eliminating single points of failure in software based
play

Eliminating Single Points of Failure in Software Based Redundancy - PowerPoint PPT Presentation

Jan 10, 2024 •281 likes •703 views

Eliminating Single Points of Failure in Software Based Redundancy Peter Ulbrich , Martin Ho ff mann, Rdiger Kapitza, Daniel Lohmann, Reiner Schmid and Wolfgang Schrder-Preikschat EDCC May 9, 2012 SYSTEM SOFTWARE GROUP

  1. Eliminating Single Points of Failure in 
 Software ‐ Based Redundancy Peter Ulbrich , Martin Ho ff mann, Rüdiger Kapitza, Daniel Lohmann, 
 Reiner Schmid and Wolfgang Schröder-Preikschat EDCC May 9, 2012 SYSTEM SOFTWARE GROUP http://www4.cs.fau.de

  2. Transient Hardware Faults – A Growing Problem [3] (Shivakumar, 2002) ■ Transient hardware faults (Soft-Errors) ! ■ Induced by e.g., radiation, glitches, insu ffi cient signal integrity ■ Increasingly a ff ecting microcontroller logic ■ Future hardware designs: 
 Even more performance and parallelism 
 � On the price of being less and less reliable ! Peter Ulbrich – ulbrich@cs.fau.de 2

  3. Countermeasures - Hardware Safety-Critical System ! Actuators ' Actuators ' Sensors' Safety'Cri+cal.Applica+on. ■ Hardware-based countermeasures ! ■ Application-specific design or specialised hardware ■ For example ECC, lock-step ! Pragmatic approach (tackles problem right at source) � Hardware costs (e.g., redundancy, checker, …) � Selectivity (e.g., multi-application systems) � Development costs (diverse safety concepts and HW, (re-)certification) Peter Ulbrich – ulbrich@cs.fau.de 3

  4. Countermeasures - Software Safety-Critical System ! Safety'Cri+cal.Applica+on. ↯ Actuators ' Sensors' ■ Different approaches to address transient hardware faults ! ■ Hardware vs. software measures ■ Applicability and costs ! Peter Ulbrich – ulbrich@cs.fau.de 4

  5. Countermeasures - Software ↯ Safety-Critical System ! ✗ Safety'Cri+cal.Applica+on.(1). Actuators ' Sensors' Safety'Cri+cal.Applica+on.(2). Safety'Cri+cal.Applica+on.(3). ■ Different approaches to address transient hardware faults ! ■ Hardware vs. software measures ■ Applicability and costs ■ Software-based triple modular redundancy (TMR) ! ■ Accepted and proven (e.g., recommended for ASIL D error handling) ■ Selective (e.g., multi-application systems) Peter Ulbrich – ulbrich@cs.fau.de 4

  6. Software-Based Redundancy in Detail Safety-Critical System ! Replica.1. Majority. Sensors' Interface. Replica.2. Actuators' Voter. Replica.3. ' Isola/on'domain' Sphere'of'replica/on'(SOR)' ' ■ Software-based TMR requires: ! ■ Temporal and spatial isolation (isolation domains) ■ Interface and Majority Voter ! Peter Ulbrich – ulbrich@cs.fau.de 5

  7. Software-Based Redundancy in Detail Safety-Critical System ! P = 998 1000 1 1 P = P = 1000 1000 ↯ ↯ Replica.1. Majority. Majority. Actuators ' Sensors' Interface. Interface. Replica.2. Actuators' Voter. Voter. Replica.3. ' Isola/on'domain' Sphere'of'replica/on'(SOR)' ' ■ Software-based TMR requires: ! ■ Temporal and spatial isolation (isolation domains) ■ Interface and Majority Voter ■ Single points of failur Single points of failure ! ■ No error detection ■ Very small � Certain probability Peter Ulbrich – ulbrich@cs.fau.de 5

