Abstract
Design diversity is a popular defence against design faults in safety critical systems. Design diversity is at times pursued by simply isolating the development teams of the different versions, but it is presumably better to “force” diversity, by appropriate prescriptions to the teams. There are many ways of forcing diversity. Yet, managers who have to choose a cost-effective combination of these have little guidance except their own intuition. We argue the need for more scientifically based recommendations, and outline the problems with producing them. We focus on what we think is the standard basis for most recommendations: the belief that, in order to produce failure diversity among versions, project decisions should aim at causing “diversity” among the faults in the versions. We attempt to clarify what these beliefs mean, in which cases they may be justified and how they can be checked or disproved experimentally.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Voges, U. (Ed.): Software diversity in computerized control systems. Springer-Verlag, Wien (1988)
Lyu, M. R. (Ed.): Software Fault Tolerance. Wiley (1995)
Littlewood, B., Miller, D. R.: Conceptual Modelling of Coincident Failures in Multi-Version Software. IEEE Transactions on Software Engineering SE-15 (1989) 1596–1614
Littlewood, B.: The impact of diversity upon common mode failures. Reliability Engineering and System Safety 51 (1996) 101–113
Popov, P., Strigini, L.: Conceptual models for the reliability of diverse systems-new results. In Proc. 28th International Symposium on Fault-Tolerant Computing (FTCS-28), Munich, Germany (1998) 80–89
Lyu, M. R., He, Y.: Improving the N-Version Programming Process Through the Evolution of a Design Paradigm. IEEE Transactions on Reliability R-42 (1993) 179–189
MoD 00-55 Def Stan 00-55, Requirements for Safety Related Software in Defence Equipment. U.K. Ministry of Defence, Issue 2 (1997)
MoD 00-56 Def Stan 00-56, Safety Management Requirements for Defence Systems. U.K. Ministry of Defence, Issue 2 (1996)
Littlewood, B., Popov, P., Strigini, L.: A note on reliability estimation of functionally diverse systems. Reliability Engineering and System Safety, to appear (1999)
Reason, J.: Human Error. Cambridge University Press (1990)
Lyu, M. R., Chen, J., Avizienis, A.: Experience in Metrics and Measurements for N-Version Programming. International Journal of Reliability, Quality and Safety Engineering 1 (1994) 41–62
Avizienis, A., Lyu, M. R., Schuetz, W.: In search of effective diversity: A six-language study of fault-tolerant flight control software. In Proc. 18th International Symposium on Fault-Tolerant Computing, Tokyo, Japan (1988) 15–22
Kersken, M., Saglietti, F. (Ed.): Software Fault Tolerance: Achievement and Assessment Strategies. Springer-Verlag (1992)
Mongardi, G.: Dependable Computing for Railway Control Systems. In Proc. 3rd IFIP Int. Working Conference on Dependable Computing for Critical Applications (DCCA-3), Mondello, Italy (1993) 255–277
Briere, D., Traverse, P.: Airbus A320/A330/A340 Electrical Flight Controls-A Family Of Fault-Tolerant Systems. In Proc. 23rd International Symposium on Fault-Tolerant Computing (FTCS-23), Toulouse, France, 22-24 (1993) 616–623
Kantz, H., Koza, C.: The ELEKTRA Railway Signalling-System: Field Experience with an Actively Replicated System with Diversity. In Proc. 25th IEEE Annual International Symposium on Fault-Tolerant Computing (FTCS-25), Pasadena, California (1995) 453–458
Bishop, P. G., Pullen, F. D.: Failure Masking: A Source of Failure Dependency in Multiversion Programs. In Proc. 1st IFIP Int. Working Conference on Dependable Computing for Critical Applications (DCCA-1), Santa Barbara, USA (1989) 53–73
Chillarege, R.: Orthogonal Defect Classification. In Lyu, M. R. (Ed.): Handbook of Software Reliability Engineering: Computing, McGraw-Hill and IEEE Computer Society Press, (1996) 359–400
Bertolino, A., Strigini, L.: Assessing the risk due to software faults: estimates of failure rate vs evidence of perfection. Software Testing, Verification and Reliability 8 (1998)
Popov, P., Strigini, L., Pizza, M.: The efficacy of diverse redundancy against design error: some practical considerations. In Proc. INucE Third International Conference on Control and Instrumentation in Nuclear Installations, Edinburgh, U.K. (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Popov, P., Strigini, L., Romanovsky, A. (1999). Choosing Effective Methods for Diversity — How to Progress from Intuition to Science. In: Felici, M., Kanoun, K. (eds) Computer Safety, Reliability and Security. SAFECOMP 1999. Lecture Notes in Computer Science, vol 1698. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48249-0_24
Download citation
DOI: https://doi.org/10.1007/3-540-48249-0_24
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66488-8
Online ISBN: 978-3-540-48249-9
eBook Packages: Springer Book Archive