Innovative Approach in AGILE Policies Validation

Proceedings, 15th IFAC Conference on Proceedings, 15th IFAC and Conference on Systems Programmable Devices Embedded Proceedings, 15th IFAC Conference on Proceedings, 15th IFAC and Conference on Systems Programmable Devices Embedded Ostrava, Czech Republic, May 23-25, 2018 Available Programmable Devices and Embedded Systems Programmable Devices Embedded Systemsonline at www.sciencedirect.com Proceedings, 15th IFAC and Conference Ostrava, Czech Republic, May 23-25,on 2018 Ostrava, Republic, May 23-25, Ostrava, Czech Czech Devices Republic, May 23-25, 2018 2018 Programmable and Embedded Systems Ostrava, Czech Republic, May 23-25, 2018

ScienceDirect

IFAC PapersOnLine 51-6 (2018) 301–305

Innovative Innovative Innovative Innovative Innovative

Approach in AGILE Policies Approach in AGILE Policies Approach in AGILE Approach in AGILE Policies Policies Validation Validation Approach in AGILE Policies Validation Validation ∗ Validation Aleksandra Kawala-Janik Magda Zolubak ∗ Aleksandra Kawala-Janik ∗ Magda Zolubak ∗

∗ ∗ ∗,∗∗ ∗ Magda ∗ Aleksandra Michal Kawala-Janik Podpora ∗∗ Mariusz PelcZolubak ∗,∗∗ Aleksandra Kawala-Janik Magda Zolubak Michal Podpora Mariusz Pelc ∗ ∗,∗∗ ∗ ∗ ∗,∗∗ Michal Podpora Mariusz Pelc Aleksandra Magda Michal Kawala-Janik Podpora Mariusz PelcZolubak ∗ ∗ ∗ Faculty of Electrical Engineering, Automatic Control and Michal Podpora Mariusz Pelc ∗,∗∗ ∗ ∗ Faculty of Electrical Engineering, Automatic Control and ∗ Faculty of Electrical Engineering, Automatic Control Informatics, Opole University of Technology, ul.Proszkowska 76, bud. FacultyOpole of Electrical Engineering, Automatic Control and and Informatics, University of Technology, ul.Proszkowska 76, bud. ∗ 1, 45-758 Informatics, Opole University of Technology, ul.Proszkowska 76, Opole, Poland (e-mail: [email protected], Faculty of Electrical Engineering, Automatic Control and Informatics, Opole University of Technology, ul.Proszkowska 76, bud. bud. 1, 45-758 Opole, Poland (e-mail: [email protected], 1, 45-758 Opole, Poland (e-mail: [email protected], [email protected]). Informatics, Opole University of Technology, ul.Proszkowska 76, bud. 1, 45-758 Opole, Poland (e-mail: [email protected], [email protected]). ∗∗ [email protected]). of Architecture, Computing and Humanities, University of ∗∗ Faculty 1, 45-758 Opole, Poland (e-mail: [email protected], [email protected]). Faculty of Architecture, Computing and Humanities, University of ∗∗ ∗∗ Faculty Architecture, Computing and of Greenwich, Royal Naval College, Park Row, LondonUniversity SE10 9LS, [email protected]). Faculty of ofOld Architecture, Computing and Humanities, Humanities, University of Greenwich, Old Royal Naval College, Park Row, London SE10 9LS, ∗∗ Greenwich, Old Royal Naval College, Park Row, London SE10 9LS, Kingdom (e-mail: [email protected]) FacultyUnited of Architecture, Computing and Humanities, University of Greenwich, Old Royal Naval College, Park Row, London SE10 9LS, United Kingdom (e-mail: [email protected]) United (e-mail: [email protected]) Greenwich, Old Kingdom Royal Naval College, Park Row, London SE10 9LS, United Kingdom (e-mail: [email protected]) United [email protected]) Abstract: In this paper an Kingdom innovative(e-mail: approach in providing formalised method of analysis Abstract: In this paper an innovative approach in providing formalised method of analysis Abstract: In this paper an innovative approach in formalised method analysis AGILE policies was in short presented. For the purpose of such policies validation theof Abstract: In this paper an innovative approach in providing providing formalised method ofDefinition analysis AGILE policies was in short presented. For the purpose of such policies validation the Definition AGILE policies was in short presented. For the purpose of such policies validation the Definition Language was undertaken. The proposed method plays a significant role while using AGILE Abstract: In this paper an innovative approach in providing formalised method of analysis AGILE policies was in short presented. For the purpose of such policies validation the Definition Language was undertaken. The proposed method plays aa significant role while using AGILE Language was undertaken. The proposed method playsofsystems significant role while the using AGILE policies in was certain applications such as inter aliapurpose control or safety critical systems. The AGILE policies was in short presented. For the such policies validation Definition Language undertaken. The proposed method plays a significant role while using AGILE policies in certain applications such as inter alia control systems or safety critical systems. The policies in certain applications such as inter alia control systems or safety critical systems. The method proposed in this paper can be inter successfully applied for the purpose of AGILE policies Language was undertaken. The proposed method plays a significant role while using AGILE policies in certain applications such as alia control systems or safety critical systems. The method proposed in this paper can be successfully applied for the purpose of AGILE policies method proposed in this paper can be successfully applied for the purpose of AGILE policies validation. One version of a policy used for managing an Air Cooling system will be as an policies in certain applications such as inter alia control systems or safety critical systems. The method proposed in this paper can be successfully applied for the purpose of AGILE policies validation. One version of aa policy used for managing an Air Cooling system will be as an validation. One version of policy used for managing an Air Cooling system will be as