- verlässliche systemedependable systems€¦ · dependable systems – introduction 1.2...
TRANSCRIPT
Dependable SystemsWinter term 2020/2021
Dependable Systems
1st ChapterIntroduction
Prof. Matthias WernerProfessur Betriebssysteme
Dependable Systems – Introduction
Willkommen zu “Verlässliche Systeme”
Welcome to “Dependable Systems”565130
WS 2020/2021 · M. Werner I – 2 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.2 Formalities
1.2 FormalitiesLanguage/Sprache
I Although English is the official courselanguage, German is partly supported:I The handouts are provided in English
and GermanI Literature is in English anyway.I Language of a question determines the
language of the answer
I Obwohl die Lehrveranstaltung als englischsprachigausgewiesen ist, werden deutschsprachigeStudierende teilweise unterstützt:I Das Kursmaterial (Handouts) wird in Deutsch
und Englisch bereitgestellt (soweitÜbersetzungen sinnvoll sind)
I Literatur ist durchweg englischI Fragen werden in der bei der Fragestellung
benutzten Sprache beantwortetWS 2020/2021 · M. Werner I – 3 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.2 Formalities
LectureI Due to Covid-19, lecture is presented as screencast
I Dozent: Prof. Matthias WernerI [email protected] Professur “Betriebssysteme”I Homepage: osg.informatik.tu-chemnitz.de
I Zeit: Wednesday, 11.30 – 13.00 Uhr
I Access information at Opal
Why “Zoom”?That is totally insecure!
I Indeed, Zoom had a number of security issues.I The (known) security bug are fixed in the meantimeI Privacy: The TU bought licenses á Zoom is bound by law to a
certain degree.1
1Cf.: https://unterrichten.digital/2020/05/02/zoom-datenschutz-schule-unterrichtWS 2020/2021 · M. Werner I – 4 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.2 Formalities
Lecture (cont.)
I Even under Corona conditions, the lecture should be as interactive as possible
I Thus, every student should take part with microphone, and possibly with camera, too.
I Signal questions by “raising hand” or by a headword in the chat. á talk on request
HintDue to privacy reasons, I can’t provide video records (for the time being)
WS 2020/2021 · M. Werner I – 5 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.2 Formalities
Lecture (cont.)
put hand up
chat
(de)activatemicro/cam
WS 2020/2021 · M. Werner I – 6 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.2 Formalities
TutorialI Tutorials use BigBlueButton
I Access information in OPAL (after registration)
I Tutor: Christine Jakobs
I Time: Friday, 11.30 – 13.00 Uhr
I Content:I Discuss of open issuesI Check solutions of self-test problemsI Do application examples
I The first tutorials deal also with recaps of prerequisitesI The tutorial classes will start at October 23rd
WS 2020/2021 · M. Werner I – 7 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.2 Formalities
Exam
I Written exam in FebruaryI Registration with central examination office via SB-Service requiredI Learning is a necessary but not sufficient condition to pass this course
I You also should understand the topics
NoteBe able to answer not only to What questions, but also to Why questions!
WS 2020/2021 · M. Werner I – 8 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.2 Formalities
Credits
I Course can be taken by students of following programs:I Master Computer ScienceI Master Applied Computer ScienceI Master Automotive Software EngineeringI Master Automotive Computer EngineeringI Master NeuroroboticsI Master Web EngineeringI Mater/PhD MathematicsI Master Biomedical Technology
WS 2020/2021 · M. Werner I – 9 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.2 Formalities
LiteratureI There is no single textbook for this courseI However, the following textbooks may be of use:
� [AL82] Thomas Anderson and Pete A. Lee. Fault Tolerance – Principles and Practice. Prentice Hall, 1982� [Pra96] Dhiraj K. Pradhan, ed. Fault Tolerant Computer Systems. Prentice Hall, 1996� [SS95] Daniel P. Siewiorek and Robert S. Swarz. The Theory and Practice of Reliable Systems Design.
