eliminating single points of failure in software based
play

Eliminating Single Points of Failure in Software Based Redundancy - PowerPoint PPT Presentation

Jan 10, 2024 •281 likes •703 views

Eliminating Single Points of Failure in Software Based Redundancy Peter Ulbrich , Martin Ho ff mann, Rdiger Kapitza, Daniel Lohmann, Reiner Schmid and Wolfgang Schrder-Preikschat EDCC May 9, 2012 SYSTEM SOFTWARE GROUP

  1. Eliminating Single Points of Failure in 
 Software ‐ Based Redundancy Peter Ulbrich , Martin Ho ff mann, Rüdiger Kapitza, Daniel Lohmann, 
 Reiner Schmid and Wolfgang Schröder-Preikschat EDCC May 9, 2012 SYSTEM SOFTWARE GROUP http://www4.cs.fau.de

  2. Transient Hardware Faults – A Growing Problem [3] (Shivakumar, 2002) ■ Transient hardware faults (Soft-Errors) ! ■ Induced by e.g., radiation, glitches, insu ffi cient signal integrity ■ Increasingly a ff ecting microcontroller logic ■ Future hardware designs: 
 Even more performance and parallelism 
 � On the price of being less and less reliable ! Peter Ulbrich – ulbrich@cs.fau.de 2

  3. Countermeasures - Hardware Safety-Critical System ! Actuators ' Actuators ' Sensors' Safety'Cri+cal.Applica+on. ■ Hardware-based countermeasures ! ■ Application-specific design or specialised hardware ■ For example ECC, lock-step ! Pragmatic approach (tackles problem right at source) � Hardware costs (e.g., redundancy, checker, …) � Selectivity (e.g., multi-application systems) � Development costs (diverse safety concepts and HW, (re-)certification) Peter Ulbrich – ulbrich@cs.fau.de 3

  4. Countermeasures - Software Safety-Critical System ! Safety'Cri+cal.Applica+on. ↯ Actuators ' Sensors' ■ Different approaches to address transient hardware faults ! ■ Hardware vs. software measures ■ Applicability and costs ! Peter Ulbrich – ulbrich@cs.fau.de 4

  5. Countermeasures - Software ↯ Safety-Critical System ! ✗ Safety'Cri+cal.Applica+on.(1). Actuators ' Sensors' Safety'Cri+cal.Applica+on.(2). Safety'Cri+cal.Applica+on.(3). ■ Different approaches to address transient hardware faults ! ■ Hardware vs. software measures ■ Applicability and costs ■ Software-based triple modular redundancy (TMR) ! ■ Accepted and proven (e.g., recommended for ASIL D error handling) ■ Selective (e.g., multi-application systems) Peter Ulbrich – ulbrich@cs.fau.de 4

  6. Software-Based Redundancy in Detail Safety-Critical System ! Replica.1. Majority. Sensors' Interface. Replica.2. Actuators' Voter. Replica.3. ' Isola/on'domain' Sphere'of'replica/on'(SOR)' ' ■ Software-based TMR requires: ! ■ Temporal and spatial isolation (isolation domains) ■ Interface and Majority Voter ! Peter Ulbrich – ulbrich@cs.fau.de 5

  7. Software-Based Redundancy in Detail Safety-Critical System ! P = 998 1000 1 1 P = P = 1000 1000 ↯ ↯ Replica.1. Majority. Majority. Actuators ' Sensors' Interface. Interface. Replica.2. Actuators' Voter. Voter. Replica.3. ' Isola/on'domain' Sphere'of'replica/on'(SOR)' ' ■ Software-based TMR requires: ! ■ Temporal and spatial isolation (isolation domains) ■ Interface and Majority Voter ■ Single points of failur Single points of failure ! ■ No error detection ■ Very small � Certain probability Peter Ulbrich – ulbrich@cs.fau.de 5

