-2 will identify and develop the impact routes that will then be used by the offspring projects on the energy/dependability interplay, again holding a workshop to involve industry stakeholders and using our ongoing involvement in the energy harvesting community, our collaboration with SMes in EU projects, and our pivotal role in industry-rich events on systems design. Our active participation in the Electronics Knowledge Transfer Network and The Chilli online platform for entrepreneurs and investors in ICT will provide major dissemination routes for developing an industrial community of interest around the TrAmS-2 offspring projects.
All the investigators have established records of creating impact from their research both from the original TrAmS Platform Grant and other extensive research careers. Tools developed in several of our projects have been deployed in industry sectors including automotive, business, transport and e-Science. Much of the existing evidence is of solid industrial impact via projects that benefited from the first tranche of TrAmS funding. For the future, the two new directions offer great potential for impact over a broad sector of industry.