The Reliability of Diverse Systems: a Contribution
using Modelling of the Fault Creation Process
Peter Popov, Lorenzo Strigini
Centre for Software Reliability, City University, London
A previous version of this paper was distributed as a DISPO Technical
Report, Ref. PP_DD_TR-04_v1_0. A revised version is presented here. The
full text is available as a .pdf file.
Abstract
Design diversity is a protection against design faults causing common-mode failure
in redundant systems. Although we know that it is effective, we badly lack knowledge
about how much reliability it will buy in practice, and thus its cost-effectiveness,
in which cases it is an appropriate solution and how it should be taken into account
by safety assessor and regulators. Both current practice and the scientific debate
about design diversity depend largely on intuition about how the little hard empirical
knowledge available should be extrapolated. We show a way of making this activity
more scientific by substituting a detailed probabilistic model for broad-brush
intuition. Simple assumptions on the process of fault creation in two separately-developed
versions yield interesting conclusions about two questions that are commonly debated:
what degree of reliability improvement in a redundant system an assessor can reliably
expect from diversity; and whether this reliability improvement increases or decreases
with higher-quality development processes. For instance, we show how software
reliability assessments based on current practice for single-version software
should be consistently extended to assessing a 1-out-of-2, two-version
system.
Page maintained by: Peter
Popov
Last updated: 31 January 2001