conference information the fourth international ... - tu wien · pdf filethomas neubauer and...
TRANSCRIPT
The Fourth International
ICONS 20091-6 March 2009
Gosier, Guadeloupe/France
Editors
Raimund EgeWalter QuattrociocchiDaniela Dragomirescu
Oana Dini Published by
Sponsored by
Conference on Systems
CONFERENCE INFORMATION
PAPERS BY SESSION
PAPERS BY AUTHOR
SEARCH
GETTING STARTED
TRADEMARKS
Conference Information
2009 Fourth International Conference on Systems
q Prefaceq Program Committeeq Reviewersq Title Page (Book version)q Copyright Page (Book version)q Table of Contents (Book version)q Author Index (Book version)q Publisher's Information (Book version)
Sessions
q ICONS 1: Application-Oriented Systems & Target Oriented Systemsq ICONS 2: Systems’ Theory and Practiceq ICONS 3: Specialized Systemsq ICONS 4: Security and Protection Systems Iq ICONS 5: Security and Protection Systems IIq ICONS 6: Advanced Systemsq ICONS 7: Advanced & Complex Systemsq ICONS 8: Embedded Systems and Systems-on-the-Chipq ICONS 9: System Engineering Iq ICONS 10: System Engineering II & Safety in Industrial Systemsq ICONS 11: Poster Forum
Papers by Session
ICONS 1: Application-Oriented Systems & TargetOriented Systems
q Mobile Agents and Their Ontology Serving a Federated Identity PlatformFarah Layouni and Yann Pollet
q Technologies for the Pseudonymization of Medical Data: A Legal EvaluationThomas Neubauer and Mathias Kolb
q Important Nonverbal Attributes for Spontaneous Speech RecognitionJana Klečková
q Evaluation of Tasks Scheduling Algorithms in Multi-core and Multi-queuingEnvironments Using System MESMS2
Bartosz Czajka and Iwona Pozniak-Koszalka
Papers by Session
ICONS 2: Systems’ Theory and Practice
q Fault Management for Secure Embedded SystemsMiroslav Sveda
q Improving the Sensitivity of Deadlines with a Specific Asynchronous Scenario for Harmonic Periodic Tasks scheduled by FP
P. Meumeu Yomsi, Y. Sorel, D. de Rauglaudre, and L. George
q Low Cost RT Process Control Using Windows PLC by MATLAB/Simulink Throwthe REX Control System by Secured Wireless Network
Ondrej Krejcar and Petr Konarik
q Ideas on System Thinking and Acting: Basic Issues, Aporetic Constructs and Application of the Metanoia Principle
Thomas J. Vlk
Papers by Session
ICONS 3: Specialized Systems
q IMS Vertical Handover Optimization Based on Network ResourcesClaudia Arezio Ricardo
q Implicit Adaptation of User Preferences in Pervasive SystemsSarah McBurney, Elizabeth Papadopoulou, Nick Taylor, and M. Howard Williams
q Power Saving of Real Time Embedded Sensor for Medical Remote MonitoringFrédéric Fauberteau, Serge Midonnet, and Dan Istrate
q Modified Multi-layer Feedback Delay Network for Auditory Space SimulationMiroslav Balík
Papers by Session
ICONS 4: Security and Protection Systems I
q System Dynamics Based Risk Management for Distributed Information SystemsDenis Trček
q Ontology-Based Decision Support for Information Security Risk ManagementAndreas Ekelhart, Stefan Fenz, and Thomas Neubauer
q Multi-sensor Logical Decision Making in the Single Location Surveillance PointSystem
Mikko Nieminen, Tomi Räty, and Mikko Lindholm
q Authentication and Billing Framework for Service Oriented ArchitectureTripuresh Pandey, Brijmohan Singh, D. S. Kushwaha, and A. K. Misra
Papers by Session
ICONS 5: Security and Protection Systems II
q An Integrated System for Border SurveillanceBarbara Essendorfer, Eduardo Monari, and Heiko Wanning
q Extracting Value from P2P Content DeliveryRaimund K. Ege, Li Yang, and Richard Whittaker
q Authentication Protocol in Mobile RFID NetworkMing Hour Yang and Jia-Ning Luo
