Abstract—This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures.

We present SPNP, a powerful GSPN package developed at Duke University. SPNP allows the modeling of complex system behaviors. Advanced constructs are available, such as marking dependent arc multiplicities, enabling functions, arrays of places or transitions, and subnets; in addition, the full expressive power of the C programming language is available to increase the flexibility of the net description.

Methods for evaluating system performance, dependability, and performability are becoming increasingly more important, particularly in the case of critical applications. Central to the evaluation process is the definition of specific measures of system behavior that are of interest to a user. This paper presents a unified approach to the specification of measures of performance, dependability, and performability. The unification is achieved by 1) using a model class well suited for representation of all three aspects of system behavior, and 2) system behavior. The resulting approach permits the specification of many non-traditional as well as traditional measures of system performance, dependability, and performability in a unified manner. Example instantiations of variables within this class are given and their relationships to variables used in traditional performance and dependability evaluations are illustrated.

Stochastic extensions to Petri nets have received growing attention during the past decade as a model for evaluating the performance, dependability, and performability of computer hardware, software, and networks. Their formal structure permits solution by analytic means in many cases. When this is not possible, they can facilitate the automatic generation of a simulation program to estimate system behavior. This paper describes an X-window based software tool for evaluating systems that are represented as stochastic activity networks, a variant of stochastic Petri nets. The tool, known as UltraSAN, incorporates the results of recent research to significantly reduce the size of state space that is considered for analytic solution, as well as the number of event types that are considered in simulation. Both of these results suggest that the tool will be able to solve significantly more complex models than previously possible. Throughout the paper, a simple local area network model is used to illustrate the concepts, user interface, and model construction and solution methods implemented in the package.

Stochastic activity networks have been used since the mid1980s for performance, dependability, and performability evaluation. They have

The development of techniques for quantitative, model-based evaluation of computer system dependability has a long and rich history. A wide array of model-based evaluation techniques are now available, ranging from combinatorial methods, which are useful for quick, rough-cut analyses, to state-based methods, such as Markov reward models, and detailed, discreteevent simulation. The use of quantitative techniques for security evaluation is much less common, and has typically taken the form of formal analysis of small parts of an overall design, or experimental red team-based approaches. Alone, neither of these approaches is fully satisfactory, and we argue that there is much to be gained through the development of a sound model-based methodology for quantifying the security one can expect from a particular design. In this work, we survey existing model-based techniques for evaluating system dependability, and summarize how they are now being extended to evaluate system security. We find that many techniques from dependability evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.

Continued advancements in fabrication technology and reductions in feature size create challenges in maintaining both manufacturing yield rates and long-term reliability of devices. Methods based on defect detection and reduction may not offer a scalable solution due to cost of eliminating contaminants in the manufacturing process and increasing chip complexity. This paper proposes to use the inherent redundancy available in existing and future chip microarchitectures to improve yield and enable graceful performance degradation in fail-in-place systems. We introduce a new yield metric called performance averaged yield ( ) which accounts both for fully functional chips and those that exhibit some performance degradation. Our results indicate that at 250nm we are able to increase the of a uniprocessor with only redundant rows in its caches from a base value of 85% to 98% using microarchitectural redundancy. Given constant chip area, shrinking feature sizes increases fault susceptibility and reduces the base to 60% at 50nm, which microarchitectural redundancy then increases to 99.6%.

With the increasing complexity of multiprocessor and distributed processing systems, the need to develop efficient and accurate modeling methods is evident. Fault-tolerance and degradable performance of such systems has given rise to considerable interest in models for the combined evaluation of performance and reliability [1, 2]. Most of these models are based upon Markov or semi-Markov reward processes. Beaudry [1] proposed a simple method for computing the distribution of performability in a Markov reward process. We present two extensions of Beaudry's approach. First, we generalize the method to a semi-Markov reward process. Second, we remove the restriction requiring the association of zero reward to absorbing states only. Such reward models can be used to evaluate the effectiveness of degradable fault-tolerant systems. We illustrate the use of the approach with three interesting applications.

. Markov-reward models, as extensions of continuous-time Markov chains, have received increased attention for the specication and evaluation of performance and dependability properties of systems. Until now, however, the specication of reward-based performance and dependability measures has been done manually and informally. In this paper, we change this undesirable situation by the introduction of a continuous-time, reward-based stochastic logic. We argue that this logic is adequate for expressing performability measures of a large variety. We isolate two important sub-logics, the logic CSL [1, 3], and the novel logic CRL that allows one to express reward-based properties. These logics turn out to be complementary, which is formally established in our main duality theorem. This result implies that reward-based properties expressed in CRL for a particular Markov reward model can be interpreted as CSL properties over a derived continuous-time Markov chain, so that model checking proce...

Dependability evaluation is an important, but difficult, aspect of the design of fault-tolerant parallel and distributed computing systems. One possible technique is to use Markov models, but if applied directly to realistic designs, this often results in large and intractable models. Many authors have investigated methods to avoid this explosive state-space growth, but have typically either solved the problem for a specific system design, or required manipulation of the model at the state-space level. Stochastic activity networks (SANs), a stochastic extension of Petri nets, together with recently developed reduced base model construction techniques, have the potential to avoid this state space growth at the SAN level for many parallel and distributed systems. This paper investigates this claim, by considering their application to three different systems: a fault-tolerant parallel computing system, a distributed database architecture, and a multiprocessor-multimemory system. We show that this method does indeed result in tractable Markov models for these systems, and argue that it can be applied to the dependability evaluation of many parallel and distributed systems.