assured reconfiguration an architectural core for system
play

Assured Reconfiguration: An Architectural Core For System - PowerPoint PPT Presentation

Feb 15, 2024 •150 likes •566 views

UVA Dependability Research Group Assured Reconfiguration: An Architectural Core For System Dependability ICSE 2005 Workshop on Architecting Dependable Systems John Knight University of Virginia Joint work with Elisabeth Strunk UVA

  1. UVA Dependability Research Group Assured Reconfiguration: An Architectural Core For System Dependability ICSE 2005 Workshop on Architecting Dependable Systems John Knight University of Virginia Joint work with Elisabeth Strunk

  2. UVA Dependability Research Group The Challenge Safety-Critical Desired Functionality Applications Hardware Complexity Costs System System Hardware Software Volume Volume Assured Reconfiguration 2 May 2005

  3. UVA Dependability Research Group Implications Of The Challenge � System: � Distributed processing/Integrated Modular Avionics � High data communications demand � Hardware: � Replication to meet MTBF demands � Software: � Increased volume, complexity, functionality � And it is bound to continue for the foreseeable future… Assured Reconfiguration 3 May 2005

  4. UVA Dependability Research Group Meeting The Challenge? � All defects can have serious consequences in typical systems but… � Hardware replication: � Expensive, bulky � Increased weight, power, space, shielding � Software complexity: � Mostly outside the realm of assurance techniques � Trying to deal with this by restricting amount of function in systems is naïve � Can we continue with “business as usual”? Assured Reconfiguration 4 May 2005

  5. UVA Dependability Research Group Business As Usual For Hardware ? Degradation Hardware Is Much Faults More Reliable Than It Design Faults MTBF Used To Be R E P L I C A T I O N Time � Business as usual unnecessary Assured Reconfiguration 5 May 2005

  6. UVA Dependability Research Group Business As Usual For Software ? � Why is software so difficult? � Fluid mechanics: Development � Continuous mathematics � Navier-Stokes equation Based On � Structural analysis: Analysis � Continuous mathematics � Finite element method � Software: � Discrete mathematics � ? � Business as usual unlikely to succeed Assured Reconfiguration 6 May 2005

  7. UVA Dependability Research Group Claim Maintaining Hardware Complete Occasional Degradation Faults Functionality With Operation With Are Much Less Ultra High Reduced But Safe Frequent Than In Assurance Is Functionality Is The Past Unnecessary Satisfactory Basing System Design On These Assumptions Reduces Complexity And Cost ASSURED RECONFIGURATION Assured Reconfiguration 7 May 2005

  8. UVA Dependability Research Group What Is Assured Reconfiguration? � Explicit decision at specification level to define a tradeoff between system dependability and function � Explicit decision by system stakeholders to accept alternative functionality if errors do occur � Because : � Complete hardware masking is too expensive Common � Adequate software fault avoidance/removal is Cases infeasible Assured Reconfiguration 8 May 2005

  9. UVA Dependability Research Group What Is Assured Reconfiguration? Reliability, Availability Assured Reconfiguration j() h() $ g() f() f() f() f() x Faults Faults Target Configuration Depends On Conditions Assured Reconfiguration 9 May 2005

  10. UVA Dependability Research Group Example: Modern Avionics Systems � Aircraft flight control software � FAA software development standard: � Minor: � Anticipated to occur one or more times during the entire operational life of each airplane � Major: � Not anticipated to occur during the entire operational life of a single random airplane � Catastrophic: � Not anticipated to occur during the entire operational life of all airplanes of one type � Failure rate of 10 -9 per hour of operation Assured Reconfiguration 10 May 2005

  11. UVA Dependability Research Group Example: Modern Avionics Systems � These requirements: � Cannot be assured with current approaches � Are essentially impossible to demonstrate � But , some (most?) functionality: � Does not need to be reliable � Needs to be fail-stop with ultra high dependability � Assured reconfiguration is an option to achieve system goals Assured Reconfiguration 11 May 2005

  12. UVA Dependability Research Group Prior Work on Reconfiguration � Survivability in critical information systems � Different requirements for embedded systems � Alternative functionalities (Shelton and Koopman) � Provides a model of system utility � Graceful degradation � Maximum utility with working components Assured Reconfiguration 12 May 2005

  13. UVA Dependability Research Group Prior Work on Reconfiguration � Quality of service � Specific aspects of a system � Simplex architecture (Sha) � Assumes analytic redundancy � Current systems, e.g., Boeing 777 � Ad-hoc � Are built using facilities already provided by the system Assured Reconfiguration 13 May 2005

