Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028944
Cláudia Betous-Almeida, K. Kanoun
This paper presents a stepwise approach for dependability modeling, based on Generalized Stochastic Petri Nets (GSPNs). The first-step model called functional-level model, can be built as early as system functional specifications and then completed by the structural model as soon as the system architecture is known, even at a very high level. The latter can be refitted according to three different aspects: component decomposition, state and event fine-tuning and distribution adjustment to take into account increasing event rates. We define specific rules to make the successive transformations as easy and systematic as possible. This approach allows the various dependencies to be taken into account at the right level of abstraction: functional dependency, structural dependency and those induced by non-exponential distributions. A part of the approach is applied to an instrumentation and control system (I&C) in power plants.
{"title":"Stepwise construction and refinement of dependability models","authors":"Cláudia Betous-Almeida, K. Kanoun","doi":"10.1109/DSN.2002.1028944","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028944","url":null,"abstract":"This paper presents a stepwise approach for dependability modeling, based on Generalized Stochastic Petri Nets (GSPNs). The first-step model called functional-level model, can be built as early as system functional specifications and then completed by the structural model as soon as the system architecture is known, even at a very high level. The latter can be refitted according to three different aspects: component decomposition, state and event fine-tuning and distribution adjustment to take into account increasing event rates. We define specific rules to make the successive transformations as easy and systematic as possible. This approach allows the various dependencies to be taken into account at the right level of abstraction: functional dependency, structural dependency and those induced by non-exponential distributions. A part of the approach is applied to an instrumentation and control system (I&C) in power plants.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"1 1","pages":"515-524"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89586054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028899
Zhen Xiao, K. Birman, R. V. Renesse
Reliable multicast delivery requires that a multicast message be received by all members in a group. Hence certain or all members need to buffer messages for possible retransmissions. Designing an efficient buffer management algorithm is challenging in large multicast groups where no member has complete group membership information and the delivery latency to different members could differ by orders of magnitude. We propose an innovative two-phase buffering algorithm, which explicitly addresses variations in delivery latency seen in large multicast groups. The algorithm effectively reduces buffer requirements by adaptively allocating buffer space to messages most needed in the system and by spreading the load of buffering among all members in the group. Simulation and experimental results demonstrate that the algorithm has good performance.
{"title":"Optimizing buffer management for reliable multicast","authors":"Zhen Xiao, K. Birman, R. V. Renesse","doi":"10.1109/DSN.2002.1028899","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028899","url":null,"abstract":"Reliable multicast delivery requires that a multicast message be received by all members in a group. Hence certain or all members need to buffer messages for possible retransmissions. Designing an efficient buffer management algorithm is challenging in large multicast groups where no member has complete group membership information and the delivery latency to different members could differ by orders of magnitude. We propose an innovative two-phase buffering algorithm, which explicitly addresses variations in delivery latency seen in large multicast groups. The algorithm effectively reduces buffer requirements by adaptively allocating buffer space to messages most needed in the system and by spreading the load of buffering among all members in the group. Simulation and experimental results demonstrate that the algorithm has good performance.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"6 1","pages":"187-196"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89712026","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028901
C. Constantinescu
Advances in semiconductor technology have led to impressive performance gains of VLSI circuits, in general, and microprocessors, in particular. However, smaller transistor and interconnect dimensions, lower power voltages, and higher operating frequencies have contributed to increased rates of occurrence of transient and intermittent faults. We address the impact of deep submicron technology on permanent, transient and intermittent classes of faults, and discuss the main trends in circuit dependability. Two case studies exemplify this analysis. The first one deals with intermittent faults induced by manufacturing residuals. The second case study shows that transients generated by timing violations are capable of silently corrupting data. It is concluded that the semiconductor industry is approaching a new stage in the design and manufacturing of VLSI circuits. Fault-tolerance features, specific to custom designed computers, have to be integrated into commercial-off-the-shelf (COTS) VLSI systems in the future, in order to preserve data integrity and limit the impact of transient and intermittent faults.
