The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March-April (2014 vol.11)
pp: 193-206
Kizito Salako , City University London, London
Lorenzo Strigini , City University London, London
ABSTRACT
Fault tolerance via diverse redundancy, with multiple "versions"' of a system in a redundant configuration, is an attractive defence against design faults. To reduce the probability of common failures, development and procurement practices pursue "diversity"' between the ways the different versions are developed. But difficult questions remain open about which practices are more effective to this aim. About these questions, probabilistic models have helped by exposing fallacies in "common sense" judgements. However, most make very restrictive assumptions. They model well scenarios in which diverse versions are developed in rigorous isolation from each other: A condition that many think desirable, but is unlikely in practice. We extend these models to cover nonindependent development processes for diverse versions. This gives us a rigorous way of framing claims and open questions about how best to pursue diversity, and about the effects--negative and positive--of commonalities between developments, from specification corrections to the choice of test cases. We obtain three theorems that, under specific scenarios, identify preferences between alternative ways of seeking diversity. We also discuss nonintuitive issues, including how expected system reliability may be improved by creating intentional "negative"' dependences between the developments of different versions.
INDEX TERMS
Phase frequency detector, Software, Reliability, Random variables, Computational modeling, Correlation, Probabilistic logic,reliability, Common-mode failure, software diversity, fault tolerance, multiversion software, probability of failure on demand
CITATION
Kizito Salako, Lorenzo Strigini, "When Does "Diversity"' in Development Reduce Common Failures? Insights from Probabilistic Modeling", IEEE Transactions on Dependable and Secure Computing, vol.11, no. 2, pp. 193-206, March-April 2014, doi:10.1109/TDSC.2013.32
REFERENCES
[1] L. Strigini, "Fault Tolerance against Design Faults," Dependable Computing Systems: Paradigms, Performance Issues, and Applications, H. Diab and A. Zomaya, eds., pp. 213-241, J. Wiley & Sons, 2005.
[2] L. Pullum, Software Fault Tolerance Techniques and Implementation, Computer Security Series. Artech House, 2001.
[3] A. Avizienis, "The Methodology of N-Version Programming," Software Fault Tolerance, M. Lyu, ed., pp. 23-46, J. Wiley & Sons, 1995.
[4] M. Lyu and Y. He, "Improving the N-Version Programming Process through the Evolution of a Design Paradigm," IEEE Trans. Reliability, vol. R-42, no. 2, pp. 179-189, June 1993.
[5] B. Littlewood and L. Strigini, "A Discussion of Practices for Enhancing Diversity in Software Designs," Technical Report LS-DI-TR-04, Centre for Software Reliability, City Univ., DISPO Project, http://openaccess. city.ac.uk275/, 2000.
[6] P.T. Popov and L. Strigini, "Conceptual Models for the Reliability of Diverse Systems—New Results," Proc. 28th Int'l Symp. Fault-Tolerant Computing (FTCS '28), pp. 80-89, 1998.
[7] B. Littlewood, P. Popov, and L. Strigini, "Modelling Software Design Diversity—A Review," ACM Computing Surveys, vol. 33, pp. 177-208, 2001.
[8] B. Littlewood and L. Strigini, "Validation of Ultra-High Dependability for Software-Based Systems," Comm. ACM, vol. 36, pp. 69-80, 1993.
[9] R.W. Butler and G.B. Finelli, "The Infeasibility of Quantifying the Reliability of Life-Critical Real-Time Software," IEEE Trans. Software Eng., vol. 19, no. 1, pp. 3-12, Jan. 1993.
[10] J.C. Knight and N.G. Leveson, "An Experimental Evaluation of the Assumption of Independence in Multi-Version Programming," IEEE Trans. Software Eng., vol. SE-12, no. 1, pp. 96-109, Jan. 1986.
[11] D.E. Eckhardt and L.D. Lee, "A Theoretical Basis for the Analysis of Multiversion Software Subject to Coincident Errors," IEEE Trans. Software Eng., vol. SE-11, no. 12, pp. 1511-1517, Dec. 1985.
[12] B. Littlewood and D.R. Miller, "Conceptual Modelling of Coincident Failures in Multi-Version Software," IEEE Trans. Software Eng., vol. SE-15, no. 12, pp. 1596-1614, Dec. 1989.
[13] B. Littlewood, P. Popov, L. Strigini, and N. Shryane, "Modelling the Effects of Combining Diverse Software Fault Removal Techniques," IEEE Trans. Software Eng., vol. SE-26, no. 12, pp. 1157-1167, Dec. 2000.
[14] B. Littlewood and L. Strigini, "Redundancy and Diversity in Security," Proc. Ninth European Symp. Research in Computer Security (ESORICS '04), pp. 423-438, 2004.
[15] L. Strigini, A.A. Povyakalo, and E. Alberdi, "Human-Machine Diversity in the Use of Computerised Advisory Systems: A Case Study," Proc. Int'l Conf. Dependable Systems and Networks (DSN '03), pp. 249-258, 2003.
[16] Y.C.B. Yeh, "Design Considerations in Boeing 777 Fly-by-Wire Computers," Proc. Third High-Assurance Systems Eng. Symp. (HASE), pp. 64-73, 1998.
[17] D.E. Eckhardt, A.K. Caglayan, J.C. Knight, L.D. Lee, D.F. McAllister, M.A. Vouk, and J.P. Kelly, "An Experimental Evaluation of Software Redundancy As a Strategy for Improving Reliability," IEEE Trans. Software Eng., vol. 17, no. 7, pp. 692-702, July 1991.
[18] S. Lauritzen, Graphical Models, Oxford Statistical Science Series, vol. 17, Clarendon Press, 1996.
[19] D. Heckerman, A. Mamdani, and M.P. Wellman, "Real-World Applications of Bayesian Networks," Comm. ACM, vol. 38, no. 3, pp. 24-26, 1995.
[20] P.-J. Courtois, B. Littlewood, L. Strigini, D. Wright, N. Fenton, and M. Neil, "Bayesian Belief Networks for Safety Assessment of Computer-Based Systems," System Performance Evaluation: Methodologies and Applications, E. Gelenbe, ed., pp. 349-363, CRC Press, 2000.
[21] P. Popov and B. Littlewood, "The Effect of Testing on the Reliability of Fault-Tolerant Software," Proc. Int'l Conf. Dependable Systems and Networks (DSN '04), pp. 265-274. 2004.
[22] P. Popov, L. Strigini, and A. Romanovsky, "Choosing Effective Methods for Design Diversity—How to Progress from Intuition to Science," Proc. 18th Int'l Conf. Computer Safety, Reliability and Security (SAFECOMP '99), pp. 272-285, 1999.
[23] X. Cai, M.R. Lyu, and M.A. Vouk, "An Experimental Evaluation on Reliability Features of N-Version Programming," Proc. 16th Int'l Symp. Software Reliability Eng. (ISSRE '05), pp. 161-170, 2005.
[24] P. Popov, V. Stankovic, and L. Strigini, "An Empirical Study of the Effectiveness of 'Forcing Diversity' Based on a Large Population of Diverse Programs," Proc. IEEECS 23rd Int'l Symp. Software Reliability Eng. (ISSRE '12), 2012.
60 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool