Modeling the dependability of critical systems

Our research group has a long tradition in modeling the dependability of critical computer-based systems using probabilistic models. The objective is to support design decisions and to analyze and quantify the impact of faults on dependability. A major challenge is to capture the main phenomena inherent to the modeled system that have a significant impact on the dependability measures of interest (accidental faults affecting hardware and software components, fault tolerance and error recovery mechanisms, maintenance strategies, etc.), and to master model complexity. The complexity of the models depends on the dependability measures to be evaluated, the modeling level of detail, and the stochastic dependencies among the components. State-space models, in particular Markov chains and stochastic Petri nets and their extensions, are commonly used for dependability modeling of computing systems. They are able to capture various functional and stochastic dependencies among components and allow evaluation of various measures related to dependability and performance (i.e., performability measures) based on the same model, when a reward structure is associated to them.

Our research activities focus on the development of compositional and modular approaches aimed at mastering complexity at the model construction level, based on Generalized stochastic Petri nets (GSPNs) and Stochastic Activity Networks (SANs). A particular attention is put on the elaboration of efficient techniques that are well suited to describe the various dependencies that may result from functional or structural interactions between the components or from interactions due to global system fault tolerance, reconfiguration and maintenance strategies. Various modeling approaches have been proposed to facilitate the construction of large dependability models taking into account such dependencies. We can mention as an example the block modeling approach defined in [Kanoun & Borrel 2000] and the incremental modeling approach defined in [Fota et al. 1999a] that provide a generic framework for the dependability modeling of hardware and software fault-tolerant systems based on GSPNs. These approaches have been applied for the dependability evaluation of the French air traffic control computing system, considering availability [Kanoun et al. 1999] and safety  [Fota et al. 1999b].

Another concern when modeling dependability is to facilitate the integration of dependability modeling activities in the system engineering process. The iterative dependability modeling approach proposed in [Betous-Almeida & Kanoun 2004a, Betous-Almeida & Kanoun 2004b] where the construction and validation of the GSPN dependability model is carried out progressively following the system development refinement process is aimed at fulfilling this objective. Actually, this approach can be seen as a special case of the more general class of techniques based on layered and multi-level modeling methods, where the modeled system is structured into different levels corresponding to different abstraction layers, with a model associated to each level. As an example, we can mention the multilevel modeling approach that we have developed for evaluating the user perceived availability of web-based applica­tions [Kaâniche et al. 2003a, Kaâniche et al. 2003b]. Another interesting direction that has been investigated recently to fulfill this objective concerns the development of modeling approaches allowing the generation of dependability evaluation models from model-driven engineering approaches based on architecture description languages. Our research is focused on the Architecture Analysis and Design Language (AADL). This language provides standardized notations for describing software and hardware system architectures and functional interfaces, and for performing various types of analysis to determine the behavior and performance of the system being modeled. Our contributions concerned the establishment of a link between AADL descriptions and GSPN models to facilitate the quantitative analysis of dependable architectures. In particular, we developed a modeling framework including reusable modeling patterns for fault-tolerant architectures [Rugina et al. 2007], and an automatic model transformation tool, ADAPT, allowing the generation of Generalized stochastic Petri nets from AADL models [Rugina et al. 2008] (Figure 1). This framework was illustrated on a subsystem of the French Air Traffic Control system [Rugina 2007].


Figure 1: The ADAPT tool

Publications

[Betous-Almeida & Kanoun 2004a] C. Betous-Almeida and K. Kanoun, “Construction and Stepwise Refinement of Dependability Models,” Performance Evaluation, vol. 56, 277-306, 2004.

[Betous-Almeida & Kanoun 2004b] C. Betous-Almeida and K. Kanoun, “Dependability modelling of Intsrumentation and Control Systems: A Comparison of Competing Architectures,” Safety Science, vol. 42, 457-480, 2004.

[Fota et al. 1999a] N. Fota, M. Kâaniche and K. Kanoun, “Incremental Approach for Building Stochastic Petri Nets for Dependability Modeling,” in Statistical and Probabilistic Models in Reliability, (Ionescu and Limnios, Eds.), pp. 321-335, Birkhäuser, 1999.