q Attribute-Based Access Control in an Adaptive Hypermedia SystemPedro Ballesteros and Yezid Donoso
Papers by Session
ICONS 6: Advanced Systems
q A Multiple Criteria Decision-Making Method for Enterprise Supply Chain FinanceCooperative Systems
Liu Xiang
q Assessing - Learning - Improving, an Integrated Approach for Self Assessmentand Process Improvement Systems
Dirk Malzahn
q Adaptive Real-Time Video Streaming System for Best-Effort IP NetworksLassi Lehikoinen and Tomi Räty
q Resource Discovery with Dynamic Matchmakers in Ad Hoc GridTariq Abdullah, Lotfi Mhamdi, Behnaz Pourebrahimi, and Koen Bertels
Papers by Session
ICONS 7: Advanced & Complex Systems
q Runtime Diversity against Quasirandom FaultsAndreas Gerstinger
q The Integrated Unit for MEMS Based Pressure MeasurementJ. Haze, R. Vrba, and M. Pavlik
q Utilization of the Fuzzy Theory in the Adaptive Hypermedia SystemsAlyne Oliveira da Silva, Fernanda Alonso, Lilian Márcia Ferraz,Valéria Farinazzo Martins Salvador, and Rosimeire Aparecida Jerônimo
q Nine Robot´s Morris: A Challenge for Self-Organizing Robot TeamsH. Juergen Mueller
Papers by Session
ICONS 8: Embedded Systems and Systems-on-the-Chip
q Support for Programming Embedded Software with Dynamically TypedLanguages
Harald Krapfenbauer, Dominik Ertl, Hermann Kaindl, and Jürgen Falb
q The System for Detecting Lead in SoldersMachan Ladislav and Pavel Steffan
q FPGA Based High Date Rate Radio Interfaces for Aerospace Wireless SensorSystems
Julien Henaut, Daniela Dragomirescu, and Robert Plana
q Bandpass Sigma-Delta Modulator for Sensor Signal ProcessingLukáš Fujcik and Radimír Vrba
Papers by Session
ICONS 9: System Engineering I
q Defining Requirements for an Incident Management System: A Case StudyMarko Jäntti
q Signature Matching Applied to Simulation/Frame DualityVincent Albert and Alexandre Nketsa
q Production Quality Modeling Based on Regression Rules Extracted from TrainedArtificial Neural Networks
Yan Ning, Min Li, Jianhong Yang, and Kunyin Meng
q Integrated Circuits 3D Silicon IntegrationT. Chammah and T. Giuma
Papers by Session
ICONS 10: System Engineering II & Safety in IndustrialSystems
q Using Sysml to Describe a New Methodology for Semiautomatic SoftwareGeneration from Inferred Behavioral and Data Models
Ignacio González Alonso, M. P. Almudena García Fuente, and J. A. L. Brugos
q Iterative Requirements Engineering and Architecting in Systems EngineeringHermann Kaindl, Edin Arnautovic, Dominik Ertl, and Jürgen Falb
q Collaboration Strategies for Distributed Teams: A Case Study of CAD SystemsIntegration
Kurt E. Madsen
q Modeling System Safety Requirements Using Input/Output ConstraintMeta-automata
Zhe Chen and Gilles Motet
Papers by Session
ICONS 11: Poster Forum
q Use of Magnetic Resonance to Determine the Circumference of Radial Slices of Norway Spruce
Karel Bartusek, Eva Gescheidtova, Lucie Homolova, and Zdenek Dokoupil
q Data Processing in Studying the Growth of Early Spruce Embryos, Using MRImaging Techniques
Karel Bartusek, Eva Gescheidtova, Rene Kizek, and Zdenek Dokoupil
q Implementation of Intrusion Detection System for Automation Devices within Virtual Automation Network
Radek Kuchta, Jaroslav Kadlec, and Radimír Vrba
q Whole Brain CT Perfusion MapsPetr Maule, Jana Klečková, and Vladimír Rohan
q Ontology Driven E-GovernmentBernd Stadlhofer, Peter Salhofer, and Gerald Tretter
Papers by Author
Aq Abdullah, Tariqq Albert, Vincentq Alonso, Fernandaq Alonso, Ignacio Gonzálezq Arnautovic, Edin
Bq Balík, Miroslavq Ballesteros, Pedroq Bartusek, Karelq Bertels, Koenq Brugos, J. A. L.
