system dependability
play

System Dependability Robert Wierschke Seminar Prozesssteuerung und - PowerPoint PPT Presentation

Mar 26, 2023 •421 likes •717 views

System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009 Outline 2 Motivation Dependability Definition Dependability attributes Attribute relevance Threads Fault model

  1. System Dependability Robert Wierschke Seminar “Prozesssteuerung und Robotik” 14. Januar 2009

  2. Outline 2 ■ Motivation ■ Dependability □ Definition □ Dependability attributes □ Attribute relevance ■ Threads □ Fault model □ Fault-error-failure ■ Attaining dependability □ Fault tolerance □ Redundancy ■ Software Dependability ■ Summary

  3. Motivation 3 ■ Deliver correct communication and computation services ■ First generation computer used unreliable components □ Hardware concept ■ Consequences of system failure □ Economically ◊ Credit card authorization $2.6 million / hour of downtime ◊ Airline reservation $89.500 / hour of downtime □ Human life ◊ What happens if the board computer of an air plane crashes?

  4. Definition: Dependability 1|2 4 [Merriam-Webster Online] dependability: capable of being depended on : reliable reliable: suitable or fit to be relied on : dependable “the collective term used to describe the availability performance and its influencing factors : reliability performance, maintainability performance and maintenance support performance” [7] □ (Zuverlässigkeit) □ Focus: availability ◊ Strongly influenced by telecommunication industry ■ Evolves over time ■ Depends on problem domain

  5. Definition: Dependability 2|2 5 “the trustworthiness of a computing system which allows reliance to be justifiably placed on the service it delivers” [1] □ Behaves as specified □ Avoids hazards ■ Dependability Attributes □ Reliability (Funktionsfähigkeit) □ Availability (Verfügbarkeit) □ Safety (Sicherheit) □ Confidentiality (Vertraulichkeit) □ Integrity (Integrität) □ Maintainability (Wartbarkeit)

  6. Reliability 1|2 6 ■ Continuity of service ■ Probability R(t) of a system/component to operate correctly during a time period t ■ Example: □ Space probe needs to operate correctly during the mission time. ■ Calculating reliability □ R(0) = 1 , R(∞) = 0 □ Failure probability Q(t) = 1 – R(t) □ Failure rate λ(t) number of failures during Δt □ For constant failure rate R(t) = e -λt [3]

  7. Reliability 2|2 7 ■ Empirical values ■ Assuming independent components □ Series □ Parallel [3]

  8. Availability 1|2 8 ■ Readiness for usage ■ Probability A of a system/component to operate correctly at any point in time ■ Example: □ Telecommunication ■ Availability vs. reliability □ Service that crashes often but restarts instantly has high A but low R(t) . 1 90,0 % 36,5 d ■ Number of 9s 2 99,0 % 3,65 d □ Availability per year 3 99,9 % 8,76 h 4 99,99 % 52,6 min 5 99,999 % 5,26 min 6 99,9999 % 31,5 s 7 99,99999 % 0,3 s

  9. Availability 2|2 9 ■ A = MTTF / (MTTF + MTTR) □ MTTF mean time to failure ◊ MTTF = 1/λ □ MTTR mean time to repair ◊ Shorter repair time leads to higher availability □ MTTB mean time between failures [5]

  10. Safety 10 ■ Avoidance of catastrophic consequences ■ Property of a system/component that it will not imperil equipment or human life. ■ Example: nuclear power plant □ If the reactor reaches temperature X, it must shut down within time Y. ■ Conflicting with reliability: a non working system is often save □ Fail-safe: system reaches a safe state □ Fail-operational: system provides a degraded service mode ◊ Example: spare tire

  11. Security 11 ■ Combines confidentiality and integrity ■ Property of a system/component that it will prevent unauthorized access or alteration of data ■ example: control board in train □ Displays and switches are behind a glass door, thus values can be read be everyone but not modified.

  12. Maintainability 12 [2] ■ System can be repaired and modified ■ Repair rate: μ = 1 / MTTR ■ Hard to specify and measure □ Low maintainability ◊ e.g. Satellites ◊ Requires high reliability

  13. Attribute relevance 13 ■ Depends on problem domain □ Economical: Are financial consequence acceptable? □ Ethical: Are risks for life or equipment acceptable? ■ Attributes might be conflicting □ Fail-safe state (reliability vs. safety) ■ Classes □ Uncritical Embedded Systems (e.g. mobile phone, Lego NXT) □ High-Integrity Embedded Systems (e.g. Satellites ) □ Safety-Critical Systems (e.g. aircraft)

  14. Threads 14 ■ Anything that is capable of decreasing the system dependability ■ A meaningful specification must state threads to relevant dependability attributes ■ Fault model [5]

  15. Fault-Error-Failure 1|3 15 ■ Fault □ A defect within the system, that eventually leads to an error. ◊ Active f. if it causes an error, otherwise [2] ◊ Dormant f. □ Fault classes ■ Error □ Part of system state that may lead to failure.