  8. Software-Based Redundancy in Detail Safety-Critical System ! P = ? P = ? P = ? ↯ ↯ Replica.1. Majority. Majority. Actuators ' Sensors' Interface. Interface. Replica.2. Actuators' Voter. Voter. Replica.3. ' Isola/on'domain' Sphere'of'replica/on'(SOR)' ' ■ Software-based TMR requires: ! ■ Temporal and spatial isolation (isolation domains) ■ Interface and Majority Voter ■ Single points of failur Single points of failure ! ■ No error detection ■ Very small � Certain probability ■ Risk analysis ■ Inherently complex ■ Random error distribution? (Nightingale, 2011) Peter Ulbrich – ulbrich@cs.fau.de 5

  9. Software-Based Redundancy in Detail Safety-Critical System ! Replica.1. Majority. Sensors' Interface. Replica.2. Actuators' Voter. Replica.3. ' Isola/on'domain' Sphere'of'replica/on'(SOR)' ' ■ Software-based TMR requires: ! ■ Temporal and spatial isolation (isolation domains) ■ Interface and Majority Voter ■ Single points of failur Single points of failure ! ■ No error detection ■ Very small � Certain probability ■ Risk analysis ■ Inherently complex ■ Random error distribution? (Nightingale, 2011) Peter Ulbrich – ulbrich@cs.fau.de 5

  10. Agenda ■ Introduction ! ■ The Co Combined Red Redundancy Approach ! ■ Eliminating Vulnerabilities ■ High-Reliability Voters ■ Example: UAV Flight Control ! ■ CoRed Implementation ■ Target System: I4 Copter ■ Evaluation ! ■ Experimental Setup ■ Results ■ Conclusion ! Peter Ulbrich – ulbrich@cs.fau.de 6

  11. ��������� ��������� ������������� ������ �������� �������� �������� ����������� ������ ��������� ��������� ����������� �������� ������ ������ ������ ������ ������ ������ ������ ����������� ������ �������� CoRed Overview – Holistic Protection Approach ' ' Isola/on'domain' Encoded'opera/on' Sphere'of'replica/on'(SOR)' ' ' ■ The Combined Redundancy Approach (CoRed) ! { TMR + ! 
 Peter Ulbrich – ulbrich@cs.fau.de 7

  12. ��������� ��������� ������������� ������ �������� �������� �������� ����������� ������ ��������� ��������� ����������� �������� ������ ������ ������ ������ ������ ������ ������ ����������� ������ �������� CoRed Overview – Holistic Protection Approach ' ' Isola/on'domain' Encoded'opera/on' Sphere'of'replica/on'(SOR)' ' ' ■ The Combined Redundancy Approach (CoRed) ! { Data-flow encoding TMR + ! 
 Peter Ulbrich – ulbrich@cs.fau.de 7

  13. ��������� ��������� ������������� ������ �������� �������� �������� ����������� ������ ��������� ��������� ����������� �������� ������ ������ ������ ������ ������ ������ ������ ����������� ������ �������� CoRed Overview – Holistic Protection Approach ' ' Isola/on'domain' Encoded'opera/on' Sphere'of'replica/on'(SOR)' ' ' ■ The Combined Redundancy Approach (CoRed) ! { Data-flow encoding TMR + High-reliability voters ! 
 Peter Ulbrich – ulbrich@cs.fau.de 7

  14. ����������� ��������� ��������� �������� ������������� ������ �������� �������� �������� ����������� ������ ��������� ������ ��������� ������ ������ ������ ������ ������ ������ ����������� ������ �������� CoRed Overview – Holistic Protection Approach 2 1 3 ' ' Isola/on'domain' Encoded'opera/on' Sphere'of'replica/on'(SOR)' ' ' ■ The Combined Redundancy Approach (CoRed) ! { Data-flow encoding TMR + High-reliability voters ■ Holistic Protection Approach ! ■ Input to output protection 
 1 Reading inputs � 2 Processing � 3 Distributing outputs ■ Composability � On application and system level Peter Ulbrich – ulbrich@cs.fau.de 7