Cq Chammah, T.
q Chen, Zheq Czajka, Bartosz
Dq Dokoupil, Zdenekq Donoso, Yezidq Dragomirescu, Daniela
Eq Ege, Raimund K.q Ekelhart, Andreasq Ertl, Dominikq Essendorfer, Barbara
Fq Falb, Jürgenq Fauberteau, Frédéric
Papers by Author
q Fenz, Stefanq Ferraz, Lilian Márciaq Fuente, M. P. Almudena Garcíaq Fujcik, Lukáš
Gq George, L.q Gerstinger, Andreasq Gescheidtova, Evaq Giuma, T.
Hq Haze, J.q Henaut, Julienq Homolova, Lucie
Iq Istrate, Dan
Jq Jäntti, Markoq Jerônimo, Rosimeire Aparecida
Kq Kadlec, Jaroslavq Kaindl, Hermannq Kizek, Reneq Klečková, Janaq Kolb, Mathiasq Konarik, Petrq Krapfenbauer, Haraldq Krejcar, Ondrej
Papers by Author
q Kuchta, Radekq Kushwaha, D. S.
Lq Ladislav, Machanq Layouni, Farahq Lehikoinen, Lassiq Li, Minq Lindholm, Mikkoq Luo, Jia-Ning
Mq Madsen, Kurt E.q Malzahn, Dirkq Maule, Petrq McBurney, Sarahq Meng, Kunyin
q Mhamdi, Lotfiq Midonnet, Sergeq Misra, A. K.q Monari, Eduardoq Motet, Gillesq Mueller, H. Juergen
Nq Neubauer, Thomasq Nieminen, Mikkoq Ning, Yanq Nketsa, Alexandre
Pq Pandey, Tripureshq Papadopoulou, Elizabethq Pavlik, M.
Papers by Author
q Plana, Robertq Pollet, Yannq Pourebrahimi, Behnazq Pozniak-Koszalka, Iwona
Rq Räty, Tomiq Rauglaudre, D. deq Ricardo, Claudia Arezioq Rohan, Vladimír
Sq Salhofer, Peterq Salvador, Valéria Farinazzo Martinsq Silva, Alyne Oliveira daq Singh, Brijmohanq Sorel, Y.
q Stadlhofer, Berndq Steffan, Pavelq Sveda, Miroslav
Tq Taylor, Nickq Trček, Denisq Tretter, Gerald
Vq Vlk, Thomas J.q Vrba, R.q Vrba, Radimír
Wq Wanning, Heikoq Whittaker, Richard
Papers by Author
q Williams, M. Howard
Xq Xiang, Liu
Yq Yang, Jianhongq Yang, Liq Yang, Ming Hourq Yomsi, P. Meumeu
Papers by Author
Abdullah, Tariqq Resource Discovery with Dynamic Matchmakers in Ad Hoc Grid
Albert, Vincentq Signature Matching Applied to Simulation/Frame Duality
Alonso, Fernandaq Utilization of the Fuzzy Theory in the Adaptive Hypermedia Systems
Alonso, Ignacio Gonzálezq Using Sysml to Describe a New Methodology for Semiautomatic Software
Generation from Inferred Behavioral and Data Models
Arnautovic, Edinq Iterative Requirements Engineering and Architecting in Systems Engineering
Papers by Author
Balík, Miroslavq Modified Multi-layer Feedback Delay Network for Auditory Space Simulation
Ballesteros, Pedroq Attribute-Based Access Control in an Adaptive Hypermedia System
Bartusek, Karelq Use of Magnetic Resonance to Determine the Circumference of Radial Slices
of Norway Spruceq Data Processing in Studying the Growth of Early Spruce Embryos, Using MR
Imaging Techniques
Bertels, Koenq Resource Discovery with Dynamic Matchmakers in Ad Hoc Grid
Papers by Author
Brugos, J. A. L.q Using Sysml to Describe a New Methodology for Semiautomatic Software
Generation from Inferred Behavioral and Data Models
Chammah, T.q Integrated Circuits 3D Silicon Integration
Chen, Zheq Modeling System Safety Requirements Using Input/Output Constraint
Meta-automata
Czajka, Bartoszq Evaluation of Tasks Scheduling Algorithms in Multi-core and Multi-queuing
Environments Using System MESMS2
Papers by Author
Dokoupil, Zdenekq Use of Magnetic Resonance to Determine the Circumference of Radial Slices
of Norway Spruceq Data Processing in Studying the Growth of Early Spruce Embryos, Using MR
Imaging Techniques
Donoso, Yezidq Attribute-Based Access Control in an Adaptive Hypermedia System
Dragomirescu, Danielaq FPGA Based High Date Rate Radio Interfaces for Aerospace Wireless Sensor
Systems
Ege, Raimund K.q Extracting Value from P2P Content Delivery
Papers by Author
Ekelhart, Andreasq Ontology-Based Decision Support for Information Security Risk Management
Ertl, Dominikq Support for Programming Embedded Software with Dynamically Typed
Languagesq Iterative Requirements Engineering and Architecting in Systems Engineering
Essendorfer, Barbaraq An Integrated System for Border Surveillance
Falb, Jürgenq Support for Programming Embedded Software with Dynamically Typed
Languagesq Iterative Requirements Engineering and Architecting in Systems Engineering
Papers by Author
Fauberteau, Frédéricq Power Saving of Real Time Embedded Sensor for Medical Remote Monitoring
