An experimental evaluation of software redundancy as a strategy for improving reliability

The strategy of using multiple versions of independently developed software as a means to tolerate residual software design faults is suggested by the success of hardware redundancy for tolerating hardware failures. Although, as generally accepted, the independence of hardware failures resulting from physical wearout can lead to substantial increases in reliability for redundant hardware structures, a similar conclusion is not immediate for software. The degree to which design faults are manifested as independent failures determines the effectiveness of redundancy as a method for improving software reliability. Interest in multi-version software centers on whether it provides an adequate measure of increased reliability to warrant its use in critical applications. The effectiveness of multi-version software is studied by comparing estimates of the failure probabilities of these systems with the failure probabilities of single versions. The estimates are obtained under a model of dependent failures and compared with estimates obtained when failures are assumed to be independent. The experimental results are based on twenty versions of an aerospace application developed and certified by sixty programmers from four universities. Descriptions of the application, development and certification processes, and operational evaluation are given together with an analysis of the twenty versions

Evaluation of safety-oriented two-version architectures

A Markov model taking into account physical and design faults for a two-version architecture oriented to safety-related applications is developed. Only a probabilistic knowledge of the initial state of the versions in relation to the presence of design faults is assumed. The model can be split into two submodels accounting separately for physical and design faults, and a closed form expression for the unsafety of the system is obtained. The parameter estimation problem is discussed and a method to predict the probability distribution of the number of related design faults at the beginning of the operational life of the system is proposed. The method uses a pool model to process fault-occurrence data collected during a “face-to-face” debugging of the two versions. It has by nature a limited capability for proving version diversity, but it is shown that the limit is of the order of the diversity reported by recent experiments on real software. Finally, the impact of version correction during operation is shown to be negligible for critical applications.Postprint (author’s final draft

Availability Modeling of Modular Software

The attached file may be somewhat different from the published versionInternational audienceDependability evaluation is a basic component in the assessment of the quality of repairable systems. We develop here a general model specifically designed for software systems that allows the evaluation of different dependability metrics, in particular, of availability measures. The model is of the structural type, based on Markov process theory. In particular, it can be viewed as a attempt to overcome some limitations of the well-known Littlewood's reliability model for modular software. We give both the mathematical results necessary to the transient analysis of this general model and the algorithms that allow to evaluate it efficiently. More specifically, from the parameters describing : the evolution of the execution process when there is no failure, the failure processes together with the way they affect the execution, and the recovery process, we obtain the distribution function of the number of failures on a fixed mission period. In fact, we obtain dependability metrics which are much more informative than the usual ones given in a white-box approach. We briefly discuss the estimation procedures of the parameters of the model. From simple examples, we illustrate the interest in such a structural view and we explain how to take into account reliability growth of part of the software with the transformation approach developed by Laprie and al. Finally, the complete transient analysis of our model allows to discuss in our context the Poissonian approximation reported by Littlewood for its model

Multiversion software reliability through fault-avoidance and fault-tolerance

In this project we have proposed to investigate a number of experimental and theoretical issues associated with the practical use of multi-version software in providing dependable software through fault-avoidance and fault-elimination, as well as run-time tolerance of software faults. In the period reported here we have working on the following: We have continued collection of data on the relationships between software faults and reliability, and the coverage provided by the testing process as measured by different metrics (including data flow metrics). We continued work on software reliability estimation methods based on non-random sampling, and the relationship between software reliability and code coverage provided through testing. We have continued studying back-to-back testing as an efficient mechanism for removal of uncorrelated faults, and common-cause faults of variable span. We have also been studying back-to-back testing as a tool for improvement of the software change process, including regression testing. We continued investigating existing, and worked on formulation of new fault-tolerance models. In particular, we have partly finished evaluation of Consensus Voting in the presence of correlated failures, and are in the process of finishing evaluation of Consensus Recovery Block (CRB) under failure correlation. We find both approaches far superior to commonly employed fixed agreement number voting (usually majority voting). We have also finished a cost analysis of the CRB approach

Optimal test case selection for multi-component software system

The omnipresence of software has forced upon the industry to produce efficient software in a short time. These requirements can be met by code reusability and software testing. Code reusability is achieved by developing software as components/modules rather than a single block. Software coding teams are becoming large to satiate the need of massive requirements. Large teams could work easily if software is developed in a modular fashion. It would be pointless to have software that would crash often. Testing makes the software more reliable. Modularity and reliability is the need of the day. Testing is usually carried out using test cases that target a class of software faults or a specific module. Usage of different test cases has an idiosyncratic effect on the reliability of the software system. Proposed research develops a model to determine the optimal test case policy selection that considers a modular software system with specific test cases in a stipulated testing time. The proposed model, models the failure behavior of each component using a conditional NHPP (Non-homogeneous Poisson process) and the interactions of the components by a CTMC (continuous time Markov chain). The initial number of bugs and the bug detection rate are known distributions. Dynamic programming is used as a tool in determining the optimal test case policy. The complete model is simulated using Matlab. The Markov decision process is computationally intensive but the implementation of the algorithm is meticulously optimized to eliminate repeat calculations. This has saved roughly 25-40% in processing time for different variations of the problem

Integration of software reliability into systems reliability optimization

Reliability optimization originally developed for hardware systems is extended to incorporate software into an integrated system reliability optimization. This hardware-software reliability optimization problem is formulated into a mixed-integer programming problem. The integer variables are the number of redundancies, while the real variables are the components reliabilities;To search a common framework under which hardware systems and software systems can be combined, a review and classification of existing software reliability models is conducted. A software redundancy model with common-cause failure is developed to represent the objective function. This model includes hardware redundancy with independent failure as a special case. A software reliability-cost function is then derived based on a binomial-type software reliability model to represent the constraint function;Two techniques, the combination of heuristic redundancy method with sequential search method, and the Lagrange multiplier method with the branch-and-bound method, are proposed to solve this mixed-integer reliability optimization problem. The relative merits of four major heuristic redundancy methods and two sequential search methods are investigated through a simulation study. The results indicate that the sequential search method is a dominating factor of the combination method. Comparison of the two proposed mixed-integer programming techniques is also studied by solving two numerical problems, a series system with linear constraints and a bridge system with nonlinear constraints. The Lagrange multiplier method with the branch-and-bound method has been shown to be superior to all other existing methods in obtaining the optimal solution;Finally an illustration is performed for integrating software reliability model into systems reliability optimization

Design for dependability: A simulation-based approach

This research addresses issues in simulation-based system level dependability analysis of fault-tolerant computer systems. The issues and difficulties of providing a general simulation-based approach for system level analysis are discussed and a methodology that address and tackle these issues is presented. The proposed methodology is designed to permit the study of a wide variety of architectures under various fault conditions. It permits detailed functional modeling of architectural features such as sparing policies, repair schemes, routing algorithms as well as other fault-tolerant mechanisms, and it allows the execution of actual application software. One key benefit of this approach is that the behavior of a system under faults does not have to be pre-defined as it is normally done. Instead, a system can be simulated in detail and injected with faults to determine its failure modes. The thesis describes how object-oriented design is used to incorporate this methodology into a general purpose design and fault injection package called DEPEND. A software model is presented that uses abstractions of application programs to study the behavior and effect of software on hardware faults in the early design stage when actual code is not available. Finally, an acceleration technique that combines hierarchical simulation, time acceleration algorithms and hybrid simulation to reduce simulation time is introduced

Software reliability models for critical applications

This report presents the results of the first phase of the ongoing EG&G Idaho, Inc. Software Reliability Research Program. The program is studying the existing software reliability models and proposes a state-of-the-art software reliability model that is relevant to the nuclear reactor control environment. This report consists of three parts: (1) summaries of the literature review of existing software reliability and fault tolerant software reliability models and their related issues, (2) proposed technique for software reliability enhancement, and (3) general discussion and future research. The development of this proposed state-of-the-art software reliability model will be performed in the second place. 407 refs., 4 figs., 2 tabs