example discussed. method proposed in thisofpaper can be successfully applied purpose of AGILE validation. One version a policy used for managing an for Air the Cooling system will bepolicies as an an example discussed. example discussed. discussed. validation. One version of a policy used for managing an Air Cooling system will be as an example © 2018, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. example discussed. Keywords: Automatic control, Computer aided software engineering, Computer applications, Keywords: Automatic control, Computer aided software engineering, Computer applications, Keywords: Automatic Software performance Keywords:performance Automatic control, control, Computer Computer aided aided software software engineering, engineering, Computer Computer applications, applications, Software Software Keywords: Automatic control, Computer aided software engineering, Computer applications, Software performance performance Software performance 1. INTRODUCTION Language (PDL). It is possible to classify PDL as domain1. INTRODUCTION INTRODUCTION Language (PDL). It is possible to classify PDL as domain1. Language is to specific or (PDL). generic It (Pelc (2013)). 1. INTRODUCTION Language (PDL). It is possible possible to classify classify PDL PDL as as domaindomainspecific or generic (Pelc (2013)). specific or generic (Pelc (2013)). The Policy-based 1. computing is currently one of the most Language INTRODUCTION (PDL). It is possible to classify PDL as specific or generic (Pelc (2013)). In this paper AGILE PDL is applied, which is one of The Policy-based Policy-based computing computing is is currently currently one one of of the the most most In this paper AGILE PDL is applied, which isdomainThe one of popular technologies applied in order to equip a static (not specific or generic (Pelc (2013)). The Policy-based computing is order currently one aofstatic the most In this paper AGILE PDL is applied, which is of generic PDLs. These methods should address mainly popular technologies applied in to equip (not In this PDLs. paper These AGILEmethods PDL isshould applied, whichmainly is one onethe of popular technologies applied in order to equip aaofstatic (not generic address the run-time reconfigurable) software component with selected The Policy-based computing is currently one the most popular technologies applied in order to equip static (not generic PDLs. These methods should address mainly the problem with verification and validation of policies as this run-time reconfigurable) software component with selected In this paper AGILE PDL is applied, which is one of generic PDLs. These methods should address mainly the run-time reconfigurable) software component with selected problem with verification and validation of policies as this self-* features and a level of autonomy (Abolhasanzadeh popular technologies applied inautonomy order to equip a static (not problem run-time reconfigurable) software component with selected with verification and validation of policies as this is a crucial part of the decision-making system, which self-* features and a level of (Abolhasanzadeh generic PDLs. These methods should address mainly the problem with verification and validation of policies as this self-* and aa level of (Abolhasanzadeh aa crucial part of the decision-making system, which et al. features (2016) and de component Almeida etwith al. (2015)). run-time reconfigurable) software selected is self-* and Mendonca level of autonomy autonomy (Abolhasanzadeh is of decision-making which enables determination the validation overall systems behaviour et al. features (2016) and Mendonca de Almeida Almeida et al. al. (2015)). (2015)). withpart verification and of system, policies as this is a crucial crucial part of the theof decision-making system, which et al. (2016) and Mendonca de enables determination of the overall systems behaviour In thisfeatures case the self-* features mean (Abolhasanzadeh theet ability of a problem self-* and a level of autonomy et al. (2016) and Mendonca de Almeida et al. (2015)). enables determination of the overall systems behaviour (Mendonca de Almeida et al. (2015), Di Gironimo et al. In this case the self-* features mean the ability of a is a crucial part of the decision-making system, which enables determination of the overall systems behaviour In this case the self-* features mean the ability of a de et al. Di Gironimo et component a system for self-configuration (Mendonca et and Mendonca de Almeida al. (2015)). In al. this(2016) caseor self-* features mean theet ability of a (Mendonca (Mendonca de Almeida Almeida et(2015)). al. (2015), (2015), Di Gironimo et al. al. (2015) and Riekstin et al. component or the system for self-configuration (Mendonca enables determination ofet the overall Di systems behaviour (Mendonca de Almeida al. (2015), Gironimo et al. component or aaa system for (Mendonca (2015) and Riekstin et al. (2015)). de Almeida etthe al. (2015) andself-configuration Chopra (2015)). In this case self-* features mean the ability of a component or system for self-configuration (Mendonca (2015) and Riekstin et al. (2015)). de Almeida et al. (2015) and Chopra (2015)). (Mendonca de Almeida et al. (2015), Di Gironimo et (2015) and Riekstin et al. (2015)). de et (2015) for and Chopra The innovative aspect of this work relies on providingal.a component or aofsystem (Mendonca de Almeida Almeida et al. al. and Chopraby(2015)). (2015)). The aspect of work relies providing a The autonomy a(2015) system isself-configuration meant the ability of oper- (2015) and Riekstin al. (2015)). The innovative innovative aspect of this this work relies on onpolicies providing a targeted method foretvalidation of AGILE onlya