Slides - UniNa STiDuE

advertisement
SECURITY AND DEPENDABILITY
OF COMPUTER SYSTEMS
PART A
HOMEWORK 1
STUDENTS
•
•
•
•
Luca Genovese
Gabriele Piantadosi
Silvestro Poccia
Luca Trevisani
Security and Dependability of Computer Systems (A) - Homework 1
EXERCISE 1
Security and Dependability of Computer Systems (A) - Homework 1
The system shown in the figure below is a processing system for a helicopter. The system
has dual-redundant processors and dual-redundant interface units. Two buses are used in
the system, and each bus is also dual-redundant. The interesting part of the system is the
navigation equipment. The aircraft can be completely navigated using the Inertial
Navigation System (INS). If the INS fails, the aircraft can be navigated using the
combination of the Doppler and the altitude heading and reference system (AHRS). The
system contains three AHRS units, of which only one is needed. This is an example of
functional redundancy where the data from the AHRS and the Doppler can be used to
replace the INS, if the INS fails. Because of the other sensors and instrumentation, both
buses are required for the system to function properly regardless of which navigation
mode is being employed.
Security and Dependability of Computer Systems (A) - Homework 1
POINT #1
Draw the Reliability Block Diagram of the system
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION
The replicated elements of the system are shown in the following schema by adding a suffix to
the name of the component. The processors, the buses and the interface units are named as
PROC1/PROC2, BUSA1/BUSA2, BUSB1/BUSB2 and TERM1/TERM2.
The first part of the system is composed of the series of the four parallels of the various
components, because it is necessary that at least one copy of the processor, of the Bus B and of
the terminals must be working.
The second part is the navigation group composed of the INS , that can be replaced by the
combination of DOPP and one of the copies of the AHRS.
Security and Dependability of Computer Systems (A) - Homework 1
POINT #2
Calculate the reliability for one-hour flight using the MTTF figures given in the
table below. Assume that the exponential failure law applies and that the fault
coverage is perfect.
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(1/2)
Using the reliability formulas for series and parallels:
π‘…π‘ π‘’π‘Ÿ =
𝑖 𝑅𝑖 (𝑑)
π‘…π‘π‘Žπ‘Ÿ = 1.0 −
𝑖 (1.0
− 𝑅𝑖 𝑑 )
we calculate the reliability formula of the system as:
𝑅𝑠𝑦𝑠
2 2
2
2
= (1 − (1 − π‘…π΅π‘ˆπ‘† ) ) βˆ™ (1 − 1 − 𝑅𝑃𝑅𝑂𝐢 ) βˆ™ (1 − 1 − 𝑅𝑇𝐸𝑅𝑀 ) βˆ™ (1 − 1 − 𝑅𝐼𝑁𝑆
βˆ™ 𝑅𝐷𝑂𝑃𝑃𝐿𝐸𝑅 βˆ™ 1 − 1 − 𝑅𝐴𝐻𝑅𝑆 3 )
We know that the failure distribution law is:
𝑅 𝑑 = 𝑒 −πœ†π‘‘
with
1
πœ† = 𝑀𝑇𝑇𝐹
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(2/2)
Using the MTTF values from the previous table we calculated with MATLAB the
value of the reliability of the entire system.
Security and Dependability of Computer Systems (A) - Homework 1
POINT #3
Repeat #2, but this time, incorporate a coverage factor for the fault detection and
reconfiguration of the processing units. Using the same failure data, determine
the approximate fault coverage value that is required to obtain a reliability (at the
end of one hour) of 0.99999.
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(1/2)
The coverage factor takes into account the possibility that the detection of the failure
in not perfect or that the reconfiguration process in not correct. The general formula
is:
𝑅𝑀𝑂𝐷 = 𝑅1 + 𝑐 βˆ™ 1 − 𝑅1 βˆ™ 𝑅2
Where c is the probability that, when a failure occurs, it is correctly detected. 𝑅1 and
𝑅2 are the replies we are studying the reliability with a coverage factor not equal to 1.
In our case for the processor we have:
∗
𝑅𝑃𝑅𝑂𝐢
= 𝑅𝑃𝑅𝑂𝐢 + 𝑐 βˆ™ 1 − 𝑅𝑃𝑅𝑂𝐢 βˆ™ 𝑅𝑃𝑅𝑂𝐢
We
want
π‘…π‘†π‘Œπ‘†
to
be
∗
𝑅𝑃𝑅𝑂𝐢 in the equation in #2 with 𝑅𝑃𝑅𝑂𝐢
0.99999
so
we
Security and Dependability of Computer Systems (A) - Homework 1
substitute
SOLUTION(2/2)
We calculated the new values using MATLAB and obtained the following result:
Security and Dependability of Computer Systems (A) - Homework 1
EXERCISE 2
Security and Dependability of Computer Systems (A) - Homework 1
The architecture of a network of computers in a banking system is shown below. The architecture is called a skip-ring
network and is designed to allow processors to communicate even after node failures have occurred. For example, if
node 1 fails, node 6 can bypass the failed node by routing data over the alternative link connecting node 6 and 2.
