Dependability Co-Design
نویسندگان
چکیده
It is widely agreed that high levels of software system dependability can only be achieved if the system is designed with dependability in mind; security and other dependability properties cannot be “added-on” to an undependable implementation. However, most modern software development methodologies are based on the notion that quality is achieved through incremental improvement. The question then arises: Are these modern evolutionary methodologies incompatible with strict dependability requirements? Our answer is that they need not be, provided dependability concerns are addressed in a semi-independent, but closely coupled, fashion we call dependability co-design. 1 Functionality versus Dependability A software system is dependable to the extent that it can justifiably be relied upon to satisfy its requirements. Many system properties contribute to dependability. Security is a representative example: clearly, a system containing serious security flaws – say, one that is easily infected by a “virus” transmitted by email – cannot be depended upon to behave as it should. The vast majority of systems have at least a few strong dependability requirements (e.g., that the privacy of passwords must be protected), and some systems have a wide range of extremely stringent dependability requirements. Dependabilty properties tend to be properties of the system as a whole, in the sense that a serious flaw in any part of the system can destroy dependability. For that reason, dependability typically cannot be achieved by adding software to an undependable system. Again, security is a representative example. If a single system component allows unauthorized access to information that must be kept private, the system as a whole is insecure. Plugging the information leak generally requires modification of the component’s internals, and perhaps a change in the system architecture, rather than adding an additional “plug” component. Even worse, leaks can be an emergent property of the system, in the sense that no individual component compromises information security, but the combination of components does so. Thus, the discovery of dependability problems can indicate that extensive — hence, costly — global changes in the system are needed. As a result, there is considerable incentive to make sure that required levels of dependability are designed-in as a system is developed. This observation appears to conflict with recent work on software development methodologies, however. Modern methodologies, from the prototyping-based methodologies of the 1980’s [1] to today’s “eXtreme programming” [2] movement, de-emphasize requirements specification. Rather than trying to specify requirements — a notoriously difficult business with typically unsatisfactory results — one proceeds with programming based on an informal understanding of what the system is supposed to do. Once an executable program is available, the customer can evaluate whether it satisfies his (still unstated) requirements. If not, he can request that specific changes be made, still without having to explain exactly how those changes contribute to requirements satisfaction, much less what the requirements are. The common feature of these methodologies is the emphasis on evolution as the means of achieving requirements satisfaction. There are two sorts of arguments in favor these modern evolutionary methodologies, one positive and the other negative. The positive argument is that, historically, virtually all systems that are now considered to be high-quality have evolved from earlier versions that were lower quality in response to market demands. The negative argument is that, historically, customers have been unable to fully explicate their requirements. Almost without exception, when development is based on an initial requirements specification and the assumption that any system that satisfies the specified requirements will be acceptable, the customer winds up disappointed by the final product. So the modern development methodologies amount to nothing more than codifications of what experience has shown to work best. Does adoption of a development methodology that eschews a great deal of “upfront” formal design doom a developer to either extensive redesign and re-implementation to achieve dependability after the desired functionality has been achieved, or living
منابع مشابه
Dependability Driven System Level Co-Design and Optimization of Embedded Systems
Embedded systems are becoming pervasive in diverse application domains such as automotive, avionic, medical, control and their functionality is increasingly defined by software (SW). Such systems especially in safety-critical (SC) applications, with implications on system dependability and real-time must be designed to be dependable (fault tolerant) enough and have to meet timing requirements i...
متن کاملFunctionality/Dependability Co-design in Real-Time Embedded Software
As embedded processors become more powerful, demand for quantity and complexity of real-time embedded function increases. This increase in function is in direct opposition to system dependability requirements, since dependability is harder to achieve in larger or more complex applications. While tradeoffs must be made in designing systems to achieve both these ends, system architectures have th...
متن کاملFault Tolerant Memory Design for HW/SW Co-Reliability in Massively Parallel Computing Systems
A highly dependable embedded fault-tolerant memory architecture for high performance massively parallel computing applications and its dependability assurance techniques are proposed and discussed in this paper. The proposed fault tolerant memory provides two distinctive repair mechanisms: the permanent laser redundancy reconfiguration during the wafer probe stage in the factory to enhance its ...
متن کاملManaging the evolution of dependability cases for systems of systems
Dependability is a composite property consisting of attributes such as reliability, availability, safety and security. The achievement of these attributes is often essential for the operational success of systems undertaking critical and complex tasks. Assurance that the final system will demonstrate the required dependability qualities, can be crucial to the acceptance of the system into servi...
متن کاملApplying Design Diversity to Aspects
Design diversity has been proposed as a strategy for reducing the number of co-occurring faults in multiple redundant versions of a given application. While much research has focused on methods for enhancing the multiversion diversity of applications or estimating system dependability, relatively less work has been done to incorporate supporting system and infrastructure elements into design di...
متن کاملDependability Modeling Using Petri-Nets
Duke University, Durham Petri-net based models have been extensively used for performance & performability modeling to analyze computer & communication systems [ 1 71. However, in the dependability modeling co-unity, Petri-net based models have received co~i&rably less attention [8 101. This paper describes a methodology to con
متن کامل