The autonomy of aa(2015) system is meant meant by(2015)). the ability ability of of operoper- The de Almeida et al. and Chopra innovative aspect of this work relies on providing The autonomy of system is the targeted method for validation of AGILE policies only ating with either very limited or noneby human intervention. The autonomy of a system is meant by the ability of opertargeted method for validation of AGILE policies only Anthony (2006). The described method is considered alsoa ating with either very limited or none human intervention. The innovative aspect of this work relies on providing targeted method for validation of AGILE policies only ating with very limited or human intervention. (2006). The described method is considered also These kindeither of of autonomic has become recently The a system issystems meant the ability of oper- Anthony atingautonomy with very limited or none noneby human intervention. Anthony (2006). method is also to be implementable in real-time orpolicies supervision These kindeither of autonomic autonomic systems has become recently method The for described validation of control AGILE only Anthony (2006). The described method is considered considered also These kind of systems has become recently to be implementable in real-time control or supervision very popular across various application domains such as targeted ating with either very limited or none human intervention. These kind of autonomic systems has become recently to be implementable in real-time control or supervision systems. It was provided in order to help AGILE policy very popular across various application domains such as Anthony (2006). The described method is considered also to be implementable in real-time control or supervision very popular across various application domains such as systems. It was provided in order to help AGILE policy software or business systems (Parashar al. (2005) These kind ofacross autonomic systems has et become recently very popular various application domains suchand as to systems. Ittowas was provided in order order to help or AGILE policy designers assess correctness of control policies at supervision the design software or business business systems (Parashar et al. (2005) (2005) and be implementable in real-time systems. It provided in to help AGILE policy software or systems (Parashar et al. and designers to assess correctness of policies at the design Huebscher et al. (2008)). very popular across various domains suchand as designers software oretbusiness systemsapplication (Parashar et al. (2005) assess of policies at design stage to test them incorrectness the target system for AGILE risk reduction Huebscher al. (2008)). systems. Itto provided in order to help policy designers towas assess correctness of policies at the the design Huebscher et al. (2008)). stage to test them in the target system for risk reduction software or business systems (Parashar et al. (2005) and Huebscher et al. (2008)). stage to test them in the target system for risk reduction of systems unwanted or unpredictable behaviour, which The results of using policy-based control systems are stage designers to assess correctness of policies at the design to test them in the target system for risk reduction systems unwanted or unpredictable behaviour, which The resultset of of using policy-based control control systems systems are are of Huebscher al.and (2008)). of systems unwanted or unpredictable behaviour, which would be especially desired in the computer control sysThe results using policy-based very promising therefore some efforts towards their stage tobetest them indesired the target system for risk reduction of systems unwanted or unpredictable behaviour, which The promising results of and usingtherefore policy-based control towards systemstheir are would especially in the computer control sysvery some efforts would be especially desired in the computer control systems, where issues like inter alia stability or robustness are very promising and therefore some efforts towards their integration with computer control systems were made of systems unwanted or unpredictable behaviour, which would be especially desired in the computer control The results with of and using policy-based control systems are tems, where issues like inter alia stability or robustnesssysvery promising therefore some efforts towards their are integration computer control systems were made tems, where issues like inter alia stability or robustness are very important (Anthony (2006) andcomputer Baresi etcontrol al. (2015)). integration with computer control systems were made as this technology can be qualified as another artificial would be especially desired in the systems, where issues like inter alia stability or robustness are very promising and therefore some efforts towards their integration with computer control systems were made very important (Anthony (2006) and Baresi et al. (2015)). as this technology can be qualified as another artificial very important (Anthony (2006) and Baresi et al. (2015)). as this technology can be qualified as another artificial intelligence method aside the Artificial Neural Networks tems, where issues like inter alia stability or robustness very important (Anthony (2006) and Baresi et al. (2015)). integration with computer control systems were made as this technology can be qualified as another artificial proposed method may also lead to development ofare a intelligence method method aside aside the the Artificial Artificial Neural Neural Networks Networks The intelligence proposed method may also lead to development of a (ANN) or Fuzzy Systems (FS) (Byrski (2003), Pelc (2011), The very important (Anthony (2006) and et