Chapter 12 Dependability and Security Specification
1
S
Chapter 13 – Dependability Engineering
1
Chapter 12 Dependability and Security Specification
2
Dependability through Redundancy and Diversity
Redundancy – having multiple components that perform the same function
Diversity – usage of secondary components that are distinct in structure from each other
Chapter 12 Dependability and Security Specification
3
Redundancy Examples
Power Supply
Disc (RAID)
Processor
Database server
Web server
DNS servers
Authentication servers
Chapter 12 Dependability and Security Specification
4
Redundancy
Redundancy solves problems of failure
Redundancy does not solve problems of design Same password authetication Same processing of database
Chapter 12 Dependability and Security Specification
5
Diversity
Separate versions of software to accomplish the same thing
Software to check output of one set of software against that of another
Chapter 12 Dependability and Security Specification
6
Arguments Against Diversity
Too costly
Extra effort put into second set of software could have been applied to more validation, verification
Chapter 12 Dependability and Security Specification
7
Diversity Overhead
Mechanism to compare outputs, decide on correct output
Chapter 12 Dependability and Security Specification
8
Dependability and Agile Methods
Agile often considered not suitable for critical systems
Some debate exists
Chapter 12 Dependability and Security Specification
9
Dependability Through Architecture
Replication
Protection System
Self Monitoring System
N-Version programming
Chapter 12 Dependability and Security Specification
10
Replication
Same functionality Repeated Data replicated to other servers
Examples Database server Web server DNS server
Chapter 12 Dependability and Security Specification
11
Protection System
Control of system by one set of software
Independent monitoring of key parameters Override capability Only has to look at override
Example: One system to control train at airport Separate system shuts down car if overspeed
Chapter 12 Dependability and Security Specification
12
Self Monitoring Systems
Primary system performs primary operations
Second system constantly checks primary system
Effectiveness depends on: Diverse hardware Diverse software
Example:Airbus (5 processors)
Chapter 12 Dependability and Security Specification
13
N- Version
Multiple versions
Output selector / fault manager Monitors results from all concurrent systems
Chapter 12 Dependability and Security Specification
14
Diversity Issues
Separate teams: No interaction between teams Require different methodologies (oo vs functional),
programming languages, tools, algorithms
Challenges Teams may have same background, knowledge and
may make the same mistakes Requirements failures not resolved Requirements must leave no room for question
Chapter 12 Dependability and Security Specification
15
Dependability Through Processes
Requirements reviews
Requirements management
Formal Specification
System modeling – graphical
Design and program inspections
Static analysis of code
Test planning, management
Chapter 12 Dependability and Security Specification
16
DependabilityThrough Programming
Sommerville’s summary of some key development strategies
#1 Control Visibility of Data
#2 Check All inputs for Validity
#3 Provide handlers for exception
Chapter 12 Dependability and Security Specification
17
DependabilityThrough Programming
#4 Minimize error prone constructs Unconditional branch Floating point numbers Pointers Dynamic memory allocation Parralelism Recursion Interrupts
Chapter 12 Dependability and Security Specification
18
DependabilityThrough Programming
(Minimize error prone constructs) Inheritance Aliasing Unbounded Arrays Default input processing
Chapter 12 Dependability and Security Specification
19
DependabilityThrough Programming
#5 Provide restart (desktop apps)
#6 Check array bounds
#7 Include timeouts when calling external components
#8 Name constants