  14. UVA Dependability Research Group Vision Reconfiguration As Architectural Foundation Fail-Stop Fail-Stop Fail-Stop Fail-Stop Software Software Software Software Component Component Component Component Fail-Stop Fail-Stop Fail-Stop Fail-Stop Computer Computer Computer Computer Assured System Reconfiguration Assurance By Proof Assured Reconfiguration 14 May 2005

  15. UVA Dependability Research Group Proposed Approach � System architecture: � Fully distributed, arbitrary layout and number of parts � Ultra-dependable data bus, e.g., TTP � Computing and storage hardware: � Allow computers to fail, but � Use ultra-dependable fail-stop machines � Software: � Allow application software to fail, but � Use ultra-dependable, fail-stop applications � Ultra-dependable reconfiguration mechanism Assured Reconfiguration 15 May 2005

  16. UVA Dependability Research Group Proposed Approach Common Components Avionics Components Avionics Avionics Avionics Application Application Application Application Added As Operating Needed Operating Operating Operating System System System System General General General General Purpose Purpose Purpose Purpose Computer Computer Computer Computer High Speed Data Bus High Speed Data Bus Assured Reconfiguration 16 May 2005

  17. UVA Dependability Research Group Proposed Approach Fail Stop General Purpose Avionics Avionics Avionics Avionics Application Computer Application Application Application Operating Operating Operating Operating System System System System General General General General Purpose Purpose Purpose Purpose Computer Computer Computer Computer High Speed Data Bus High Speed Data Bus Assured Reconfiguration 17 May 2005

  18. UVA Dependability Research Group Proposed Approach Avionics Ultra Dependable, Reconfigurable Avionics Avionics Avionics Application Application Application Application High Speed Data Bus Operating Operating Operating Operating System System System System General General General General Purpose Purpose Purpose Purpose Computer Computer Computer Computer High Speed Data Bus Assured Reconfiguration 18 May 2005

  19. UVA Dependability Research Group Proposed Approach Reconfigurable Fail-Stop Avionics Avionics Avionics Avionics Avionics Application Application Application Application Application Operating Operating Operating Operating System System System System General General General General Purpose Purpose Purpose Purpose Computer Computer Computer Computer High Speed Data Bus High Speed Data Bus Assured Reconfiguration 19 May 2005

  20. UVA Dependability Research Group Distributed Reconfigurable System Architecture Crucial Avionics Avionics Avionics Software Application Application Application Subsystem Control Reconfiguration Analysis & Management (SCRAM) Software Operating Operating Operating System System System General General General Special Purpose Purpose Purpose Purpose Computer Computer Computer Device Fault BIU BIU BIU BIU Detection And Signaling High Speed Data Bus System Assured Reconfiguration 20 May 2005

  21. UVA Dependability Research Group Crucial Software Development Reconfiguration Definition One Equivalence Proof SCRAM Software (Common) State Machine Specification (System Specific) Many Analysis & Synthesis Reconfiguration Specification Assured Reconfiguration 21 May 2005

  22. UVA Dependability Research Group Application Programming Assured Reconfiguration 22 May 2005

  23. UVA Dependability Research Group Fail-Stop Processors � Introduced by Schlichting and Schneider � Building block for critical systems � Fail-stop processor: � Processing units � Volatile storage � Stable storage � Stable storage preserved on failure Assured Reconfiguration 23 May 2005

  24. UVA Dependability Research Group Reconfigurable FTAs � Fault-tolerant actions (FTAs) Ac tio n Ac tio n Re c o ve ry � In S&S work, recovery must complete original action � In our work, recovery could be reconfiguration � Complete some different function Re c o ve ry: Ac tio n Ac tio n Re c o nfiguratio n Assured Reconfiguration 24 May 2005

  25. UVA Dependability Research Group Reconfigurable Fail-Stop Systems � Software building block is a reconfigurable application � Reconfigurable application has: � A predetermined set of specifications � A predetermined set of FTAs for each specification � Application function exists in system context: � Recovery must be appropriate to system � Failure in one application could cause failure in another � Not a problem in S&S work since failures were masked, sufficient resources assumed Assured Reconfiguration 25 May 2005

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Architectural Reconfiguration Architectural Reconfiguration using Coordinated Atomic Actions

Architectural Reconfiguration Architectural Reconfiguration using Coordinated Atomic Actions

Architectural Reconfiguration Architectural Reconfiguration using Coordinated Atomic Actions using Coordinated Atomic Actions Rog rio rio de Lemos de Lemos Rog University of Kent, UK University of Kent, UK Motivation;

404 views • 16 slides
Assured Mobile VIP Members Assured Mobile Become a VIP Member with Assured Mobile Residents

Assured Mobile VIP Members Assured Mobile Become a VIP Member with Assured Mobile Residents

