work

I published several papers and theses which are provided below. For the theses I used the wiss doc package by Roland Bless.

current occupation:

My assignment at TOCSYC at the MDH in Västerås under guidance of Prof. Dr. Paul Pettersson starts in November 2015.

Before that,

since April 2012, I worked for Prof. Dr. Martin Fränzle within the Research Center on Critical Systems Engineering for Socio-Technical Systems (CSE), funded by the Initiative Niedersächsisches Vorab of the Volkswagen Foundation and the Ministry of Science and Culture of Lower Saxony,

I worked on Modeling, Verification and Control of Complex Systems (MoVeS) funded by the European Commission, ICT Research in FP7-ICT-2009-257005, where I met my second doctoral supervisor Prof. Dr. Ir. Joost-Pieter Katoen,

held a scholarship from the TrustSoft Grad School , funded by the German Research Council (DFG), at the University of Oldenburg for three years,

and worked within the AVACS project, supported by the German Research Council (DFG) under grant SFB/TR 14 AVACS, in subprojects H4 and S3.

misc:

My current Erdös number is 4.

2015

AnSS2015 Estimating the Probability of a Timely Traffic-HazardWarning via Simulation

abstract:
Traffic flow simulation is exploited for estimating the probability that a message - a hazard warning in this case - is correctly transmitted to an approaching car in time, that is, before overstepping a safety threshold. The results derived by simulation provide valuable insights in the functional relation between the numerous authoritative parameters and the reliability of timely message reception.

sources:
Please contact me if you would like a copy or buy it here.
For teaching purposes you can get it here.
The slides from my talk are also available.
The bibtex is available here.

2014

Dissertation

abstract:
The present book focuses on distributed Systems operating under probabilistic influences like faults. How well can such systems provide their service under the effects of faults? How well can they recover from faults? The present thesis introduces with limiting window availability a suitable measure to answer such questions, and presents a method for its computation. For the computation, the transition models of the systems are constructed, which are exponential in the size of the constituting system models. This is known as state space explosion. Combining decomposition and lumping - methods for state space reduction from the domain of model checking - allows to dampen the state space explosion.

sources:
Please contact me if you would like a copy or buy it here. I can send a copy from either Sweden or Germany.
For teaching purposes you can get it here. Please not that the online thesis differs slightly in pagenumber from the final offline book.
The bibtex is available here.
The slides from my disputation are also available here.

AINA2014 Combining Decomposition and Lumping to Evaluate Semi-hierarchical Systems

abstract:
Determining performance and fault tolerance properties of distributed systems is a challenging task. One common approach to quantify such properties is to construct the state space and a transition model of the distributed system that is to be evaluated. The challenge lies in the state space being exponentially large in the size of the system. One popular approach to tackle this challenge is to combine decomposition and lumping. The system is decomposed, transition models of the subsystems are constructed and minimized by lumping bisimilar states under an equivalence relation, and the intermediate marginal transition systems are composed to construct the minimal aggregate transition model. The approach allows to circumvent the necessity to construct a full transition model while preserving the ability to compute precise measures. The decomposition yet hinges on the structure of the communication within the system. When processes do not influence each other, decomposition is trivial as it is arbitrary. On the contrary, when all processes are influenced by all other processes - known as heterarchical structure - systems cannot be decomposed at all. Between systems of independent and heterarchical processes are i) hierarchically structured systems and ii) systems that are globally hierarchical, but contain locally heterarchical subsystems. The hierarchical type has been addressed elsewhere. This paper targets the second type - referred to as semi-hierarchically structured -, thus expanding the frontier from decomposing purely hierarchically structured systems to decomposing semi-hierarchically structured systems. Furthermore, this paper points out the role of different types of execution semantics regarding the decomposition.

sources:
Please contact me if you would like a copy or buy it here.
For teaching purposes you can get it here.
The slides from my talk are also available.
The bibtex is available here.