  15. Eliminating Input and Output Vulnerabilities SOR' Y Y’ Y Encode. Decode. (Value)' (Encoded'Value)' X X’ X Encode. Decode. (Value)' (Encoded'Value)' ■ Inter-domain data-flow protection ! ■ Checksum vs. Arithmetic code (AN code) ■ AN Code � Encoded data operations ■ Enabler for high-reliability voter ! Peter Ulbrich – ulbrich@cs.fau.de 8

  16. Eliminating Input and Output Vulnerabilities SOR' Y Y’ Y Encode. Decode. (Value)' (Encoded'Value)' X X’ X Encode. Decode. (Value)' (Encoded'Value)' ■ Inter-domain data-flow protection ! ■ Checksum vs. Arithmetic code (AN code) ■ AN Code � Encoded data operations ■ Enabler for high-reliability voter ■ CoRed: Extended AN code Extended AN code (EAN code) ! ■ Based on VCP (Forin, 1989) Peter Ulbrich – ulbrich@cs.fau.de 8

  17. Eliminating Input and Output Vulnerabilities SOR' Y Y’ Y Encode. Decode. (Value)' (Encoded'Value)' X X’ X Encode. Decode. (Value)' (Encoded'Value)' A B X D (Prime)' (Signature)' (Timestamp)' ■ Inter-domain data-flow protection ! ■ Checksum vs. Arithmetic code (AN code) ■ AN Code � Encoded data operations ■ Enabler for high-reliability voter ■ CoRed: Extended AN code Extended AN code (EAN code) ! ■ Based on VCP (Forin, 1989) } X’ = X × A + B X + D ■ Data integrity: Prime ■ Address integrity: Per variable signature ■ Outdated data: Timestamp Peter Ulbrich – ulbrich@cs.fau.de 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing

Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing

Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing Behavior Anomaly Correlation Presentation at 13th European Conference on Software Maintenance and Reengineering Nina Marwede 1 , Matthias Rohr 1 ,

439 views • 42 slides
Software Cost Estimation SLOC-based Models and the Function Points Model By Brad Touesnard For

Software Cost Estimation SLOC-based Models and the Function Points Model By Brad Touesnard For

Software Cost Estimation SLOC-based Models and the Function Points Model By Brad Touesnard For SWE4103 University of New Brunswick, Fredericton Intro SLOC Function Points Conclusion Outline Introduction SLOC-based Approach

236 views • 20 slides
Software Development: Tools and Processes Lecture - 15: Software project failures Software

Software Development: Tools and Processes Lecture - 15: Software project failures Software

Software Development: Tools and Processes Lecture - 15: Software project failures Software projects failure Software project failure is very common and according to statistics, 95% projects are at least done for the second time . The failure

523 views • 25 slides
Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old

Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old

Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old approach in multiple systems SSO Security Benefits Common SSO based configurations Examples of SSO usage Conclusion 15/12/11

379 views • 16 slides
Failure is a four-letter word Andreas Zeller Thomas Zimmermann Christian Bird PROMISE

Failure is a four-letter word Andreas Zeller Thomas Zimmermann Christian Bird PROMISE

Failure is a four-letter word Andreas Zeller Thomas Zimmermann Christian Bird PROMISE 2011, Banff, Canada Software failures 2 Defect distributions 3 Failure causes 4 Failure causes 5 Failure causes 6 Failure causes 7 Failure

1.16k views • 76 slides
Eliminating cache-based timing attacks with instruction-based scheduling Deian Stefan , Pablo

Eliminating cache-based timing attacks with instruction-based scheduling Deian Stefan , Pablo

Eliminating cache-based timing attacks with instruction-based scheduling Deian Stefan , Pablo Buiras, Edward Z. Yang, Amit Levy, David Terei, Alejandro Russo, and David Mazires Motivation: IFC Web platforms Platforms allow 3rd-party developers