Reliability models and analyses of the computing systems

Ph.DDOCTOR OF PHILOSOPH

Conceptual framework of cybersecurity for internet of things applications

El internet de las cosas – IoT, es uno paradigmas tecnológicos con rápido crecimiento en los últimos años, en el que objetos inteligentes o cosas, interactúan entre sí y con recursos físicos y/o virtuales a través de Internet. Junto con este crecimiento hace resonancia uno de los retos que presenta este paradigma, la seguridad de aplicaciones IoT. Este trabajo de investigación parte del problema que existen aplicaciones IoT inseguras por la falta de guías que orienten a los desarrolladores en la implementación del dominio de la ciberseguridad en la fase de diseño y la evaluación de estas. La hipótesis planeada es que, mediante un framework, compuesto por diferentes tipos de modelos, se puede orientar al equipo de desarrollo sobre cómo considerar ciberseguridad en las aplicaciones IoT. Desde este punto de partida, en este trabajo se propone un framework conceptual de ciberseguridad para aplicaciones IoT, llamado SMITH Framework. Este framework está compuesto por dos modelos: el primero, un modelo de gestión de la ciberseguridad cuyo propósito es orientar a los desarrolladores de aplicaciones IoT las consideraciones de ciberseguridad que deben tenerse en cuenta desde la fase de diseño de una solución IoT ; el segundo, un modelo conceptual del dominio de la ciberseguridad en el que se presenten seis componentes de seguridad y su relación con el dominio de IoT. Para verificar la hipótesis planteada, se hizo una validación del SMITH Framework basada en el método ATAM, en el que se diseñó una aplicación IoT orientada por elementos del framework propuesto. Los resultados arrojados permitieron conocer que sí es posible orientar al equipo de desarrollo en la implementación de la ciberseguridad en la fase de diseño de una aplicación IoT, confirmando la hipótesis planteadaINTRODUCCIÓN 1. DESCRIPCIÓN GENERAL DEL PROYECTO 1.1. PROBLEMA DE INVESTIGACIÓN 1.1.1 Contexto 1.1.2 Problema 1.2. MOTIVACIÓN 1.2.1 Modelamiento del dominio de la ciberseguridad 1.2.2 Buenas prácticas de la ingeniería del software en proyectos telemáticos 1. 3 PREGUNTA DE INVESTIGACIÓN 1.4 HIPÓTESIS 1.5 OBJETIVOS 1.6 CONTRIBUCIONES. 2. MARCO REFERENCIAL 2.1 MARCO CONCEPTUAL 2.1.1 Ingeniería del software 2.1.1.1 Arquitectura de referencia 2.1.1.2 Arquitectura de software 2.1.1.3 Framework 2.1.1.4 Framework conceptual 2.1.1.4 Modelo de referencia 2.1.1.5 Requisito de calidad 2.1.2 Ciberseguridad 2.1.2.1 Ciberespacio 2.1.2.2 Ciberincidente 2.1.2.3 Incidente de seguridad 2.1.2.4 Ingeniería de seguridad 2.1.3 Telemática 2.1.4 Internet de las cosas 2.1.5 Modelamiento 2.1.5.1 Dominio 2.1.5.2 Lenguajes de modelamiento 2.1.5.3 Modelo 2.2 MARCO TEÓRICO 2.2.1 Ingeniería del software 2.2.1.1 Proceso de desarrollo de software 2.2.1.2 Ingeniería de requisitos 2.2.1.3 Importancia de los requisitos en el desarrollo de software 2.2.1.4 Evaluación de arquitecturas 2.2.2 Ciberseguridad 2.2.3 Internet de las cosas 2.2.3.1 Dominios de aplicación 2.2.3.2 Construcción de aplicaciones IoT 2.2.3.3 Roles en el desarrollo de aplicaciones IoT 2.2.4 Computación distribuida 2.2.4.1 Cloud computing 2.2.4.2 Fog computing 2.2.4.3 Dew computing 2.3 ESTADO DEL ARTE 2.3.1 Frameworks de seguridad para aplicaciones IoT 2.3.1.1 Modelos de seguridad para IoT 2.3.1.2 Frameworks de seguridad para IoT 2.3.1.3 Tendencias de