Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618599
F. Bastani, B. Cukic
The statistical sampling method is a theoretically sound approach for measuring the reliability of safety critical software, such as control systems for nuclear power plants, aircrafts, space vehicles, etc. It has, however some practical drawbacks, two of which are the large number of test cases needed to attain a reasonable confidence in the reliability estimate and the sensitivity of the reliability estimate to variations in the operational profile. One way of dealing with both of these issues is to combine statistical sampling with formal methods and attempt to verify complete program paths. This combination becomes especially effective if high usage paths are verified. However the verification of complete paths is difficult to perform in practice and viable only when there is a high confidence in the correctness of the specification. We identify program transformations and partial proofs which have a measurable impact on the reliability assessment procedure. These methods reduce the effective size of the input space which can facilitate sampling without replacement, thereby increasing the confidence in the reliability estimate. Furthermore, these techniques increase the probability that the program under test is free of errors if testing reveals no failures.
{"title":"Impact of program transformation on software reliability assessment","authors":"F. Bastani, B. Cukic","doi":"10.1109/HASE.1996.618599","DOIUrl":"https://doi.org/10.1109/HASE.1996.618599","url":null,"abstract":"The statistical sampling method is a theoretically sound approach for measuring the reliability of safety critical software, such as control systems for nuclear power plants, aircrafts, space vehicles, etc. It has, however some practical drawbacks, two of which are the large number of test cases needed to attain a reasonable confidence in the reliability estimate and the sensitivity of the reliability estimate to variations in the operational profile. One way of dealing with both of these issues is to combine statistical sampling with formal methods and attempt to verify complete program paths. This combination becomes especially effective if high usage paths are verified. However the verification of complete paths is difficult to perform in practice and viable only when there is a high confidence in the correctness of the specification. We identify program transformations and partial proofs which have a measurable impact on the reliability assessment procedure. These methods reduce the effective size of the input space which can facilitate sampling without replacement, thereby increasing the confidence in the reliability estimate. Furthermore, these techniques increase the probability that the program under test is free of errors if testing reveals no failures.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133020642","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618597
T. Keefe, W. Tsai
Transactions are vital for multilevel secure database management systems (MLS/DBMSs) because they provide transparency to concurrency and failure. Concurrent execution of transactions may lead to contention among subjects for access to data. In MLS/DBMSs this can lead to covert channels. Multiversion schedulers reduce the contention for access to data by maintaining multiple versions. We propose a secure multiversion scheduling protocol and demonstrate its correctness, i.e., demonstrate that it produces only serializable schedules. We develop an abstract model of a scheduler that implements the protocol and show that it is secure, i.e., satisfies the MLS noninterference assertions. Thus, an implementation which adheres to the assumptions of the abstract model will be both secure and correct. In addition, we consider a method for generating timestamps.
{"title":"A multiversion transaction scheduler for centralized multilevel secure database systems","authors":"T. Keefe, W. Tsai","doi":"10.1109/HASE.1996.618597","DOIUrl":"https://doi.org/10.1109/HASE.1996.618597","url":null,"abstract":"Transactions are vital for multilevel secure database management systems (MLS/DBMSs) because they provide transparency to concurrency and failure. Concurrent execution of transactions may lead to contention among subjects for access to data. In MLS/DBMSs this can lead to covert channels. Multiversion schedulers reduce the contention for access to data by maintaining multiple versions. We propose a secure multiversion scheduling protocol and demonstrate its correctness, i.e., demonstrate that it produces only serializable schedules. We develop an abstract model of a scheduler that implements the protocol and show that it is secure, i.e., satisfies the MLS noninterference assertions. Thus, an implementation which adheres to the assumptions of the abstract model will be both secure and correct. In addition, we consider a method for generating timestamps.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133641034","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618592
Sanghyun Ahn
Applications requiring the multicast capability are emerging rapidly and becoming widely available. This multicast capability is required to be supported in ATM networks. One of the key characteristics of the ATM is the use of locally unique connection, identifiers like virtual path identifiers/virtual channel identifiers (VPIs/VCIs). A fast multicast connection establishment protocol which takes advantage of the VPI/VCI's locality characteristic is proposed for ATM networks. This proposed protocol adopts the concept of multicast connection segmentation, so that the maximum connection setup time can be bounded to two times the longest among the shortest delays from the connection setup initiator to the rest of the nodes in the connection.