Digital Press, 1995� [Sho03] Martin L Shooman. Reliability of computer systems and networks: fault tolerance, analysis, and
design. John Wiley & Sons, 2003� [Rau14] Marvin Rausand. Reliability of safety-critical systems: theory and applications. John Wiley &
Sons, 2014� [RA04] Marvin Rausand and Høyland Arnljot. System reliability theory: models, statistical methods, and
applications. Vol. 396. John Wiley & Sons, 2004� [Kni12] John Knight. Fundamentals of Dependable Computing for Software Engineers. 1st. Chapman &
Hall/CRC, 2012WS 2020/2021 · M. Werner I – 10 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.2 Formalities
Literature (cont.)
I In addition, the following materials are provided:I Slides as handout (via homepage)
I I’ll try hard to provide it in advance to the related lectureI You may add your own notesI Handout is in 2x2 layout; if you need another layout, convert it by proper tools
I Original articles (marked byb)I Link at homepageá You need TUC trust center account
WS 2020/2021 · M. Werner I – 11 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.2 Formalities
Handout
I Example script (bash) toconvert the handout into1x1 layoutI Needs ghostscript and
pdf toolkitI YMMV
1 #!/usr/bin/env bash2 if [ -z "$1" ] || [ ! -f "$1" ] || \3 [ ‘file -Ib $1 | cut -f1 -d’ ’‘ != "application/pdf;" ];4 then5 echo "No valid input file"6 exit 17 fi8 x=( 0 -421 0 -421)9 y=( -297 -297 0 0)
10 temp=‘mktemp -u /tmp/pdf -cv -XXXXX ‘11 for i in {0..3}; do12 gs -q -dNOPAUSE -dBATCH -P- -dSAFER -sDEVICE=pdfwrite \13 -g4210x2975 -sOutputFile=${temp}$i.pdf \14 -c "<</PageOffset [${x[$i]} ${y[$i]}]>> setpagedevice" \15 -f $1;16 done17 pdftk ${temp }?. pdf shuffle output ${1/. pdf/-1x1.pdf}18 rm ${temp }?. pdf
WS 2020/2021 · M. Werner I – 12 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.3 Dependability
1.3 DependabilitySystem Properties
I Systems have functional and non-functional (or: meta-functional) propertiesI Functional properties: “What”
I Function or its return valueI Hardware and software is offering functional services
I Non-functional properties: “How”I Boundary conditionsI Umbrella term for operational requirements on the systemI Cross-cutting concerns for all functionalitiesI Hard to define and to abstract awayI Divide et impera does not work in many casesI Many people only focus on performance and costs
WS 2020/2021 · M. Werner I – 13 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.3 Dependability
Concept
I Past (appr. until 80s)Dependability is property of fault-tolerance systems
I Today:“Dependability” is umbrella term, that covers quite a number of concepts and measures.
General question:
“How to deal with unexpected/undesired events?”
I Unexpected event = impairI E.g., attacks are intended impairs
WS 2020/2021 · M. Werner I – 14 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.3 Dependability
Concept (cont.)
Definition 1.1 (LAPRIE 1993)
Dependability is defined as the trustworthiness of a computer system such that reliance can justifiable be placed onthe service it delivers.The service delivered is its behaviour as it is perceptible to its user(s);a user is another system (human or physical) which interacts with the former.