construcción 2.3.1.4 Recursos IoT que protegen 2.3.1.5 Propiedades de seguridad de la información que protegen 2.3.1.6 Conclusiones y brecha de investigación 2.3.2 Estado actual de la ciberseguridad en IoT 2.3.2.1 Malware en IoT 2.3.2.2 Dispositivos IoT 2.3.2.3 Conclusiones del estado del arte 2.4 MARCO NORMATIVO Y ESTÁNDARES 2.4.1 Estándar ISO/IEC 25.010:2011 2.4.2 Estándar ISO/IEC 27.001:2013 2.4.3 Estándar ISO/IEC/IEEE 27017:2015 2.4.5 Estándar ISO/IEC/IEEE 42010:2011 2.4.5 Aportes de la normatividad a este trabajo 2.5 MARCO CONTEXTUAL Y ANTECEDENTES 2.5.1 Centro de Excelencia y Apropiación en Internet de las Cosas 2.5.2 Fundación OWASP 2.6 CONSIDERACIONES FINALES DEL CAPÍTULO 3. ASPECTOS METODOLÓGICOS 3.1 TIPO Y ENFOQUE DE INVESTIGACIÓN 3.2 UNIVERSO Y MUESTRA 3.3 TÉCNICAS E INSTRUMENTOS 3.3.1 Técnicas 3.3.2 Instrumentos 3.4 ACTIVIDADES REALIZADAS 3.4.1 Fase 1: Formulación del modelo de gestión de ciberseguridad para aplicaciones IoT 3.4.1.1 Selección de arquitecturas de referencia (AR) de aplicaciones IoT que serán analizadas 3.4.1.2 Identificación de los niveles arquitecturales de una aplicación IoT genérica 3.4.1.3 Análisis de los requisitos de ciberseguridad que debe cumplir una aplicación IoT 3.4.1.4 Construcción del modelo de gestión para la ciberseguridad para aplicaciones IoT 3.4.2 Fase 2: Representación del dominio de la seguridad para IoT 3.4.2.1 Selección de lenguaje y herramientas de modelado 3.4.2.2 Modelamiento del dominio de ciberseguridad para IoT 3.4.3 Fase 3: Validación del framework propuesto 3.4.3.1 Diseño de la técnica de validación del framework 3.4.3.2 Evaluación del framework 3.4.3.3 Plan de mejoramiento del framework 4 MODELO PROPUESTO DE GESTIÓN DE LA CIBERSEGURIDAD EN APLIACIONES IOT 4.1 METODOLOGÍA PARA EL DESARROLLO DE SMITH MODEL 4.2 ARQUITECTURAS DE REFERENCIA PARA IOT 4.2.1 Revisión sistemática de la literatura 4.2.1.1 Planificación 4.2.1.2 Conducción 4.2.1.3 Reporte 4.2.2 Arquitecturas de referencia seleccionadas 4.3 ARQUITECTURA GENÉRICA PROPUESTA PARA APLICACIONES IOT 4.3.1 Capas y componentes identificadas 4.3.1.1 Análisis del modelo de referencia de la ITU-T 4.3.1.2 Análisis de la arquitectura de referencia del IoT Project 4.3.1.3 Análisis de la arquitectura de SmartSantander 4.3.1.4 Análisis de la arquitectura de referencia de WSO2 4.3.2 Componentes y funcionalidades genéricas de aplicaciones IoT 4.3.3 Análisis de funcionalidades 4.3.4 Diseño de arquitectura genérica de IoT 4.3.4.1 Cloud Layer 4.3.4.2 Fog Layer 4.3.4.3 Dew Layer 4.4 REQUISITOS DE SEGURIDAD PARA APLICACIONES IOT 4.4.1 Grupo de requisitos para la confidencialidad de la información 4.4.1.1 Requisitos de seguridad 4.4.1.2 Requisitos de privacidad 4.4.1.3 Requisitos de autenticación y autorización 4.4.2 Grupo de requisitos para la integridad de la información 4.4.3 Grupo de requisitos para la disponibilidad de la información 4.4.4 Grupo de requisitos para el no repudio 4.5 MODELO DE GESTIÓN DE CIBERSEGURIDAD PROPUESTO 4.5.1 SMITH Model 4.5.1.1 Diseño del SMITH Model 4.5.1.2 Descripción del SMITH Model 4.5.2 Guía de buenas prácticas ciberseguridad para el aseguramiento de aplicaciones IoT 4.5.2.1 Buenas prácticas de ciberseguridad para Cloud Layer 4.5.2.2 Buenas prácticas de ciberseguridad para Fog Layer 4.5.2.3 Buenas prácticas de ciberseguridad para Dew Layer 4.5.3 Instrumento de evaluación 5. MODELO CONCEPTUAL DEL DOMINIO DE LA CIBERSEGURIDAD PARA APLICACIONES IOT 5.1 MODELO DEL DOMINIO