Dependable SystemsWinter term 2020/2021

Dependable Systems

1st ChapterIntroduction

Prof. Matthias WernerProfessur Betriebssysteme

Dependable Systems – Introduction

Willkommen zu “Verlässliche Systeme”

Welcome to “Dependable Systems”565130

WS 2020/2021 · M. Werner I – 2 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.2 Formalities

1.2 FormalitiesLanguage/Sprache

I Although English is the official courselanguage, German is partly supported:I The handouts are provided in English

and GermanI Literature is in English anyway.I Language of a question determines the

language of the answer

I Obwohl die Lehrveranstaltung als englischsprachigausgewiesen ist, werden deutschsprachigeStudierende teilweise unterstützt:I Das Kursmaterial (Handouts) wird in Deutsch

und Englisch bereitgestellt (soweitÜbersetzungen sinnvoll sind)

I Literatur ist durchweg englischI Fragen werden in der bei der Fragestellung

benutzten Sprache beantwortetWS 2020/2021 · M. Werner I – 3 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.2 Formalities

LectureI Due to Covid-19, lecture is presented as screencast

I Dozent: Prof. Matthias WernerI matthias.werner@informatik.tu-chemnitz.deI Professur “Betriebssysteme”I Homepage: osg.informatik.tu-chemnitz.de

I Zeit: Wednesday, 11.30 – 13.00 Uhr

I Access information at Opal

Why “Zoom”?That is totally insecure!

I Indeed, Zoom had a number of security issues.I The (known) security bug are fixed in the meantimeI Privacy: The TU bought licenses á Zoom is bound by law to a

certain degree.1

1Cf.: https://unterrichten.digital/2020/05/02/zoom-datenschutz-schule-unterrichtWS 2020/2021 · M. Werner I – 4 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.2 Formalities

Lecture (cont.)

I Even under Corona conditions, the lecture should be as interactive as possible

I Thus, every student should take part with microphone, and possibly with camera, too.

I Signal questions by “raising hand” or by a headword in the chat. á talk on request

HintDue to privacy reasons, I can’t provide video records (for the time being)

WS 2020/2021 · M. Werner I – 5 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.2 Formalities

Lecture (cont.)

put hand up

chat

(de)activatemicro/cam

WS 2020/2021 · M. Werner I – 6 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.2 Formalities

TutorialI Tutorials use BigBlueButton

I Access information in OPAL (after registration)

I Tutor: Christine Jakobs

I Time: Friday, 11.30 – 13.00 Uhr

I Content:I Discuss of open issuesI Check solutions of self-test problemsI Do application examples

I The first tutorials deal also with recaps of prerequisitesI The tutorial classes will start at October 23rd

WS 2020/2021 · M. Werner I – 7 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.2 Formalities

Exam

I Written exam in FebruaryI Registration with central examination office via SB-Service requiredI Learning is a necessary but not sufficient condition to pass this course

I You also should understand the topics

NoteBe able to answer not only to What questions, but also to Why questions!

WS 2020/2021 · M. Werner I – 8 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.2 Formalities

Credits

I Course can be taken by students of following programs:I Master Computer ScienceI Master Applied Computer ScienceI Master Automotive Software EngineeringI Master Automotive Computer EngineeringI Master NeuroroboticsI Master Web EngineeringI Mater/PhD MathematicsI Master Biomedical Technology

WS 2020/2021 · M. Werner I – 9 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.2 Formalities

LiteratureI There is no single textbook for this courseI However, the following textbooks may be of use:

� [AL82] Thomas Anderson and Pete A. Lee. Fault Tolerance – Principles and Practice. Prentice Hall, 1982� [Pra96] Dhiraj K. Pradhan, ed. Fault Tolerant Computer Systems. Prentice Hall, 1996� [SS95] Daniel P. Siewiorek and Robert S. Swarz. The Theory and Practice of Reliable Systems Design.

Digital Press, 1995� [Sho03] Martin L Shooman. Reliability of computer systems and networks: fault tolerance, analysis, and

design. John Wiley & Sons, 2003� [Rau14] Marvin Rausand. Reliability of safety-critical systems: theory and applications. John Wiley &

Sons, 2014� [RA04] Marvin Rausand and Høyland Arnljot. System reliability theory: models, statistical methods, and

applications. Vol. 396. John Wiley & Sons, 2004� [Kni12] John Knight. Fundamentals of Dependable Computing for Software Engineers. 1st. Chapman &

Hall/CRC, 2012WS 2020/2021 · M. Werner I – 10 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.2 Formalities

Literature (cont.)

I In addition, the following materials are provided:I Slides as handout (via homepage)

I I’ll try hard to provide it in advance to the related lectureI You may add your own notesI Handout is in 2x2 layout; if you need another layout, convert it by proper tools

I Original articles (marked byb)I Link at homepageá You need TUC trust center account

WS 2020/2021 · M. Werner I – 11 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.2 Formalities

Handout

I Example script (bash) toconvert the handout into1x1 layoutI Needs ghostscript and

pdf toolkitI YMMV

1 #!/usr/bin/env bash2 if [ -z "$1" ] || [ ! -f "$1" ] || \3 [ ‘file -Ib $1 | cut -f1 -d’ ’‘ != "application/pdf;" ];4 then5 echo "No valid input file"6 exit 17 fi8 x=( 0 -421 0 -421)9 y=( -297 -297 0 0)

10 temp=‘mktemp -u /tmp/pdf -cv -XXXXX ‘11 for i in {0..3}; do12 gs -q -dNOPAUSE -dBATCH -P- -dSAFER -sDEVICE=pdfwrite \13 -g4210x2975 -sOutputFile=${temp}$i.pdf \14 -c "<</PageOffset [${x[$i]} ${y[$i]}]>> setpagedevice" \15 -f $1;16 done17 pdftk ${temp }?. pdf shuffle output ${1/. pdf/-1x1.pdf}18 rm ${temp }?. pdf

WS 2020/2021 · M. Werner I – 12 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.3 Dependability

1.3 DependabilitySystem Properties

I Systems have functional and non-functional (or: meta-functional) propertiesI Functional properties: “What”

I Function or its return valueI Hardware and software is offering functional services

I Non-functional properties: “How”I Boundary conditionsI Umbrella term for operational requirements on the systemI Cross-cutting concerns for all functionalitiesI Hard to define and to abstract awayI Divide et impera does not work in many casesI Many people only focus on performance and costs

WS 2020/2021 · M. Werner I – 13 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.3 Dependability

Concept

I Past (appr. until 80s)Dependability is property of fault-tolerance systems

I Today:“Dependability” is umbrella term, that covers quite a number of concepts and measures.

General question:

“How to deal with unexpected/undesired events?”

I Unexpected event = impairI E.g., attacks are intended impairs

WS 2020/2021 · M. Werner I – 14 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.3 Dependability

Concept (cont.)

Definition 1.1 (LAPRIE 1993)

Dependability is defined as the trustworthiness of a computer system such that reliance can justifiable be placed onthe service it delivers.The service delivered is its behaviour as it is perceptible to its user(s);a user is another system (human or physical) which interacts with the former.

I Attention: following the definition, also unintended/undesired behavior is a service.I Example: damage for a third party

WS 2020/2021 · M. Werner I – 15 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.3 Dependability

Consequences of Failures

I Human injury or loss of lifeI Damage to the environmentI Damage to or loss of equipmentI Damage to or loss of dataI Financial loss by theftI Financial loss through production of useless or defective productsI Financial loss through reduced capacity for production or serviceI Loss of business reputationI Loss of customer baseI Loss of jobs

WS 2020/2021 · M. Werner I – 16 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.3 Dependability

Importance of Dependability for Business

I Average costs per hour of downtime (Gartner 1998)I Brokerage operations in finance: $6.5 millionI Credit card authorization: $2.6 millionI Home catalog sales: $90.000I Airline reservation: $89.500