Assured Mobile VIP Members Assured Mobile Become a VIP Member with Assured Mobile Residents are better informed of association business, events, meetings and time sensitive information. Residents view the information in the format they

466 views • 7 slides
Architectural Patterns The fundamental problem to be solved with a large system Architectural

Architectural Patterns The fundamental problem to be solved with a large system Architectural

Architectural Patterns The fundamental problem to be solved with a large system Architectural Patterns is how to break it into chunks manageable for human programmers to understand, implement, and maintain. Dr. James A. Bednar Large-scale

354 views • 12 slides
Year 10 In Information Evening 2018 Selfless, Self Assured, Successful Selfless, Self Assured,

Year 10 In Information Evening 2018 Selfless, Self Assured, Successful Selfless, Self Assured,

Year 10 In Information Evening 2018 Selfless, Self Assured, Successful Selfless, Self Assured, Successful Selfless, Self Assured, Successful Key Changes Grading 1-9 for all subjects No coursework or controlled assessment in the vast

799 views • 45 slides
NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural is a family owned business, based in Colchester. The manufacturing facility is 70,000 sq. ft with a staff of over 50. What do we do? NES

274 views • 16 slides
Efficient Architectural Support for Persistent Memory Vijay Nagarajan People Marcelo Cintra

Efficient Architectural Support for Persistent Memory Vijay Nagarajan People Marcelo Cintra

Efficient Architectural Support for Persistent Memory Vijay Nagarajan People Marcelo Cintra (Intel) Stratis Viglas (Google) Arpit Joshi(Edinburgh) 2 Emerging System Core Core Cache Cache DRAM NVM Secondary Storage Secondary Storage

847 views • 68 slides
A UAV Test and Development Environment Based on Dynamic System Reconfiguration Osamah A.

A UAV Test and Development Environment Based on Dynamic System Reconfiguration Osamah A.

A UAV Test and Development Environment Based on Dynamic System Reconfiguration Osamah A. Rawashdeh, Garrett D. Chandler, and James E. Lumpp, Jr. Department of Electrical and Computer Engineering University of Kentucky Lexington, KY Outline

300 views • 11 slides
An integrated concurrency and core- ISA architectural envelope definition, and test oracle, for

An integrated concurrency and core- ISA architectural envelope definition, and test oracle, for

An integrated concurrency and core- ISA architectural envelope definition, and test oracle, for IBM POWER multiprocessors Kathryn E. Gray 1 Gabriel Kerneis 1+ Dominic Mulligan 1 Christopher Pulte 1 Susmit Sarkar 2 Peter Sewell 1 1 University of

745 views • 45 slides
Reconfiguration in Cyber-Physical Systems Sebastian Wtzoldt System Analysis and Modeling Group

Reconfiguration in Cyber-Physical Systems Sebastian Wtzoldt System Analysis and Modeling Group

Reconfiguration in Cyber-Physical Systems Sebastian Wtzoldt System Analysis and Modeling Group Prof. Holger Giese Motivation: Reconfiguration in Cyber-Physical Systems 2 Cyber-Physical Systems (CPS) are integrations of computation

1.16k views • 30 slides
An Approach to Manage Reconfiguration in Fault- Tolerant Distributed System s Stefano Porcarelli

An Approach to Manage Reconfiguration in Fault- Tolerant Distributed System s Stefano Porcarelli

An Approach to Manage Reconfiguration in Fault- Tolerant Distributed System s Stefano Porcarelli 1 , Marco Castaldi 2 , Felicita Di Giandomenico 1 , Andrea Bondavalli 3 , Paola Inverardi 2 1 Italian National Research Council, ISTI Dept, Italy

284 views • 14 slides
Reconfiguration of Traffic Reconfiguration of Traffic Grooming Optical Networks Grooming Optical

Reconfiguration of Traffic Reconfiguration of Traffic Grooming Optical Networks Grooming Optical

Reconfiguration of Traffic Reconfiguration of Traffic Grooming Optical Networks Grooming Optical Networks Ruhiyyih Mahalati and Rudra Dutta Computer Science, North Carolina State University This research was supported in part by NSF grant #

299 views • 28 slides
Unionville Commercial Core Pattern Book Village Design and Architectural Guidelines

Unionville Commercial Core Pattern Book Village Design and Architectural Guidelines

Unionville Commercial Core Pattern Book Village Design and Architectural Guidelines Presentation to Development Services Committee April 16, 2018 1 Purpose To provide an overview of the Unionville Commercial Core Pattern Book To

629 views • 37 slides
ASSURED ACCESS FOR THE ADF IN THE ASIA PACIFIC I have been asked to talk about Assured Access for

ASSURED ACCESS FOR THE ADF IN THE ASIA PACIFIC I have been asked to talk about Assured Access for