{"title":"Real-time multicast connection establishment over ATM networks","authors":"Sanghyun Ahn","doi":"10.1109/HASE.1996.618592","DOIUrl":"https://doi.org/10.1109/HASE.1996.618592","url":null,"abstract":"Applications requiring the multicast capability are emerging rapidly and becoming widely available. This multicast capability is required to be supported in ATM networks. One of the key characteristics of the ATM is the use of locally unique connection, identifiers like virtual path identifiers/virtual channel identifiers (VPIs/VCIs). A fast multicast connection establishment protocol which takes advantage of the VPI/VCI's locality characteristic is proposed for ATM networks. This proposed protocol adopts the concept of multicast connection segmentation, so that the maximum connection setup time can be bounded to two times the longest among the shortest delays from the connection setup initiator to the rest of the nodes in the connection.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121622905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618582
J.P. Tsai, Bing Li, Eric Y. T. Juan
We present a hybrid model to speed up the evaluation of a logic based intelligent system. A logic based system is first applied by a data dependency analysis technique which can find all the mode combinations that exist within clauses of a knowledge base. The mode information is used to support a novel hybrid parallel evaluation model, which combines both top down and bottom up evaluation strategies. This model can preserve maximum parallelism while guaranteeing to generate all the solutions of a logic based knowledge base without backtracking. The overall parallel execution behavior of the logic based system can thus be improved by reducing the total number of nodes searched in the tree, the total processes needed to be generated and the total communication channels needed in the search process. A simulator has been implemented to analyze the execution behavior of the new model. Experiments show significant improvement under most situations.
{"title":"A hybrid parallel evaluation model for logic-based intelligent systems","authors":"J.P. Tsai, Bing Li, Eric Y. T. Juan","doi":"10.1109/HASE.1996.618582","DOIUrl":"https://doi.org/10.1109/HASE.1996.618582","url":null,"abstract":"We present a hybrid model to speed up the evaluation of a logic based intelligent system. A logic based system is first applied by a data dependency analysis technique which can find all the mode combinations that exist within clauses of a knowledge base. The mode information is used to support a novel hybrid parallel evaluation model, which combines both top down and bottom up evaluation strategies. This model can preserve maximum parallelism while guaranteeing to generate all the solutions of a logic based knowledge base without backtracking. The overall parallel execution behavior of the logic based system can thus be improved by reducing the total number of nodes searched in the tree, the total processes needed to be generated and the total communication channels needed in the search process. A simulator has been implemented to analyze the execution behavior of the new model. Experiments show significant improvement under most situations.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129136212","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618575
N. Neves, W. Fuchs
Mobile computing allows ubiquitous and continuous access to computing resources while the users travel or work at a client's site. The flexibility introduced by mobile computing brings new challenges to the area of fault tolerance. Failures that were rare with fixed hosts become common, and host disconnection makes fault detection and message coordination difficult. This paper describes a new checkpoint protocol that is well adapted to mobile environments. The protocol uses time to indirectly coordinate the creation of new global states, avoiding all message exchanges. The protocol uses two different types of checkpoints to adapt to the current network characteristics, and to trade off performance with recovery time.
