L15: Dependability

Question 1

What is dependability?

Answer 1

Reflects the extent of the user’s confidence that the system will
operate as users expect and that it will not fail during normal use

For many computer systems, this is often the most important property.

Dependability is subjective. Depends on the judgement of stakeholders. What is a failure to one stakeholder may be acceptable behaviour to another.

Question 2

Why is dependability important?

Answer 2

System dependability is important because failure of critical systems can lead to economic losses, information loss, physical damage or threats to human life.

Increasing use of software and reliance on it.

Increasing instances of software failure.

Costs ranging from inconvenience to potential loss of life.

Increasing need to develop and maintain dependable systems.

Extent of dependability required of a system depends on its use.

Question 3

How does the system specification enforce/define dependability?

Answer 3

The dependability of a computer system is a system property that reflects the user’s degree of trust in the system.

Dependability can only be defined formally with respect to a system specification

A failure is a deviation from this specification. However, many specifications are incomplete or incorrect.

A system that conforms to its specification may fail from the
perspective of system users. Users don’t typically read specifications so don’t know how the system is supposed to behave. Therefore, perceived dependability is more important in practice.

Think about how the users perceive dependability so that they can understand it.

Question 4

How can we show the conceptual framework of dependability?

Answer 4

A dependability tree.
A tree where the root is dependability, and it has 3 children:
- Attributes/dimensions/properties
- Threats
- Means

The conceptual framework aims to provide a holistic view of dependability and its components.

Think about the concepts in relation to a real life example, e.g. a self-driving car. This could be emergency breaking system, software security (cannot be hacked). We could use encryption as a mean of prevention.

Question 5

What are the dimensions of dependable systems?

Answer 5

The most important dimensions of dependability are availability, reliability, safety, security and resilience.

Question 6

Define some of the dimensions of dependable systems.

Answer 6

Availability
- The ability of the system to deliver services when requested
Reliability
- The ability of the system to deliver services as requested
Safety
- The ability of the system to operate without catastrophic failure
Security
- The ability of the system to protect itself against deliberate or accidental intrusion
Resilience
- The ability of the system to resist and recover from damaging events
Repairability
- Reflects the extent to which the system can be repaired in the event
of a failure
Maintainability
- Reflects the extent to which the system can be adapted to new
requirements
Error tolerance
- Reflects the extent to which user input errors can be avoided and tolerated.

Question 7

What are the threats to dependability?

Answer 7

Failures
- A failure is an event that occurs when the delivered service deviates from correct service.
Errors
- An error is a deviation of at least one system state from the correct service state.
Faults
- A fault is an adjudged or hypothesised cause of an error.

Faults will lead to errors. Many errors may lead to the failure of a system.

Question 8

What are some causes of failures in dependability?

Answer 8

Hardware
- Design and manufacturing errors or components reaching the end of their natural life
Software
- Errors in its specification, design or implementation
Operational
- Errors made by human operators

Causes may be related. Proactive mitigation of these failures is crucial.

Question 9

What are some consequences of failures in dependability?

Answer 9

System failures may have widespread effects with large numbers of people affected by the failure.

Systems that are not dependable and are unreliable, unsafe or insecure may be rejected by their users.

The costs of system failure may be very high if the failure leads to economic losses or physical damage.

Undependable systems may cause information loss with a high
recovery cost.

Question 10

What are some means of achieving dependability?

Answer 10

The use of dependable, repeatable processes is essential if faults in a system are to be minimised.

Fault prevention / avoidance
- Means to prevent the occurrence or introduction of faults
Fault tolerance
- Means to avoid service failures in the presence of faults
Fault detection
-Means to detect faults before the system goes into service
Fault removal
- Means to reduce the number and severity of faults

Question 11

What are the costs of dependability?

Answer 11

High dependability -> high cost

Costs can increase exponentially as increasing levels of dependability are required.

The use of more expensive development techniques and hardware is required to achieve higher levels of dependability,

Increased testing and system validation required to convince clients and regulators that the required levels of dependability have been achieved.

Because of high costs of dependability, it may be more cost effective to accept untrustworthy systems and pay for failure costs.

Possibility depends on social, political and domain factors.

Question 12

Explain the tactic of redundancy for dependability.

Answer 12

Redundancy
Create and maintain more than a single version of critical components so that if one fails then a backup is available.

Question 13

Explain the tactic of diversity for dependability.

Answer 13

Diversity
Provide the same functionality in different ways in different components so that they will not fail in the same way.

Question 14

How do we utilise redundancy and diversity for dependability?

Answer 14

The use of redundancy and diversity in hardware, software processes and software systems is essential to the development of dependable systems.

Redundant and diverse components should be independent so that they will not suffer from common-mode failures. For example, components implemented in different programming languages means that a compiler fault will not affect all of them.

Redundancy and diversity apply to development processes as well as software. Process activities, such as validation, should not depend on a single approach, such as testing, to validate the system. Explicitly defined, repeatable processes are required.

Question 15

What are some challenges with dependability?

Answer 15

• Adding diversity and redundancy to a system increases the system complexity.
• This can increase the chances of error because of unanticipated interactions and dependencies between the redundant system components.
• Some engineers therefore advocate simplicity and extensive verification and validation as a more effective route to software dependability.

Question 16

What are some dependable process activities?

Answer 16

• Requirements reviews
• Requirements change management
• Formal specification
• Documentation of software design along with links to requirements
• Design and software inspections
• Static analysis of software
• Test planning and management

Question 17

How can we use dependable processes with the agile methodology?

Answer 17

Dependable software often requires certification. More upfront planning, documentation and analysis are therefore required.

Conflict with pure agile methodology. A hybrid, custom-defined agile methodology incorporating dependable techniques may be used.

Question 18

What is chaos engineering?

Answer 18

Deliberate introduction of failures in production.

Testing the resilience of systems against failures.
- Infrastructure, network, software
- Control blast radius

Pioneered by Netflix
- Automated tool that randomly chose a server and disabled it.