936 views • 61 slides
THREE CIRCUITS 145 SINGLE POINTS H.B. Kim , LAc PhD EARTH : LU LI

THREE CIRCUITS 145 SINGLE POINTS H.B. Kim , LAc PhD EARTH : LU LI

www.AcupunctureMedia.com THREE CIRCUITS 145 SINGLE POINTS H.B. Kim , LAc PhD EARTH : LU LI ST SP (Taiyin + Yangming) HEAVEN : HT SI UB KD (Shaoyin + Taiyang) HUMAN

537 views • 41 slides
Recognizing and Eliminating Flux Concentrator Failures Mr. Robert Ruffini President

Recognizing and Eliminating Flux Concentrator Failures Mr. Robert Ruffini President

Recognizing and Eliminating Flux Concentrator Failures Mr. Robert Ruffini President Confidential Property of Fluxtrol Inc. 1 Overview What are the failure modes of a flux concentrator? How do we improve the design to prevent the

362 views • 23 slides
Single-pass restore after a media failure Caetano Sauer , Goetz Graefe, Theo Hrder 20% of

Single-pass restore after a media failure Caetano Sauer , Goetz Graefe, Theo Hrder 20% of

Single-pass restore after a media failure Caetano Sauer , Goetz Graefe, Theo Hrder 20% of drives fail after 4 years High failure rate on first year (factory defects) Expectation of 50% for 6 years

459 views • 28 slides
Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web

Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web

Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web Applications Diploma Thesis Presentation Nina S. Marwede Abteilung Software Engineering Fakultt II Department fr Informatik August 26, 2008

654 views • 41 slides
Failure Modelling in Software Architecture Design for Safety Weihang Wu Tim Kelly Presented by

Failure Modelling in Software Architecture Design for Safety Weihang Wu Tim Kelly Presented by

Failure Modelling in Software Architecture Design for Safety Weihang Wu Tim Kelly Presented by George Despotou High Integrity Systems Engineering Group Department of Computer Science Failure Modelling - 1 WADS ICSE05 Outline

156 views • 12 slides
Compensation & Benefits Tax Reform: Eliminating the Performance-Based Exception to Section

Compensation & Benefits Tax Reform: Eliminating the Performance-Based Exception to Section

Compensation & Benefits Tax Reform: Eliminating the Performance-Based Exception to Section 162(m) and Other Changes Regarding Compensation January 25, 2018 Moderator: Kevin P. OBrien Tax Rate Changes Affect on Compensation 1.

640 views • 15 slides
Software Development Lifecycle Tuesday, November 19th 1 Hardware wears out Infant Wear

Software Development Lifecycle Tuesday, November 19th 1 Hardware wears out Infant Wear

Software Development Lifecycle Tuesday, November 19th 1 Hardware wears out Infant Wear out mortality Failure rate Time Failure curve for hardware 2 Software doesn't wear out Increased failure rate due to side effects

653 views • 52 slides
This Unit: Single-Cycle Datapath App App App Datapath storage elements System software

This Unit: Single-Cycle Datapath App App App Datapath storage elements System software

This Unit: Single-Cycle Datapath App App App Datapath storage elements System software MIPS Datapath CIS 371 MIPS Control Mem CPU I/O Computer Organization and Design Unit 4: Single-Cycle Datapath Based on slides by Prof. Amir

287 views • 14 slides
Investigating the Use of Bayesian Networks in the Hora Approach for Component-based Online

Investigating the Use of Bayesian Networks in the Hora Approach for Component-based Online

Investigating the Use of Bayesian Networks in the Hora Approach for Component-based Online Failure Prediction Teerat Pitakrat, Andr van Hoorn University of Stuttgart Institute of Software Technology (ISTE) Reliable Software Systems (RSS)

