A Fault Tolerance and Recovery Formal Model for IoT Systems

Introduction

The emergence of paradigms such as IoT, Cloud, and Fog computing has given birth to a new type of complex systems comprising many users, sensors, and applications that must react to context data, provide services, and manipulate devices. Besides, with the advancements in sensor hardware technology and inexpensive materials, ensuring the reliability of billions of connected devices and sensors has become a major challenge for IoT. System dependability allows users to place justified confidence in the service delivered to them (Aviˇzienis et al, 2004) encompassing attributes such as availability, security, and maintainability. If IoT systems are not as reliable as the traditional systems they are replacing, they will not meet the expectations of their users (Terry, 2016).

Given the trend of using unreliable and low-cost devices, system dependability is threatened by failures and errors (Power et al, 2018) at any architectural level of an IoT system: sensor and actuator nodes may crash, network links may be interrupted, and processing and storage components may not function properly (Moghaddam & Muccini, 2019). Fault tolerance is one way to ensure system dependability by allowing the system to continue to deliver a reliable service despite the presence of failures and errors. Fault tolerance aims to avoid failures by detecting faults, restoring the system and applying corrective maintenance strategies.

Typically, in the real world, building a fault-tolerant IoT system is a complex task, mainly because of the extremely large variety of edge devices, data computing technologies, networks, and other resources that may be involved in the development process (Ghosh et al., 2020). Over the last few years, an increased effort has been oriented towards this issue. Several contributions were proposed to address IoT fault tolerance from hardware and network aspects of an IoT system. However, only little attention has been given to investigate and analyze this issue from the software architectural point of view. This later remains largely under-explored in contemporary scientific literature (Ghosh et al., 2020), although that software engineering provides good support for fault detection and recovery of failed services.

We propose, in this article, a formal model for the specification and verification of fault tolerant IoT systems. Our contribution in this paper is twofold:

• 1.

  We propose a generic Fault Tolerance Microservice Architecture (called FaTMA) that takes account failures in different layers of an IoT system (Things, Fog, Cloud). Our architecture is based on the microservices style and the Fog infrastructure to provide decentralized control and fault management, weak coupling between services, and more flexibility.

• 2.

  We provide a formal model in order to consolidate FaTMA architecture. In particular, we adopt bigraphical reactive systems (BRS) (Milner, 2008), as a semantic formal framework for specifying structural and behavioral aspects of our architecture. Moreover, FaTMA bigraphical model allows us to analyze and simulate various fault tolerance and system recovery scenarios at the early phases of software life cycle.

The remainder of the paper is structured as follows: In Section 2, we outline the principle of our approach and present the FaTMA architecture. We explain how it enforces fault tolerance in IoT systems in Section 3. Section 4, gives an overview of BRS systems and how they are adopted to formally model, simulate and analyze the FaTMA architecture. In section 5, some existing works related to our approach are discussed. Finally, Section 6 summarizes the paper and discusses ongoing work.