Dependability and Survivability Evalution of a Water Distribution - - PowerPoint PPT Presentation

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Dependability and Survivability Evalution of a Water Distribution Process with Arcade

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Performability Modeling of Computer and Communication Systems 2009

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

1 Water distribution model 2 Arcade 3 Survivability in Arcade 4 Conclusions

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Distribution station

Drinking water Reservoir 1 Drinking water Reservoir 2 pumping station Distribution station district 1 district 2 Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Distribution station

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6

input 1 input 2

• utput 1

Output 2 Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Measures of interest

Availability Reliability Survivability

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Taxonomy of dependability

Availability Availability is the probability of the system being in an operational state within a mission time assuming that components are repaired.

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Taxonomy of dependability

Reliability according to [Sanders and Malhis, 1992] Reliability is the probability of having no system failure within a certain mission time assuming that no component is repaired.

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Taxonomy of dependability

Survivability according to [Cloth and Haverkort, 2005] Survivability is the ability of a system to recover predefined service levels in a timely manner after the occurrence of disasters. survivability ≡ disaster ⇒ recoverability (1) recoverability ≡ P≥p(trueU≤tservice) (2)

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

What is Arcade (architectural dependability evaluation)?

Basic building blocks Components Repair units Spare management unit Defining measure of interest Fault tree style Measures of interest Availability Reliability

Arcade txt format Arcade graphical format UML AADL XML Arcade parser Arcade conversion IO-IMC CADP format CADP Analysis results

Boudali et al. [2008]

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

What is Arcade (architectural dependability evaluation)?

Basic building blocks Components Repair units Spare management unit Defining measure of interest Fault tree style Measures of interest Availability Reliability

Arcade txt format Arcade graphical format UML AADL XML Arcade parser Arcade conversion IO-IMC CADP format CADP Analysis results

Boudali et al. [2008]

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

What is Arcade (architectural dependability evaluation)?

Basic building blocks Components Repair units Spare management unit Defining measure of interest Fault tree style Measures of interest Availability Reliability

Arcade txt format Arcade graphical format UML AADL XML Arcade parser Arcade conversion IO-IMC CADP format CADP Analysis results

Boudali et al. [2008]

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

I/O-IMC (Input/Output Interactive Markov Chain)

Finite-state machine 3 types of transitions

Markovian transitions Direct-action transitions Delayed-action transitions

repair?  1 2 3 fail! up! 1 repair!  Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

I/O-IMC (Input/Output Interactive Markov Chain)

Finite-state machine 3 types of transitions

Markovian transitions Direct-action transitions Delayed-action transitions

 1 2 3 fail! up!  Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Distribution station model - parameters

Rates are assumed values (work in progress)

Failure rates: λvalve open = λvalve close = 1/2000 and λtank = 1/6000 Repair rates: µvalve = 1 and µtank = 5/60

Assumption: stuck open cannot cause a system failure Model uses dedicated repair units

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

I/O-IMC of Distribution station model

valve−close FAIL−Cvalve! valve UPvalve! 1 2 3 valve−open

(a) Valve I/O-IMC

tank FAILtank ! tank UPtank! 1 2 3

(b) Tank I/O-IMC

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Fault tree (for availability and reliability)

Valve1 Valve2 Valve3 Valve4 Valve5 Valve6 Tank Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Distribution station model - Availability over time

0.86 0.88 0.9 0.92 0.94 0.96 0.98 1 500 1000 1500 2000 2500 3000 3500 4000 Probability (A) t in hours Availability

Steady state availability 0.84

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Water distribution Model - Reliability over time

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 500 1000 1500 2000 2500 3000 3500 4000 Probability (R) t in hours Reliability

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Extending Arcade for survivability

Needed to calculate survivability: Status information of components

Disable lumping in CADP (generates state space explosion) Add atomic properties to states.

Continuous Stochastic logic (CSL) model checking

Export CADP model to MRMC model checker

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Extending Arcade for survivability

Needed to calculate survivability: Status information of components

Disable lumping in CADP (generates state space explosion) Add atomic properties to states.

Continuous Stochastic logic (CSL) model checking

Export CADP model to MRMC model checker

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Extending Arcade for survivability

Needed to calculate survivability: Status information of components

Disable lumping in CADP (generates state space explosion) Add atomic properties to states.

Continuous Stochastic logic (CSL) model checking

Export CADP model to MRMC model checker

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Extending Arcade for survivability

Needed to calculate survivability: Status information of components

Disable lumping in CADP (generates state space explosion) Add atomic properties to states.