FINA2014 Composing Thermostatically Controlled Loads to Determine the Reliability against Blackouts

abstract:
Power grids are parallel systems in which consumers demand a shared resource independent of each other. A blackout occurs when the total demand increases or decreases too rapidly. This paper combines methods and concepts from three domains. The first one stems from estimating the power consumption based on thermostatically controlled loads via Markov chains. The second domain provides the composition of parallel systems enriched by intermediate lumping to construct a minimal aggregate transition model, in this case of a community of housings. The third domain provides reasoning about fault tolerance properties by introducing limiting window reliability as measure, suitable to account for the continuous risk of blackouts. Combined, the three methods and concepts allow to determine the risk of blackout of a community over time.

sources:
Please contact me if you would like a copy or buy it here.
For teaching purposes you can get it here.
The slides from my talk are also available.
The bibtex is available here.

2013

IREP2013 Modeling Options for Demand Side Participation of Thermostatically Controlled Loads

abstract:
Residential thermostatically controlled loads (TCLs) have potential for electricity market participation. This is because we can control a large group of these loads to achieve aggregate system behavior such as following variable wind energy output while ensuring the control actions are non-disruptive to the end users. A main challenge in controlling aggregate behavior of TCLs is developing dynamical system models that are simple enough for optimization and control, but rich enough to capture the behavior of the aggregate loads. In this work, we propose three classes of models, which approximate aggregate TCL dynamics. We analyze these models in terms of their accuracy and computational tractability. The three model classes we propose demonstrate a progression from analysis and prediction of TCL population behavior towards large-scale automatic control of the power consumption of the population. In the process we demonstrate how formal methods from computer science and optimal control can be deployed to this complex problem, leading to improved theoretically sound analysis results and control performance. The results of our investigation address derivation of bounds on modeling error, trajectory tracking guarantees and the potential of TCLs for arbitrage. For all classes of models proposed, the analytic results decrease as model heterogeneity is introduced. Thus, we motivate further development of analytical tools and modeling approaches to best investigate TCL potential in electricity market.

sources:
Please contact me if you would like a copy or buy it here.
For teaching purposes you can get it here.
The bibtex is available here.

JCSS Combining Decomposition and Reduction for State Space Analysis of a Self-Stabilizing System

abstract:
Fault tolerance measures of distributed systems can be calculated precisely by state space analysis of the Markov chain corresponding to the product of the system components. The power of such an approach is inherently confined by the state space explosion, i.e. the exponential growth of the Markov chain in the size of the underlying system. We propose a decompositional method to alleviate this limitation. Lumping is a well-known reduction technique facilitating computation of the relevant measures on the quotient of the Markov chain under lumping equivalence. In order to avoid computation of lumping equivalences on intractably large Markov chains, we propose a system decomposition supporting local lumping on the considerably smaller Markov chains of the subsystems. Recomposing the lumped Markov chains of the subsystems constructs a lumped transition model of the whole system, thus avoiding the construction of the full product chain. An example demonstrates how the limiting window availability (i.e. a particular fault tolerance measure) can be computed for a self-stabilizing system exploiting lumping and decomposition.

sources:
Please contact me if you would like a copy or buy it here.
For teaching purposes you can get it here.
The bibtex is available here.

2012

MLQA2012 Modeling TCL via DTMC

abstract:
In september 2012 I attended the Joint Workshop on Compositional Modelling and Analysis of Quantitative Systems in Edinburgh, contributing the following poster.

sources:
The poster is not copyright protected and accesible here.

AINA2012 Combining Decomposition and Reduction for State Space Analysis of a Self-Stabilizing System

abstract:
Verifying fault tolerance properties of a distributed system can be achieved by state space analysis via Markov chains. Yet, the power of such exact analytic methods is confined by exponential growth of the chain's state space in the size of the system modeled. We propose a method that alleviates this limit. Lumping is a well known reduction technique that can be applied to a Markov chain to prune redundant information. We propose a system decomposition to employ lumping piecewise on the considerably smaller Markov chains of the subsystems which are much more likely to be tractable. Recomposing the lumped Markov chains of the subsystems results in a state space that is likely to be considerably smaller. An example demonstrates how the limiting window availability (i.e. a fault tolerance property) can be computed for a system while exploiting the combination of lumping and decomposition.

sources:
Please contact me if you would like a copy or buy it here.
For teaching purposes you can get it here.
The slides from my talk are also available.
The paper was selected for the best paper award here.
The bibtex is available here.