IOT 5.1.1 Concepto claves del dominio IoT 5.1.1.1 Servicios 5.1.1.2 Entidades 5.1.1.3 Recursos 5.1.1.4 Dispositivos 5.1.1.5 Usuarios 5.1.2 Representación del dominio IoT 5.2 REPRESENTACIÓN DEL DOMINIO DE CIBERSERGURIDAD 5.2.1 Componentes de ciberseguridad para IoT 5.2.2 Modelo del dominio de ciberseguridad para IoT 5.2.2.1 Autenticación (AuthN) 5.2.22 Autorización (AuthZ) 5.2.2.3 Gestión de claves criptográficas (CEM) 5.2.2.4 Gestión de identidad (IDM) 5.2.2.5 Disponibilidad (AVBL) 5.2.2.6 No repudio (NRP) 6. VALIDACIÓN DEL FRAMEWORK PROPUESTO 6.1 CASO DE ESTUDIO 6.1.1 Alcance y limitaciones del caso de uso 6.1.2 Arquitectura conceptual del sistema 6.1.3 Requisitos del sistema 6.1.3.1 Requisitos funcionales 6.1.3.2 Requisitos de calidad 6.1.4 Presentación arquitectural del sistema 6.1.4.1 Vista conceptual 6.1.4.2 Vista funcional 6.1.4.3 Vista de servicios del sistema 6.2 VALIDACIÓN DE LA ARQUITECTURA 6.2.1 Fase 1: Presentación 6.2.1.1 Paso 1: Presentación de ATAM 6.2.1.2 Paso 2: Presentación de los objetivos del negocio 6.2.1.3 Paso 3: Presentación de la arquitectura 6.2.2 Fase 2: Investigación y análisis 6.2.2.1 Paso 4: Identificar las aproximaciones arquitecturales 6.2.2.2 Paso 5: Generar el árbol de utilidad de atributos de calidad 6.2.2.3 Paso 6: Analizar las aproximaciones arquitecturales 6.2.3 Fase 3: Pruebas 6.2.3.1 Paso 7: Lluvia de ideas y priorización de escenarios 6.2.3.2 Paso 8: Analizar las aproximaciones arquitecturales 6.2.4 Fase 4: Presentación de informe 6.3 INTEGRACIÓN DEL FRAMEWORK 7. CONCLUSIONES Y TRABAJO FUTURO 7.1 CONCLUSIONES 7.2 REVISIÓN DE LAS CONTRIBUCIONES REALIZADAS 7.3 TRABAJO FUTURO REFERENCIAS Anexo A – Evaluación de arquitecturas de referencia. Anexo B – Modelo de gestión de la ciberseguridad para aplicaciones IoTMaestríaThe Internet of Things - IoT, is one of the fastest growing technological paradigms in recent years, in which smart objects or things interact with each other and with physical and / or virtual resources through the Internet. Along with this growth, one of the challenges presented by this paradigm resonates, the security of IoT applications. This research work starts from the problem that there are insecure IoT applications due to the lack of guides that guide developers in the implementation of the cybersecurity domain in the design phase and their evaluation. The planned hypothesis is that, through a framework, made up of different types of models, the development team can be guided on how to consider cybersecurity in IoT applications. From this starting point, this work proposes a conceptual cybersecurity framework for IoT applications, called SMITH Framework. This framework is made up of two models: the first, a cybersecurity management model whose purpose is to guide IoT application developers on the cybersecurity considerations that must be taken into account from the design phase of an IoT solution; the second, a conceptual model of the cybersecurity domain in which six security components and their relationship with the IoT domain are presented. To verify the hypothesis raised, a validation of the SMITH Framework based on the ATAM method was carried out, in which an IoT application was designed based on elements of the proposed framework. The results obtained allowed us to know that it is possible to guide the development team in the implementation of cybersecurity in the design phase of an IoT application, confirming the hypothesis raise