  8. Software-Based Redundancy in Detail Safety-Critical System ! P = ? P = ? P = ? ↯ ↯ Replica.1. Majority. Majority. Actuators ' Sensors' Interface. Interface. Replica.2. Actuators' Voter. Voter. Replica.3. ' Isola/on'domain' Sphere'of'replica/on'(SOR)' ' ■ Software-based TMR requires: ! ■ Temporal and spatial isolation (isolation domains) ■ Interface and Majority Voter ■ Single points of failur Single points of failure ! ■ No error detection ■ Very small � Certain probability ■ Risk analysis ■ Inherently complex ■ Random error distribution? (Nightingale, 2011) Peter Ulbrich – ulbrich@cs.fau.de 5

  9. Software-Based Redundancy in Detail Safety-Critical System ! Replica.1. Majority. Sensors' Interface. Replica.2. Actuators' Voter. Replica.3. ' Isola/on'domain' Sphere'of'replica/on'(SOR)' ' ■ Software-based TMR requires: ! ■ Temporal and spatial isolation (isolation domains) ■ Interface and Majority Voter ■ Single points of failur Single points of failure ! ■ No error detection ■ Very small � Certain probability ■ Risk analysis ■ Inherently complex ■ Random error distribution? (Nightingale, 2011) Peter Ulbrich – ulbrich@cs.fau.de 5

  10. Agenda ■ Introduction ! ■ The Co Combined Red Redundancy Approach ! ■ Eliminating Vulnerabilities ■ High-Reliability Voters ■ Example: UAV Flight Control ! ■ CoRed Implementation ■ Target System: I4 Copter ■ Evaluation ! ■ Experimental Setup ■ Results ■ Conclusion ! Peter Ulbrich – ulbrich@cs.fau.de 6

  11. ��������� ��������� ������������� ������ �������� �������� �������� ����������� ������ ��������� ��������� ����������� �������� ������ ������ ������ ������ ������ ������ ������ ����������� ������ �������� CoRed Overview – Holistic Protection Approach ' ' Isola/on'domain' Encoded'opera/on' Sphere'of'replica/on'(SOR)' ' ' ■ The Combined Redundancy Approach (CoRed) ! { TMR + ! 
 Peter Ulbrich – ulbrich@cs.fau.de 7

  12. ��������� ��������� ������������� ������ �������� �������� �������� ����������� ������ ��������� ��������� ����������� �������� ������ ������ ������ ������ ������ ������ ������ ����������� ������ �������� CoRed Overview – Holistic Protection Approach ' ' Isola/on'domain' Encoded'opera/on' Sphere'of'replica/on'(SOR)' ' ' ■ The Combined Redundancy Approach (CoRed) ! { Data-flow encoding TMR + ! 
 Peter Ulbrich – ulbrich@cs.fau.de 7

  13. ��������� ��������� ������������� ������ �������� �������� �������� ����������� ������ ��������� ��������� ����������� �������� ������ ������ ������ ������ ������ ������ ������ ����������� ������ �������� CoRed Overview – Holistic Protection Approach ' ' Isola/on'domain' Encoded'opera/on' Sphere'of'replica/on'(SOR)' ' ' ■ The Combined Redundancy Approach (CoRed) ! { Data-flow encoding TMR + High-reliability voters ! 
 Peter Ulbrich – ulbrich@cs.fau.de 7

  14. ����������� ��������� ��������� �������� ������������� ������ �������� �������� �������� ����������� ������ ��������� ������ ��������� ������ ������ ������ ������ ������ ������ ����������� ������ �������� CoRed Overview – Holistic Protection Approach 2 1 3 ' ' Isola/on'domain' Encoded'opera/on' Sphere'of'replica/on'(SOR)' ' ' ■ The Combined Redundancy Approach (CoRed) ! { Data-flow encoding TMR + High-reliability voters ■ Holistic Protection Approach ! ■ Input to output protection 
 1 Reading inputs � 2 Processing � 3 Distributing outputs ■ Composability � On application and system level Peter Ulbrich – ulbrich@cs.fau.de 7

