dependability in the real world dependability in the real
play

Dependability in the real world Dependability in the real world p - PowerPoint PPT Presentation

Feb 11, 2024 •24 likes •654 views

P redicting redicting V alue from alue from D esign esign Mary Shaw with Ashish Arora, Shawn Butler, Vahe Poladian, Chris Scaffidi Carnegie Mellon University http://www.cs.cmu.edu/~shaw/ Institute for Software Research, International 1

  1. P redicting redicting V alue from alue from D esign esign Mary Shaw with Ashish Arora, Shawn Butler, Vahe Poladian, Chris Scaffidi Carnegie Mellon University http://www.cs.cmu.edu/~shaw/ Institute for Software Research, International 1

  2. Dependability in the real world Dependability in the real world p Dependability needs arise from user expectations ❖ “Good enough” is often good enough p Uncertainty is inevitable ❖ Specifications won’t be complete ❖ Knowledge of operating environment is uncertain p Costs matter, not just capabilities ❖ Few clients can afford highest dependability at any cost p Integration is a greater challenge than components ❖ Especially if components come from many sources ❖ Especially if system serves multiple objectives Institute for Software Research, International 2

  3. Specifications: Conventional Doctrine Specifications: Conventional Doctrine Component specification is sufficient and complete -- says everything you need to know or may rely on static -- written once and frozen homogeneous -- written in single notation “Three prerequisites must be met for a component to be used in more than one system: complete, opaque enclosure; complete specification of its external interface; and design consistency across all sites of reuse. Without these, reuse will remain an empty promise.” Institute for Software Research, International 3

  4. Real Real (Incomplete) (Incomplete) Architectural Specs Architectural Specs p Heterogeneous ❖ Many kinds of information: functional, structural, extra-functional, family properties ❖ Many types of values: integer, formula, narrative p Intrinsically incomplete ❖ Open-ended needs: cannot anticipate all properties of interest ❖ Cost of information: impractical, even for common properties p Evolving ❖ Partial information: understanding commensurate with amount of information ❖ New properties: additional properties added as discovered Institute for Software Research, International 4

  5. Sufficient Correctness Sufficient Correctness p Traditional model ❖ Gold standard of program correctness is functional correctness ❖ For systems, also need extrafunctional properties such as reliability, security, accuracy, usability p In practice ❖ Most software in everyday use has bugs … ✦ … yet we get work done ❖ It isn’t practical to get complete specifications ✦ Too many properties people can depend on ✦ Variable confidence in what we do know ❖ We don’t really need “correctness”, but rather assurance that the software is good enough for its intended use Institute for Software Research, International 5

  6. How much must you trust your software? How much must you trust your software? Institute for Software Research, International 6

  7. Value-based approach to dependability Value-based approach to dependability p Value is benefit net of cost ❖ Value to a given client is benefit net of cost to that client p Dependability involves uncertainty ❖ … about properties of software components ❖ … about interactions of components or systems ❖ … about operating environment ❖ … about consequences of failure p Value of dependability involves prediction and risk management p Benefits and costs are largely set early in design ❖ But at that time benefits and costs can only be predicted Institute for Software Research, International 7

  8. Ways to deal with undependability Ways to deal with undependability Bad thing Prevention Detection Validation Remediation Relative std Economic d l a t s c i l n a h b c o e l G T Traditional User- Fault- Compen- centered tolerant satory ❖ Traditional: prevent through careful development, analysis ❖ User centered: set criteria for proper operation to reflect user needs ❖ Fault tolerant: repair failures as they occur ❖ Compensatory: provide financial compensation Institute for Software Research, International 8

  9. Ways to deal with failure Ways to deal with failure Bad thing Prevention Detection Validation Remediation Relative std Economic d l a t s c i l n a h b c o e l G T Traditional User- Fault- Compen- centered tolerant satory ❖ Traditional: prevent through careful development, analysis ❖ User centered: set criteria for proper operation to reflect user needs ❖ Fault tolerant: repair failures as they occur ❖ Compensatory: provide financial compensation Institute for Software Research, International 9