Assuming the links are perfect and the nodes each have a reliability of π‘…π‘š , derive an expression for the reliability of the
network. If π‘…π‘š obeys the exponential failure law and the failure rate of each node is 0.002 failures per hour, determine
the reliability of the system at the end of a ten-hour period.
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(1/8)
We know that:
• The probability that a node works in (0, T) is π‘…π‘š
• The probability that a node doesn’t work in (0, T) is 1 − π‘…π‘š
For a particular configuration of the system in which the nodes don’t work, the
π‘˜−𝑖 where k is the number of the
probability of such configuration is (1 − π‘…π‘š )𝑖 βˆ™ π‘…π‘š
nodes of the system.
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(2/8)
From the specifications of the system we know that is impossible that two
adjacent nodes fail. So the possible cases in which the system works are the
following:
1. No nodes fail;
2. Only one node fails;
3. Two non-adjacent nodes fail;
4. Three non-adjacent nodes fail.
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(3/8)
Case 1: No nodes fail
The configuration is
6
(1 − π‘…π‘š )0 βˆ™ π‘…π‘š
There is only one possible configurations of this type so the reliability is:
6
1 βˆ™ π‘…π‘š
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(4/8)
Case 2: Only one node fails
The configuration is
5
(1 − π‘…π‘š )1 βˆ™ π‘…π‘š
There are six possible configurations of this type so the reliability is:
5
6 βˆ™ [(1 − π‘…π‘š )1 βˆ™ π‘…π‘š
]
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(5/8)
Case 3: Two non-adjacent nodes fail
The configuration is
4
(1 − π‘…π‘š )2 βˆ™ π‘…π‘š
To discover the number of the possible configurations we have to consider which nodes can fail
when a specific node fails.
• If node 1 fails, nodes 3,4,5 can fail;
• If node 2 fails, nodes 4,5,6 can fail;
• If node 3 fails, nodes 5,6,1 can fail;
• If node 4 fails, nodes 6,1,2 can fail;
• If node 5 fails, nodes 1,2,3 can fail;
• If node 6 fails, nodes 2,3,4 can fail.
Counting the possible combinations for each case and excluding the redundant ones we have
that there are nine possible configurations so:
4
9 βˆ™ [(1 − π‘…π‘š )2 βˆ™ π‘…π‘š
]
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(6/8)
Case 3: Three non-adjacent nodes fail
The configuration is
3
(1 − π‘…π‘š )3 βˆ™ π‘…π‘š
There are two possible configurations of this type so the reliability is:
3
2 βˆ™ [(1 − π‘…π‘š )3 βˆ™ π‘…π‘š
]
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(7/8)
Adding all the reliability equations obtained we have that:
6 +6βˆ™ 1−𝑅
π‘…π‘†π‘Œπ‘† = 1 βˆ™ π‘…π‘š
π‘š
1
5 + 9βˆ™ 1−𝑅
βˆ™ π‘…π‘š
π‘š
2
4 + 2 βˆ™ [(1 − 𝑅 )3 βˆ™ 𝑅 3 ]
βˆ™ π‘…π‘š
π‘š
π‘š
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(8/8)
We know that π‘…π‘š obeys to the exponential law so π‘…π‘š = 𝑒 πœ†π‘‘ .
Putting πœ† = 0,002 and 𝑑 = 10 we have:
Security and Dependability of Computer Systems (A) - Homework 1
EXERCISE 3
Security and Dependability of Computer Systems (A) - Homework 1
Suppose that a simplex (no redundancy) computer system has a failure rate of πœ† and a fault
detection coverage factor of C. The fault detection capability is the result of self-diagnostics
that are run continuously. If the self-diagnostic detects a fault, the time required to repair the
system is 24 hours because the faulty board is identified, obtained overnight, and easily
replaced. If, however the self-diagnostic do not detect the fault, the time required to repair
the system is 72 hours because a repair person must visit the site, determine the problem,
and perform the repair. The disadvantage, however, is that the inclusion of self-diagnostics
results in the failure rate becoming (𝛼 × πœ†). In other words, the failure rate is increased by a
factor of 𝛼 because of a self-diagnostics. Determine the value of 𝛼, for a coverage factor of
0.95, at which including the self-diagnostics begins to degrade the availability of the system.
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION(1/2)
Let’s compare the availability of the system with and without the self-diagnostics procedure
considering a generic πœ†.