[Fota et al. 1999b] N. Fota, M. Kâaniche and K. Kanoun, “Dependability Evaluation of an Air Traffic Control Computing System,” Performance Evaluation, vol. 35 (3-4), 553-573, 1999

[Kaâniche et al. 2003a] M. Kaâniche, K. Kanoun and M. Rabah, “Multi-level modelling approach for the availability assessment of e-business applications,” Software: Practice and Experience, vol. 33, no. 14, pp. 1323-1341, 2003.

[Kaâniche et al. 2003b] M. Kaâniche, K. Kanoun and M. Martinello, “A User-Perceived Availability Evaluation of a Web Based Travel Agency,” IEEE International Conference on Dependable Systems and Networks (DSN-2003), 2003, pp. 709-718.

[Kanoun & Borrel 2000] K. Kanoun and M. Borrel, “Fault-Tolerant System Dependability — Explicit Modeling of Hardware and Software Component-Interactions,” IEEE Transactions on Reliability, vol. 49, no. 4, pp. 363-376, December 2000.

[Kaâniche et al. 2008] M. Kaâniche, P. Lollini, A. Bondavalli, K. Kanoun, “Modeling the resilience of large and resilient systems,” International Journal of Performability Engineering Vol. 4, No. 2, April 2008, pp.153- 168..

[Kanoun et al. 1999] K. Kanoun, M. Borrel, T. Moreteveille and A. Peytavin, “Modeling the Dependability of CAUTRA, a Subset of the French Air Traffic Control System,” IEEE Transactions on Computers, vol. 48, no. 5, pp. 528-535, 1999.

[Martinello 2005] M. Martinello, “Availability Modeling and Evaluation of Web-based services - A pragmatic Approach”, PhD, Institut National Polytechnique de Toulouse, LAAS-CNRS Report N° 05552, 2005.

[Martinello et al. 2005] M. Martinello, M. Kaâniche and K. Kanoun “Web Service Availability — Impact of Error Recovery and Traffic Model”, Reliability Engineering and System Safety,  89 (2005), pp. 6-16, 2005.

[Rabah & Kanoun 1999]  M. Rabah and K. Kanoun, “Dependability Evaluation of a Distributed Shared Memory Multiprocessor System”, in 3rd European Dependable Computing Conference (EDCC-3), Prague (Czech Republic), pp.42-59, Springer, 1999.

[Rabah & Kanoun 2003] M. Rabah and K. Kanoun, “Performability evaluation of multipurpose multiprocessor systems: the "separation of concerns" approach,” IEEE transactions on Computers, vol. 52, no. 2, pp. 223-236, 2003.

[Rugina et al. 2005] A.E. Rugina, M. Kaâniche and K. Kanoun, The ADAPT tool: from AADL architectural models to stochastic petri nets through model transformation, 7th European Dependable Computing Conference (EDCC 2008), Kaunas (Lithuanie), 7-9 Mai 2008, 12p.

[Rugina 2007] A.E. Rugina, “Dependability Modeling and Evaluation : From AADl to Stochastic Petri nets, PhD, Institut National Polytechnique de Toulouse, http://tel.archives-ouvertes.fr/tel-00207502/fr/.

[Rugina et al. 2007] A.E. Rugina, M. Kaâniche and K. Kanoun, A system dependability modeling framework using AADL and GSPNs, in Architecting Dependable Systems, Lecture Notes in Computer Science 4615, Springer, N°ISBN 978-3-540-74033-9, 2007, pp.14-38.

[Rugina et al. 2009] A.E. Rugina, M. Kaâniche and K. Kanoun, Modélisation de la sûreté de fonctionnement basée sur le langage AADL et les RdPSG, Technique et Science Informatiques, Vol.28, N°1, pp.7-37, Janvier 2009.

[Rugina et al. 2009] A.E. Rugina, P.H. Feiler, M. Kaâniche and K. Kanoun, Modélisation de la sûreté de fonctionnement avec AADL - Un langage standardisé de description d'architectures, Revue de l'Electricité et de l'Electronique, N°3, pp.81-87, Mars 2009.