  10. Context-Sensitive Requirements Context-Sensitive Requirements p Different users have … ❖ …different tolerance for system error and failure ❖ …different interests in results from a resource ❖ …different tolerance and interests at different times p Criteria for proper operation should reflect these differences ❖ Requirements can’t be tied solely to resource ❖ Users need ways to express differences p Need user-centered requirements as part of architectural design and resource integration Institute for Software Research, International 10

  11. Security technology Security technology portfolio selection portfolio selection p Different sites have different security issues p Elicit concerns about threats and relative priorities with multi-attribute decision techniques ❖ converts subjective comparisons to quantitative values p Associate threat analysis with cost of successful attack and countermeasures available in the market ❖ Consider cost-effectiveness and defense in depth p Iterate, using sensitivity analysis and multiattribute techniques to refine recommendations ❖ Get better understanding as well as recommendation p Shawn Butler (CMU ‘03) Institute for Software Research, International 11

  12. Anomaly Detection Anomaly Detection p If you have specifications, you can detect violations p Most everyday software does not have good specs p Problem: how to discover “normal” behavior and capture this as predicates ❖ Infer predicates from resource’s history ✦ Multiple statistical, data mining techniques ❖ Set-up: elicit user expectations while tuning predicates ✦ Using templates that show what techniques can express ❖ Operation: apply inferred predicates to detect anomalies p Inferred predicates serve as proxies for specs p “Anomaly” is in the eye of the specific user p Orna Raz (CMU ‘04) Institute for Software Research, International 12

  13. Utility-based Adaptive Configuration Utility-based Adaptive Configuration p Mobile systems are resource-limited ❖ Processor power, bandwidth, battery life, storage capacity, media fidelity, user distraction, … p Users require different capabilities at different times ❖ Editing, email, viewing movies, mapping, … ❖ Dynamic preferences for quantity and quality of service p Abstract capabilities can be provided by different combinations of services ❖ Specific editors, browsers, mailers, players, … p Use utility theory and linear/integer programming to find best series of configurations of services p Vahe Poladian (5th year PhD student) Institute for Software Research, International 13

  14. Idea: Idea: Multidimensional cost analysis Multidimensional cost analysis p Types of cost ❖ Dollars, computer resources, user distraction, staff time, reputation, schedule, lives lost p Naïve view ❖ Convert all costs to a single scale, e.g., dollars p Problem ❖ Cost dimensions have different properties p Resolution ❖ Carry cost vector as far into analysis as possible ❖ Convert to single scale at the latest point possible Institute for Software Research, International 14

  15. We need better ways to analyze a software design and predict the value its implementation will offer to a customer or to its producer Institute for Software Research, International 15

  16. Engineering design Engineering design p Engineers . . . ❖ iterate through design alternatives ❖ reconcile client’s constraints ❖ consider cost & utility as well as capability ❖ recognize that early decisions affect later costs . . . but . . . p Software engineers . . . ❖ lack adequate techniques for early analysis of design ❖ design for component spec rather than client expectation ❖ rarely include cost as 1st-class design consideration Institute for Software Research, International 16

  17. Engineering design Engineering design p Engineers . . . ❖ iterate through design alternatives ❖ reconcile client’s constraints ❖ consider cost & utility as well as capability ❖ recognize that early decisions affect later costs . . . but . . . p Software engineers . . . ❖ lack adequate techniques for early analysis of design ❖ design for component spec rather than client expectation ❖ rarely include cost as 1st-class design consideration Institute for Software Research, International 17

  18. Why does early design evaluation matter? Why does early design evaluation matter? p Cost of repair ❖ Fixing problems after delivery often costs 100x more than fixing them in requirements and design ❖ Up to half of effort goes to avoidable rework ✦ “avoidable rework” is effort spent fixing problems that could have been avoided or fixed earlier with less effort ❖ Early reviews can catch most of the errors -- Boehm/Basili, IEEE Computer, 2001 Institute for Software Research, International 18

  19. Cost of delaying risk management Cost of delaying risk management -- Barry Boehm Institute for Software Research, International 19

Recommend

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of

Dependability Evaluation Techniques for Dependability Evaluation The dependability evaluation of a system can be carried out either: experimentally (heuristic) : a system prototype is built and empirical statistical data are used to evaluate

470 views • 25 slides
TDDD82 Secure Mobile Systems Lecture 5: Dependability Mikael Asplund Real-tjme Systems