2011

FINA2011 The Degree of Masking Fault Tolerance vs. Temporal Redundancy

abstract:
Self-stabilizing systems, intended to run for a long time, commonly have to cope with transient faults during their mission. We model the behavior of a distributed self-stabilizing system under such a fault model as a Markov chain. Adding fault detection to a self-correcting non-masking fault tolerant system is required to progress from non-masking systems towards their masking fault tolerant functional equivalents. We introduce a novel measure, called limiting window availability (LWA) and apply it on self-stabilizing systems in order to quantify the probability of (masked) stabilization against the time that is needed for stabilization. We show how to calculate LWA based on Markov chains: first, by a straightforward Markov chain modeling and second, by using a suitable abstraction resulting in a space-reduced Markov chain. The proposed abstraction can in particular be applied to spot fault tolerance bottlenecks in the system design.

sources:
Please contact me if you would like a copy.
For teaching purposes you can get it also get it here.
The bibtex is available here.

Please note that the assumption coverage in the original paper contains an error. An erratum correcting this error is available here.
The bibtex is available here.

Internal Colloquium Unmasking Fault Tolerance - Masking vs. Non-masking Fault-Tolerant Systems

abstract:
The internal colloquium is, in the process of becoming a PhD, the last step before writing up. It is open for everyone and destined to discuss the quality of the contribution to the state of the art. Besides numerous colleague PhD candidates, Profs. Theel, Olderog, Fränzle, Winter and Hahn attended the audition.

sources:
The slides from my talk are available.

2010

TUM Unmasking Fault Tolerance - Masking vs. Non-masking Fault Tolerance

abstract:
For mutual fertilization, the TUM invited me along with Sven Linker, Tino Teige and Mani Swaminathan under guidance of Prof. Dr. Ernst-Rüdiger Olderog.

sources:
The slides from my talk are available.

2009

UFirst2009 Deriving a Good Trade-off Between System Availability and Time Redundancy

abstract:
What to do if at a given time a service dearly required is unavailable? Is it a good strategy to simply invoke the service again (and again)? How many times should one retry in such a situation in order to get a the service delivered with a reasonably high probability but without "losing too much time?" In this paper, we explore the relation between time redundancy that a system can utilize to cope with faults and the increase of system availability. We propose a generalization of instantaneous availability called instantaneous window availability to systematize our approach. We then present two methods for deriving trade-off solutions in terms of average instantaneous window availability, namely Markov model analysis and discrete-time simulation. We apply these methods to two instances of a self-stabilizing system and discuss the outcome.

sources:
Please contact me if you would like a copy...
For teaching purposes you can get it also get it here.
The slides from my talk are also available.
The bibtex is available here.
The slides from my presentation at the QUT can be found here.

2008

Scala: Using Erlang for Distributed Simulation for the Derivation of Fault Tolerance Measures

abstract:
In August i was giving a lecture at the University of Helsinki about writing simulation tools in Erlang for the derivation of fault tolerance measures. The intent was to give students that learn the functional language scala a different point of view and to motivate them by showing the possibilities one gets using functional programming style.

sources:
Lecture Slides

ANSS2008: Determination of Fault-Tolerance Measures of Self-Stabilizing Algorithms by Simulation

abstract:
Fault tolerance measures can be used to distinguish between different self-stabilizing solutions to the same problem. However, derivation of these measures via analysis suffers from limitations with respect to scalability of and applicability to a wide class of self-stabilizing distributed algorithms. We describe a simulation framework to derive fault tolerance measures for self-stabilizing algorithms which can deal with the complete class of self-stabilizing algorithms. We show the advantages of the simulation framework in contrast to the analytical approach not only by means of accuracy of results, range of applicable scenarios and performance, but also for investigation of the influence of schedulers on a meta level and the possibility to simulate large scale systems featuring dynamic fault probabilities. Keywords: Fault Tolerance, Self-Stabilization, Simulation, Reliability, Availability

sources:
Please contact me if you would like a copy or buy it here.
For teaching purposes you can get it also get it here.
The slides from my talk are also available.
The bibtex is available here.