Fenz, Stefanq Ontology-Based Decision Support for Information Security Risk Management
Ferraz, Lilian Márciaq Utilization of the Fuzzy Theory in the Adaptive Hypermedia Systems
Fuente, M. P. Almudena Garcíaq Using Sysml to Describe a New Methodology for Semiautomatic Software
Generation from Inferred Behavioral and Data Models
Fujcik, Lukášq Bandpass Sigma-Delta Modulator for Sensor Signal Processing
Papers by Author
George, L.q Improving the Sensitivity of Deadlines with a Specific Asynchronous Scenario
for Harmonic Periodic Tasks scheduled by FP
Gerstinger, Andreasq Runtime Diversity against Quasirandom Faults
Gescheidtova, Evaq Use of Magnetic Resonance to Determine the Circumference of Radial Slices
of Norway Spruceq Data Processing in Studying the Growth of Early Spruce Embryos, Using MR
Imaging Techniques
Giuma, T.q Integrated Circuits 3D Silicon Integration
Papers by Author
Haze, J.q The Integrated Unit for MEMS Based Pressure Measurement
Henaut, Julienq FPGA Based High Date Rate Radio Interfaces for Aerospace Wireless Sensor
Systems
Homolova, Lucieq Use of Magnetic Resonance to Determine the Circumference of Radial Slices
of Norway Spruce
Istrate, Danq Power Saving of Real Time Embedded Sensor for Medical Remote Monitoring
Jäntti, Markoq Defining Requirements for an Incident Management System: A Case Study
Papers by Author
Jerônimo, Rosimeire Aparecidaq Utilization of the Fuzzy Theory in the Adaptive Hypermedia Systems
Kadlec, Jaroslavq Implementation of Intrusion Detection System for Automation Devices
within Virtual Automation Network
Kaindl, Hermannq Support for Programming Embedded Software with Dynamically Typed
Languagesq Iterative Requirements Engineering and Architecting in Systems Engineering
Kizek, Reneq Data Processing in Studying the Growth of Early Spruce Embryos, Using MR
Imaging Techniques
Papers by Author
Klečková, Janaq Important Nonverbal Attributes for Spontaneous Speech Recognitionq Whole Brain CT Perfusion Maps
Kolb, Mathiasq Technologies for the Pseudonymization of Medical Data: A Legal Evaluation
Konarik, Petrq Low Cost RT Process Control Using Windows PLC by MATLAB/Simulink Throw
the REX Control System by Secured Wireless Network
Krapfenbauer, Haraldq Support for Programming Embedded Software with Dynamically Typed
Languages
Papers by Author
Krejcar, Ondrejq Low Cost RT Process Control Using Windows PLC by MATLAB/Simulink Throw
the REX Control System by Secured Wireless Network
Kuchta, Radekq Implementation of Intrusion Detection System for Automation Devices
within Virtual Automation Network
Kushwaha, D. S.q Authentication and Billing Framework for Service Oriented Architecture
Ladislav, Machanq The System for Detecting Lead in Solders
Layouni, Farahq Mobile Agents and Their Ontology Serving a Federated Identity Platform
Papers by Author
Lehikoinen, Lassiq Adaptive Real-Time Video Streaming System for Best-Effort IP Networks
Li, Minq Production Quality Modeling Based on Regression Rules Extracted from Trained
Artificial Neural Networks
Lindholm, Mikkoq Multi-sensor Logical Decision Making in the Single Location Surveillance Point
System
Luo, Jia-Ningq Authentication Protocol in Mobile RFID Network
Papers by Author
Madsen, Kurt E.q Collaboration Strategies for Distributed Teams: A Case Study of CAD Systems
Integration
Malzahn, Dirkq Assessing - Learning - Improving, an Integrated Approach for Self Assessment
and Process Improvement Systems
Maule, Petrq Whole Brain CT Perfusion Maps
McBurney, Sarahq Implicit Adaptation of User Preferences in Pervasive Systems
Papers by Author
Meng, Kunyinq Production Quality Modeling Based on Regression Rules Extracted from Trained
Artificial Neural Networks
Mhamdi, Lotfiq Resource Discovery with Dynamic Matchmakers in Ad Hoc Grid
Midonnet, Sergeq Power Saving of Real Time Embedded Sensor for Medical Remote Monitoring
Misra, A. K.q Authentication and Billing Framework for Service Oriented Architecture
Monari, Eduardoq An Integrated System for Border Surveillance
Papers by Author
Motet, Gillesq Modeling System Safety Requirements Using Input/Output Constraint
Meta-automata
Mueller, H. Juergenq Nine Robot´s Morris: A Challenge for Self-Organizing Robot Teams