  15. Eliminating Input and Output Vulnerabilities SOR' Y Y’ Y Encode. Decode. (Value)' (Encoded'Value)' X X’ X Encode. Decode. (Value)' (Encoded'Value)' ■ Inter-domain data-flow protection ! ■ Checksum vs. Arithmetic code (AN code) ■ AN Code � Encoded data operations ■ Enabler for high-reliability voter ! Peter Ulbrich – ulbrich@cs.fau.de 8

  16. Eliminating Input and Output Vulnerabilities SOR' Y Y’ Y Encode. Decode. (Value)' (Encoded'Value)' X X’ X Encode. Decode. (Value)' (Encoded'Value)' ■ Inter-domain data-flow protection ! ■ Checksum vs. Arithmetic code (AN code) ■ AN Code � Encoded data operations ■ Enabler for high-reliability voter ■ CoRed: Extended AN code Extended AN code (EAN code) ! ■ Based on VCP (Forin, 1989) Peter Ulbrich – ulbrich@cs.fau.de 8

  17. Eliminating Input and Output Vulnerabilities SOR' Y Y’ Y Encode. Decode. (Value)' (Encoded'Value)' X X’ X Encode. Decode. (Value)' (Encoded'Value)' A B X D (Prime)' (Signature)' (Timestamp)' ■ Inter-domain data-flow protection ! ■ Checksum vs. Arithmetic code (AN code) ■ AN Code � Encoded data operations ■ Enabler for high-reliability voter ■ CoRed: Extended AN code Extended AN code (EAN code) ! ■ Based on VCP (Forin, 1989) } X’ = X × A + B X + D ■ Data integrity: Prime ■ Address integrity: Per variable signature ■ Outdated data: Timestamp Peter Ulbrich – ulbrich@cs.fau.de 8

Recommend

Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing

Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing

Automatic Failure Diagnosis Support in Distributed Large-Scale Software Systems based on Timing Behavior Anomaly Correlation Presentation at 13th European Conference on Software Maintenance and Reengineering Nina Marwede 1 , Matthias Rohr 1 ,

439 views • 42 slides
Software Cost Estimation SLOC-based Models and the Function Points Model By Brad Touesnard For

Software Cost Estimation SLOC-based Models and the Function Points Model By Brad Touesnard For

Software Cost Estimation SLOC-based Models and the Function Points Model By Brad Touesnard For SWE4103 University of New Brunswick, Fredericton Intro SLOC Function Points Conclusion Outline Introduction SLOC-based Approach

236 views • 20 slides
Software Development: Tools and Processes Lecture - 15: Software project failures Software

Software Development: Tools and Processes Lecture - 15: Software project failures Software

Software Development: Tools and Processes Lecture - 15: Software project failures Software projects failure Software project failure is very common and according to statistics, 95% projects are at least done for the second time . The failure

523 views • 25 slides
Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old

Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old

Single sign-on (SSO) Presentation Tiit Erm 106572 IVCMM Main points Introduction Old approach in multiple systems SSO Security Benefits Common SSO based configurations Examples of SSO usage Conclusion 15/12/11

379 views • 16 slides
Failure is a four-letter word Andreas Zeller Thomas Zimmermann Christian Bird PROMISE

Failure is a four-letter word Andreas Zeller Thomas Zimmermann Christian Bird PROMISE

Failure is a four-letter word Andreas Zeller Thomas Zimmermann Christian Bird PROMISE 2011, Banff, Canada Software failures 2 Defect distributions 3 Failure causes 4 Failure causes 5 Failure causes 6 Failure causes 7 Failure

1.16k views • 76 slides
Eliminating cache-based timing attacks with instruction-based scheduling Deian Stefan , Pablo

Eliminating cache-based timing attacks with instruction-based scheduling Deian Stefan , Pablo