verification al. (2015)). as this technology can be qualified as another artificial intelligence method aside the Artificial Neural Networks The proposed method may lead to development of a software tool, which could bealso used forBaresi policies (ANN) or Fuzzy Systems (FS) (Byrski (2003), Pelc (2011), The proposed method may also lead to development of a (ANN) or Fuzzy Systems (FS) (Byrski (2003), Pelc (2011), software tool, which could be used for policies verification Beruvides et al. (2015), Al-Qaheri et al. (2015) and Di intelligence method aside(FS) the (Byrski Artificial Neural Networks (ANN) or Fuzzy Systems (2003), Pelc (2011), software tool, which could be used for policies verification already at the design stage, as it is destined to detect Beruvides et al. (2015), Al-Qaheri et al. (2015) and Di The proposed method may also lead to development of a software tool, which could be used for policies verification Beruvides et al. (2015), Al-Qaheri et al. (2015) and Di at the design stage, as it is destined to detect Gironimo et (ANN) or Fuzzy Systems (Byrski Pelc and (2011), Beruvides etal. al.(2015)). (2015), (FS) Al-Qaheri et(2003), al. (2015) Di already already at the design stage, as it is destined to detect logical inconsistencies within thus the proposed Gironimo et al. (2015)). software tool, could be the used verification already at thewhich design stage, as policy itfor is policies destined to detect Gironimo et al. (2015)). logical inconsistencies within the policy thus the proposed Beruvides etal. al.(2015)). (2015), Al-Qaheri et al. (2015) and the Di logical Gironimo et within the policy thus proposed methodinconsistencies of should be able allthe policies with A typical policy can be defined as a method describing already atpolicies the design stage, as to it detect is destined to detect inconsistencies within the policy thus the proposed method of policies should be able to detect all policies with A typical policy policy can be be defined defined as as aa method method describing describing the the logical Gironimo et al. (2015)). method of policies should be able to detect all policies with structural and or logical errors so they would not be used A typical can way of systems reaction to certain environmental condilogical inconsistencies within the policy thus the proposed method of policies should be able to detect all policies with A typical policy can be defined as a method describing the structural and or logical errors so they would not be used way of systems reaction to certain environmental condistructural and or logical errors so they would not be used in the target (Pelc (2013) and Anthony (2006)). way of systems reaction to certain environmental conditions and should be expressed in a form of an algorithm of method of policies should be able to detect all policies with structural and or logical errors so they would not be used A typical policy can be defined as a method describing the way of systems reaction to certain environmental condithe target (Pelc (2013) and Anthony (2006)). tions and and should should be be expressed expressed in in aa form form of of an an algorithm algorithm of of in in the target (Pelc (2013) and Anthony (2006)). tions more or systems less generic program written in aofPolicy Definition structural and or logical errors so they would not be used in the target (Pelc (2013) and Anthony (2006)). way of reaction to certain environmental conditions and should be expressed in a form an algorithm of This paper is a very first attempt towards formalisation more or or less less generic generic program program written written in in aa Policy Policy Definition Definition This paper is a very first attempt towards formalisation of more of thepaper target (Pelc (2013) and (2006)). tions and should be expressed in a form of an algorithm of in more or less generic program written in a Policy Definition This is first towards formalisation of AGILE policies validation andAnthony their analysis. In order to  Sponsor and financial support acknowledgment goes here. Paper This paper is aa very very first attempt attempt towards formalisation of AGILE policies validation and their analysis. In order to  more or less generic program written in a Policy Definition AGILE policies validation and their analysis. In order to Sponsor and financial support acknowledgment goes here. Paper develop a dedicated method of verification and validation  This paper is a very first attempt towards formalisation of AGILE policies validation and their analysis. In order to titles should be written in uppercase and lowercase letters, not all Sponsor and financial support acknowledgment goes here. Paper  develop a dedicated method of verification and validation Sponsor and support acknowledgment goes here. not Paper titles should be financial written in uppercase and lowercase letters, all develop a dedicated method of verification and validation of AGILE policies a very detailed knowledge in regards AGILE policies validation and their analysis. In order to uppercase. titles should be written in uppercase and lowercase letters, not all develop a dedicated method of verification and validation  of AGILE policies a very detailed knowledge in regards titles should be financial written in uppercase and lowercase letters, all Sponsor and support acknowledgment goes here. not Paper uppercase. of policies very knowledge regards uppercase. develop a dedicated of verification and in validation of AGILE AGILE policies aamethod very detailed detailed knowledge in regards uppercase. titles should be written in uppercase and lowercase letters, not all uppercase. © 2018 IFAC Copyright 301 of AGILE policies a very detailed knowledge in regards