Continuous Stochastic logic (CSL) model checking

Export CADP model to MRMC model checker

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Arcade toolchain

Arcade txt format Arcade graphical format UML AADL XML Arcade parser Arcade conversion IO-IMC CADP format CADP CADP system model MRMC conversion MRMC format MRMC Survivability results Availability & reliability results

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

State space in CADP (Distribution station model)

Results: Without APs: 4869 states and 17861 transitions With APs: 35330 states and 405112 transitions

Reducing Fault tree out of the model (1458 states and 23328 transitions)

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

State space in CADP (Distribution station model)

Results: Without APs: 4869 states and 17861 transitions With APs: 35330 states and 405112 transitions

Reducing Fault tree out of the model (1458 states and 23328 transitions)

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Survivability water distribution station

Disasters Disaster 1: Valve 4 fails Disaster 2: Tank fails Disaster 3: Valve 1 and 3 fail

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6

input 1 input 2

• utput 1

Output 2 Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Survivability water distribution station

Disasters Disaster 1: Valve 4 fails Disaster 2: Tank fails Disaster 3: Valve 1 and 3 fail

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6

input 1 input 2

• utput 1

Output 2 Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Survivability water distribution station

Disasters Disaster 1: Valve 4 fails Disaster 2: Tank fails Disaster 3: Valve 1 and 3 fail

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6

input 1 input 2

• utput 1

Output 2 Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Survivability water distribution station

Service levels Service level 1: Distribution to district 1 is up Service level 2: Distribution to district 2 is up Service level 3: All components are up

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6

input 1 input 2

• utput 1

Output 2 Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Survivability water distribution station

Service levels Service level 1: Distribution to district 1 is up Service level 2: Distribution to district 2 is up Service level 3: All components are up

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6

input 1 input 2

• utput 1

Output 2 Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Survivability water distribution station

Service levels Service level 1: Distribution to district 1 is up Service level 2: Distribution to district 2 is up Service level 3: All components are up

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6

input 1 input 2

• utput 1

Output 2 Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Survivability water distribution station

Service levels Service level 1: Distribution to district 1 is up Service level 2: Distribution to district 2 is up Service level 3: All components are up

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6

input 1 input 2

• utput 1

Output 2 Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Survivability water distribution station

Service levels Service level 1: Distribution to district 1 is up Service level 2: Distribution to district 2 is up Service level 3: All components are up

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6

input 1 input 2

• utput 1

Output 2 Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Survivability water distribution station - Service level 1

0.2 0.4 0.6 0.8 1 2 4 6 8 10 Probability (S) t in hours Recovery to Service level 1 Disaster 1: Valve 4 fails Disaster 2: Tank fails Disaster 3: Valve 1 and 3 fail

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6 input 1 input 2

• utput 1

Output 2 Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6 input 1 input 2

• utput 1

Output 2 Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6 input 1 input 2

• utput 1

Output 2

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Survivability water distribution station - Service level 2

0.2 0.4 0.6 0.8 1 5 10 15 20 25 30 35 40 Probability (S) t in hours Recovery to Service level 2 Disaster 1: Valve 4 fails Disaster 2: Tank fails Disaster 3: Valve 1 and 3 fail

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6 input 1 input 2

• utput 1

Output 2 Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6 input 1 input 2

• utput 1

Output 2 Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6 input 1 input 2

• utput 1

Output 2

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Survivability water distribution station - Service level 3

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 5 10 15 20 25 30 35 40 Probability (S) t in hours Recovery to Service level 3 Disaster 1: Valve 4 fails Disaster 2: Tank fails Disaster 3: Valve 1 and 3 fail

Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6 input 1 input 2

• utput 1

Output 2 Valve 1 Valve 4 Valve 2 Valve 5 Valve 3 Tank Valve 6 input 1 input 2

• utput 1

Output 2

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Conclusions

Extending the CADP model with APs enables model checking for survivability using MRMC.

Increases the state space and thus model creation time.

The calculated survivability values have been validated.

Using a manually created model.

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

Future work

Use quantitive survivability measures (water levels) Extend the water distribution station model Compare use CADP with Prism within Arcade to compute Availability, Reliability and Survivability.

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process

Outline Water distribution model Arcade Survivability in Arcade Conclusions References

• H. Boudali, P. Crouzen, B. R. Haverkort, M. Kuntz, and
• M. Stoelinga. Architectural dependability evaluation with
• Arcade. In Proceedings of the 38th Annual IEEE/IFIP Int.

Conference on Dependable Systems and Networks, pages 512–521. IEEE Computer Society Press, 2008.

• L. Cloth and B.R. Haverkort. Model checking for survivability! In

Proceedings of the 2nd Int. Conference on the Quantitative Evaluation of Systems, pages 145–154. IEEE Computer Society Press, 2005.

• W. H. Sanders and L. M. Malhis. Dependability Evaluation Using

Composed SAN-Based Reward Models. Journal of Parallel and Distributed Computing 15, pages 238–254, 1992.

Stephan Roolvink, Anne Remke, Mari¨ elle Stoelinga Dependability & Survivability of a Water Distribution Process