Neubauer, Thomasq Technologies for the Pseudonymization of Medical Data: A Legal Evaluationq Ontology-Based Decision Support for Information Security Risk Management
Nieminen, Mikkoq Multi-sensor Logical Decision Making in the Single Location Surveillance Point
System
Papers by Author
Ning, Yanq Production Quality Modeling Based on Regression Rules Extracted from Trained
Artificial Neural Networks
Nketsa, Alexandreq Signature Matching Applied to Simulation/Frame Duality
Pandey, Tripureshq Authentication and Billing Framework for Service Oriented Architecture
Papadopoulou, Elizabethq Implicit Adaptation of User Preferences in Pervasive Systems
Pavlik, M.q The Integrated Unit for MEMS Based Pressure Measurement
Papers by Author
Plana, Robertq FPGA Based High Date Rate Radio Interfaces for Aerospace Wireless Sensor
Systems
Pollet, Yannq Mobile Agents and Their Ontology Serving a Federated Identity Platform
Pourebrahimi, Behnazq Resource Discovery with Dynamic Matchmakers in Ad Hoc Grid
Pozniak-Koszalka, Iwonaq Evaluation of Tasks Scheduling Algorithms in Multi-core and Multi-queuing
Environments Using System MESMS2
Papers by Author
Räty, Tomiq Multi-sensor Logical Decision Making in the Single Location Surveillance Point
Systemq Adaptive Real-Time Video Streaming System for Best-Effort IP Networks
Rauglaudre, D. deq Improving the Sensitivity of Deadlines with a Specific Asynchronous Scenario
for Harmonic Periodic Tasks scheduled by FP
Ricardo, Claudia Arezioq IMS Vertical Handover Optimization Based on Network Resources
Rohan, Vladimírq Whole Brain CT Perfusion Maps
Papers by Author
Salhofer, Peterq Ontology Driven E-Government
Salvador, Valéria Farinazzo Martinsq Utilization of the Fuzzy Theory in the Adaptive Hypermedia Systems
Silva, Alyne Oliveira daq Utilization of the Fuzzy Theory in the Adaptive Hypermedia Systems
Singh, Brijmohanq Authentication and Billing Framework for Service Oriented Architecture
Sorel, Y.q Improving the Sensitivity of Deadlines with a Specific Asynchronous Scenario
for Harmonic Periodic Tasks scheduled by FP
Papers by Author
Stadlhofer, Berndq Ontology Driven E-Government
Steffan, Pavelq The System for Detecting Lead in Solders
Sveda, Miroslavq Fault Management for Secure Embedded Systems
Taylor, Nickq Implicit Adaptation of User Preferences in Pervasive Systems
Trček, Denisq System Dynamics Based Risk Management for Distributed Information Systems
Papers by Author
Tretter, Geraldq Ontology Driven E-Government
Vlk, Thomas J.q Ideas on System Thinking and Acting: Basic Issues, Aporetic Constructs
and Application of the Metanoia Principle
Vrba, R.q The Integrated Unit for MEMS Based Pressure Measurement
Vrba, Radimírq Bandpass Sigma-Delta Modulator for Sensor Signal Processingq Implementation of Intrusion Detection System for Automation Devices
within Virtual Automation Network
Papers by Author
Wanning, Heikoq An Integrated System for Border Surveillance
Whittaker, Richardq Extracting Value from P2P Content Delivery
Williams, M. Howardq Implicit Adaptation of User Preferences in Pervasive Systems
Xiang, Liuq A Multiple Criteria Decision-Making Method for Enterprise Supply Chain Finance
Cooperative Systems
Yang, Jianhongq Production Quality Modeling Based on Regression Rules Extracted from Trained
Artificial Neural Networks
Papers by Author
Yang, Liq Extracting Value from P2P Content Delivery
Yang, Ming Hourq Authentication Protocol in Mobile RFID Network
Yomsi, P. Meumeuq Improving the Sensitivity of Deadlines with a Specific Asynchronous Scenario
for Harmonic Periodic Tasks scheduled by FP
Papers by Author
A B C D E F G
H I J K L M N
O P Q R S T U
V W X Y Z
Runtime Diversity against Quasirandom Faults
Andreas Gerstinger Institute of Computer Technology, University of Vienna, Austria
Keywords: Fault Tolerance, Fault Detection, Diversity, Faults, Failures, Software Reliability
Abstract
Complex software based systems that have to be highly reliable, are increasingly confronted with fault types whose corresponding failures appear to be random, although they have a systematic cause. This paper introduces and defines these "quasirandom" faults. They have certain inconvenient common pro-perties such as their difficulty to be reproduced, their strong state dependence and their likelihood to be found in operational systems after testing. However, these faults are also likely to be detected or tolerated with the help of diversity in software, and even low level diversity which can be achieved during runtime is a promising means against them. The result suggests, that runtime diversity can improve software reliability in complex systems. 1. Introduction
It has been first mentioned by Jim Gray in [1], that software systems exhibit specific failures which dis-appear after a reset. The faults causing these failures are the only vaguely defined "Heisenbugs". Gray has detected these faults in systems that were highly com-plex for that time.
Software systems are continuing to get more complex and they grow in size. This can, for example,
be seen on the number of lines of code in operating systems. Two popular operating systems, Windows and Linux, are both continuing to grow in size which suggests that these faults should not be neglected in such systems.
Not just software, but also hardware is getting in-creasingly complex. Modern CPUs possess features such as pipelines, branch prediction and several levels of caches, which all make predictions especially con-cerning the timing behavior difficult. These features introduce a certain level of perceived indeterminism. The complexity of hardware also increases in terms of numbers of transistors per CPU. In a recent issue of IEEE Spectrum [2], all quoted experts predict the con-tinuation of Moore's Law (which predicts a doubling of transistors every 1-2 years) for at least the next 10-30 years.
With the advance of multi-core processors, the software is expected to introduce another level of com-plexity, as soon as programs are optimized to work on parallel processors.
This paper uses the terminology as introduced in [3], with a fault being the adjudged or hypothesized cause of an error, the error being is the part of the total state of the system that may lead to its subsequent (service) failure, and a failure being the event that occurs when the delivered service deviates from
Figure 1 – Fault spectrum
correct service. This failure chain can then be described as a
succession of faults, errors and failures: A fault in a system is activated and causes an error within the sys-tem state, which then propagates to become a failure.
2. Quasirandom Faults
A typical distinction between faults is the dis-tinction between random and systematic faults. The crucial difference is that random faults are caused by environmental conditions which are only predictable statistically, and systematic faults are inherent in the design and exactly predictable once the fault is known. The distinction is not as clear as it appears at first glance, as there are faults which fall in-between these two extremes. Therefore, faults can be depicted along a fault spectrum (Figure 1).
True random faults do not exist in software, but faults and their corresponding failures sometimes appear to be random, and have characteristics which resemble random hardware faults. They are somehow related to Heisenbugs [1], but the term Heisenbugs suggests that they modify their behavior when "looking" at them – which not the case. They are also linked to aging-related faults as described in [4]. How-ever, they are not exclusively related to aging, but they can occur at any time. We will call these faults "quasi-random faults". The properties of these quasirandom faults are:
(1) difficult to reproduce (2) difficult to be found by testing (3) depend strongly on state of system (4) predictable only statistically The first observation is that the distinction between
systematic and quasirandom software faults is not sharp, so that faults do not fall unambiguously in one of the categories. There is no strict dividing line in the fault spectrum between systematic and also quasiran-dom faults. However, the more of the properties above are fulfilled, the more the fault is in the quasirandom area of the spectrum.
