L15: Dependability Flashcards

1
Q

What is dependability?

A

Reflects the extent of the user’s confidence that the system will
operate as users expect and that it will not fail during normal use

For many computer systems, this is often the most important property.

Dependability is subjective. Depends on the judgement of stakeholders. What is a failure to one stakeholder may be acceptable behaviour to another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why is dependability important?

A

System dependability is important because failure of critical systems can lead to economic losses, information loss, physical damage or threats to human life.

Increasing use of software and reliance on it.

Increasing instances of software failure.

Costs ranging from inconvenience to potential loss of life.

Increasing need to develop and maintain dependable systems.

Extent of dependability required of a system depends on its use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does the system specification enforce/define dependability?

A

The dependability of a computer system is a system property that reflects the user’s degree of trust in the system.

Dependability can only be defined formally with respect to a system specification

A failure is a deviation from this specification. However, many specifications are incomplete or incorrect.

A system that conforms to its specification may fail from the
perspective of system users. Users don’t typically read specifications so don’t know how the system is supposed to behave. Therefore, perceived dependability is more important in practice.

Think about how the users perceive dependability so that they can understand it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can we show the conceptual framework of dependability?

A

A dependability tree.
A tree where the root is dependability, and it has 3 children:
- Attributes/dimensions/properties
- Threats
- Means

The conceptual framework aims to provide a holistic view of dependability and its components.

Think about the concepts in relation to a real life example, e.g. a self-driving car. This could be emergency breaking system, software security (cannot be hacked). We could use encryption as a mean of prevention.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the dimensions of dependable systems?

A

The most important dimensions of dependability are availability, reliability, safety, security and resilience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define some of the dimensions of dependable systems.

A

Availability
- The ability of the system to deliver services when requested
Reliability
- The ability of the system to deliver services as requested
Safety
- The ability of the system to operate without catastrophic failure
Security
- The ability of the system to protect itself against deliberate or accidental intrusion
Resilience
- The ability of the system to resist and recover from damaging events
Repairability
- Reflects the extent to which the system can be repaired in the event
of a failure
Maintainability
- Reflects the extent to which the system can be adapted to new
requirements
Error tolerance
- Reflects the extent to which user input errors can be avoided and tolerated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the threats to dependability?

A

Failures
- A failure is an event that occurs when the delivered service deviates from correct service.
Errors
- An error is a deviation of at least one system state from the correct service state.
Faults
- A fault is an adjudged or hypothesised cause of an error.

Faults will lead to errors. Many errors may lead to the failure of a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are some causes of failures in dependability?

A

Hardware
- Design and manufacturing errors or components reaching the end of their natural life
Software
- Errors in its specification, design or implementation
Operational
- Errors made by human operators

Causes may be related. Proactive mitigation of these failures is crucial.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are some consequences of failures in dependability?

A

System failures may have widespread effects with large numbers of people affected by the failure.

Systems that are not dependable and are unreliable, unsafe or insecure may be rejected by their users.

The costs of system failure may be very high if the failure leads to economic losses or physical damage.

Undependable systems may cause information loss with a high
recovery cost.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are some means of achieving dependability?

A

The use of dependable, repeatable processes is essential if faults in a system are to be minimised.

Fault prevention / avoidance
- Means to prevent the occurrence or introduction of faults
Fault tolerance
- Means to avoid service failures in the presence of faults
Fault detection
-Means to detect faults before the system goes into service
Fault removal
- Means to reduce the number and severity of faults

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the costs of dependability?

A

High dependability -> high cost

Costs can increase exponentially as increasing levels of dependability are required.

The use of more expensive development techniques and hardware is required to achieve higher levels of dependability,

Increased testing and system validation required to convince clients and regulators that the required levels of dependability have been achieved.

Because of high costs of dependability, it may be more cost effective to accept untrustworthy systems and pay for failure costs.

Possibility depends on social, political and domain factors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Explain the tactic of redundancy for dependability.

A

Redundancy
Create and maintain more than a single version of critical components so that if one fails then a backup is available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Explain the tactic of diversity for dependability.

A

Diversity
Provide the same functionality in different ways in different components so that they will not fail in the same way.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do we utilise redundancy and diversity for dependability?

A

The use of redundancy and diversity in hardware, software processes and software systems is essential to the development of dependable systems.

Redundant and diverse components should be independent so that they will not suffer from common-mode failures. For example, components implemented in different programming languages means that a compiler fault will not affect all of them.

Redundancy and diversity apply to development processes as well as software. Process activities, such as validation, should not depend on a single approach, such as testing, to validate the system. Explicitly defined, repeatable processes are required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are some challenges with dependability?

A
  • Adding diversity and redundancy to a system increases the system complexity.
  • This can increase the chances of error because of unanticipated interactions and dependencies between the redundant system components.
  • Some engineers therefore advocate simplicity and extensive verification and validation as a more effective route to software dependability.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are some dependable process activities?

A
  • Requirements reviews
  • Requirements change management
  • Formal specification
  • Documentation of software design along with links to requirements
  • Design and software inspections
  • Static analysis of software
  • Test planning and management
17
Q

How can we use dependable processes with the agile methodology?

A

Dependable software often requires certification. More upfront planning, documentation and analysis are therefore required.

Conflict with pure agile methodology. A hybrid, custom-defined agile methodology incorporating dependable techniques may be used.

18
Q

What is chaos engineering?

A

Deliberate introduction of failures in production.

Testing the resilience of systems against failures.
- Infrastructure, network, software
- Control blast radius

Pioneered by Netflix
- Automated tool that randomly chose a server and disabled it.