An Approach for the Assessment of System Upset Resilience

This report describes an approach for the assessment of upset resilience that is applicable to systems in general, including safety-critical, real-time systems. For this work, resilience is defined as the ability to preserve and restore service availability and integrity under stated conditions of configuration, functional inputs and environmental conditions. To enable a quantitative approach, we define novel system service degradation metrics and propose a new mathematical definition of resilience. These behavioral-level metrics are based on the fundamental service classification criteria of correctness, detectability, symmetry and persistence. This approach consists of a Monte-Carlo-based stimulus injection experiment, on a physical implementation or an error-propagation model of a system, to generate a system response set that can be characterized in terms of dimensional error metrics and integrated to form an overall measure of resilience. We expect this approach to be helpful in gaining insight into the error containment and repair capabilities of systems for a wide range of conditions

Interval-based clock synchronization with optimal precision

AbstractWe present description and analysis of a novel optimal precision clock synchronization algorithm (OP), which takes care of both precision and accuracy with respect to external time. It relies upon the generic interval-based algorithm of Schmid and Schossmaier [Real-Time Syst. 12 (2) (1997) 173] and utilizes a convergence function based on the orthogonal accuracy algorithm of Schmid [Chicago J. Theor. Comput. Sci. 3 (2000) 3]. As far as precision is concerned, we show that OP achieves optimal worst case precision, optimal maximum clock adjustment, and optimal rate, as does the algorithm of Fetzer and Cristian [Proceedings 10th Annual IEEE Conference on Computer Assurance, Gaithersburg, MD, 1995]. However, relying upon a perception-based hybrid fault model and a fairly realistic system model, our results are valid for a wide variety of node and link faults and apply to very high-precision applications as well: Impairments due to clock granularity and discrete rate adjustment cannot be ignored here anymore. Our accuracy analysis focuses on the nodes’ local accuracy interval, which provides the atop running application with an on-line bound on the current deviation from external time. We show that this bound could get larger than twice the necessary lower bound (“traditional accuracy”), hence OP is considerably suboptimal in this respect

Overview of Risk Mitigation for Safety-Critical Computer-Based Systems

This report presents a high-level overview of a general strategy to mitigate the risks from threats to safety-critical computer-based systems. In this context, a safety threat is a process or phenomenon that can cause operational safety hazards in the form of computational system failures. This report is intended to provide insight into the safety-risk mitigation problem and the characteristics of potential solutions. The limitations of the general risk mitigation strategy are discussed and some options to overcome these limitations are provided. This work is part of an ongoing effort to enable well-founded assurance of safety-related properties of complex safety-critical computer-based aircraft systems by developing an effective capability to model and reason about the safety implications of system requirements and design