{"title":"Adaptive recovery for mobile environments","authors":"N. Neves, W. Fuchs","doi":"10.1109/HASE.1996.618575","DOIUrl":"https://doi.org/10.1109/HASE.1996.618575","url":null,"abstract":"Mobile computing allows ubiquitous and continuous access to computing resources while the users travel or work at a client's site. The flexibility introduced by mobile computing brings new challenges to the area of fault tolerance. Failures that were rare with fixed hosts become common, and host disconnection makes fault detection and message coordination difficult. This paper describes a new checkpoint protocol that is well adapted to mobile environments. The protocol uses time to indirectly coordinate the creation of new global states, avoiding all message exchanges. The protocol uses two different types of checkpoints to adapt to the current network characteristics, and to trade off performance with recovery time.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128464566","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618608
Jyhjong Lin, D. Kung, P. Hsia
Top down development has been well known to manage the complexity of characterizing large systems. The paper presents a top down object oriented approach to formal specification of real time software which is often large and complex for modern real time applications. The method creates an abstract object interaction model to describe objects in the application domain and their structure and behavior. An object specification model is then derived from the object interaction model to formally specify the objects. The method is applied to a simple illustrative example, the specification of a real time house heating system.
{"title":"Top-down development of real-time software specification","authors":"Jyhjong Lin, D. Kung, P. Hsia","doi":"10.1109/HASE.1996.618608","DOIUrl":"https://doi.org/10.1109/HASE.1996.618608","url":null,"abstract":"Top down development has been well known to manage the complexity of characterizing large systems. The paper presents a top down object oriented approach to formal specification of real time software which is often large and complex for modern real time applications. The method creates an abstract object interaction model to describe objects in the application domain and their structure and behavior. An object specification model is then derived from the object interaction model to formally specify the objects. The method is applied to a simple illustrative example, the specification of a real time house heating system.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124839630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618583
P. Cornwell, A. Wellings
The paper presents a strategy for the composition of components to meet 'end to end' timing requirements. This is a framework based approach known as transaction integration. A framework is constructed through the use of transactions. A transaction represents a control and data flow path across a set of component interfaces, or placeholders, that must be completed by a specific deadline. Reusable real time components are 'plugged' into each placeholder. The paper provides techniques to verify that the performance characteristics of each placeholder, and the 'end to end' deadlines associated with each transaction are met.
{"title":"Transaction integration for reusable hard real-time components","authors":"P. Cornwell, A. Wellings","doi":"10.1109/HASE.1996.618583","DOIUrl":"https://doi.org/10.1109/HASE.1996.618583","url":null,"abstract":"The paper presents a strategy for the composition of components to meet 'end to end' timing requirements. This is a framework based approach known as transaction integration. A framework is constructed through the use of transactions. A transaction represents a control and data flow path across a set of component interfaces, or placeholders, that must be completed by a specific deadline. Reusable real time components are 'plugged' into each placeholder. The paper provides techniques to verify that the performance characteristics of each placeholder, and the 'end to end' deadlines associated with each transaction are met.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121593639","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618557
T. S. Perraju, S. Rana, S. Sarkar
Dependability is a central concern in the design of mission critical systems. A major design constraint is that the system cannot be brought down for repair during mission times. A number of alternate designs are possible for a given specification. Alternate designs necessitate evaluation. This requires capturing the system specifications and designs in the same formalism. We propose an extended I/O automata to specify fault tolerant requirements of dependable mission critical systems. The properties of the behaviors of the extended automaton can capture temporal properties like deadlines. This framework is then used to specify the fire control system of a combat vehicle and demonstrate the usefulness of the proposed framework for capturing fault tolerance aspects in mission critical systems.
