The architecture of a reliable software monitoring system for embedded software systems
- Computer Science Dept., Univ. of Idaho, Moscow, ID 83833-1010 (United States)
We develop the notion of a measurement-based methodology for embedded software systems to ensure properties of reliability, survivability and security, not only under benign faults but under malicious and hazardous conditions as well. The driving force is the need to develop a dynamic run-time monitoring system for use in these embedded mission critical systems. These systems must run reliably, must be secure and they must fail gracefully. That is, they must continue operating in the face of the departures from their nominal operating scenarios, the failure of one or more system components due to normal hardware and software faults, as well as malicious acts. To insure the integrity of embedded software systems, the activity of these systems must be monitored as they operate. For each of these systems, it is possible to establish a very succinct representation of nominal system activity. Furthermore, it is possible to detect departures from the nominal operating scenario in a timely fashion. Such departure may be due to various circumstances, e.g., an assault from an outside agent, thus forcing the system to operate in an off-nominal environment for which it was neither tested nor certified, or a hardware/software component that has ceased to operate in a nominal fashion. A well-designed system will have the property of graceful degradation. It must continue to run even though some of the functionality may have been lost. This involves the intelligent re-mapping of system functions. Those functions that are impacted by the failure of a system component must be identified and isolated. Thus, a system must be designed so that its basic operations may be re-mapped onto system components still operational. That is, the mission objectives of the software must be reassessed in terms of the current operational capabilities of the software system. By integrating the mechanisms to support observation and detection directly into the design methodology, we propose to shift away from the currently applied paradigm of addressing reliability, security and survivability in an add-on fashion at the end of the software development process. Rather, the integrity monitoring ability will be integrated into the overall architecture of the software system. The measurement and control methodology developed under this research program will readily migrate into hardware, leading to the development of new hardware architecture with built-in survivability, security and reliability attributes. (authors)
- Research Organization:
- American Nuclear Society, 555 North Kensington Avenue, La Grange Park, IL 60526 (United States)
- OSTI ID:
- 22030122
- Resource Relation:
- Conference: NPIC and HMIT 2006: 5. International Topical Meeting on Nuclear Plant Instrumentation Controls, and Human Machine Interface Technology, Albuquerque, NM (United States), 12-16 Nov 2006; Other Information: Country of input: France; 18 refs.; Related Information: In: Proceedings of the 5. International Topical Meeting on Nuclear Plant Instrumentation Controls, and Human Machine Interface Technology| 1430 p.
- Country of Publication:
- United States
- Language:
- English
Similar Records
Resilience Design Patterns: A Structured Approach to Resilience at Extreme Scale (V.2.0)
Exe-Guard Project