The difficulty of reproduction (1) is based on the fact that the occurrence of the faults depends on many state and input variables and/or their timing, which rarely reoccur in exactly this combination. Due to this fact, testing is not always effective in finding them. If such a failure is observed during testing, it cannot be repeated, and therefore the fault which is the cause cannot be tracked down (2). This also leads to the fact that faults in operational systems are likely to be more of the quasirandom type, since a mature testing process is very effective at finding systematic faults. Quasiran-dom faults are likely to depend strongly on the internal state of the system, and less on the input variables (3). Therefore, although if the apparently same usage situation is reconstructed, the fault may not reappear. Finally, due to the fact that from a phenomenological point of view quasirandom faults in software and ran-dom faults in hardware are similar, probabilistic models are best suited for their prediction (4).
Examples for quasirandom faults which possess the properties described above are:
Race conditions: Faults depending on the exact timing of two or more events.
Resource depletion: Faults caused by the depletion of some resource.
Accumulation of floating point errors: Faults which occur after accumulation of a sufficient
Input parameter I1
Input parameter I2
Input parameter I3
State parameter S1
State parameter S2
State parameter S3
Input parameter I1
Input parameter I2
Fault 1(systematic)
Failure 1 Failure 2
Fault 2(quasirandom)
Figure 2 – Illustration of systematic vs. quasirandom fault
number of small rounding errors. Data corruption faults: Faults which are due to
successive corruption of data structures. Overflow faults: Faults which occur due to
some overflow or re-initialization of a data structure or value.
In summary, all these faults depend more on the state than on the inputs to a software system, and they depend on complex and rarely occurring combinations of state variables. This can be illustrated as shown in Figure 2. On the left, a typical systematic fault is sym-bolized. The systematic fault causes a failure, every time two specific input variables have a specific value. Therefore, this fault can easily be tracked down. On the right side of the figure, a quasirandom fault is sym-bolized. It depends not only on input parameters, but also on state parameters, and is triggered only if all are aligned in a very specific configuration.
The fact that system complexity – and therefore the state – grows in size and also other aspects such as the amount of parallelism suggests that quasirandom faults will become more prominent, and will increasingly in-fluence a software system's reliability. Due to the fact that quasirandom faults are unlikely to be removed by testing, we have to be able to cope with the occurrence of such faults during runtime.
3. Runtime Diversity
In systems where quasirandom faults are prominent, runtime diversity is an effective means against them. This argument can be made based on the following reasoning.
Diversity is not limited to the traditional "N version programming" (NVP) style of diversity as described in [3]. There are novel ways on how diversity can be introduced. NVP and design diversity is normally achieved by having multiple development teams develop multiple versions of functionally equivalent software (i.e. according to the same specification). The expectation is, that these diverse software versions contain different faults.
In general, diversity such as NVP is criticized frequently. The problem is, that expectations are too high. The objective of total independence between two developed versions cannot be achieved with the help of diversity, since people tend to make similar errors. There have been several discussions on the usefulness on diversity, with proponents and oppo-nents voicing their opinions enthusiastically [5]. The arguments against diversity are still valid and have not changed in the context of modern systems. The argu-ments in favor of diversity, however, have changed, because of the following facts:
Systems are becoming more complex, which increases the potential for introducing diversity. For example, a multi-layered system allows the introduction of diversity on several layers, such as the hardware, the operating system and the application.
Indeterminism increases in systems, which makes it easier to introduce diversity, since systems become more susceptible to small changes.
The use of automatic code generation becomes more widespread, which makes the automated introduction of diversity possible. One possibility might be the use of two different compilers.
The crucial point is that high complexity – the prime reason for the prevalence of quasirandom faults – also provides the possibility to introduce diversity in many aspects. Quasirandom faults are activated and lead to failures only in rare and difficult to reproduce cases. Hence it is unlikely that a diverse system is in the same state and triggers the same fault at the same time.
