loading...
Dependability through Assured Reconfiguration in Embedded System Software
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2006.33July-September 2006 (vol. 3 no. 3) pp. 172-187
 This Article 
 
Buy PURCHASE ARTICLE: $19
PDF
HTML
Buy IEEE Xplore Subscribers
 
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
ASCII Text
x 
 
Elisabeth A. Strunk, John C. Knight, "Dependability through Assured Reconfiguration in Embedded System Software," IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 3, pp. 172-187, July-September, 2006.
 
 
BibTex
x
 
@article{ 10.1109/TDSC.2006.33,
author = {Elisabeth A. Strunk and John C. Knight},
title = {Dependability through Assured Reconfiguration in Embedded System Software},
journal ={IEEE Transactions on Dependable and Secure Computing},
volume = {3},
number = {3},
issn = {1545-5971},
year = {2006},
pages = {172-187},
doi = {http://doi.ieeecomputersociety.org/10.1109/TDSC.2006.33},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}
 
 
RefWorks Procite/RefMan/Endnote
x 
 
TY - JOUR
JO - IEEE Transactions on Dependable and Secure Computing
TI - Dependability through Assured Reconfiguration in Embedded System Software
IS - 3
SN - 1545-5971
SP172
EP187
EPD - 172-187
A1 - Elisabeth A. Strunk,
A1 - John C. Knight,
PY - 2006
KW - Reconfiguration
KW - embedded systems
KW - real-time systems
KW - formal methods
KW - concurrent systems.
VL - 3
JA - IEEE Transactions on Dependable and Secure Computing
ER -
 
Elisabeth A. Strunk, IEEE Computer Society
John C. Knight, IEEE Computer Society
In many software systems, properties necessary for dependable operation are only a small subset of all desirable system properties. Assuring properties over the simpler subset can provide assurance of critical properties over the entire system. This work provides a method for constructing systems to be dependably reconfigurable. A system's primary function can have less demanding dependability requirements than the overall system because the system can reconfigure to some simpler function. Reconfiguration thus controls the effective complexity of the system without forcing that system to sacrifice desired, but unassurable, capabilities. Focusing a system's dependability argument on reconfiguration means that reconfiguration must proceed correctly with very high assurance. The system construction approach in this work also provides a method through which system dependability properties can be shown. To illustrate the ideas in this work, we have built part of a hypothetical avionics system that is typical of what might be found on an unmanned aerial vehicle.