2405-8963 © © 2018 2018, IFAC IFAC (International Federation of Automatic Control) Copyright 301 Hosting by Elsevier Ltd. All rights reserved. Copyright © 2018 301 Peer review responsibility of International Federation of Automatic Copyright © under 2018 IFAC IFAC 301 Control. 10.1016/j.ifacol.2018.07.170 Copyright © 2018 IFAC 301

2018 IFAC PDES 302 Aleksandra Kawala-Janik et al. / IFAC PapersOnLine 51-6 (2018) 301–305 Ostrava, Czech Republic, May 23-25, 2018

of AGILE Policy Definition Language (PDL) specific is needed. This is because the AGILE PDL owns its flexibility to a numerous policy objects, which may be used for decision making policy design. These objects may be divided into the three categories, such as variables reflecting current system state, return values and functional blocks (Pelc (2014)). 2. RELATED WORK Finding a method for policies is not easy as there is no existing universal method, which could be applied to all types of policies. This is because most of the policies are application-specific and composed using an applicationspecific Policy Definition Language and an application specific logic (Anthony (2006) and Wilson et al. (2015)). Among various methods for policies validation – popular are simulation-based methods, which are based on offline simulation experiment as the way of getting information whether a policy returns expected decisions in response to software-generated system states. This method allows a certain level of policies validation, however using it is inconvenient as it requires a dedicated test environment – usually provided with a separate application. Such a method was in more detail presented in: (Reith et al. (2009)). Typically for simulation-based policies the validation process is performed using a dedicated program called Margrave, which converts policies written in XACML standard into a form of decision-diagram in order to answer queries. Another similar solution was presented in: (Pelc (2011)), where a dedicated framework for these properties should be interpreted in the process of policy validation. One of the examples how policies for Policy-based SelfAdaptive Systems (PobSAM) can be formally analysed was in detail presented in: (Khakpour et al. (2010)), where policies are used to control and adapt the system’s behaviour. A formal model for security policy verification for SELinux is presented in: (Zanin et al. (2004)). The SELinux policies describe how the systems objects can access system subjects. As there are plenty of relations between these two elements – the SELinux security policies are difficult to understand their overall affect in the system. For the purpose of verification of these policies a special SELinux configuration language was defined. An approach to formal verification of Attribute Based Access Control (ABAC) policies was presented in: (Wang et al. (2004)). A designated framework was provided in order to guarantee correctness of the ABAC policies. Similar research was already undertaken and in detail described in: (Bertino et al. (2009)), where a rule-based access control policies are being formally verified using a customised formalism.