  16. Fault-Error-Failure 2|3 16 ■ Failure □ Event that occurs when the delivered service deviates from correct service □ Service restoration: transition from incorrect to correct service □ Partial failure: a failure of a service may leave the system in degraded mode (e.g. Emergency service) ■ Fault/failure chain □ Failures are recognized at component boundaries, thus a failure can be considered a fault in a depending component [2]

  17. Fault-Error-Failure 3|3 17 ■ Failure □ Typical failure rate ◊ Hardware: bath tube curve [5] ◊ Software [5]

  18. Attain dependability 18 ■ Fault prevention □ Avoid fault to be introduced into the system □ Development techniques ■ Fault tolerance □ Mechanisms that allow the system to operate correctly in case of certain failures □ Possibly degraded service mode ■ Fault removal □ Development or usage phase □ Maintenance ■ Fault forecasting □ Predicting likely faults

  19. Fault tolerance 1|4 19 ■ Definition: Means to maintain service while faults are present. ■ Improves reliability and availability ■ Fault can only be tolerated if it was expected ■ Phases □ Error detection □ Damage assessment □ State restoration □ Continue service ◊ Degraded mode

  20. Fault tolerance 2|4 20 ■ Error detection techniques □ Result comparison ◊ Compare results of redundant components □ Watchdog timers ◊ Assume failure if result is late □ Reasonableness ◊ Range checks ◊ Constraints (e.g. negative value) □ Information redundancy ◊ Checksums □ Functionality test ◊ Memory checks

  21. Fault tolerance 3|4 21 ■ Error recovery □ Forward ◊ Discard computation ◊ Resume service from a error-free system state. ◊ Typical used for periodic tasks □ Backward ◊ Roll-back to know-good sate (checkpoints) ◊ Re-execution of failed task possible

  22. Fault tolerance 4|4 22 ■ Replication □ Using multiple identical instances of a component □ Parallel task processing □ Voting/quorum ■ Diversity □ Tolerate systematic failures □ Using multiple different implementations of a component □ Otherwise use as replica “The most certain and effectual check upon errors which arise in the process of computation, is to cause the same computations to be made by separate and independent computers; and this check is rendered still more decisive if they make their computations by different methods” [1834; Lardner; 2] ■ Redundancy

  23. Redundancy 1|2 23 ■ Using multiple identical instances of a component if component fails, switch to another (fail-over) ■ Types □ Space ◊ Use multiple components of the same type □ Time ◊ Send messages multiple times ◊ Execute computation multiple times □ Information ◊ Checksums, error correcting codes

  24. Redundancy 2|2 24 ■ Active redundancy □ Parallel components, voting □ Voter is single point of failure □ Fail-silent □ N-modular-redundancy ◊ N >= 3 (TMR) [3] ◊ Tolerates (N-1)/2 component failures ■ Passive redundancy □ Hot standby ◊ Operating in background [3] to keep synchronized □ Cold standby

  25. Software Dependability 1|2 25 ■ Fault model for software components □ Bohrbugs: easily reproducible □ Heisenbugs: complex event combination; transient faults; hard to reproduce □ “Aging”: fault accumulation (e.g. memory leaks) [8]

  26. Software Dependability 2|2 26 ■ Rejuvenation “proactive fault management technique aimed at cleaning up the system internal state to prevent the occurrence of more severe crash failures in the future” [8] □ Heisenbugs, Aging ■ N-version Programming □ Different implementation of a software component (diversity) □ Bohrbugs (operational phase) ■ Retrying operations □ Heisenbugs, Aging ■ Fault masking/reconfiguring/fail over □ e.g. FT CORBA □ NMR □ Heisenbugs, Aging

  27. Summary 1|2 27 ■ System Dependability is the ability of a system/component to operate as specified. Depending on the problem domain it subsumes a set of dependability attributes (reliability, availability, safety, security, maintainability, ...) with varying importance. ■ Threads □ Define possible degradation of system dependability □ Need to be specified □ Fault -> Error -> Failure --> Fault

  28. Summary 2|2 28 ■ Fault tolerance □ Operate regardless of certain faults □ Tolerates only expected faults □ Strategies ◊ Replication ◊ Diversity ◊ Redundancy ● Space, time, information ● Active or passive