{"title":"Impact of deep submicron technology on dependability of VLSI circuits","authors":"C. Constantinescu","doi":"10.1109/DSN.2002.1028901","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028901","url":null,"abstract":"Advances in semiconductor technology have led to impressive performance gains of VLSI circuits, in general, and microprocessors, in particular. However, smaller transistor and interconnect dimensions, lower power voltages, and higher operating frequencies have contributed to increased rates of occurrence of transient and intermittent faults. We address the impact of deep submicron technology on permanent, transient and intermittent classes of faults, and discuss the main trends in circuit dependability. Two case studies exemplify this analysis. The first one deals with intermittent faults induced by manufacturing residuals. The second case study shows that transients generated by timing violations are capable of silently corrupting data. It is concluded that the semiconductor industry is approaching a new stage in the design and manufacturing of VLSI circuits. Fault-tolerance features, specific to custom designed computers, have to be integrated into commercial-off-the-shelf (COTS) VLSI systems in the future, in order to preserve data integrity and limit the impact of transient and intermittent faults.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"128 1","pages":"205-209"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76398610","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028903
R. Maxion, T. Townsend
A masquerade attack, in which one user impersonates another, can be the most serious form of computer abuse. Automatic discovery of masqueraders is sometimes undertaken by detecting significant departures from normal user behavior, as represented by a user profile formed from system audit data. While the success of this approach has been limited, the reasons for its unsatisfying performance are not obvious, possibly because most reports do not elucidate the origins of errors made by the detection mechanisms. This paper takes as its point of departure a recent series of experiments framed by Schonlau et al. (2001). In extending that work with a new classification algorithm, a 56% improvement in masquerade detection was achieved at a corresponding false-alarm rate of 1.3%. A detailed error analysis, based on an alternative data configuration, reveals why some users are good masqueraders and others are not.
伪装攻击,即一个用户冒充另一个用户,可能是最严重的计算机滥用形式。有时通过检测与正常用户行为的重大偏离来自动发现伪装者,如由系统审计数据形成的用户配置文件所表示的那样。虽然这种方法的成功是有限的,但其不令人满意的性能的原因并不明显,可能是因为大多数报告没有阐明检测机制所犯错误的根源。本文以Schonlau et al.(2001)最近的一系列实验为出发点。在用一种新的分类算法扩展这项工作时,假面检测的效率提高了56%,相应的误报率为1.3%。基于另一种数据配置的详细错误分析揭示了为什么有些用户是好的伪装者,而有些则不是。
{"title":"Masquerade detection using truncated command lines","authors":"R. Maxion, T. Townsend","doi":"10.1109/DSN.2002.1028903","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028903","url":null,"abstract":"A masquerade attack, in which one user impersonates another, can be the most serious form of computer abuse. Automatic discovery of masqueraders is sometimes undertaken by detecting significant departures from normal user behavior, as represented by a user profile formed from system audit data. While the success of this approach has been limited, the reasons for its unsatisfying performance are not obvious, possibly because most reports do not elucidate the origins of errors made by the detection mechanisms. This paper takes as its point of departure a recent series of experiments framed by Schonlau et al. (2001). In extending that work with a new classification algorithm, a 56% improvement in masquerade detection was achieved at a corresponding false-alarm rate of 1.3%. A detailed error analysis, based on an alternative data configuration, reveals why some users are good masqueraders and others are not.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"16 1","pages":"219-228"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75130793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1029021
Kiyoaki Yoshida, T. Kohda, Y. Sujaku
Constructing a system capable of functioning without any human support over an extended period is the aim of many engineers. However it is generally considered to be difficult to make decentralized self-organizing autonomous system fault-tolerant. In this paper, we propose to apply the theory of highly structured self-diagnosable systems to this problem. As an example, we apply the theory and recursive procedures method of fault-tolerant system construction to a decentralized self-organizing autonomous robotic system that forms a circle. The result of simulation shows the usefulness of the proposed method. The highly structured self-diagnosable system has an O(|E|)fault-identification algorithm that can diagnose each of the units in the system independently, locally and in any order, where E and |E| mean the set of the directed edges and its cardinality, respectively.
