Dependability ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.

Dependability

ITV Model-based Analysis and Design of Embedded SoftwareTechniques and methods for Critical Software

Anders P. RavnAalborg University

August 2011

Basic Concepts

• Availability: readiness for correct service.• Reliability: continuity of correct service.• Safety: absence of catastrophic consequences.• Confidentiality: absence of unauthorized disclosure

of information• Integrity: absence of improper system alterations.• Maintainability: ability to undergo modifications.

Other terms

Threats and Means

Development Phase and Faults

1. the physical world with its natural phenomena,

2. human developers, some possibly lacking competence or having malicious objectives,

3. development tools: software and hardware used by the developers to assist them in the development process.

4. production and test facilities.

Fault * prevention ? * tolerance ? * removal ? * prediction ?

Use Phase and Faults1. the physical world with its natural phenomena,

2. administrators (including maintainers): entities (humans or other systems) that have the authority to manage, modify, repair and use the system; some authorized humans may lack competence or have malicious objectives;

3. users: entities that receive service from the system at their use interfaces;

4. providers: entities that deliver services to the system at its use interfaces;

5. infrastructure: entities that provide specialized services to the system, such as information sources (e.g., time, GPS, etc.), communication links, power sources, cooling airflow, etc.

6. intruders: malicious entities that attempt to exceed any authority they might have and alter service or halt it, alter the system’s functionality or performance, or to access confidential information. Examples include hackers, vandals, corrupt insiders, agents of hostile governments or organizations, and malicious software.

Fault * prevention ? * tolerance ? * removal ? * prediction ?

Elem

entary

Fau

lt

Classes

Combined classification

Failure Modes

Means

Fault

prevention

removal

prediction or forecasting

tolerance

Fault prevention

• Systematic procedures• Clean room (Harlan Mills)• Inspection• Reviews

Fault prevention

• Careful Design

• Conservative Design

• process (activities)

• notations

• tools

• robust functionality

• testability

• tracability

Fault Removal

In Development

1. Verification and validation

2. Diagnosis

3. Correction

In Use• Preventive maintenance• Corrective maintenance• Fault isolation

Verification Techniques

Test approaches

Fault forecasting

• Qualitative evaluation• Quantitative evaluation

Models: Markov-processes, Fault-trees, ...

Fault Forecasting

• Calculation – analysis of design

• Simulation – measurement on design

• Test -- measurement on implementation

Means

Exercise• Where would you add prevention, removal and forecasting

in a V-model process?• What would you add?

Requirements Spec --------------------------- Accpt. Test Report Acceptance Test Spec

Architectural Spec ------------------------ Integr. Test Report Integration Test Spec

Module Interface Spec Module Spec ------------------- Module Test Report

Module Test Spec

Program Source text