TDDD82 Secure Mobile Systems Lecture 5: Dependability Mikael Asplund Real-tjme Systems

TDDD82 Secure Mobile Systems Lecture 5: Dependability Mikael Asplund Real-tjme Systems Laboratory Department of Computer and Informatjon Science Linkping University Based on slides by Simin Nadjm-Tehrani Dependability Property of a

697 views • 22 slides
Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

Outline Motivation Opportunities and challenges O t iti d h ll Storage DepSky

8/27/2013 Dependability and Security with Dependability and Security with Clouds of Clouds lessons learned from n years of research Miguel Correia WORKSHOP ON DEPENDABILITY AND INTEROPERABILITY IN WORKSHOP ON DEPENDABILITY AND

657 views • 26 slides
Software Architecture & Dependability Valrie Issarny INRIA Joint work with Apostolos

Software Architecture & Dependability Valrie Issarny INRIA Joint work with Apostolos

Software Architecture & Dependability Valrie Issarny INRIA Joint work with Apostolos Zarras, Christos Kloukinas, Ferda Tartanoglou 1 Outline Dependability concepts SA and dependability analysis Automated dependability

1.45k views • 87 slides
1 Dependability Management Achieving dependability in WS Architectures Testing web services

1 Dependability Management Achieving dependability in WS Architectures Testing web services

Setting the scene Deutsche Bank AG has agreed to outsource two internal business processes to Accenture Ltd. as part of Dependability of its ambitious program to cut costs and Web Service Architectures increase efficiency by moving

357 views • 7 slides
Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs

Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs

Key Factors of Dependability of Mechatronic Units - Mechatronic Dependability - Hans-Dieter Kochs Institute of Information Technology University of Duisburg-Essen, Germany kochs@uni-duisburg.de safety do, the idea is to extend dependability to

575 views • 3 slides
An Architecture for An Architecture for Configurable Dependability of Configurable Dependability

An Architecture for An Architecture for Configurable Dependability of Configurable Dependability

University Of Paderborn Software Engineering Group Prof. Dr. W. Schfer An Architecture for An Architecture for Configurable Dependability of Configurable Dependability of Application Services Application Services Matthias Tichy

422 views • 11 slides
System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009

System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009

System Dependability Robert Wierschke Seminar Prozesssteuerung und Robotik 14. Januar 2009 Outline 2 Motivation Dependability Definition Dependability attributes Attribute relevance Threads Fault model

717 views • 29 slides
Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University

Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University

Dependability and Architecture: An HDCP Perspective Bill Scherlis Carnegie Mellon University ICSE Workshop on Architecting Dependable Systems May 2002 scher lis@cmu.edu Dependability and Architecture Dependability Reliance that

158 views • 13 slides
Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

Cost Dependability and Security Johan Karlsson Energy-aware computing 2 1 Layered fault

The trade-off betw een energy consumption and dependability consumption and dependability Johan Karlsson Department of Computer Science and Engineering Chalmers University of Technology Gteborg, Sweden Trade-offs in Computer System Design

363 views • 22 slides
Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor

Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor

Toward a Reasoning Framework for Dependability Tacksoo Im and John D. McGregor {tim,johnmc}@cs.clemson.edu School of Computing Clemson University 1 Problem Statement How do we predict and evaluate the dependability of a software

733 views • 24 slides
Introduction to Dependability slides made with the collaboration of: Laprie, Kanoon, Romano

Introduction to Dependability slides made with the collaboration of: Laprie, Kanoon, Romano

Introduction to Dependability slides made with the collaboration of: Laprie, Kanoon, Romano Overview Dependability : " [..] the trustworthiness of a computing system which allows reliance to be justifiably placed on the service it delivers

818 views • 30 slides
Assured Reconfiguration: An Architectural Core For System Dependability ICSE 2005 Workshop on

Assured Reconfiguration: An Architectural Core For System Dependability ICSE 2005 Workshop on

UVA Dependability Research Group Assured Reconfiguration: An Architectural Core For System Dependability ICSE 2005 Workshop on Architecting Dependable Systems John Knight University of Virginia Joint work with Elisabeth Strunk UVA

566 views • 40 slides
Dependability Evaluation Robin Bloomfield, Bev Littlewood Centre for Software Reliability, City