Such diversity can be introduced during the runtime of the system, with the intention to maximize the differences in the internal states of a diverse system configuration. Runtime diversity does not influence the faults in systems, but influences the fault activation process, such that failures occur in only one channel of the diverse system, or at least at different times in the two channels.
Runtime diversity is – compared to development di-versity – more cost efficient, since there is no need for duplicated software development. On the other hand, the faults that can be handled by runtime diversity are different. Typical systematic faults due to program-ming faults are not likely to be tolerated with runtime diversity. Runtime diversity can be inherent or en-forced.
3.1 Enforced Runtime Diversity
Enforced runtime diversity is the type of runtime di-versity which arises as a result of intentional diversity enhancing decisions during runtime. These decisions can be manifold, but they are all geared towards di-versifying the inputs to and the state of redundant com-ponents.
The input can be diversified by presenting two re-dundant components with different inputs, such as adding a small ε if floating point values are involved or intentionally modifying timing sequences in two re-dundant systems. Another possibility is to modify all inputs to semantically identical inputs if the input
allows this (e.g. by applying DeMorgan's laws to Boolean expressions). The state can be diversified by configuring a system differently, such that internal variables and data structures are different.
3.2 Inherent Runtime Diversity
Inherent runtime diversity is the same as enforced runtime diversity, except that it develops naturally without explicitly needing to enforce it. The property of inherent runtime diversity is possessed by all sys-tems which contain some degree of indeterminism. For example, whenever asynchronous external events take place, e.g. asynchronous interrupts coming from the environment (such as input via network interfaces), the exact timing is not under the control of the system. Two redundant computer systems always receive these interrupts at slightly different times. This causes the execution path to be interrupted during different oper-ations. This, in turn, leads to the fact that the two re-dundant systems are now in a different state and possess a certain degree of state diversity.
3.3 Runtime Diversity Example
A possible candidate for runtime diversity to in-crease reliability is a modern complex operating system such as GNU/Linux. Figure 3 shows a redun-dant system configuration with a diversified operating system. An operating system possesses inherent run-time diversity, due to the interaction with its environ-ment. Even if no intentional diversity enhancing de-cisions are made, due to the inherent indeterminism, the state of the system can differ considerably every time such a system is started. The boot process already possesses sufficient complexity, that it does not always follow the same paths. Therefore, a certain amount of inherent runtime diversity is already achieved auto-matically.
The following aspects are some examples of what could be diversified intentionally in operating systems, in order to achieve enforced runtime diversity:
Init sequence during booting Various memory sizes for data structures
Timing when system calls are invoked The more diverse the state of the operating systems
in a redundant configuration, the more likely it is that quasirandom faults in the operating systems occur in only one of the diverse systems.
4. Conclusion and Outlook
The main argument of this paper is that quasiran-dom faults are prominent in complex systems, and that runtime diversity is a promising means against exactly this important class of faults. However, the evidence of the effectiveness is still mostly qualitative and not quantitative. This is partly due to the fact that quasi-random faults are hard to simulate, so that fault in-jection experiments for quasirandom faults are very hard to conduct.
However, since many systems are redundant already simply to be more resistant against hardware faults, the introduction of runtime diversity in com-puter systems can only make such systems more reliable with respect to quasirandom faults – this po-tential should always be considered.
References [1] Jim Gray. Why do computers stop and what can be done
about it. Tandem Computers Technical Report 85.7. June 1985.
[2] Glenn Zorpette. Waiting for the Rapture. The Sin-gularity – Special Report. IEEE Spectrum Volume 45, Number 6. June 2008.
[3] Algirdas Avizienis, Jean-Claude Laprie, Brian Randell, Carl Landwehr. Basic concepts and taxonomy of de-pendable and secure computing. IEEE Transactions on Dependable and Secure Computing. Volume 1, Issue 1. Jan 2004.
[4] Kalyanaraman Vaidyanathan, Kishor S. Trivedi. Exten-ded Classification of Software Faults Based on Aging. Fast Abstract at the 12th International symposium on soft-ware reliability. ISSRE 2001.
[5] John C. Knight, Nancy G. Leveson. A reply to the criticisms of the Knight & Leveson experiment. ACM SIGSOFT Software Engineering Notes. Volume 15, Issue 1. pp.24-35. January 1990.
Figure 3 – Operating system runtime diversity