[1] 172 T. Anderson and J.C. Knight, “A Framework for Software Fault Tolerance in Real-Time Systems,” IEEE Trans. Software Eng., vol. 9, no. 3, pp. 355-364, May 1983.
[2] T. Anderson and R.W. Witty, “Safe Programming,” BIT, vol. 18, pp. 1-8, 1978.
[3] ARINC Inc., “Avionics Application Software Standard Interface,” ARINC Spec. 653, Baltimore, Md, 1997.
[4] A. Bateman, D. Ward, and J. Monaco, “Stability Analysis for Reconfigurable Systems with Actuator Saturation,” Proc. Am. Control Conf., 2002.
[5] N. Budhiraja, K. Marzullo, F.B. Schneider, and S. Toueg, “Optimal Primary-Backup Protocols,” Proc. Workshop Distributed Algorithms, Nov. 1992.
[6] A. Burns and A.J. Wellings, “Safety Kernels: Specification and Implementation,” High Integrity Systems, vol. 1, no. 3, pp. 287-300, 1995.
[7] R.W. Butler and G.B. Finelli, “The Infeasibility of Experimental Quantification of Life-Critical Software Reliability,” Proc. ACM SIGSOFT '91 Conf. Software for Critical Systems, Dec. 1991.
[8] D. Cailliau and R. Bellenger, “The Corot Instruments Software: Towards Intrinsically Reconfigurable Real-Time Embedded Processing Software in Space-Borne Instruments,” Proc. Fourth IEEE Int'l Symp. High-Assurance Systems Eng., Nov. 1999.
[9] D. Garlan, S. Cheng, and B. Schmerl, “Increasing System Dependability through Architecture-Based Self-Repair,” Architecting Dependable Systems, R. de Lemos, C. Gacek, and A. Romanovsky, eds. Springer-Verlag, 2003.
[10] J.C. Knight and E.A. Strunk, “Achieving Critical System Survivability through Software Architectures,” Architecting Dependable Systems II, R. de Lemos, C. Gacek, and A. Romanovsky, eds. Springer-Verlag, 2004.
[11] J.C. Knight, E.A. Strunk, and K.J. Sullivan, “Towards a Rigorous Definition of Information System Survivability,” Proc. DARPA Information Survivability Conf. and Exposition (DISCEX '03), Apr. 2003.
[12] H. Kopetz, “Time-Triggered Real-Time Computing,” Proc. IFAC World Congress, July 2002.
[13] H. Kopetz and G. Grunsteidl, “TTP-A for Fault-Tolerant, Real-Time Systems,” Computer, vol. 27, no. 1, Jan. 1994.
[14] N. Leveson, T. Shimeall, J. Stolzy, and J. Thomas, “Design for Safe Software,” Proc. AIAA Space Sciences Meeting, 1983.
[15] G. Muller, M. Banatre, N. Peyrouse, and B. Rochat, “Lessons from FTM: An Experiment in the Design and Implementation of a Low Cost Fault Tolerant System,” IEEE Trans. Reliability, vol. 45, no. 2, pp. 332-340, June 1996.
[16] I. Mura, A. Bondavalli, X. Zang, and K.S. Trivedi, “Dependability Modeling and Evaluation of Phased Mission Systems: A DSPN Approach,” Proc. Dependable Computing for Critical Applications (DCCA '99), Jan. 1999.
[17] S. Neema, T. Bapty, and J. Scott, “Adaptive Computing and Run-Time Reconfiguration,” Proc. Military Applications of Programmable Logic Devices, Sept. 1999.
[18] C. Perrow, Normal Accidents: Living with High-Risk Technologies. Princeton Univ. Press, 1999.
[19] S. Porcarelli, M. Castaldi, F. Di Giandomenico, A. Bondavalli, and P. Inverardi, “A Framework for Reconfiguration-Based Fault-Tolerance in Distributed Systems,” Architecting Dependable Systems II, R. de Lemos, C. Gacek, and A. Romanovsky, eds. Springer-Verlag, 2004.
[20] D. Powell, “Distributed Fault-Tolerance: Lessons from Delta-4,” IEEE Micro, vol. 14, no. 1, pp. 36-47, Feb. 1994.
[21] J. Reason, Human Error. Cambridge, U.K.: Cambridge Univ. Press, 1990.
[22] J. Rushby, “Kernels for Safety?” Safe and Secure Computing Systems, T. Anderson, ed., Blackwell Scientific Publications, 1989.
[23] R.D. Schlichting and F.B. Schneider, “Fail-Stop Processors: An Approach to Designing Fault-Tolerant Computing Systems,” ACM Trans. Computing Systems, vol. 1, no. 3, pp. 222-238, 1983.
[24] L. Sha, “Using Simplicity to Control Complexity,” IEEE Software, vol. 18, no. 4, pp. 20-28, July/Aug. 2001.
[25] L. Sha, R. Rajkumar, and M. Gagliardi, “A Software Architecture for Dependable and Evolvable Industrial Computing Systems,” Technical Report CMU/SEI-95-TR-005, Software Eng. Inst., Carnegie Mellon Univ., 1995.
[26] C. Shelton and P. Koopman, “Improving System Dependability with Functional Alternatives,” Proc. Int'l Conf. Dependable Systems and Networks (DSN '04), June 2004.
[27] N. Storey, Safety-Critical Computer Systems. Harlow, U.K.: Prentice Hall, 1996.
[28] E.A. Strunk, J.C. Knight, and M.A. Aiello, “Assured Reconfiguration of Fail-Stop Systems,” Proc. Int'l Conf. Dependable Systems and Networks (DSN '05), June 2005.
[29] E.A. Strunk and X. Yin, “Assured Reconfiguration: Specification, Proofs, and Example,” Technical Report CS-2005-05, Dept. of Computer Science, Univ. of Virginia, Apr. 2005.
[30] K.J. Wika and J.C. Knight, “On The Enforcement of Software Safety Policies,” Proc. 10th Ann. Conf. Computer Assurance (COMPASS), 1995.
[31] Y.C. Yeh, “Triple-Triple Redundant 777 Primary Flight Computer,” Proc. 1996 IEEE Aerospace Applications Conf., vol. 1, Feb. 1996.

Index Terms:
Reconfiguration, embedded systems, real-time systems, formal methods, concurrent systems.
Citation:
Elisabeth A. Strunk, John C. Knight, "Dependability through Assured Reconfiguration in Embedded System Software," IEEE Transactions on Dependable and Secure Computing, vol. 3, no. 3, pp. 172-187, July-Sept. 2006, doi:10.1109/TDSC.2006.33
Usage of this product signifies your acceptance of the Terms of Use.