CERT-SEI

Availability and Reliability

mbe_reliability-1

The SEI approach using model-based engineering permits error modeling on an architecture specification early and often throughout the development life cycle. These error models capture the results of failure modes and effects analysis (FMEA) and hazard analysis.

System designers know that software faults may cause failure in many forms, from loss of life and equipment to loss of specific functionality, which hinders mission effectiveness. So, they want to ascertain and demonstrate a level of confidence in the system, expressed perhaps in an availability measure such as a mean time between failures (MTBF) number.

But can they predict how a system will perform when migrated to complex, new environments—such as an integrated modular avionics (IMA) architecture? In an IMA architecture, dedicated processors are replaced by virtual machines in a partitioned environment that can run applications concurrently.

Or, can they gain insight into how choices made to improve reliability affect other critical qualities of the architecture, such as latency, CPU and bus utilization, and scheduling? Can they systematically evaluate each change prior to system integration and test?

Using model-based engineering tools, methods, and techniques the SEI has developed an approach for dependency analysis that applies fault and repair models to system architecture. This approach

  • promotes the early detection of potential problems for reliability (and other quality attributes), reduces system integration time and cost, and simplifies maintenance
  • supports the specification and analysis of fault trees, Markov models, and partition isolation. Error models can be associated with components, subsystems, systems, and connections between components to describe, for example, fault behavior of data transfer
  • checks for consistency, completeness, and traceability between the error models of interacting components as well as those of components and their subcomponents

The SEI provides technical assistance and guidance to transform the architectural design process from one based on human evaluation to one based on automated analysis.

This analysis includes

  • validating system quality attributes early in the design phase
  • facilitating system integration
  • conducting impact and tradeoff analysis using architecture models

Analysis of a system architecture model offers a better way to predict the behavior of quality attributes. The SEI approach to model-based engineering allows analysis

  • using a single architecture model
  • early and often in the development life cycle or on an existing system architecture
  • at different architecture refinement levels
  • along diverse architectural aspects such as behavior and throughput
Reliability Analysis Concern SEI Approach SEI Answer
Fault tolerance YES Error modeling captures FMEA results
Availability YES Error modeling supports fault tree analysis and MTBF
Hazard identification/risk analysis YES Designer can evaluate effects of partitioning and assess how other quality attributes might be affected (such as in end-to-end latency)

The SEI Toolkit for Reliability Analysis

The SEI uses the Architecture Analysis and Design Language (AADL) to document a system architecture and provide a platform for multiple analyses. AADL, an international industry standard, supports multiple analyses from a single architectural model, enables modeling and analysis throughout the life cycle, and provides analysis of runtime behavior such as availability, performance, and security.

The AADL error model annex supports mixed-fidelity modeling that makes it easier to modify architecture specifications and automatically regenerate reliability models at different levels of fidelity. The annex also enables improved traceability between architecture specifications and the generated models and analysis results.

The SEI offers the Open Source AADL Tool Environment (OSATE) set of analysis plug-ins for use with AADL models. The OSATE error model plug-in implements the AADL error model annex. This SEI-developed plug-in includes

  • a syntax-sensitive text editor, with integrated error reporting
  • a parser and semantic checker for textual AADL with conversion into AADL XML
  • an unparser for AADL XML to textual AADL conversion
  • support for multi-enterprise development through a version control system interface

AADL also can be used with

Read our information sheet on this analysis.