{"title":"Self-organizing systems with self-diagnosability","authors":"Kiyoaki Yoshida, T. Kohda, Y. Sujaku","doi":"10.1109/DSN.2002.1029021","DOIUrl":"https://doi.org/10.1109/DSN.2002.1029021","url":null,"abstract":"Constructing a system capable of functioning without any human support over an extended period is the aim of many engineers. However it is generally considered to be difficult to make decentralized self-organizing autonomous system fault-tolerant. In this paper, we propose to apply the theory of highly structured self-diagnosable systems to this problem. As an example, we apply the theory and recursive procedures method of fault-tolerant system construction to a decentralized self-organizing autonomous robotic system that forms a circle. The result of simulation shows the usefulness of the proposed method. The highly structured self-diagnosable system has an O(|E|)fault-identification algorithm that can diagnose each of the units in the system independently, locally and in any order, where E and |E| mean the set of the directed edges and its cardinality, respectively.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"56 1","pages":"755-762"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73080065","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028922
Jean-Philippe Martin, L. Alvisi, M. Dahlin
In this paper we present two protocols for asynchronous Byzantine quorum systems (BQS) built on top of reliable channels-one for self-verifying data and the other for any data. Our protocols tolerate f Byzantine failures with f fewer servers than existing solutions by eliminating nonessential work in the write protocol and by using read and write quorums of different sizes. Since engineering a reliable network layer on an unreliable network is difficult, two other possibilities must be explored. The first is to strengthen the model by allowing synchronous networks that use time-outs to identify failed links or machines. We consider running synchronous and asynchronous Byzantine quorum protocols over synchronous networks and conclude that, surprisingly, "self-timing" asynchronous Byzantine protocols may offer significant advantages for many synchronous networks when network time-outs are long. We show how to extend an existing Byzantine quorum protocol to eliminate its dependency on reliable networking and to handle message loss and retransmission explicitly.
{"title":"Small byzantine quorum systems","authors":"Jean-Philippe Martin, L. Alvisi, M. Dahlin","doi":"10.1109/DSN.2002.1028922","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028922","url":null,"abstract":"In this paper we present two protocols for asynchronous Byzantine quorum systems (BQS) built on top of reliable channels-one for self-verifying data and the other for any data. Our protocols tolerate f Byzantine failures with f fewer servers than existing solutions by eliminating nonessential work in the write protocol and by using read and write quorums of different sizes. Since engineering a reliable network layer on an unreliable network is difficult, two other possibilities must be explored. The first is to strengthen the model by allowing synchronous networks that use time-outs to identify failed links or machines. We consider running synchronous and asynchronous Byzantine quorum protocols over synchronous networks and conclude that, surprisingly, \"self-timing\" asynchronous Byzantine protocols may offer significant advantages for many synchronous networks when network time-outs are long. We show how to extend an existing Byzantine quorum protocol to eliminate its dependency on reliable networking and to handle message loss and retransmission explicitly.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":" 18","pages":"374-383"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1109/DSN.2002.1028922","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72382574","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028904
H. Ramasamy, P. Pandey, J. Lyons, M. Cukier, W. Sanders
Group communication systems that provide consistent group membership and reliable, ordered multicast properties in the presence of faults resulting from malicious intrusions have not been analyzed extensively to quantify the cost of tolerating these intrusions. This paper attempts to quantify this cost by presenting results from an experimental evaluation of three new intrusion-tolerant microprotocols that have been added to an existing crash-fault-tolerant group communication system. The results are analyzed to identify the parts that contribute the most overhead during provision of intrusion tolerance at the group communication system level.
{"title":"Quantifying the cost of providing intrusion tolerance in group communication systems","authors":"H. Ramasamy, P. Pandey, J. Lyons, M. Cukier, W. Sanders","doi":"10.1109/DSN.2002.1028904","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028904","url":null,"abstract":"Group communication systems that provide consistent group membership and reliable, ordered multicast properties in the presence of faults resulting from malicious intrusions have not been analyzed extensively to quantify the cost of tolerating these intrusions. This paper attempts to quantify this cost by presenting results from an experimental evaluation of three new intrusion-tolerant microprotocols that have been added to an existing crash-fault-tolerant group communication system. The results are analyzed to identify the parts that contribute the most overhead during provision of intrusion tolerance at the group communication system level.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"197 1","pages":"229-238"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79932977","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028892
R. Bloomfield, S. Guerra
Reports work to support dependability arguments about the future reliability of a product before there is direct empirical evidence. We develop a method for estimating the number of residual faults at the time of release from a "barrier model" of the development process, where in each phase faults are created or detected. These estimates can be used in a conservative theory in which a reliability bound can be obtained or can be used to support arguments of fault freeness. We present the work done to demonstrate that the model can be applied in practice. A company that develops safety-critical systems provided access to two projects as well as data over a wide range of past projects. The software development process as enacted was determined and we developed a number of probabilistic process models calibrated with generic data from the literature and from the company projects. The predictive power of the various models was compared.
