SECURITY AND DEPENDABILITY OF COMPUTER SYSTEMS PART A HOMEWORK 1 STUDENTS • • • • Luca Genovese Gabriele Piantadosi Silvestro Poccia Luca Trevisani Security and Dependability of Computer Systems (A) - Homework 1 EXERCISE 1 Security and Dependability of Computer Systems (A) - Homework 1 The system shown in the figure below is a processing system for a helicopter. The system has dual-redundant processors and dual-redundant interface units. Two buses are used in the system, and each bus is also dual-redundant. The interesting part of the system is the navigation equipment. The aircraft can be completely navigated using the Inertial Navigation System (INS). If the INS fails, the aircraft can be navigated using the combination of the Doppler and the altitude heading and reference system (AHRS). The system contains three AHRS units, of which only one is needed. This is an example of functional redundancy where the data from the AHRS and the Doppler can be used to replace the INS, if the INS fails. Because of the other sensors and instrumentation, both buses are required for the system to function properly regardless of which navigation mode is being employed. Security and Dependability of Computer Systems (A) - Homework 1 POINT #1 Draw the Reliability Block Diagram of the system Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION The replicated elements of the system are shown in the following schema by adding a suffix to the name of the component. The processors, the buses and the interface units are named as PROC1/PROC2, BUSA1/BUSA2, BUSB1/BUSB2 and TERM1/TERM2. The first part of the system is composed of the series of the four parallels of the various components, because it is necessary that at least one copy of the processor, of the Bus B and of the terminals must be working. The second part is the navigation group composed of the INS , that can be replaced by the combination of DOPP and one of the copies of the AHRS. Security and Dependability of Computer Systems (A) - Homework 1 POINT #2 Calculate the reliability for one-hour flight using the MTTF figures given in the table below. Assume that the exponential failure law applies and that the fault coverage is perfect. Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(1/2) Using the reliability formulas for series and parallels: π π ππ = π π π (π‘) π πππ = 1.0 − π (1.0 − π π π‘ ) we calculate the reliability formula of the system as: π π π¦π 2 2 2 2 = (1 − (1 − π π΅ππ ) ) β (1 − 1 − π ππ ππΆ ) β (1 − 1 − π ππΈπ π ) β (1 − 1 − π πΌππ β π π·ππππΏπΈπ β 1 − 1 − π π΄π»π π 3 ) We know that the failure distribution law is: π π‘ = π −ππ‘ with 1 π = ππππΉ Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(2/2) Using the MTTF values from the previous table we calculated with MATLAB the value of the reliability of the entire system. Security and Dependability of Computer Systems (A) - Homework 1 POINT #3 Repeat #2, but this time, incorporate a coverage factor for the fault detection and reconfiguration of the processing units. Using the same failure data, determine the approximate fault coverage value that is required to obtain a reliability (at the end of one hour) of 0.99999. Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(1/2) The coverage factor takes into account the possibility that the detection of the failure in not perfect or that the reconfiguration process in not correct. The general formula is: π πππ· = π 1 + π β 1 − π 1 β π 2 Where c is the probability that, when a failure occurs, it is correctly detected. π 1 and π 2 are the replies we are studying the reliability with a coverage factor not equal to 1. In our case for the processor we have: ∗ π ππ ππΆ = π ππ ππΆ + π β 1 − π ππ ππΆ β π ππ ππΆ We want π πππ to be ∗ π ππ ππΆ in the equation in #2 with π ππ ππΆ 0.99999 so we Security and Dependability of Computer Systems (A) - Homework 1 substitute SOLUTION(2/2) We calculated the new values using MATLAB and obtained the following result: Security and Dependability of Computer Systems (A) - Homework 1 EXERCISE 2 Security and Dependability of Computer Systems (A) - Homework 1 The architecture of a network of computers in a banking system is shown below. The architecture is called a skip-ring network and is designed to allow processors to communicate even after node failures have occurred. For example, if node 1 fails, node 6 can bypass the failed node by routing data over the alternative link connecting node 6 and 2. Assuming the links are perfect and the nodes each have a reliability of π π , derive an expression for the reliability of the network. If π π obeys the exponential failure law and the failure rate of each node is 0.002 failures per hour, determine the reliability of the system at the end of a ten-hour period. Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(1/8) We know that: • The probability that a node works in (0, T) is π π • The probability that a node doesn’t work in (0, T) is 1 − π π For a particular configuration of the system in which the nodes don’t work, the π−π where k is the number of the probability of such configuration is (1 − π π )π β π π nodes of the system. Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(2/8) From the specifications of the system we know that is impossible that two adjacent nodes fail. So the possible cases in which the system works are the following: 1. No nodes fail; 2. Only one node fails; 3. Two non-adjacent nodes fail; 4. Three non-adjacent nodes fail. Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(3/8) Case 1: No nodes fail The configuration is 6 (1 − π π )0 β π π There is only one possible configurations of this type so the reliability is: 6 1 β π π Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(4/8) Case 2: Only one node fails The configuration is 5 (1 − π π )1 β π π There are six possible configurations of this type so the reliability is: 5 6 β [(1 − π π )1 β π π ] Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(5/8) Case 3: Two non-adjacent nodes fail The configuration is 4 (1 − π π )2 β π π To discover the number of the possible configurations we have to consider which nodes can fail when a specific node fails. • If node 1 fails, nodes 3,4,5 can fail; • If node 2 fails, nodes 4,5,6 can fail; • If node 3 fails, nodes 5,6,1 can fail; • If node 4 fails, nodes 6,1,2 can fail; • If node 5 fails, nodes 1,2,3 can fail; • If node 6 fails, nodes 2,3,4 can fail. Counting the possible combinations for each case and excluding the redundant ones we have that there are nine possible configurations so: 4 9 β [(1 − π π )2 β π π ] Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(6/8) Case 3: Three non-adjacent nodes fail The configuration is 3 (1 − π π )3 β π π There are two possible configurations of this type so the reliability is: 3 2 β [(1 − π π )3 β π π ] Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(7/8) Adding all the reliability equations obtained we have that: 6 +6β 1−π π πππ = 1 β π π π 1 5 + 9β 1−π β π π π 2 4 + 2 β [(1 − π )3 β π 3 ] β π π π π Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(8/8) We know that π π obeys to the exponential law so π π = π ππ‘ . Putting π = 0,002 and π‘ = 10 we have: Security and Dependability of Computer Systems (A) - Homework 1 EXERCISE 3 Security and Dependability of Computer Systems (A) - Homework 1 Suppose that a simplex (no redundancy) computer system has a failure rate of π and a fault detection coverage factor of C. The fault detection capability is the result of self-diagnostics that are run continuously. If the self-diagnostic detects a fault, the time required to repair the system is 24 hours because the faulty board is identified, obtained overnight, and easily replaced. If, however the self-diagnostic do not detect the fault, the time required to repair the system is 72 hours because a repair person must visit the site, determine the problem, and perform the repair. The disadvantage, however, is that the inclusion of self-diagnostics results in the failure rate becoming (πΌ × π). In other words, the failure rate is increased by a factor of πΌ because of a self-diagnostics. Determine the value of πΌ, for a coverage factor of 0.95, at which including the self-diagnostics begins to degrade the availability of the system. Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION(1/2) Let’s compare the availability of the system with and without the self-diagnostics procedure considering a generic π. π΄ππ−π π = ππππΉ ππππΉ + ππππ 1 where ππππ 1 is the mean time to repair (72h) the system by a human. π΄π π ππππΉ = ππππΉ + ππππ 2 where ππππ 2 is the mean time to repair whit the self-diagnostic procedure. ππππ 2 = 24β β 95% + 72β β 5% = 26β Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION (2/2) Now we have to calculate the value of πΌ: 1 π 1 πΌπ 1 1 1 1 1 72 72π = βΉ β + 26 = β + 72 βΉ + βΉπΌ= 1 1 π πΌπ πΌπ π πΌπ πΌ 26π + 72 + 26 π πΌπ πΌ = 2,76923 Security and Dependability of Computer Systems (A) - Homework 1 EXERCISE 4 Security and Dependability of Computer Systems (A) - Homework 1 We want to compare two different schemes of increasing reliability of a system using redundancy. Suppose that the system needs s identical components in series for proper operation. Further suppose that we are given (π × π ) components. Out of the two schemes shown in the figure below, which one will provide a higher reliability? Given that the reliability of an individual component is r, derive the expression for the reliabilities of two configurations. For π = 3 and π = 2, compare the two expressions. Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION (1/3) In the first configuration (A) we have m parallels of s components placed in series. Instead in the second configuration (B) we have s series of m components placed in parallel. The reliability formula for the series is: π π π πππππ = π (π‘)π π=1 And the formula for the parallel is π π πππ = 1 − (1 − π (π‘)π ) π=1 Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION (2/3) We obtain the following expression: π π π΄ = 1 − π π=1 π π π΅ = π = 1 − (1 − π π )π 1− π=1 π (1 − π=1 (1 − π)) = (1 − 1 − π π )π π=1 Placing m = 3 and s = 2 we obtain: π π΄ = π 6 − 3π 4 + 3π 2 π π΅ = π 6 − 6π 5 + 15π 4 − 18π 3 + 9π 2 Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION (3/3) As we can see from the graph the reliability of the B configuration is greater than the reliability of the A one. Security and Dependability of Computer Systems (A) - Homework 1 EXERCISE 5 Security and Dependability of Computer Systems (A) - Homework 1 An application requires that at least two processors from a multiprocessor system be available with more than 95% probability. The cost of a processor with 60% reliability is $1000, and each 10% increase in reliability will cost $800. Determine the number of processors (n) and the reliability (p) of each processor (assume that all processors have the same reliability) that minimize the total system cost. Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION (1/3) Let’s start from the expression of m out of n processor are working: π−π π= π=0 π π−π ( )π (1 − π)π π And change it to the case in which at least two processors are working π−2 π= π=0 π ( )ππ−π (1 − π)π π Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION (2/3) In our case the probability p is the reliability, that is the probability that no faults occur in (0,t). Instead n is the number of processors chosen for the particular configuration. In the following table we reported the various combinations of processors associated with the cost and the reliability. We assumed the same reliability for each combination of processors. We stopped once obtained a reliability of at least 0,95. After we have calculated the reliabilities we have compared the cost of the various configurations and we have chosen the lowest cost. Security and Dependability of Computer Systems (A) - Homework 1 SOLUTION (3/3) As we can see (highlighted in green) the configuration that reaches a reliability of at least 95% with the minimum cost is the one with 6 processors each with an incremental reliability of 60% Security and Dependability of Computer Systems (A) - Homework 1