Choosing Effective Methods for Design Diversity -
How to progress from Intuition to Science
A paper "Choosing Effective Methods for Design
Diversity - How to progress from Intuition to Science" by Peter
Popov, Lorenzo Strigini and Alexander Romanovsky was presented at the 18th
International Conference, SAFECOMP'99, held in Toulouse, France, September
1999. It appears in the proceedings published in the Lecture Notes in Computer
Science series, No. 1698, ISBN 3-540-66488-2, pp. 272-285, Springer-Verlag.
The full text of the paper is available for download in .pdf
format.
Abstract
Design diversity is a popular defence against design faults in safety critical
systems. Design diversity is at times pursued by simply isolating the development
teams of the different versions, but there are good reasons to believe
that it is better to "force" diversity, by appropriate prescriptions to
the teams. There are many ways of forcing diversity. The literature, including
standards and guidelines, includes lists of such ways at the disposal of
a project manager, e.g. dictating different algorithms, different programming
or specification languages, etc. Yet, managers who have to choose a cost-effective
combination of these have little guidance except their own intuition. Unfortunately,
intuition has often proven wrong when dealing with diversity. We argue
the need for more scientifically based recommendations, and outline the
problems with producing them. We focus on what we think is the standard
basis for most recommendations: the belief that project decisions should
be aimed at causing "diversity" among the faults of the various versions,
and that this diversity will in turn decrease the risk of the versions
failing together. We attempt to clarify what these beliefs mean, in which
cases they may be justified and how they can be checked or disproved experimentally.
Page maintained by: Peter Popov
Last modified 30 January 2001.