Software Diversity as a Measure for Reducing Development Risk

Despite the widespread adoption of software diversity in some industries, there is still controversy about its benefits for reliability, safety or security. We take the prospective of diversity as a risk reduction strategy, in face of the uncertainty about the dependability levels delivered by software development. We specifically consider the problem faced at the start of a project, when the assessment of potential benefits, however uncertain, must determine the decision whether to adopt diversity. Using probabilistic modelling, we discuss how different application areas require different measures of the effectiveness of diversity for reducing risk. Extreme values of achieved reliability, and especially, in some applications, the likelihood of delivering "effectively fault-free" programs, may be the dominant factor in this effect. Therefore, we cast our analysis in terms of the whole distribution of achieved probabilities of failure per demand, rather than averages, as usually done in past research. This analysis highlights possible and indeed frequent errors in generalizations from experiments, and identifies risk reduction effects that can be proved to derive from independent developments of diverse software versions. Last, we demonstrate that, despite the difficulty of predicting the actual advantages of specific practices for achieving diversity, the practice of "forcing" diversity by explicitly mandating diverse designs, development processes, etc., for different versions, rather than just ensuring separate development, is robust, in terms of worst-case effects, in the face of uncertainty about the reliability that the different methods will achieve in a specific project, a result with direct applicability to practice.

[1]  Lorenzo Strigini,et al.  Assessing the risk due to software faults: estimates of failure rate versus evidence of perfection , 1998 .

[2]  Shuhei Yamashita,et al.  Introduction of ISO 26262 'Road vehicles-Functional safety' , 2012 .

[3]  Alysson Neves Bessani,et al.  OS diversity for intrusion tolerance: Myth or reality? , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[4]  Bev Littlewood,et al.  A discussion of practices for enhancing diversity in software designs , 2000 .

[5]  Lorenzo Strigini,et al.  The reliability of diverse systems: a contribution using modelling of the fault creation process , 2001, 2001 International Conference on Dependable Systems and Networks.

[6]  David Wright,et al.  Bounds on survival probability given mean probability of failure per demand; and the paradoxical advantages of uncertainty , 2014, Reliab. Eng. Syst. Saf..

[7]  William E. Howden,et al.  Software trustability analysis , 1995, TSEM.

[8]  Bev Littlewood,et al.  Validation of ultrahigh dependability for software-based systems , 1993, CACM.

[9]  Lorenzo Strigini,et al.  Choosing Effective Methods for Design Diversity - How to Progress from Intuition to Science , 1999, SAFECOMP.

[10]  Peter G. Bishop Software Fault Tolerance by Design Diversity , 1995 .

[11]  Lorenzo Strigini,et al.  Fault Tolerance via Diversity for Off-the-Shelf Products: A Study with SQL Database Servers , 2007, IEEE Transactions on Dependable and Secure Computing.

[12]  Gavin Mooney,et al.  Air vehicle Software Static Code Analysis Lessons Learnt , 2001 .

[13]  David Wright,et al.  Confidence: Its Role in Dependability Cases for Risk Assessment , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[14]  D. Niedermeier,et al.  FLY-BY-WIRE AUGMENTED MANUAL CONTROL-BASIC DESIGN CONSIDERATIONS , 2012 .

[15]  Nancy G. Leveson,et al.  An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.

[16]  Lorenzo Strigini,et al.  An Empirical Study of the Effectiveness of "Forcing" Diversity Based on a Large Population of Diverse Programs , 2012, 2012 IEEE 23rd International Symposium on Software Reliability Engineering.

[17]  Bev Littlewood,et al.  "Validation of ultra-high dependability…" – 20 years on , 2011 .

[18]  David Eugene Holcomb,et al.  Diversity Strategies for Nuclear Power Plant Instrumentation and Control Systems , 2010 .

[19]  Lorenzo Strigini,et al.  Assessing the Risk due to Software Faults: Estimates of Failure Rate versus Evidence of Perfection , 1998, Softw. Test. Verification Reliab..

[20]  Peter Bishop Does Software Have to Be Ultra Reliable in Safety Critical Systems? , 2013, SAFECOMP.

[21]  Jeffrey M. Voas,et al.  Faults on its sleeve: amplifying software reliability testing , 1993, ISSTA '93.

[22]  Bev Littlewood,et al.  Reasoning about the Reliability of Diverse Two-Channel Systems in Which One Channel Is "Possibly Perfect" , 2012, IEEE Transactions on Software Engineering.

[23]  Bev Littlewood,et al.  Modeling Software Design Diversit y-AR eview , 2001 .

[24]  Lorenzo Strigini,et al.  Software Fault-Freeness and Reliability Predictions , 2013, SAFECOMP.

[25]  Bev Littlewood,et al.  Conceptual Modeling of Coincident Failures in Multiversion Software , 1989, IEEE Trans. Software Eng..

[26]  Lorenzo Strigini,et al.  When Does "Diversity"' in Development Reduce Common Failures? Insights from Probabilistic Modeling , 2014, IEEE Transactions on Dependable and Secure Computing.

[27]  L. Yount Architectural solutions to safety problems of digital flight Critical systems for commercial transports , 1984 .

[28]  Bev Littlewood,et al.  N-version design Versus one Good Version , 2000 .

[29]  Bev Littlewood,et al.  Conservative Bounds for the pfd of a 1-out-of-2 Software-Based System Based on an Assessor's Subjective Probability of "Not Worse Than Independence" , 2013, IEEE Transactions on Software Engineering.

[30]  Dave E. Eckhardt,et al.  A Theoretical Basis for the Analysis of Multiversion Software Subject to Coincident Errors , 1985, IEEE Transactions on Software Engineering.

[31]  Bev Littlewood,et al.  Assessing the reliability of diverse fault-tolerant software-based systems , 2002 .