Eliminating cache-based timing attacks with instruction-based scheduling Deian Stefan , Pablo Buiras, Edward Z. Yang, Amit Levy, David Terei, Alejandro Russo, and David Mazires Motivation: IFC Web platforms Platforms allow 3rd-party developers

936 views • 61 slides
THREE CIRCUITS 145 SINGLE POINTS H.B. Kim , LAc PhD EARTH : LU LI

THREE CIRCUITS 145 SINGLE POINTS H.B. Kim , LAc PhD EARTH : LU LI

www.AcupunctureMedia.com THREE CIRCUITS 145 SINGLE POINTS H.B. Kim , LAc PhD EARTH : LU LI ST SP (Taiyin + Yangming) HEAVEN : HT SI UB KD (Shaoyin + Taiyang) HUMAN

537 views • 41 slides
Recognizing and Eliminating Flux Concentrator Failures Mr. Robert Ruffini President

Recognizing and Eliminating Flux Concentrator Failures Mr. Robert Ruffini President

Recognizing and Eliminating Flux Concentrator Failures Mr. Robert Ruffini President Confidential Property of Fluxtrol Inc. 1 Overview What are the failure modes of a flux concentrator? How do we improve the design to prevent the

362 views • 23 slides
Single-pass restore after a media failure Caetano Sauer , Goetz Graefe, Theo Hrder 20% of

Single-pass restore after a media failure Caetano Sauer , Goetz Graefe, Theo Hrder 20% of

Single-pass restore after a media failure Caetano Sauer , Goetz Graefe, Theo Hrder 20% of drives fail after 4 years High failure rate on first year (factory defects) Expectation of 50% for 6 years

459 views • 28 slides
Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web

Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web

Automatic Failure Diagnosis based on Timing Behavior Anomaly Detection in Distributed Java Web Applications Diploma Thesis Presentation Nina S. Marwede Abteilung Software Engineering Fakultt II Department fr Informatik August 26, 2008

654 views • 41 slides
Failure Modelling in Software Architecture Design for Safety Weihang Wu Tim Kelly Presented by

Failure Modelling in Software Architecture Design for Safety Weihang Wu Tim Kelly Presented by

Failure Modelling in Software Architecture Design for Safety Weihang Wu Tim Kelly Presented by George Despotou High Integrity Systems Engineering Group Department of Computer Science Failure Modelling - 1 WADS ICSE05 Outline

156 views • 12 slides
Compensation & Benefits Tax Reform: Eliminating the Performance-Based Exception to Section

Compensation & Benefits Tax Reform: Eliminating the Performance-Based Exception to Section

Compensation & Benefits Tax Reform: Eliminating the Performance-Based Exception to Section 162(m) and Other Changes Regarding Compensation January 25, 2018 Moderator: Kevin P. OBrien Tax Rate Changes Affect on Compensation 1.

640 views • 15 slides
Software Development Lifecycle Tuesday, November 19th 1 Hardware wears out Infant Wear

Software Development Lifecycle Tuesday, November 19th 1 Hardware wears out Infant Wear

Software Development Lifecycle Tuesday, November 19th 1 Hardware wears out Infant Wear out mortality Failure rate Time Failure curve for hardware 2 Software doesn't wear out Increased failure rate due to side effects

653 views • 52 slides
This Unit: Single-Cycle Datapath App App App Datapath storage elements System software

This Unit: Single-Cycle Datapath App App App Datapath storage elements System software

This Unit: Single-Cycle Datapath App App App Datapath storage elements System software MIPS Datapath CIS 371 MIPS Control Mem CPU I/O Computer Organization and Design Unit 4: Single-Cycle Datapath Based on slides by Prof. Amir

287 views • 14 slides
Investigating the Use of Bayesian Networks in the Hora Approach for Component-based Online

Investigating the Use of Bayesian Networks in the Hora Approach for Component-based Online