I Attention: following the definition, also unintended/undesired behavior is a service.I Example: damage for a third party
WS 2020/2021 · M. Werner I – 15 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.3 Dependability
Consequences of Failures
I Human injury or loss of lifeI Damage to the environmentI Damage to or loss of equipmentI Damage to or loss of dataI Financial loss by theftI Financial loss through production of useless or defective productsI Financial loss through reduced capacity for production or serviceI Loss of business reputationI Loss of customer baseI Loss of jobs
WS 2020/2021 · M. Werner I – 16 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.3 Dependability
Importance of Dependability for Business
I Average costs per hour of downtime (Gartner 1998)I Brokerage operations in finance: $6.5 millionI Credit card authorization: $2.6 millionI Home catalog sales: $90.000I Airline reservation: $89.500
I Example: 22-hour service outage of eBay on June 6th 1999I Interruption of around 2.3 million auctionsI 0.2% stock value drop, $3-5 billion of lost revenuesI Problems blamed on Sun server software
WS 2020/2021 · M. Werner I – 17 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.4 Case Studies
1.4 Case Studies1.4.1 Example I: Specification vs. ImplementationI Automatic parking brake
I Example: VW PassatI Will be automatically released, when car accelerates
Picture from: www.autozeitung.deWS 2020/2021 · M. Werner I – 18 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.4 Case Studies
Automatic Parking Break ReleaseI What was intendedI What has been implementedI What did happen
Put throttle control Engine speed increases
Release parking brake
Air condition starts up
WS 2020/2021 · M. Werner I – 19 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.4 Case Studies
1.4.2 Example II: Measure vs. Measurement
I Service requires the execution of 6 taskI Probability of finishing is equally distributed within an intervalI One or two processorsI Deadline: 25 time unitsI Fault rate: λ = 0.01, R(t) = e−λ·t
QuestionsI How many processors should be used (one or two)?I What scheduling policy should be used?
1 Request
23
4
56 Completion
[1; 2]
[4; 5]
[1; 2]
[4; 8]
[2; 6]
[3; 5]
6
5
4
3
2
1
task
t
min maxWS 2020/2021 · M. Werner I – 20 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.4 Case Studies
Design Alternatives
5 10 15 20 t
P1
simple approachτ1 τ2 τ3 τ4 τ5 τ6
5 10 15 20 t
P1
fault-tolerant approach
P2
τ1 τ2 τ3 τ4 τ5 τ6
τ1 τ2 τ3 τ4 τ5 τ6
5 10 15 20 t
P1
real-time approach
P2
τ1 τ2 τ3
τ4 τ5
τ6
5 10 15 20 t
P1
adaptive approach
P2
τ1 τ2 τ3 τ5
τ1 τ2 τ4 τ5
τ6
τ6
canceled
WS 2020/2021 · M. Werner I – 21 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.4 Case Studies
Comparison of Designs
0 5 10 15 20 25 30 350
0.2
0.4
0.6
0.8
1
Deadline
R(t)
I Legend:I simple approachI real timeI fault toleranceI adaptivity
I Result:I Real-time approach reduces the
probability of success!I Adaptivity is best (here)
WS 2020/2021 · M. Werner I – 22 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.4 Case Studies
Lessons Learned
I Even simple systems may behave unexpectedI Beware of “improvements”:
Possibility that they make things worseI Design issues:
I What is intended? (what is success?)I What are the side conditions? (e.g., resources)
WS 2020/2021 · M. Werner I – 23 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.5 Course Contents
1.5 Course ContentsCourse’s Key Aspects
I Focus onI ConceptsI Evaluation and modelingI (Classic) fault tolerance
I No focus on:I Real time (á Real-time course (summer term))I Security (á Prof. Lefmann)
I but may interfere (c.f., case study)
WS 2020/2021 · M. Werner I – 24 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.5 Course Contents
Interesting Problems
I How to evaluate system’s dependability?I How to model faulty behavior?I Why is simple redundancy not sufficient in case of “malicious” faults?I What test approaches do exist?I What is the difference between RAID 1+0 and 0+1?
WS 2020/2021 · M. Werner I – 25 of 26 osg.informatik.tu-chemnitz.de
Dependable Systems – Introduction1.5 Course Contents
Topics
I Impairment modelsI (Recap of) stochastic basicsI Dependability measures and system evaluationI Fault tolerance patternsI Tests and fault diagnosisI Consensus and Byzantine FaultsI Analytical evaluationI Verification and testing of softwareI Fault tolerance in software
WS 2020/2021 · M. Werner I – 26 of 26 osg.informatik.tu-chemnitz.de