Challenging the Mean Time to Failure: Measuring Dependability as a Mean Failure Cost

As a measure of system reliability, the mean time to failure falls short on many fronts: it ignores the variance in stakes among stakeholders; it fails to recognize the structure of complex specifications as the aggregate of overlapping requirements; it fails to recognize that different components of the specification carry different stakes, even for the same stakeholder; it fails to recognize that V and V actions have different impacts with respect to the different components of the specification. Similar metrics of security, such as MTTD (Mean Time to Detection) and MTTE (Mean Time to Exploitation) suffer from the same shortcomings. In this paper we advocate a measure of dependability that acknowledges the aggregate structure of complex system specifications, and takes into account variations by stakeholder, by specification components, and by V and V impact.

[1]  Eric C. R. Hehner A Practical Theory of Programming , 1993, Texts and Monographs in Computer Science.

[2]  Barry W. Boehm,et al.  Value-Based Software Engineering: A Case Study , 2003, Computer.

[3]  Carroll Morgan,et al.  Programming from specifications , 1990, Prentice Hall International Series in computer science.

[4]  Lamia Labed Jilani,et al.  Modeling security as a dependability attribute: a refinement-based approach , 2006, Innovations in Systems and Software Engineering.

[5]  Carroll Morgan,et al.  Data Refinement of Predicate Transformers , 1991, Theor. Comput. Sci..

[6]  Ali Mili,et al.  On the lattice of specifications: Applications to a specification methodology , 2005, Formal Aspects of Computing.

[7]  Barry W. Boehm,et al.  Value-based software engineering: reinventing , 2003, SOEN.

[8]  William H. Sanders,et al.  Model-based validation of an intrusion-tolerant information system , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[9]  Barry Boehm,et al.  Value-Based Software Engineering: Reinventing "Earned Value" Monitoring and Control , 2003 .

[10]  David Gries,et al.  The Science of Programming , 1981, Text and Monographs in Computer Science.