I Example: 22-hour service outage of eBay on June 6th 1999I Interruption of around 2.3 million auctionsI 0.2% stock value drop, $3-5 billion of lost revenuesI Problems blamed on Sun server software

WS 2020/2021 · M. Werner I – 17 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.4 Case Studies

1.4 Case Studies1.4.1 Example I: Specification vs. ImplementationI Automatic parking brake

I Example: VW PassatI Will be automatically released, when car accelerates

Picture from: www.autozeitung.deWS 2020/2021 · M. Werner I – 18 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.4 Case Studies

Automatic Parking Break ReleaseI What was intendedI What has been implementedI What did happen

Put throttle control Engine speed increases

Release parking brake

Air condition starts up

WS 2020/2021 · M. Werner I – 19 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.4 Case Studies

1.4.2 Example II: Measure vs. Measurement

I Service requires the execution of 6 taskI Probability of finishing is equally distributed within an intervalI One or two processorsI Deadline: 25 time unitsI Fault rate: λ = 0.01, R(t) = e−λ·t

QuestionsI How many processors should be used (one or two)?I What scheduling policy should be used?

1 Request

23

4

56 Completion

[1; 2]

[4; 5]

[1; 2]

[4; 8]

[2; 6]

[3; 5]

6

5

4

3

2

1

task

t

min maxWS 2020/2021 · M. Werner I – 20 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.4 Case Studies

Design Alternatives

5 10 15 20 t

P1

simple approachτ1 τ2 τ3 τ4 τ5 τ6

5 10 15 20 t

P1

fault-tolerant approach

P2

τ1 τ2 τ3 τ4 τ5 τ6

τ1 τ2 τ3 τ4 τ5 τ6

5 10 15 20 t

P1

real-time approach

P2

τ1 τ2 τ3

τ4 τ5

τ6

5 10 15 20 t

P1

adaptive approach

P2

τ1 τ2 τ3 τ5

τ1 τ2 τ4 τ5

τ6

τ6

canceled

WS 2020/2021 · M. Werner I – 21 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.4 Case Studies

Comparison of Designs

0 5 10 15 20 25 30 350

0.2

0.4

0.6

0.8

1

Deadline

R(t)

I Legend:I simple approachI real timeI fault toleranceI adaptivity

I Result:I Real-time approach reduces the

probability of success!I Adaptivity is best (here)

WS 2020/2021 · M. Werner I – 22 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.4 Case Studies

Lessons Learned

I Even simple systems may behave unexpectedI Beware of “improvements”:

Possibility that they make things worseI Design issues:

I What is intended? (what is success?)I What are the side conditions? (e.g., resources)

WS 2020/2021 · M. Werner I – 23 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.5 Course Contents

1.5 Course ContentsCourse’s Key Aspects

I Focus onI ConceptsI Evaluation and modelingI (Classic) fault tolerance

I No focus on:I Real time (á Real-time course (summer term))I Security (á Prof. Lefmann)

I but may interfere (c.f., case study)

WS 2020/2021 · M. Werner I – 24 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.5 Course Contents

Interesting Problems

I How to evaluate system’s dependability?I How to model faulty behavior?I Why is simple redundancy not sufficient in case of “malicious” faults?I What test approaches do exist?I What is the difference between RAID 1+0 and 0+1?

WS 2020/2021 · M. Werner I – 25 of 26 osg.informatik.tu-chemnitz.de

Dependable Systems – Introduction1.5 Course Contents

Topics

I Impairment modelsI (Recap of) stochastic basicsI Dependability measures and system evaluationI Fault tolerance patternsI Tests and fault diagnosisI Consensus and Byzantine FaultsI Analytical evaluationI Verification and testing of softwareI Fault tolerance in software

WS 2020/2021 · M. Werner I – 26 of 26 osg.informatik.tu-chemnitz.de