ASSURED ACCESS FOR THE ADF IN THE ASIA PACIFIC I have been asked to talk about Assured Access for the ADF in the Asia Pacific . This is a large topic. What I want to do is step back and talk about the nature of our strategic environment, and to

515 views • 7 slides
Distributed Self-reconfiguration Control of an M-TRAN System Kurokawa H, Tomita K, Kamimura A,

Distributed Self-reconfiguration Control of an M-TRAN System Kurokawa H, Tomita K, Kamimura A,

Distributed Self-reconfiguration Control of an M-TRAN System Kurokawa H, Tomita K, Kamimura A, Kokaji S National Institute of Advanced Industrial Science and Technology Murata S Tokyo Institute of Technology Contents Modular Robot

708 views • 37 slides
Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large

Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large

Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large system is how to break it into chunks manageable for human programmers to understand, implement, and maintain. Dr. James A. Bednar Large-scale

893 views • 12 slides
Architectural design process Sub- systems and modules System structuring A sub- system is

Architectural design process Sub- systems and modules System structuring A sub- system is

Architectural Design Objectives To introduce architect ural design and to discuss it s importance Establishing the overall To explain why multiple models are required to document a sof tware structure of a sof tware architecture

424 views • 16 slides
Joint work with I. Comparing research projects in proof theory Weaker vs. stronger systems

Joint work with I. Comparing research projects in proof theory Weaker vs. stronger systems

Deduction modulo theory Gilles Dowek Joint work with I. Comparing research projects in proof theory Weaker vs. stronger systems Several directions at the same time Decomposing proofs, propositions, connectives, etc., into more atomic

344 views • 19 slides
The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical

The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical

The Lean Theorem Prover Jeremy Avigad Department of Philosophy and Department of Mathematical Sciences Carnegie Mellon University June 29, 2017 Formal and Symbolic Methods Computers open up new opportunities for mathematical reasoning.

1.24k views • 57 slides
Towards Type Safety of Aspect-Oriented Languages by Florian Kammller & Matthias Vsgen

Towards Type Safety of Aspect-Oriented Languages by Florian Kammller & Matthias Vsgen

Software Engineering Group TU Berlin Towards Type Safety of Aspect-Oriented Languages by Florian Kammller & Matthias Vsgen Outline Introduction Featherweight Java and formalization Formalization of aspects Formalization

571 views • 28 slides
Block-level RAID is dead Raja Appuswamy, David C. van Moolenbroek, Andrew S. Tanenbaum Vrije

Block-level RAID is dead Raja Appuswamy, David C. van Moolenbroek, Andrew S. Tanenbaum Vrije

Block-level RAID is dead Raja Appuswamy, David C. van Moolenbroek, Andrew S. Tanenbaum Vrije Universiteit, Amsterdam June 22, 2010 Traditional storage stack File Originally one file system per disk system Later RAID layer was introduced

453 views • 19 slides
Chapter 4: Modifying Pixels in a Range Reminder: Pixels are in a matrix Matrices have two

Chapter 4: Modifying Pixels in a Range Reminder: Pixels are in a matrix Matrices have two

Chapter 4: Modifying Pixels in a Range Reminder: Pixels are in a matrix Matrices have two dimensions: A height and a width We can reference any element in the matrix with (x,y) or (horizontal, vertical) We refer to those coordinates as

915 views • 75 slides
SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford

SECURE IDENTITY-BASED ENCRYPTION IN THE QUANTUM RANDOM ORACLE MODEL Mark Zhandry Stanford University Random Oracle Model (ROM) Sometimes, we cant prove a scheme secure in the standard model. Instead, model a hash function as a

509 views • 38 slides
Nonlinear Control Lecture # 18 Stability of Feedback Systems Nonlinear Control Lecture # 18

Nonlinear Control Lecture # 18 Stability of Feedback Systems Nonlinear Control Lecture # 18

Nonlinear Control Lecture # 18 Stability of Feedback Systems Nonlinear Control Lecture # 18 Stability of Feedback Systems Absolute Stability + r = 0 u y G ( s ) ( ) Definition 7.1 The

370 views • 23 slides
Normalizing Flow Models Stefano Ermon, Aditya Grover Stanford University Lecture 7 Stefano

Normalizing Flow Models Stefano Ermon, Aditya Grover Stanford University Lecture 7 Stefano

Normalizing Flow Models Stefano Ermon, Aditya Grover Stanford University Lecture 7 Stefano Ermon, Aditya Grover (AI Lab) Deep Generative Models Lecture 7 1 / 21 Recap of likelihood-based learning so far: Model families: Autoregressive

319 views • 21 slides

More recommend