City Research Online

Achieving effective diversity between redundant software-based components

Strigini, L. ORCID: 0000-0002-4246-2866 (2007). Achieving effective diversity between redundant software-based components. Paper presented at the 6th International Conference on Control and Instrumentation in Nuclear Installations, 11-13 Sep 2007, Manchester, UK.

Abstract

All empirical evidence indicates that diversity between redundant software-based components offers some defence against common-mode failure in redundant systems, i.e., it brings gains in reliability or safety. An important question is how to pursue diversity - in the selection or development of such software - so as to achieve large enough gains. Common sense suggests for instance to develop the components, or procure components that have been developed, in "truly independent" ways; and to make them "as diverse as possible", i.e. with intentional differences in their designs and development methods. This advice is unfortunately insufficient for most practical decisions, and turns out sometimes to be self-contradictory, while direct experimental evidence of "what really works" in industrial practice is scarce. This talk will summarise the state of knowledge on these issues:

- the ways diversity can be pursued, using a threat-driven approach to analysing the possible "diversity seeking decisions";

- the trade-offs that may arise given the practical constraints in an actual project, having to choose in a limited range of options; and especially the common case when the pursuit of diversity may work against that of high reliability of the individual channels, while the combined effect of these two factors on system-level reliability or safety, the true goal pursued, is difficult to estimate;

- mathematical results that in some cases are sufficient for choosing between alternative policies, even without specific experimental evidence. These are based on probabilistic models and identify scenarios under which pursuing some additional degree of either "separation" or "diversification" between the development processes of redundant components is guaranteed to yield improvements at the system level.

Publication Type: Conference or Workshop Item (Paper)
Additional Information: Published by the American Nuclear Society (ANS), https://www.ans.org/pubs/. All rights reserved.
Subjects: Q Science > QA Mathematics
Q Science > QA Mathematics > QA76 Computer software
Departments: School of Mathematics, Computer Science & Engineering > Computer Science
School of Mathematics, Computer Science & Engineering > Computer Science > Software Reliability
[img]
Preview
Text - Accepted Version
Download (306kB) | Preview
Official URL: https://www.ans.org/

Export

Downloads

Downloads per month over past year

View more statistics

Actions (login required)

Admin Login Admin Login