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of a system can be carried out either: experimentally (heuristic) : a system prototype is built and empirical statistical data are used to evaluate

470 views • 25 slides
Assured Reconfiguration: An Architectural Core For System Dependability ICSE 2005 Workshop on

Assured Reconfiguration: An Architectural Core For System Dependability ICSE 2005 Workshop on

UVA Dependability Research Group Assured Reconfiguration: An Architectural Core For System Dependability ICSE 2005 Workshop on Architecting Dependable Systems John Knight University of Virginia Joint work with Elisabeth Strunk UVA

566 views • 40 slides
Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

8/27/2013 Dependability and Security with Dependability and Security with Clouds of Clouds lessons learned from n years of research Miguel Correia WORKSHOP ON DEPENDABILITY AND INTEROPERABILITY IN WORKSHOP ON DEPENDABILITY AND

657 views • 26 slides
Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

The trade-off betw een energy consumption and dependability consumption and dependability Johan Karlsson Department of Computer Science and Engineering Chalmers University of Technology Gteborg, Sweden Trade-offs in Computer System Design

363 views • 22 slides
Software Architecture & Dependability Valrie Issarny INRIA Joint work with Apostolos

Software Architecture & Dependability Valrie Issarny INRIA Joint work with Apostolos

Software Architecture & Dependability Valrie Issarny INRIA Joint work with Apostolos Zarras, Christos Kloukinas, Ferda Tartanoglou 1 Outline Dependability concepts SA and dependability analysis Automated dependability

1.45k views • 87 slides
Introduction to Dependability slides made with the collaboration of: Laprie, Kanoon, Romano

Introduction to Dependability slides made with the collaboration of: Laprie, Kanoon, Romano

Introduction to Dependability slides made with the collaboration of: Laprie, Kanoon, Romano Overview Dependability : " [..] the trustworthiness of a computing system which allows reliance to be justifiably placed on the service it delivers

818 views • 30 slides
1 Dependability Management Achieving dependability in WS Architectures Testing web services

1 Dependability Management Achieving dependability in WS Architectures Testing web services

Setting the scene Deutsche Bank AG has agreed to outsource two internal business processes to Accenture Ltd. as part of Dependability of its ambitious program to cut costs and Web Service Architectures increase efficiency by moving

357 views • 7 slides
Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs

Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs

Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs Institute of Information Technology University of Duisburg-Essen, Germany kochs@uni-duisburg.de safety do, the idea is to extend dependability to

575 views • 3 slides
An Architecture for An Architecture for Configurable Dependability of Configurable Dependability

An Architecture for An Architecture for Configurable Dependability of Configurable Dependability

University Of Paderborn Software Engineering Group Prof. Dr. W. Schfer An Architecture for An Architecture for Configurable Dependability of Configurable Dependability of Application Services Application Services Matthias Tichy

422 views • 11 slides
A Dependability Case Language for a Radiation Therapy System C Michael Ernst, Dan Grossman, Jon

A Dependability Case Language for a Radiation Therapy System C Michael Ernst, Dan Grossman, Jon

A Dependability Case Language for a Radiation Therapy System C Michael Ernst, Dan Grossman, Jon Jacky, Calvin Loncaric, Stuart Pernsteiner, D Zachary Tatlock, Emina Torlak, Xi Wang L University of Washington vision end-to-end verification

715 views • 23 slides
Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University

Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University

Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University ICSE Workshop on Architecting Dependable Systems May 2002 scher lis@cmu.edu Dependability and Architecture Dependability Reliance that

158 views • 13 slides
Analyzing i* System Models for Dependability Properties: The Uberlingen Accident Neil Maiden 1 ,

Analyzing i* System Models for Dependability Properties: The Uberlingen Accident Neil Maiden 1 ,

Analyzing i* System Models for Dependability Properties: The Uberlingen Accident Neil Maiden 1 , Namit Kandar 1 and David Bush 2 City University 1 , Ascolto Ltd UK 2 Centre for HCI Design Centre for HCI Design First Slide 1 Centre for HCI

81 views • 5 slides
Dependability in the real world Dependability in the real world p Dependability needs arise from

Dependability in the real world Dependability in the real world p Dependability needs arise from

P redicting redicting V alue from alue from D esign esign Mary Shaw with Ashish Arora, Shawn Butler, Vahe Poladian, Chris Scaffidi Carnegie Mellon University http://www.cs.cmu.edu/~shaw/ Institute for Software Research, International 1

654 views • 63 slides
Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor

Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor

Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor {tim,johnmc}@cs.clemson.edu School of Computing Clemson University 1 Problem Statement How do we predict and evaluate the dependability of a software

