Abstract—This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures.

We are building a wide-area location service that tracks the current location of mobile objects. The location service is distributed over multiple nodes to support 10 12 objects on a worldwide scale. Changing information in the location service usually involves multiple nodes. If any of these nodes crashes while the information is modified, information can be lost and the location service can become inconsistent. To recover the lost information and resolve these inconsistencies, we invented a crash recovery method. The method consists of executing lost operations a second time. We show that if we focus on creating a new consistent state, instead of completely restoring the state before the crash, recovery becomes simple and efficient. Keywords: crash recovery, fault-tolerance, wide-area distributed systems. 1 Introduction Mobility has become increasingly prominent in information networks [1]. We use the term mobile object to refer to a hardware or software component in a network ...

The paper compares two UML Profiles adopted by OMG for annotating non-functional requirements of software systems: the UML Profile for Schedulability, Performance and Time (SPT) formally adopted in 2003 and the recently emerging UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms (QoS). The SPT Profile was the first attempt to extend UML with basic timing and concurrency concepts, and to express requirements and properties needed for conducting schedulability and performance analysis. While the SPT Profile is focused on these two types of analysis, the more recent QoS Profile has a broader scope, aiming to allow the user to define a wider variety of QoS requirements and properties. In order to compare the two profiles, we will focus on performability and timing aspects of software systems, by exemplifying the concepts through an example of embedded automation system. The comparative analysis shows that new concepts are needed in both profiles to express time intervals between two arbitrary events. Also, the two profiles will need to reach a common agreement on the specification of complex timing values, especially of those with stochastic characteristics. Another open problem is the parameterization of models, as in many cases fixed values for model parameters are not enough. The SPT Profile goes a step further by supporting symbolic variables and expressions, but the QoS Profile does not have such a capability yet. In general, both Profiles struggle with the balance between flexibility (i.e., allow the user to introduce its own definitions) and simplicity/convenience of expression. The challenge when defining a UML profile is to find convenient yet powerful mechanisms of expression for complex concepts, yet to remain within the limits of the UML standard extension mechanisms, which is necessary to insure that the annotated models could be understood by standard UML tools.

Reuse is a well-known and widely accepted principle in design and programming, that is instantiated through two main means: modularity and inheritance. Modularity allows a function or a data type and associated functions to be reused, while inheritance is based on the idea that a set of common features of a type can be factorized into a common super-type. While modularity has been widely exploited in performance and dependability modelling, inheritance is instead pretty much a “still-to-investigate ” topic for this field. This paper discusses the role of inheritance in Stochastic Petri Nets (SPN) modelling, by considering a representation of the Fault, Error, and Failure (FEF) chain based on hierarchies of classes (in the class diagram formalism of UML) and corresponding hierarchies of SPN models.

. We are building a wide-area location service that tracks the current location mobile objects. The location service is distributed over multiple nodes, to supported 10 12 objects on a worldwide scale. Changing the location information usually involves multiple nodes. If any of these nodes crashes while the information is modified, information can be lost and the location service can become inconsistent. To recover the lost information and resolve these inconsistencies, we invented a crash recovery method. The method consist of executing lost operations a second time. We show that if we focus on creating a new consistent state, instead of completely restoring the state before the crash, recovery becomes simple and efficient. To validate our ideas we have built a prototype. Keywords: distributed systems, naming/location service, mobile computing, worldwide scalable systems, fault tolerance, crash recovery vrije Universiteit Faculty of Mathematics and Computer Science 1 Introductio...

Certain gateways (e.g., some cable or DSL modems) are known to have low reliability and low availability. Most failures of these devices can however be "fixed" by rejuvenating the device after a failure has been detected. Such a detection based rejuvenation strategy permits increasing the availability of these gateways. In the considered scenario, rejuvenation is non-trivial since a failure of such a gateway will leave it partitioned away from the network. In particular, network operators that want to rejuvenate these gateways are in a different network partition, and can therefore not initiate a remote rejuvenation.

Fault-tolerant real-time distributed control systems are being developed for next-generation aircraft and automobiles. They employ numerous complex protocols; because their uses are safety-critical, the design and implementation of these protocols must be error-free. The following modeling considerations make the formal verification of these protocols difficult: faults, real-time constraints, distributed control, nonfunctional behavioral requirements, and intricate protocol interactions. We describe a methodology for the formal verification of time-triggered systems, a class of synchronized fault-tolerant control and communication architectures. The methodology

communication systems

To ensure the consistency of database subsystems involved... this paper tackles the problem in two steps. First, a method is outlined to identify the most rewaring choice of audits frequency and combinations, given a setting for relevant parameters involved in the database of wireless communication systems (e.g., mean number of user calls and data corruption rates). Second, a learning approach is presented to dynamically adapt the maintenance policy at varying database and environmental parameter values leading to select, in each time period, the optimal maintenance policy.

Abstract. Dependability evaluation main objective is to assess the ability of a system to correctly function over time. There are many possible approaches to the evaluation of dependability: in these notes we are mainly concerned with dependability evaluation based on probabilistic models. Starting from simple probabilistic models with very efficient solution methods we shall then come to the main topic of the paper: how Petri nets can be used to evaluate the dependability of complex systems. 1