High Dependability Computing Program Modeling Dependability(9)

Individuals and organizations increasingly use sophisticated software systems from which they demand great reliance. “Reliance ” is contextually subjective and depends on the particular stakeholder’s needs; therefore, in different circumstances, the sta

due to attacks intentionally carried on against the system (e.g., logical breaches, data accesses, denial of service attacks, etc.).

o Maintainability2(SCOPE), due to actions intentionally carried on to improve the system (e.g., repairs, upgrades).

o Safety: index of the hazards (ISSUE) created by the system or a service (SCOPE).

At this point, we can start from these new definitions for refining our analysis. We recognize that some failures (see the definitions of survivability, security, and maintainability) are the results of some external events. Due to our choice of the initial set of dependability attributes, we can distinguish three main external events types:

Adverse condition: any external event that may have an actual or potential harmful effect on the system or a service (e.g., extreme weather conditions, un-natural load peaks, etc.);

Attack: any intentional action carried on against the system or a service (e.g., logical breaches, data accesses, denial of service attacks, etc.);

Update: any action intentionally carried on to change the system or a service (e.g., repairs, upgrades.). characterization:

- Type

- Adverse ConditionFAILUREcharacterization:- Type - Accuracy failurecharacterization:- Type - Whole System - Service - Attack

- Upgrades

- Performance failure

- Other failure

- Availability impact

- Stopping

- Non-Stopping

HAZARD

characterization:

- Type

- User(s) hazard - Environment hazard

Figure 3: The “evolving” UMD

Thus, the concept of external event emerges as another common item across the different definitions. Each dependability attribute can in fact be defined in terms of some kind of issues affecting the whole system or part of it (the scope), due or not due to some external events. Figure 3 extends the framework introduced in Figure 2, by encompassing the new concept of event

By using the new framework, the definitions of the dependability attributes become:

2 Note that with this new definition of maintainability we cover only partially the initial one. While the original definition encompasses, for example, the capability of the system of being repaired and/or upgraded within the expected budget and time, the new definition focuses only upon the easiness of the maintenance process, taking into account the possible issues caused by repairs and upgrades. UMD, however, also allows for the expression of the desired system behavior during maintenance, as will be illustrated in the Section “Capturing System reaction”.