a mechanism of converting AGILE policies into matrix representation (? and Jamro et al. (2014)). The policy objects types can be described as Templates, Policies, Actions, Rules, ToleranceRangeChecks and UtilityFunctions. The boundedness of a policy guarantees that the policy always returns a decision in case the system state belongs to the domain description. However even if a policy is bounded it may sometimes happen that a policy returns the same decision for a number of system states. In that case the rank of the MT will differ from the rank of the policy. This is because returning the same decision for different system states might be in some cases intentional and the policy may work properly, but in most cases it might also be result of a logical error and it can result with disqualification of the policy from being used. An in case a policy requires any changes then this may mean that the policy is not valid. Although the above refers to the AGILE policies they might also be considered as applicable to all kind of reasoning systems and can be described with the below formula:

Y = {I, P, O}

(1)

where: • Y is a reasoning system, • I represents the set of inputs, which are processes while decision making process, as they reflect the current state of the system, • P represents the set of decision paths, • O represents output of the decision system, which is a specific decision – the appropriate one in the given system state. In this section an example policy will be analysed using the proposed method. This policy governs an example ACS system (Air Cooling System) responsible to control temperature in a car. When the ACS system is turned ON, the temperature in the car decreases and when the ACS system is OFF, the temperature in the car will increase. The policy decides whether the ACS system should be ON or OFF depending on comparison the temperature in the car and the temperature previously set by the driver. Thus the policy decision is either turn ON the ACS system or turn it OFF, or simply NoChange action (so the ACS system will continue with the previous action). For the given policy one can distinguish three different states (nS = 3): • S1 : IntT emp ≥ P ref T emp − 2, • S2 : IntT emp > P ref T emp + 2, • S3 : IntT emp < P ref T emp − 2,

The policy is able to return one of the three below listed decisions:

3. CUSTOMISED METHOD FOR AGILE POLICY-BASED SYSTEMS’ VERIFICATION The customised method of verification of AGILE policybased presented in this paper – provides some analytical assessment of core features of AGILE policies. It also specifies crucial features of AGILE policies and shows 302

• D1 : N oChange, • D2 : OnACS, • D3 : Of f ACS,

The three above decisions form the valid set of policy decisions consisting of the three elements (nD = 3):

2018 IFAC PDES Aleksandra Kawala-Janik et al. / IFAC PapersOnLine 51-6 (2018) 301–305 Ostrava, Czech Republic, May 23-25, 2018

D = {D1 , D2 , D3 }. Thus the policy rank is as follows: rank(π) = min(nS ; nD ) = 3.