{"title":"Process modelling to support dependability arguments","authors":"R. Bloomfield, S. Guerra","doi":"10.1109/DSN.2002.1028892","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028892","url":null,"abstract":"Reports work to support dependability arguments about the future reliability of a product before there is direct empirical evidence. We develop a method for estimating the number of residual faults at the time of release from a \"barrier model\" of the development process, where in each phase faults are created or detected. These estimates can be used in a conservative theory in which a reliability bound can be obtained or can be used to support arguments of fault freeness. We present the work done to demonstrate that the model can be applied in practice. A company that develops safety-critical systems provided access to two projects as well as data over a wide range of past projects. The software development process as enacted was determined and we developed a number of probabilistic process models calibrated with generic data from the literature and from the company projects. The predictive power of the various models was compared.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"66 1","pages":"113-122"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90291499","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1028900
Gary Schwartz
The Reduced Ship's Crew by Virtual Presence Advanced Technology Demonstration was a 3-year program (1999-2001) to show the feasibility of employing wireless sensors on naval ships. Environmental, structural, personnel, and machinery sensors were demonstrated. This paper describes the RSVP architecture, highlighting the aspects of the architecture that contribute to the system's reliability and survivability. It also describes the demonstrations that were performed and their results.
{"title":"Reliability and survivability in the Reduced Ship's Crew by Virtual Presence system","authors":"Gary Schwartz","doi":"10.1109/DSN.2002.1028900","DOIUrl":"https://doi.org/10.1109/DSN.2002.1028900","url":null,"abstract":"The Reduced Ship's Crew by Virtual Presence Advanced Technology Demonstration was a 3-year program (1999-2001) to show the feasibility of employing wireless sensors on naval ships. Environmental, structural, personnel, and machinery sensors were demonstrated. This paper describes the RSVP architecture, highlighting the aspects of the architecture that contribute to the system's reliability and survivability. It also describes the demonstrations that were performed and their results.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"5 1","pages":"199-204"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79522911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2002-06-23DOI: 10.1109/DSN.2002.1029011
P. Kemper
Multiprocessor architectures with few but powerful processors are gaining more and more popularity. We describe a parallel iterative algorithm to perform randomization for a continuous time Markov chain with a Kronecker representation on a shared memory architecture. The Kronecker representation is modified for a parallel matrix-vector multiplication with a fast multiplication scheme and no write conflicts on iteration vectors. The proposed technique is applied on a model of a workstation cluster for dependability analysis, corresponding computations are performed on two multiprocessor architectures, a Sun enterprise and a SGI Origin 2000 to measure its performance.
{"title":"Parallel randomization for large structured Markov chains","authors":"P. Kemper","doi":"10.1109/DSN.2002.1029011","DOIUrl":"https://doi.org/10.1109/DSN.2002.1029011","url":null,"abstract":"Multiprocessor architectures with few but powerful processors are gaining more and more popularity. We describe a parallel iterative algorithm to perform randomization for a continuous time Markov chain with a Kronecker representation on a shared memory architecture. The Kronecker representation is modified for a parallel matrix-vector multiplication with a fast multiplication scheme and no write conflicts on iteration vectors. The proposed technique is applied on a model of a workstation cluster for dependability analysis, corresponding computations are performed on two multiprocessor architectures, a Sun enterprise and a SGI Origin 2000 to measure its performance.","PeriodicalId":93807,"journal":{"name":"Proceedings. International Conference on Dependable Systems and Networks","volume":"17 1","pages":"657-666"},"PeriodicalIF":0.0,"publicationDate":"2002-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79223694","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: