The Delta-4 Approach to Dependability in Open Distributed Computing Systems

Powell, David; Bonn, Gottfried; Seaton, D.; Verı́ssimo, Paulo; Waeselynck, F.

doi:10.1109/ftcsh.1995.532612

Cited by 18 publications

(26 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Systems that are designed and implemented so that they fail only in specific modes of failure described in the dependability & security specification and only to an acceptable extent, are fail-controlled systems, e.g., with stuck output as opposed to delivering erratic values, silence as opposed to babbling, consistent as opposed to inconsistent failures. A system whose failures are to an acceptable extent halting failures only, is a fail-halt (or fail-stop) system; the situations of stuck service and of silence lead respectively to fail-passive systems and failsilent systems [Powell et al 1988]. A system whose failures are, to an acceptable extent, all minor ones is a failsafe system.…”

Section: Failures 331 Service Failuresmentioning

confidence: 99%

Basic concepts and taxonomy of dependable and secure computing

Avižienis

Laprie

Randell

et al. 2004

IEEE Trans.Dependable and Secure Comput.

4,113

2,435

View full text Add to dashboard Cite

show abstract

Section: Failures 331 Service Failuresmentioning

confidence: 99%

Basic concepts and taxonomy of dependable and secure computing

Avižienis

Laprie

Randell

et al. 2004

IEEE Trans.Dependable and Secure Comput.

4,113

2,435

View full text Add to dashboard Cite

show abstract

“…Had the system been written for a dedicated purpose, correct diagnosis and recovery might have been possible, and the crash avoided. A crash can also be desirable if the OS is to implement "fail silent" behavior, i.e., when the system fails it does so by stopping to respond and without any other side effects [Powell et al, 1988].…”

Section: Failure Classesmentioning

confidence: 99%

Robustness Evaluation of Operating Systems

Johansson

2008

Information Assurance

View full text Add to dashboard Cite

SummaryThe premise behind this thesis is the observation that Operating Systems (OS), being the foundation behind operations of computing systems, are complex entities and also subject to failures. Consequently, when they do fail, the impact is the loss of system service and the applications running thereon. While a multitude of sources for OS failures exist, device drivers are often identified as a prominent cause behind failures.In order to characterize the impact of driver failures, at both the OS and application levels, this thesis develops a framework for error propagation-based robustness profiling for an OS. The framework is first developed conceptually and then experimentally validated on a real OS, namely Windows CE .Net. The choice of Windows CE is driven by its representativeness for a multitude of OS's, as well as the ability to customize the OS components for particular needs.For experimental validation, fault injection is a prominent technique that can be used to simulate faults (or errors) in the system by inserting synthetic ones and study their effect. Three key questions with such a technique are where, what and when to inject faults. This thesis shows how injecting errors at the interface between drivers and the OS can be very effective in evaluating the effects driver faults can have.To quantify the OS's robustness, this thesis defines a series of error propagation measures, specifically tailored for device drivers. These measures allow for quantifying and comparing both individual services and device drivers on their susceptibility and diffusing abilities.This thesis compares three contemporary error models on their suitability for robustness evaluation. The classical bit-flip model is found to identify a higher number of severe failures in the system. It also identifies failures for more services than both other models, data type and fuzzing. However, its main drawback is that it requires substantially more injections than the other two. Fuzzing, even though not giving rise to as many failures is able to find new additional services with severe failures.A careful study of the injections performed with the bit-flip model shows that only a few bits are generally useful for identifying new services with robustness weaknesses. Consequently, a new composite model is proposed, combining the most effective bits of the bit-flip model with the fuzzing model's ability to identify new services, giving rise to new model without loss of important information and at the same time incurring a moderate number of injections.To answer the question of when to inject an error this thesis proposes a novel model of a driver's usage profile, focusing on high-level operations being carried out. It guides the injection of errors to instances when the driver is carrying out specific operations. Results from extensive fault injection experiments show that more service vulnerabilities can be discovered. Furthermore, a priori profiling of the drivers can show how effective the proposed approach will be. vi

show abstract

“…Research in the Delta-4 system [4] asserted that the total message traffic between components of a dynamically evolving system (e.g, a shared communication inter-link as the ethernet) cannot in practice be assumed determenistic and varies from an instance to the other. To accommodate this variation, a background task was implemented to dynamically calculate the round-trip time (rtt) of inter-node messages with relation to the current network traffic.…”

Section: Detecting Node Failuresmentioning

confidence: 99%

FADI: A fault tolerant environment for open distributed computing

Osman

Bargieła

2000

IEE Proc., Softw.

View full text Add to dashboard Cite

FADI is a complete programming environment that serves the reliable execution of distributed application programs. FADI encompasses all aspects of modern fault-tolerant distributed computing. The built-in usertransparent error detection mechanism covers processor node crashes and hardware transient failures. The mechanism also integrates user-assisted error checks into the system failure model. The nucleus non-blocking checkpointing mechanism combined with a novel selective message logging technique delivers an efficient, low-overhead backup and recovery mechanism for distributed processes. FADI also provides means for remote automatic process allocation on the distributed system nodes.

show abstract

The Delta-4 Approach to Dependability in Open Distributed Computing Systems

Cited by 18 publications

References 11 publications

Basic concepts and taxonomy of dependable and secure computing

Basic concepts and taxonomy of dependable and secure computing

Robustness Evaluation of Operating Systems

FADI: A fault tolerant environment for open distributed computing

Contact Info

Product

Resources

About