(2)

logical inconsistencies within the policy logic and used for iterative process of policies optimisation.

(3)

5. FURTHER RESEARCH PLANS

The set of decision paths P comprises three elements (paths): P = {P1 ; P2 ; P3 },

(4)

where: • P1 = {AChkT emp; T RCChkT emp; AN oChange}, • P2 = {AChkT emp; T RCChkT emp; AOnACS}, • P3 = {AChkT emp; T RCChkT emp; AOf f ACS}.

The P1 path leads to the ANoChange decision meaning that no action should be taken in the given conditions, the P2 path leads to the AOnACS decision and means that the Air Cooling System should be switched ON and the path leads to the AOffACS decision meaning the opposite. The valid decisions for the relevant states are, respectively: • S1 ⇒ D1 , • S2 ⇒ D 2 , • S3 ⇒ D 3 .

The transition matrix MT for the given policy exists and has the following form: 

D1  S1 1 MT =  S2 0 S3 0

Rank of the MT matrix is:

D2 0 1 0

303

 D3 0  . 0  1

rank(MT ) = 3 = rank(π). The policy is bounded and additionally it is well-funded. The all above required conditions were satisfied. Based on that one can say that the example policy is valid and it can be used in the target system. The whole policy can be found in the Appendix A. 4. SUMMARY The main aim of this paper was the problem of specifying a method of validation of AGILE policies and the main requirement for the method was that it had to be based on formal analysis rather than on a simulation-based verification. Such decision was made due to the fact that a formalisation of the validation process may be used without the need of using an additional software and it would provide objective means of assessment of policies correctness. As a result a new method of validation of AGILE policies was proposed. The method comprises a number of AGILE Policy Definition Language specific definitions which allow to assess certain properties of AGILE policies and make it a foundation for assessment a policy as a whole. The method was used in order to validate an example Air Cooling System policy and to prove that it could be successfully applied in a real life scenario. It was also shown that the method properly detects at least some of 303

The method presented in this paper was used in order to validate policy of an example Air Cooling System for the purpose of showing its potential usage in real life conditions. As it was proved the presented method was able to detect properly at least some of logical inconsistencies within the policy logic. As the proposed method can be easily both automated and implemented the further research plans include its optimisation. Also validation of policies at the designer level will be subject of authors’ future work. Therefore in order to prove applicability of the proposed method for validation of some other reasoning systems some additional research will be carried out in the nearest future. REFERENCES B. Abolhasanzadeh and S. Jalili. Towards Modeling and Runtime Verification of Self-Organizing Systems. Expert Systems with Applications, volume 44, pages 230–244, 2016. F. Mendonca de Almeida, A. de Ribamar Lima Ribeiro and E. D. Moreno. An Architecture for Self-healing in Internet of Things. In Proc. :The Ninth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies (UBICOMM 2015), volume 89, pages 76–81, 2015. I. Chopra. Autonomic Model for Self-Healing and SelfProtection in Grid Computing using Multi-Agents. PhD Thesis, Thapar University, Patiala, 2015. M. Parashar and S. Hariri. Autonomic Computing: An Overview. Lecture Notes in Computer Science, volume 3566, pages 247–259, 2005. M.C. Huebscher and J.A. McCann. A survey of autonomic computingdegrees, models, and applications. ACM Computer Survey, volume 40(3), pages 7:1–7, 2008. W. Byrski. The survey for the exact and optimal state observers in Hilbert spaces. In Proc: ECC 2003, pages 6, United Kingdom, 2003. M. Pelc. Self-tuning run-time reconfigurable PID controller. Archives of Control Sciences, volume 21, Issue: 2, pages 189–205, 2011. G. Beruvides, J. Carmelo, F. Castano and R.E. Haber. A self-learning strategy for artificial cognitive control systems. In Proc: 2015 IEEE 13th International Conference on Industrial Informatics (INDIN), pages 1180– 1185, IEEE, 2015. H. Al-Qaheri and S. Banerjee. Design and Implementation of a Policy Recommender System Towards Social Innovation: An Experience With Hybrid Machine Learning. Advances in Intelligent Systems and Computing – Intelligent Data Analysis and Applications, volume 370, pages 1180–1185, 2015. G. Di Gironimo , A. Lanzotti, D. Marzullo, G. Esposito, D. Carfora and M. Siuko. Iterative and Participative Axiomatic Design Process in complex mechanical assemblies: case study on fusion engineering. International Journal on Interactive Design and Manufacturing (IJIDeM), volume 370, Issue: 4, pages 325–338, 2015.