Investigating the Use of Bayesian Networks in the Hora Approach for Component-based Online Failure Prediction Teerat Pitakrat, Andr van Hoorn University of Stuttgart Institute of Software Technology (ISTE) Reliable Software Systems (RSS)

1.36k views • 59 slides
Defined Eliminating barriers to adoption of IT Innovation Agenda t : 3 Keys to enabling

Defined Eliminating barriers to adoption of IT Innovation Agenda t : 3 Keys to enabling

Evolving towards Software Defined Eliminating barriers to adoption of IT Innovation Agenda t : 3 Keys to enabling innovation and transformation al Programmable data plane t Vertical disaggregation of network solutions

798 views • 40 slides
Spatial Misalignment What is the issue with a single variable? Terminology "points"

Spatial Misalignment What is the issue with a single variable? Terminology "points"

Spatial Misalignment What is the issue with a single variable? Terminology "points" (for point-level observations) and "blocks" (for areal-level summaries) If a variable is observed at some points but inference is desired at

525 views • 5 slides
Mettle Fatigue: VW's Single Point of Failure Ethics Roland L. Trope | Trope and Schramm LLP Eugene

Mettle Fatigue: VW's Single Point of Failure Ethics Roland L. Trope | Trope and Schramm LLP Eugene

Mettle Fatigue: VW's Single Point of Failure Ethics Roland L. Trope | Trope and Schramm LLP Eugene K. Ressler | US Military Academy Emeritus Faculty Purpose Our intent here is to comprehend how engineers could abandon their mettle and to

628 views • 24 slides
Veterans Affairs: Eliminating Veterans Affairs: Eliminating Medication Errors Through Medication

Veterans Affairs: Eliminating Veterans Affairs: Eliminating Medication Errors Through Medication

Veterans Affairs: Eliminating Veterans Affairs: Eliminating Medication Errors Through Medication Errors Through Point-of-Care Devices Point-of-Care Devices Presenters: Bill Malcom - Technical Manager Russell A. Carlson, BSN - Nursing

695 views • 46 slides
Brunel Law School June 2012 The penalty points system in GB Purposes of points

Brunel Law School June 2012 The penalty points system in GB Purposes of points

Claire Corbett Criminal Justice Research Centre Brunel Law School June 2012 The penalty points system in GB Purposes of points /disqualification: to deter and/or punish. Introduced in 1972. Between 3-11 for a single offence; 12+ in

184 views • 16 slides
An Update to the Use of Function Points in Earned Value Management for Software Development Cobec

An Update to the Use of Function Points in Earned Value Management for Software Development Cobec

An Update to the Use of Function Points in Earned Value Management for Software Development Cobec Consulting Mike Thompson, Director Dan French, Principal Background In FY 2012 a DOT software program was behind schedule, over-budget, and

357 views • 33 slides
September 27, 2013 New MAP-based Performance Policy Category Points Points Weighted Points

September 27, 2013 New MAP-based Performance Policy Category Points Points Weighted Points

September 27, 2013 New MAP-based Performance Policy Category Points Points Weighted Points Weighted Possible Earned Possible Points Earned MAP Growth 20 18 2.25 2.06 MAP 10 7 0.75 0.50 Attainment ELL 5 4 0.25 0.20 Other

467 views • 18 slides
Eric Winkel A particular microbe causes a particular disease. Eliminating germs will make me

Eric Winkel A particular microbe causes a particular disease. Eliminating germs will make me

Islamic Civilisation and the New Sciences Eric Winkel A particular microbe causes a particular disease. Eliminating germs will make me healthy. Eliminating pests will improve crop yields. To stay healthy, I need to keep germs away. Human

379 views • 16 slides
of the software The ultimate goal of all computer science failure in this group of responsible

of the software The ultimate goal of all computer science failure in this group of responsible

1968 1968 The Lego The general admission of the existence Hypothesis of the software The ultimate goal of all computer science failure in this group of responsible is the program. people is the most refreshing experience James Noble

286 views • 5 slides

More recommend