Chapter 13 – Dependability Engineering 1 Chapter 12 Dependability and Security Specification 1
Dependability through Redundancy and Diversity Redundancy – having multiple components that perform the same function Diversity – usage of secondary components that are distinct in structure from each other Chapter 12 Dependability and Security Specification 2
Redundancy Examples Power Supply Disc (RAID) Processor Database server Web server DNS servers Authentication servers Chapter 12 Dependability and Security Specification 3
Redundancy Redundancy solves problems of failure Redundancy does not solve problems of design Same password authetication Same processing of database Chapter 12 Dependability and Security Specification 4
Diversity Separate versions of software to accomplish the same thing Software to check output of one set of software against that of another Chapter 12 Dependability and Security Specification 5
Arguments Against Diversity Too costly Extra effort put into second set of software could have been applied to more validation, verification Chapter 12 Dependability and Security Specification 6
Diversity Overhead Mechanism to compare outputs, decide on correct output Chapter 12 Dependability and Security Specification 7
Dependability and Agile Methods Agile often considered not suitable for critical systems Some debate exists Chapter 12 Dependability and Security Specification 8
Dependability Through Architecture Replication Protection System Self Monitoring System N-Version programming Chapter 12 Dependability and Security Specification 9
Replication Same functionality Repeated Data replicated to other servers Examples Database server Web server DNS server Chapter 12 Dependability and Security Specification 10
Protection System Control of system by one set of software Independent monitoring of key parameters Override capability Only has to look at override Example: One system to control train at airport Separate system shuts down car if overspeed Chapter 12 Dependability and Security Specification 11
Self Monitoring Systems Primary system performs primary operations Second system constantly checks primary system Effectiveness depends on: Diverse hardware Diverse software Example:Airbus (5 processors) Chapter 12 Dependability and Security Specification 12
N- Version Multiple versions Output selector / fault manager Monitors results from all concurrent systems Chapter 12 Dependability and Security Specification 13
Diversity Issues Separate teams: No interaction between teams Require different methodologies (oo vs functional), programming languages, tools, algorithms Challenges Teams may have same background, knowledge and may make the same mistakes Requirements failures not resolved Requirements must leave no room for question Chapter 12 Dependability and Security Specification 14
Dependability Through Processes Requirements reviews Requirements management Formal Specification System modeling – graphical Design and program inspections Static analysis of code Test planning, management Chapter 12 Dependability and Security Specification 15
Dependability Through Programming Sommerville’s summary of some key development strategies #1 Control Visibility of Data #2 Check All inputs for Validity #3 Provide handlers for exception Chapter 12 Dependability and Security Specification 16
Dependability Through Programming #4 Minimize error prone constructs Unconditional branch Floating point numbers Pointers Dynamic memory allocation Parralelism Recursion Interrupts Chapter 12 Dependability and Security Specification 17
Dependability Through Programming (Minimize error prone constructs) Inheritance Aliasing Unbounded Arrays Default input processing Chapter 12 Dependability and Security Specification 18
Dependability Through Programming #5 Provide restart (desktop apps) #6 Check array bounds #7 Include timeouts when calling external components #8 Name constants Chapter 12 Dependability and Security Specification 19