{"title":"Specifying fault tolerance in mission critical systems","authors":"T. S. Perraju, S. Rana, S. Sarkar","doi":"10.1109/HASE.1996.618557","DOIUrl":"https://doi.org/10.1109/HASE.1996.618557","url":null,"abstract":"Dependability is a central concern in the design of mission critical systems. A major design constraint is that the system cannot be brought down for repair during mission times. A number of alternate designs are possible for a given specification. Alternate designs necessitate evaluation. This requires capturing the system specifications and designs in the same formalism. We propose an extended I/O automata to specify fault tolerant requirements of dependable mission critical systems. The properties of the behaviors of the extended automaton can capture temporal properties like deadlines. This framework is then used to specify the fire control system of a combat vehicle and demonstrate the usefulness of the proposed framework for capturing fault tolerance aspects in mission critical systems.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122378416","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618558
R. V. Vishnuvajjala, W. Tsai, R. Mojdehbakhsh, L. Elliott
Modeling object interactions is an important aspect of object-oriented (OO) system design and development. We propose a specification technique, Guarded Method Sequence Specification (GMtSS), for modeling such interactions in real-time OO systems. GMtSS extends another specification technique, MtSS, by adding guard constructs that can be used to specify timing constraints in conjunction with sequencing relationships that can be expressed using MtSS. The paper also discusses interpretation mechanisms for GMtSS and examples showing how GMtSS can be used for modeling system properties involving sequencing as well as timing constraints. GMtSS specialization, a technique that can be used for reuse and extensibility of OO real-time systems is also discussed.
{"title":"Specifying timing constraints in real-time object-oriented systems","authors":"R. V. Vishnuvajjala, W. Tsai, R. Mojdehbakhsh, L. Elliott","doi":"10.1109/HASE.1996.618558","DOIUrl":"https://doi.org/10.1109/HASE.1996.618558","url":null,"abstract":"Modeling object interactions is an important aspect of object-oriented (OO) system design and development. We propose a specification technique, Guarded Method Sequence Specification (GMtSS), for modeling such interactions in real-time OO systems. GMtSS extends another specification technique, MtSS, by adding guard constructs that can be used to specify timing constraints in conjunction with sequencing relationships that can be expressed using MtSS. The paper also discusses interpretation mechanisms for GMtSS and examples showing how GMtSS can be used for modeling system properties involving sequencing as well as timing constraints. GMtSS specialization, a technique that can be used for reuse and extensibility of OO real-time systems is also discussed.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128391738","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1996-10-22DOI: 10.1109/HASE.1996.618603
Richard Yu
The paper describes a proposed research in defining a new reliability prediction methodology that may be used to evaluate the reliability of computer and electronic systems. The proposed methodology will attempt to minimize the deficiencies of the traditional reliability prediction methods. The deficiencies include: the use of generic failure rates for reliability prediction; and the lack of realism of the reliability prediction in various operational environments. The proposed methodology will employ the use of Analytical Hierarchy Process, a decision tool, to incorporate the qualitative and quantitative data that are most prevalent to the reliability performance of the system under study. This methodology will analyze the reliability of the system under study by comparing its performance characteristics against its predecessor system (or a similar system) with known reliability performance. The resultant analysis will yield a reliability ratio between the two systems and the ratio may be used to describe the system's reliability under various operational environments. The key traits of the proposed methodology are its ability to incorporate all relevant failure modes that are prevalent to reliability performance and the use of realistic data that will provide realism of the predicted reliability.
{"title":"Reliability prediction method for electronic systems: a comparative reliability assessment method","authors":"Richard Yu","doi":"10.1109/HASE.1996.618603","DOIUrl":"https://doi.org/10.1109/HASE.1996.618603","url":null,"abstract":"The paper describes a proposed research in defining a new reliability prediction methodology that may be used to evaluate the reliability of computer and electronic systems. The proposed methodology will attempt to minimize the deficiencies of the traditional reliability prediction methods. The deficiencies include: the use of generic failure rates for reliability prediction; and the lack of realism of the reliability prediction in various operational environments. The proposed methodology will employ the use of Analytical Hierarchy Process, a decision tool, to incorporate the qualitative and quantitative data that are most prevalent to the reliability performance of the system under study. This methodology will analyze the reliability of the system under study by comparing its performance characteristics against its predecessor system (or a similar system) with known reliability performance. The resultant analysis will yield a reliability ratio between the two systems and the ratio may be used to describe the system's reliability under various operational environments. The key traits of the proposed methodology are its ability to incorporate all relevant failure modes that are prevalent to reliability performance and the use of realistic data that will provide realism of the predicted reliability.","PeriodicalId":129829,"journal":{"name":"Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1996-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128990582","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: