Critical System Properties: Survey and Taxonomy

John Rushby

Published in Reliability Engineering and System Safety, Vol. 43, No. 2, pp. 189--219, 1994; also SRI Technical Report SRI-CSL-93-1


Computer systems are increasingly employed in circumstances where their failure (or even their correct operation, if they are built to flawed requirements) can have serious consequences. There is a surprising diversity of opinion concerning the properties that such ``critical systems'' should possess, and the best methods to develop them. The dependability approach grew out of the tradition of ultra-reliable and fault-tolerant systems, while the safety approach grew out of the tradition of hazard analysis and system safety engineering. Yet another tradition is found in the security community, and there are further specialized approaches in the tradition of real-time systems. In this report, I examine the critical properties considered in each approach, and the techniques that have been developed to specify them and to ensure their satisfaction. Since systems are now being constructed that must satisfy several of these critical system properties simultaneously, there is particular interest in the extent to which techniques from one tradition support or conflict with those of another, and in whether certain critical system properties are fundamentally compatible or incompatible with each other. As a step toward improved understanding of these issues, I suggest a taxonomy, based on Perrow's analysis (C. Perrow. Normal Accidents: Living with High Risk Technologies. Basic Books, New York, NY, 1984), that considers the complexity of component interactions and tightness of coupling as primary factors.

This is the technical report version
gzipped postscript, or plain postscript or PDF or crude ascii (for your Palm Pilot)

BibTeX Entry

	AUTHOR = {John Rushby},
	TITLE = {Critical System Properties: Survey and Taxonomy},
	JOURNAL = {Reliability Engineering and System Safety},
	YEAR = 1994,
	VOLUME = 43,
	NUMBER = 2,
	PAGES = {189--219}

	AUTHOR = {John Rushby},
	TITLE = {Critical System Properties: Survey and Taxonomy},
	NUMBER = {SRI-CSL-93-1},
	INSTITUTION = {Computer Science Laboratory, SRI International},
	ADDRESS = {Menlo Park, CA},
	MONTH = may,
	YEAR = 1993

Having trouble reading our papers?
Return to John Rushby's bibliography page
Return to the Formal Methods Program home page
Return to the Computer Science Laboratory home page