1.36k views • 59 slides
Defined Eliminating barriers to adoption of IT Innovation Agenda t : 3 Keys to enabling

Defined Eliminating barriers to adoption of IT Innovation Agenda t : 3 Keys to enabling

Evolving towards Software Defined Eliminating barriers to adoption of IT Innovation Agenda t : 3 Keys to enabling innovation and transformation al Programmable data plane t Vertical disaggregation of network solutions

798 views • 40 slides
Access, Equity, Diversity and Inclusion

Access, Equity, Diversity and Inclusion

Access, Equity, Diversity and Inclusion Founded in 1991 independent, not-for-profit. Focus on one specific mission: to widen

446 views • 15 slides
Financing Vermonts Energy Transition VCRD Climate & Economy Conference February 18, 2015

Financing Vermonts Energy Transition VCRD Climate & Economy Conference February 18, 2015

Financing Vermonts Energy Transition VCRD Climate & Economy Conference February 18, 2015 Andrea Colnes EAN Executive Director Energy Action Network Mission: To end Vermonts reliance on fossil fuels and to create clean, affordable

518 views • 15 slides
Getting Serious About Vermonts Energy, Emissions, and Economic Goals H ou s e En e rgy &

Getting Serious About Vermonts Energy, Emissions, and Economic Goals H ou s e En e rgy &

Getting Serious About Vermonts Energy, Emissions, and Economic Goals H ou s e En e rgy & Te c h n ol ogy Com m i tte e , Ve r m ont Le gi s l at u re Ja nua r y 25, 2018 EAN: A Diverse Network Committed to Vermonts Goals Weve

384 views • 17 slides
Sotiris & Platonos 4, 18535 Piraeus "PRIME TRAVEL SERVICES" is operating as of

Sotiris & Platonos 4, 18535 Piraeus "PRIME TRAVEL SERVICES" is operating as of

Sotiris & Platonos 4, 18535 Piraeus "PRIME TRAVEL SERVICES" is operating as of January 2009. Our multiyear experience in tourism and trustworthy services provision, guarantees that even under the current difficult circumstances,

425 views • 3 slides
United to Make a Difference: Improving the Achievement of Young Men of Color Council of the

United to Make a Difference: Improving the Achievement of Young Men of Color Council of the

United to Make a Difference: Improving the Achievement of Young Men of Color Council of the Great City Schools Winter 2016 Average 2015 NAEP Male Math Scale Scores by Ethnicity Grade 4 Grade 8 300 260 290 250 280 Mean NAEP Scale Score

214 views • 9 slides
SMAC (Social Media Advisory Council ) October 18, 2011 | QR Codes QR Codes - How They Work

SMAC (Social Media Advisory Council ) October 18, 2011 | QR Codes QR Codes - How They Work

SMAC (Social Media Advisory Council ) October 18, 2011 | QR Codes QR Codes - How They Work QR Code Creation My favorite free sites: myqr.co delivr.com/qr-code-generator (best for being able to edit codes) mobilefish.com/services/qrcode

488 views • 13 slides
Climate Change Impact Assessment over West Central Florida using CLAREnCE10 data from FSU Results

Climate Change Impact Assessment over West Central Florida using CLAREnCE10 data from FSU Results

Climate Change Impact Assessment over West Central Florida using CLAREnCE10 data from FSU Results based on 3 GCMs and 3 CDF construction tech. for bias-correction Feb. 27. 2013 Syewoon Hwang, Wendy Graham Water Institute Research Raw GCMs or

544 views • 33 slides
Track and Trace Applying Technology To The Paddock to Plate Supply Chain Potential for Error is

Track and Trace Applying Technology To The Paddock to Plate Supply Chain Potential for Error is

Track and Trace Applying Technology To The Paddock to Plate Supply Chain Potential for Error is Everywhere Incorrect mixing Misread checklists Inaccurate labelling Contaminated raw materials At best, embarrassment

401 views • 22 slides

More recommend