2018 IFAC PDES 304 Aleksandra Kawala-Janik et al. / IFAC PapersOnLine 51-6 (2018) 301–305 Ostrava, Czech Republic, May 23-25, 2018

M. Pelc. Policy-based reconfiguration of the computer control systems. Opole University of Technology Publishing House, 2013. A.C. Riekstin, J. Guilherme, B. Rodrigues, V. Nascimento, T. Carvalho and C. Meirosu. A Survey of Policy Refinement Methods as a Support for Sustainable Networks. IEEE Communications Surveys and Tutorials, volume PP, Issue: 99, pages 1, 2015. R.J. Anthony. A policy-definition language and prototype implementation library for policy-based autonomic systems. In Proc: ICAC2006, pages 265276, 2006. L. Baresi, B. Gundula, D.S. Kolovos, N. Matragkas, A. Motta, R.F. Paige, A. Radjenovic and M. Rossi. Formal verification and validation of embedded systems: the UML-based MADES approach. Software and Systems Modeling, volume 14, No.: 1, pages 343–363, 2015. M. Pelc. Context-aware fuzzy control systems. International Journal of Software Engineering and Knowledge Engineering, volume 24, No.: 05, pages 825–856, 2014. N.B. Wilson and L.A. Carmenza. Agile Methodology to Develop Architecture of Information and Knowledge in Organizations (MADAIKE). Journal on Computing, volume 27(3), pages 153, 2015. M. Reith, N. Jianwei and W.H. Winsborough. Toward practical analysis for trust management policy. In Proc: CCS09, pages 310–321, 2009. M. Pelc. A framework for verification of context-aware policy-supervised autonomic systems. Polish Journal of Environmental Studies, volume 20(5A), pages 118–122, 2011. N. Khakpour, R. Khosravi, M. Sirjani and S. Jalili. Formal analysis of policy-based self-adaptive systems. In Proc: SAC2010, pages 2536–2543, 2010. G. Zanin and L.V. Mancini,. Towards a formal model for security policies specification and validation in the selinux system. In Proc: SACMAT2004, pages 136–145, ACM, 2004. L. Wang, D. Wijesekera and J. Sushil. A logic-based framework for attribute based access control. In Proc: FMSE2004, pages 45–55, ACM, 2004. E. Bertino, C. Brodie, S.B. Calo, L.F. Cranor, C. Karat, N. Li, D. Lin, J. Lobo, Q. Ni, P. Rao and X. Want. Analysis of privacy and security policies. IBM Journal of Research and Development, volume 53(2), pages 3:1– 3:18, 2009. M. Jamro, D. Rzoca, J. Sadolewski, A. Stec, Z. Swider, B. Trybus and L. Trybus. CPDev Engineering Environment for Modeling, Implementation, Testing, and Visualization of Control Software. Recent Advances in Automation, Robotics and Measuring Techniques – Advances in Intelligent Systems and Computing, volume 267, pages 81–90, 2014. Appendix A The full sample policy can be found below:

2018 IFAC PDES Aleksandra Kawala-Janik et al. / IFAC PapersOnLine 51-6 (2018) 301–305 Ostrava, Czech Republic, May 23-25, 2018



305

305