2007

MSc: Simulation of Self Stabilizing Distributed Algorithms to Determine Fault-Tolerance Measures

abstract:
Fault tolerance measures such as reliability and availability are employed to select the most suitable fault tolerant system to be deployed under a given environment. Although such measures have been defined for masking fault tolerant systems, until recently they were not defined for non-masking fault tolerant systems. In [War06], a procedure has been outlined to determine the reliability, instantaneous availability and limiting availability for self-stabilizing distributed algorithms[Dol00] using Markov-chains. The procedure utilizes a method similar to predicate abstraction to reduce the state space of a self-stabilizing system and derives the Markov-chain representing the abstracted system. However, assumption about fault-propagation and approximations introduced by the abstraction technique hinder the accuracy of the measures obtained. Simulation of the distributed algorithms can be used to determine more accurate transition probabilities and hence can be used to fine tune the Markov-chains representing the abstraction technique. Such a simulator can also facilitate the study of the variation of reliability and availability due to fault profile of the environment.
This work is concerned with the development of a simulator which can simulate a selfstabilizing distributed algorithm’s behavior under transient faults. It also provides a mechanism for fault injection along with facility to vary the error probability distribution. The simulator is written in the purely functional concurrent language Erlang and provides the possibility to record measures which can be fed to external tools for further analysis. Erlang was chosen for its abilities in distributed concurrent computing. The simulation results are used to verify the metrics obtained from the analysis procedure described in [War06]. This work provides insights as to how to improve the fault tolerance metrics of a given self-stabilizing algorithm based on the results from the simulations. Also the fine tuning of the analysis procedure based on feedback from the simulator is available. A complete user manual of the simulator is enclosed with this thesis.

note:
This thesis was submitted as Diplomarbeit, coinciding formally with a Master thesis according to today's standards.

sources:
master thesis
enclosed manual
original source code (Windows)
original source code (Linux)
optimized source code (Linux) The bibtex is available here.

2006

BSc: Vergleich Logisch-Funktionaler Sprachen (Comparison of Logical-Functional Programming Languages, in German)

abstract:
What this work is: This work gives an insight into the small field of logical functional languages. While ALF, Curry, Erlang, Leda, Mercury and Oz/Mozart are mentioned, only Curry, Erlang and Mercury are eyed more precisely, by comparing the effort to learn a language (Section 4.1), the presumable future perspective (Section 4.2) and the field of application (Section 4.3). What this work is not: This work is not detailed on all logical functional languages. It focuses Curry, Erlang and Mercury. The implementation used in Section 4.4 does not work in real life. It is currently impossible to break an AES-128-CBC-Cipher by using brute-force-algorithms. The algorithms used in this work are used to measure computing-times. This work is divided into four parts. Chapter 1 contains the motivation. Chapter 2 gives an orientation what the paradigms logical and functional mean and why I focus on three languages. In Chapter 3 the technologies used for this work will be in the focus. Because none of the languages is commonly known, characteristic features are discussed, which would otherwise be kept barred if one is not in touch with the applied technology. In Chapter 4 the comparison takes place with the criteria mentioned above. Also, a benchmark has been implemented in Erlang and Java to compare the performance of the promising logical-functional sector against one standard language which is widespreaded and well known. It has not been implemented in Curry and Mercury for reasons which will be discussed in this thesis.

note:
This thesis was submitted as individuelles Projekt, coinciding formally with a Bachelor thesis according to today's standards.

sources:
bachelor thesis
java source code
erlang source code