Critical System Properties: Survey and Taxonomy
John Rushby
Published in Reliability Engineering and
System Safety, Vol. 43, No. 2, pp. 189--219, 1994; also SRI
Technical Report SRI-CSL-93-1
Abstract
Computer systems are increasingly employed in circumstances where
their failure (or even their correct operation, if they are built to
flawed requirements) can have serious consequences. There is a
surprising diversity of opinion concerning the properties that such
``critical systems'' should possess, and the best methods to develop
them. The dependability approach grew out of the tradition of
ultra-reliable and fault-tolerant systems, while the safety approach
grew out of the tradition of hazard analysis and system safety
engineering. Yet another tradition is found in the security community,
and there are further specialized approaches in the tradition of
real-time systems. In this report, I examine the critical properties
considered in each approach, and the techniques that have been
developed to specify them and to ensure their satisfaction. Since
systems are now being constructed that must satisfy several of these
critical system properties simultaneously, there is particular
interest in the extent to which techniques from one tradition support
or conflict with those of another, and in whether certain critical
system properties are fundamentally compatible or incompatible with
each other. As a step toward improved understanding of these issues, I
suggest a taxonomy, based on Perrow's analysis (C. Perrow. Normal
Accidents: Living with High Risk Technologies. Basic Books, New York,
NY, 1984), that considers the complexity of component interactions and
tightness of coupling as primary factors.
This is the technical report version
gzipped postscript,
or
plain postscript
or
PDF
or
crude ascii (for your Palm Pilot)
BibTeX Entry
@article{Rushby94:Taxonomy,
AUTHOR = {John Rushby},
TITLE = {Critical System Properties: Survey and Taxonomy},
JOURNAL = {Reliability Engineering and System Safety},
YEAR = 1994,
VOLUME = 43,
NUMBER = 2,
PAGES = {189--219}
}
@techreport{Rushby93:TaxonomyTR,
AUTHOR = {John Rushby},
TITLE = {Critical System Properties: Survey and Taxonomy},
NUMBER = {SRI-CSL-93-1},
INSTITUTION = {Computer Science Laboratory, SRI International},
ADDRESS = {Menlo Park, CA},
MONTH = may,
YEAR = 1993
}
Having trouble reading our papers?
Return to John Rushby's bibliography page
Return to the Formal Methods Program home page
Return to the Computer Science Laboratory home page