π΄π‘›π‘œ−𝑠𝑑 =
𝑀𝑇𝑇𝐹
𝑀𝑇𝑇𝐹 + 𝑀𝑇𝑇𝑅1
where 𝑀𝑇𝑇𝑅1 is the mean time to repair (72h) the system by a human.
𝐴𝑠𝑑
𝑀𝑇𝑇𝐹
=
𝑀𝑇𝑇𝐹 + 𝑀𝑇𝑇𝑅2
where 𝑀𝑇𝑇𝑅2 is the mean time to repair whit the self-diagnostic procedure.
𝑀𝑇𝑇𝑅2 = 24β„Ž βˆ™ 95% + 72β„Ž βˆ™ 5% = 26β„Ž
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION (2/2)
Now we have to calculate the value of 𝛼:
1
πœ†
1
π›Όπœ†
1
1
1
1
1 72
72πœ†
=
⟹ βˆ™
+ 26 =
βˆ™
+ 72 ⟹
+
βŸΉπ›Ό=
1
1
πœ†
π›Όπœ†
π›Όπœ†
πœ†
π›Όπœ†
𝛼
26πœ†
+ 72
+ 26
πœ†
π›Όπœ†
𝛼 = 2,76923
Security and Dependability of Computer Systems (A) - Homework 1
EXERCISE 4
Security and Dependability of Computer Systems (A) - Homework 1
We want to compare two different schemes of increasing reliability of a system using redundancy.
Suppose that the system needs s identical components in series for proper operation. Further
suppose that we are given (π‘š × π‘ ) components. Out of the two schemes shown in the figure
below, which one will provide a higher reliability? Given that the reliability of an individual
component is r, derive the expression for the reliabilities of two configurations. For π‘š = 3 and 𝑠 =
2, compare the two expressions.
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION (1/3)
In the first configuration (A) we have m parallels of s components placed in series.
Instead in the second configuration (B) we have s series of m components placed in
parallel.
The reliability formula for the series is:
𝑛
π‘…π‘ π‘’π‘Ÿπ‘–π‘’π‘  =
𝑅(𝑑)𝑖
𝑖=1
And the formula for the parallel is
𝑛
π‘…π‘π‘Žπ‘Ÿ = 1 −
(1 − 𝑅(𝑑)𝑖 )
𝑖=1
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION (2/3)
We obtain the following expression:
π‘š
𝑅𝐴 = 1 −
𝑠
𝑖=1
𝑠
𝑅𝐡 =
π‘Ÿ = 1 − (1 − π‘Ÿ 𝑠 )π‘š
1−
π‘˜=1
π‘š
(1 −
𝑖=1
(1 − π‘Ÿ)) = (1 − 1 − π‘Ÿ
π‘š )𝑠
π‘˜=1
Placing m = 3 and s = 2 we obtain:
𝑅𝐴 = π‘Ÿ 6 − 3π‘Ÿ 4 + 3π‘Ÿ 2
𝑅𝐡 = π‘Ÿ 6 − 6π‘Ÿ 5 + 15π‘Ÿ 4 − 18π‘Ÿ 3 + 9π‘Ÿ 2
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION (3/3)
As we can see from the graph the reliability of the B configuration is greater than the
reliability of the A one.
Security and Dependability of Computer Systems (A) - Homework 1
EXERCISE 5
Security and Dependability of Computer Systems (A) - Homework 1
An application requires that at least two processors from a multiprocessor system be
available with more than 95% probability. The cost of a processor with 60% reliability is
$1000, and each 10% increase in reliability will cost $800. Determine the number of
processors (n) and the reliability (p) of each processor (assume that all processors have the
same reliability) that minimize the total system cost.
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION (1/3)
Let’s start from the expression of m out of n processor are working:
𝑛−π‘š
𝑃=
𝑖=0
𝑛 𝑛−𝑖
( )𝑝 (1 − 𝑝)𝑖
𝑖
And change it to the case in which at least two processors are working
𝑛−2
𝑃=
𝑖=0
𝑛
( )𝑝𝑛−𝑖 (1 − 𝑝)𝑖
𝑖
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION (2/3)
In our case the probability p is the reliability, that is the probability that no faults occur in
(0,t). Instead n is the number of processors chosen for the particular configuration.
In the following table we reported the various combinations of processors associated with
the cost and the reliability. We assumed the same reliability for each combination of
processors. We stopped once obtained a reliability of at least 0,95.
After we have calculated the reliabilities we have compared the cost of the various
configurations and we have chosen the lowest cost.
Security and Dependability of Computer Systems (A) - Homework 1
SOLUTION (3/3)
As we can see (highlighted in green) the configuration that reaches a reliability of at least 95% with
the minimum cost is the one with 6 processors each with an incremental reliability of 60%
Security and Dependability of Computer Systems (A) - Homework 1
Download