733 views • 24 slides
Layered Dependability Modeling of an Air Traffic Control System Olivia Das and C. Murray Woodside

Layered Dependability Modeling of an Air Traffic Control System Olivia Das and C. Murray Woodside

WADS Workshop at ICSE 2003 Olivia Das, Murray Woodside, May 3, 2003 1 C Layered Dependability Modeling of an Air Traffic Control System Olivia Das and C. Murray

631 views • 15 slides
Fault Tolerance Chi Zhang czhang@cs.fiu.edu Basic Concepts Dependability Includes

Fault Tolerance Chi Zhang czhang@cs.fiu.edu Basic Concepts Dependability Includes

COP 6611 Advanced Operating System Fault Tolerance Chi Zhang czhang@cs.fiu.edu Basic Concepts Dependability Includes Availability Run time / total time Reliability The length of uninterrupted run time Safety When a

544 views • 16 slides
Process Flows and ShinMing Guo Supporting Facility NKFUST Process Flow Structures

Process Flows and ShinMing Guo Supporting Facility NKFUST Process Flow Structures

Process Flows and ShinMing Guo Supporting Facility NKFUST Process Flow Structures Process Performance Facility Layout Servicescapes 1 Definition of a Business Process A process is a set of activities that accepts inputs

629 views • 17 slides
How to Adapt Your Quality Control Program During COVID-19 Sponsored by July 9, 2020 ABOUT AAFA

How to Adapt Your Quality Control Program During COVID-19 Sponsored by July 9, 2020 ABOUT AAFA

How to Adapt Your Quality Control Program During COVID-19 Sponsored by July 9, 2020 ABOUT AAFA www.aafaglobal.org/COVID19 SUPPORT Audio Challenges? Listen on your telephone. The phone number is located in the AUDIO section of the control

533 views • 28 slides
The binary paint shop problem Robert mal (Charles University) Joint work with J. Han cl,

The binary paint shop problem Robert mal (Charles University) Joint work with J. Han cl,

The binary paint shop problem Robert mal (Charles University) Joint work with J. Han cl, A. Kabela, M. Opler, J. Sosnovec, P . Valtr MCW, Prague Jul 30, 2019 Outline Introduction Our results 1/14 The problem double occurrence

681 views • 18 slides
Altering Java Semantics via Bytecode Manipulation Eric Tanter, Marc S egura-Devillechaise,

Altering Java Semantics via Bytecode Manipulation Eric Tanter, Marc S egura-Devillechaise,

Jinline Altering Java Semantics via Bytecode Manipulation Eric Tanter, Marc S egura-Devillechaise, Jacques Noy e, Jos e Piquer { etanter, jpiquer } @dcc.uchile.cl { msegura, jnoye } @emn.fr. DCCUniversity of Chile (Chile),

218 views • 17 slides
A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts

A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts

A Few Months In The Life Of An RPKI Validator http://rpki.net/ A Few Months In The Life Of An RPKI Introduction Validator Performance Graphs Object Counts Connection Counts Objects/Connection Seconds/Object Rob Austein

663 views • 32 slides
Survival Analysis http://www.isrec.isb-sib.ch/~darlene/EMBnet/ EMBnet Course Introduction to

Survival Analysis http://www.isrec.isb-sib.ch/~darlene/EMBnet/ EMBnet Course Introduction to

Survival Analysis http://www.isrec.isb-sib.ch/~darlene/EMBnet/ EMBnet Course Introduction to Statistics for Biologists 23 Jan 2009 Modeling review Want to capture important features of the relationship between a (set of) variable(s) and

433 views • 10 slides
2D Triangulation Input 2D Boundary Output Triangle Mesh Physical Simulation Yixin Hu, 2 9/5/19

2D Triangulation Input 2D Boundary Output Triangle Mesh Physical Simulation Yixin Hu, 2 9/5/19

TriWild : Robust Triangulation with Curved Constraints 1 Yixin Hu, 1 1 Teseo Schneider, 2 2 Xifeng Gao, 3 Qingnan Zhou, 3 4 Alec Jacobson, 1 4 Denis Zorin, 1 Daniele Panozzo. 2D Triangulation Input 2D Boundary Output Triangle

946 views • 72 slides
Disclosures Cost and Value Considerations in Adult Deformity Surgery Research/Institutional

Disclosures Cost and Value Considerations in Adult Deformity Surgery Research/Institutional

11/4/16 Disclosures Cost and Value Considerations in Adult Deformity Surgery Research/Institutional Support: NIH, AO Spine, OREF AOA The Role of Innovations and Bending the Cost Curve Honoraria: Medtronic, DePuy, Stryker,

408 views • 16 slides

More recommend