2011, Contributo in atti di convegno, ENG
Masci P.; Nostro N.; Di Giandomenico F.
We present the speci cation of a basic library of dependability mechanisms that can be used within automated approaches for synthesising dependable Connectors in heterogeneous networks. The library builds on classical dependability patterns, such as majority voting and retry, and uses the concept of overlay networks for triggering the synthesis of speci c dependability mechanisms in the Connector from high-level speci cations. We translated such dependability mechanisms into SAN models with the aim to evaluate, through model-based analysis, which dependability mechanisms should be embedded in the synthesised Connector for ensuring a given dependability level between networked systems willing to be connected. A case study is also presented to show the application of selected library mechanisms. This work is carried out in the context of Connect, a European FET project which is investigating the possibility of enabling long-lasting inter-operation among networked systems by synthesising mediating Connectors at run-time.
2009, Curatela di numero monografico (di rivista o di collana), ENG
De Lemos R.; Fabre J.; Gacek C.; Gadducci F.; Ter Beek M.
As software systems become increasingly ubiquitous, issues of dependability become ever more crucial. Given that solutions to these issues must be considered from the very beginning of the design process, it is reasonable that dependability and security are addressed at the architectural level. This book has originated from an effort to bring together the research communities of software architectures, dependability and security. This state-of-the-art survey contains expanded and peer-reviewed papers based on the carefully selected contributions to two workshops: the Workshop on Architecting Dependable Systems (WADS 2008), organized at the 2008 International Conference on Dependable Systems and Networks (DSN 2008), held in Anchorage, Alaska, USA, in June 2008, and the Third International Workshop on Views On Designing Complex Architectures (VODCA 2008) held in Bertinoro, Italy, in August 2008. It also contains invited papers written by recognized experts in the area. The 13 papers are organized in topical sections on dependable service-oriented architectures, fault-tolerance and system evaluation, and architecting security.
2008, Rapporto di progetto (Project report), ENG
Caneschi F.; Ceccarelli A.; Ciompi P.; Iovino D.; Majzik I.; Bondavalli A.
This document describes the detailed architecture of SAFEDMI, including the chosen fault tolerance mechanisms that ensure a SIL2 level, by - Devising the appropriate architectural components for assuring a SIL2 safety: namely error detection, and improving diagnosis methods for the relevant fault models - Devising reconfiguration and adaptation strategies to cope with the diagnosed faults - Incorporating in the architectural framework an online communication subsystem for remote interactions for configuration, SW and firmware downloading and diagnostic purposes. The architecture detailed specification takes into account, and is based on, the SAFEDMI general architecture document [4], and the requirements specified in the System Requirements document [3].
2007, Articolo in rivista, ENG
Bucchiarone A.; Muccini H.; Pelliccione P.
Fault tolerance is one of the most important means to avoid service failure in the presence of faults, so to guarantee they will not interrupt the service delivery. Software testing, instead, is one of the major fault removal techniques, realized in order to detect and remove software faults during software development so that they will not be present in the final product. This paper shows how fault tolerance and testing can be used to validate component-based systems. Fault tolerance requirements guide the construction of a fault-tolerant architecture, which is successively validated with respect to requirements and submitted to testing. The theory is applied over a mining control system running example.
2005, Contributo in atti di convegno, ENG
Gnesi S.; Lenzini G.; Martinelli F.
This paper presents a framework for a logical characterization of fault tolerance and its formal analysis based on partial model checking techniques. The framework requires a fault tolerant system to be modeled using a formal calculus, here the CCS process algebra. To this aim we propose a uniform modeling scheme in which to specify a formal model of the system, its failing behaviour and possibly its fault-recovering procedures. Once a formal model is provided into our scheme, fault tolerance - with respect to a given property - can be formalized as an equational µ-calculus formula. This formula expresses, in a logic formalism, all the fault scenarios satisfying that fault tolerance property. Such a characterization understands the analysis of fault tolerance as a form of analysis of open systems and, thank to partial model checking strategies, it can be made independent from any particular fault assumption. Moreover this logical characterization makes possible the fault-tolerance verification problem be expressed as a general µ-calculus validation problem, for solving which many theorem proof techniques and tools are available. We present several analysis methods showing the flexibility of our approach.
2004, Contributo in atti di convegno, ENG
Gnesi S.; Lenzini G.; Martinelli F.
This paper presents a framework where dependable systems can be uniformly modeled and dependable properties analyzed within the Generalized Non Deducibility on Compositions (GNDC), a scheme that has been profitably used in definition and analysis of security properties. Precisely, our framework requires a systems to be modelled using a formal calculus, here the CCS process algebra, where both the failing behaviour of the system and the related fault-recovering procedures are also explicitly described. An environment able to inject any fault in the system is then defined as a separated component. The parallel composition between the system and the environment represents our scenario of analysis, where some fault tolerance property (e.g., fail stop, safe and silent) are studied as instances of GNDC properties.
2003, Contributo in atti di convegno, ENG
Bondavalli A.; Chiaradonna S.; Cotroneo D.; Romano L.
In this paper, we present a complete architecture for improving the dependability of complex COTS and legacy-based systems. For long-lived applications, such as most of those being constructed nowadays via integration of legacy subsystems, fault treatment is a very important part of the fault tolerance strategy. The paper advocates the need for careful diagnosis and damage assessment, and for precise and effective recovery actions, specifically tailored to the a®ecting fault and/or to the extent of the damage in the affected component. In our proposal, threshold-based mechanisms are exploited to trigger alternative actions. The design and implementation of the resulting solution is illustrated with respect to a case study. This consists of a distributed architectural framework, handling replicated legacy-based subsystems. Replication and voting are used for error detection and masking. An experimental prototype deployed over a COTS-based LAN is described and has allowed a dependability analysis, via combined use of direct measurements and analytical modeling.
1998, Contributo in atti di convegno, ENG
Grandoni F.; Chiaradonna S.; Bondavalli A.
Effective discrimination between transient and permanent faults is a very important practical problem in (dependable) system design. A count-andthreshold mechanism named a-count, designed to discriminate between transient faults and intermittent faults in computing systems, is presented in an enhanced embodiment. It retains enough simplicity to allow exhaustive analysability through simple models. It is shown that the introduction of two operating thresholds, instead of the single one present in the basic scheme already known, both improves the performance figures of the mechanism and eases the designer's task of tuning the internal parameters
1998, Nota tecnica, ENG
Bondavalli A.; Chiaradonna S.; Di Giandomenico F.; Grandoni F.
An abstract is not available.
1995, Contributo in atti di convegno, ENG
Bizzarri M.; Bizzarri P.; Bondavalli A.; Di Giandomenico F.; Tarini F.
The design of safety-critical applications must include redundancies aimed at Fault Tolerance purposes. An adaptable use of such redundancies can optimise resource utilisation; in case of faults, it can preserve fundamental services and allow a graceful degradation of the system. A programming notation, name FERT, has been recently introduced for the design of adaptable applications. With this notation, the designer of a safety-critical Real-Time application can specify alternative fault tolerance policies for each component of the applicatio and obtain an adaptable run-time behaviour. This paper is meant as a contribution to this notation and to its possible implementation. Namely, it deals with the specification of a communication semantics (including failure semantics) and with execution support problems such as the definition of' value of a computation and adaptive planning at run-time. Some related issues are also addressed as future work.