Dependability Evaluation Robin Bloomfield, Bev Littlewood Centre for Software Reliability, City

no: 1 Dependability Evaluation Robin Bloomfield, Bev Littlewood Centre for Software Reliability, City University, London Adelard, London December 2001 CSR no: 2 Background ! Dependability problems no longer simply concern computer systems

117 views • 7 slides
What SOA can do for Software Dependability Karl M. Gschka Karl.Goeschka@tuwien.ac.at Vienna

What SOA can do for Software Dependability Karl M. Gschka Karl.Goeschka@tuwien.ac.at Vienna

What SOA can do for Software Dependability Karl M. Gschka Karl.Goeschka@tuwien.ac.at Vienna University of Technology Overview Dependability challenges Control loop: Adaptivity and evolution The SOA potential Challenges of

627 views • 38 slides
MAFTIA: FTI Dependability: Basic Concepts and Terminology a European project for [Laprie 1992]

MAFTIA: FTI Dependability: Basic Concepts and Terminology a European project for [Laprie 1992]

Fundamental Concepts of Dependability [Avizienis, Laprie & Randell 2001] MAFTIA: FTI Dependability: Basic Concepts and Terminology a European project for [Laprie 1992] Intrusion-tolerant data processing dependable Internet applications

484 views • 11 slides
XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( ) 2006.10 RSS is cool ! RSS RSS Really Simple Syndication Tired of checking your favorite news and blogs sites everyday?

786 views • 75 slides
efficient dependability analysis Fumio Machida University of Tsukuba April 8, 2019 In the 2nd

efficient dependability analysis Fumio Machida University of Tsukuba April 8, 2019 In the 2nd

Practices in model component reuse for efficient dependability analysis Fumio Machida University of Tsukuba April 8, 2019 In the 2nd Workshop on Education and Practice of Performance Engineering Outline Dependability analysis in practice

515 views • 26 slides
Dependability and Security Challenges Dependability and Security Challenges in Emerging

Dependability and Security Challenges Dependability and Security Challenges in Emerging

Dependability and Security Challenges Dependability and Security Challenges in Emerging Technologies in Emerging Technologies Jacob A. Abraham Jacob A. Abraham University of Texas at Austin University of Texas at Austin Workshop Panel

390 views • 16 slides
Designing Systems for Dependability and Predictability Richard West Boston University Boston,

Designing Systems for Dependability and Predictability Richard West Boston University Boston,

Designing Systems for Dependability and Predictability Richard West Boston University Boston, MA richwest@cs.bu.edu Introduction: Existing OSes Todays world of operating systems: Desktop e.g., MS Vista, Mac OS X, Linux

1.04k views • 78 slides
Dependability Evaluation Paulo R. M. Maciel et al. prmm@cin.ufpe.br www.modcs.org Centro de

Dependability Evaluation Paulo R. M. Maciel et al. prmm@cin.ufpe.br www.modcs.org Centro de

Bruno Silva, Rubens Matos, Gustavo Callou, Jair Figueiredo, Danilo Oliveira, Joo Ferreira, Jamilson Dantas, Aleciano Lobo Junior, Vandi Alves and Paulo Maciel. Mercury: An Integrated Environment for Performance and Dependability Evaluation of

616 views • 28 slides
The Challenge: Telco-grade Dependability with Extreme Agility Telecommunications Business

The Challenge: Telco-grade Dependability with Extreme Agility Telecommunications Business

ModelTalk : A Framework for Developing Domain Specific Executable Models Atzmon Hen-tov and Lior Schachter Pontis Ltd., Israel Joint Work With: David H. Lorenz The Open University of Israel The Challenge: Telco-grade Dependability with

431 views • 21 slides
Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting

Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting

Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting Students to and Through Market Value Asset Attainment 4th highest-ranked Strategic Plan Alignment Every student will demonstrate global

499 views • 24 slides
Industrial Automation Automation Industrielle Industrielle Automation 9.2 Dependability -

Industrial Automation Automation Industrielle Industrielle Automation 9.2 Dependability -

Industrial Automation Automation Industrielle Industrielle Automation 9.2 Dependability - Evaluation Estimation de la fiabilit Verlsslichkeitsabschtzung Dr. Jean-Charles Tournier CERN, Geneva, Switzerland 2015 - JCT The material

1.78k views • 91 slides

More recommend