Dependability Evaluation of Software Systems in Operation

This paper deals with evaluation of the dependability (considered as a generic term, whose main measures are reliability, availability, and maintainability) of software systems during their operational life, in contrast to most of the work performed up to now, devoted mainly to development and validation phases. The failure process due to design faults, and the behavior of a software system up to the first failure and during its life cycle are successively examined. An approximate model is derived which enables one to account for the failures due to the design faults in a simple way when evaluating a system's dependability. This model is then used for evaluating the dependability of 1) a software system tolerating design faults, and 2) a computing system with respect to physical and design faults.     

X-ware reliability and availability modeling

The problem of modeling a system's reliability and availability with respect to the various classes of faults (physical and design, internal and external) which may affect the service delivered to its users is addressed. Hardware and software models are currently exceptions in spite of the user's requirements; these requirements are expressed in terms of failures independently of their sources, i.e., the various classes of faults. The causes of this situation are analyzed; it is shown that there is no theoretical impediment to deriving such models, and that the classical reliability theory can be generalized in order to cover both hardware and software viewpoints that are X-Ware     

Basic concepts and taxonomy of dependable and secure computing

This paper gives the main definitions relating to dependability, a generic concept including a special case of such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures.     

The KAT (knowledge-action-transformation) approach to the modelingand evaluation of reliability and availability growth

An approach for the modeling and evaluation of reliability and availability of systems using the knowledge of the reliability growth of their components is presented. Detailed models of reliability and availability for single-component systems are derived under much weaker assumption than usually considered. These models, termed knowledge models, enable phenomena to be precisely characterized, and a number of properties to be deduced. Since the knowledge models are too complex to be applied in real life for performing predictions, simplified models for practical purposes (action models) are discussed. The hyperexponential model is presented and applied to field data of software and hardware failures. This model is shown to be comparable to other models as far as reliability of single-component systems is concerned: in addition, it enables estimating and predicting the reliability of multicomponent systems, as well as their availability. The transformation approach enables classical Markov models to be transformed into other Markov models which account for reliability growth. The application of the transformation to multicomponent systems is described     

Dependability modeling of safety systems

A safety system is aimed at monitoring the behavior of a process and at preventing severe damage to the process itself and its environment upon occurrence of an incident, du to the propagation of its effects. The paper is devided in three parts.In the first part the functions of a safety systems are stated and the dependability measures for such a system are defined.The second part is firstly devoted to a detailed study of the dependability of a simplex non fault-tolerant safety system, the problems of unrevealed faults and maintenance policy which are of a particular importance are emphized. The results are then used to study the dependability of fault-tolerant safety systems.The third part is devoted to the evaluation of an actual distributed safety system with degraded mode of operation: the control system of the extra high voltage substations of French Electricity network.     

Performance-related dependability evaluation of supercomputer systems

The paper presents an example of performance-related dependability evaluation of a supercomputer structure corresponding to an MIMD multiprocessor system intended for high speed scientific computation. The approach presented addresses the problems of deriving a model that is tractable yet representative of the behavior of a complex system. This is achieved by means of an intensive validation study, and through the evaluation of measures of interest which account for the specific operating requirements characterizing the system under investigation: a) maintain very high throughput over a long period of time, and b) provide an efficient operational life-cycle.     

Fault injection for dependability validation: a methodology andsome applications

The authors address the problem of validating the dependability of fault-tolerant computing systems, in particular, the validation of the fault-tolerance mechanisms. The proposed approach is based on the use of fault injection at the physical level on a hardware/software prototype of the system considered. The place of this approach in a validation-directed design process and with respect to related work on fault injection is clearly identified. The major requirements and problems related to the development and application of a validation methodology based on fault injection are presented and discussed. Emphasis is put on the definition, analysis, and use of the experimental dependability measures that can be obtained. The proposed methodology has been implemented through the realization of a general pin-level fault injection tool (MESSALINE), and its usefulness is demonstrated by the application of MESSALINE to the experimental validation of two systems: a subsystem of a centralized computerized interlocking system for railway control applications and a distributed system corresponding to the current implementation of the dependable communication system of the ESPRIT Delta-4 Project     

On Reliability Prediction of Repairable Redundant Digital Structures

Taking into account the real characteristics of redundant digital structures leads to neglect of failures occuring during the repair instants. The formal definition of the corresponding hypotheses leads to a simplified Markov model which a) is homogenous and b) has instantaneous repairs. At last, the paper describes the way by which the validity of the hypotheses can be judged.     

Parametric Analysis of 2-Unit Redundant Computer Systems With Corrective and Preventive Maintenance

This paper shows the span of results which can be obtained by modeling a system's behavior by stochastic processes and demonstrates practical rules for employing Markov and semi-Markov models. The introduction summarizes several methods for reliability analysis and gives the advantages and drawbacks of four methods: Markov processes, semi-Markov processes, supplementary variables, the method of stages. The remainder deals with reliability and availability modeling of a 2-unit redundant computer system. There are a) two types of maintenance: corrective (c. m.) and preventive (p. m.), and b) two system parameters: coverage, and an increased failure rate when one unit is under repair or inspection. Approximate expressions for reliability, mean time to failure, and asymptotic availability show the effects of the system parameters as well as of the shapes of the Cdf's of the times related to maintenance actions. For c.m., Markov modeling is a good approximation. For p.m., Markov modeling is a rough approximation; one can go to semi-Markov models or to the method of stages. Lastly, an approximate expression is given for the mean inspection interval which maximizes reliability and availability for p.m.