An Empirical Study of the Effectiveness of "Forcing" Diversity Based on a Large Population of Diverse Programs

Use of diverse software components is a viable defence against common-mode failures in redundant software-based systems. Various forms of """"Diversity-Seeking Decisions"""" ("DSDs") can be applied to the process of developing, or procuring, redundant components, to improve the chances of the resulting components not failing on the same demands. An open question is how effective these decisions, and their combinations, are for achieving large enough reliability gains. Using a large population of software programs, we studied experimentally the effectiveness of specific """"DSDs"""" (and their combinations) mandating differences between redundant components. Some of these combinations produced much better improvements in system probability of failure per demand (PFD) than """"uncontrolled"""" diversity did. Yet, our findings suggest that the gains from such """"DSDs"""" vary significantly between them and between the application problems studied. The relationship between DSDs and system PFD is complex and does not allow for simple universal rules (e.g. """"the more diversity the better"""") to apply.

[1]  Bev Littlewood,et al.  Conceptual Modeling of Coincident Failures in Multiversion Software , 1989, IEEE Trans. Software Eng..

[2]  Lorenzo Strigini,et al.  Choosing Effective Methods for Design Diversity - How to Progress from Intuition to Science , 1999, SAFECOMP.

[3]  Meine van der Meulen,et al.  The Effectiveness of Choice of Programming Language as a Diversity Seeking Decision , 2005, EDCC.

[4]  Meine Jochum Peter van der Meulen The Effectiveness of Software Diversity , 2008 .

[5]  Peter G. Bishop,et al.  PODS — A project on diverse software , 1986, IEEE Transactions on Software Engineering.

[6]  Michael R. Lyu,et al.  An experimental evaluation on reliability features of N-version programming , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[7]  Anas N. Al-Rabadi,et al.  A comparison of modified reconstructability analysis and Ashenhurst‐Curtis decomposition of Boolean functions , 2004 .

[8]  David Eugene Holcomb,et al.  Diversity Strategies for Nuclear Power Plant Instrumentation and Control Systems , 2010 .

[9]  Michael R. Lyu,et al.  Improving the N-version programming process through the evolution of a design paradigm , 1993 .

[10]  Dave E. Eckhardt,et al.  A Theoretical Basis for the Analysis of Multiversion Software Subject to Coincident Errors , 1985, IEEE Transactions on Software Engineering.

[11]  Robert H. Deng,et al.  The effectiveness of software diversity , 2008 .

[12]  Francesca Saglietti A Classification of Software Diversity Degrees Induced by an Analysis of Fault Types to be Tolerated , 1991, Fault-Tolerant Computing Systems.

[13]  Algirdas Avizienis,et al.  Software Fault Tolerance , 1989, IFIP Congress.

[14]  Steven Skiena,et al.  Programming Challenges , 2003, Texts in Computer Science.

[15]  Bev Littlewood,et al.  A discussion of practices for enhancing diversity in software designs , 2000 .

[16]  David F. McAllister,et al.  An Experimental Evaluation of Software Redundancy as a Strategy For Improving Reliability , 1991, IEEE Trans. Software Eng..

[17]  Maurice H. Halstead,et al.  Elements of software science , 1977 .

[18]  Meine van der Meulen,et al.  The Effectiveness of Software Diversity in a Large Population of Programs , 2008, IEEE Transactions on Software Engineering.

[19]  Maurice H. Halstead,et al.  Elements of software science (Operating and programming systems series) , 1977 .

[20]  Nancy G. Leveson,et al.  An experimental evaluation of the assumption of independence in multiversion programming , 1986, IEEE Transactions on Software Engineering.

[21]  Heinz Kantz,et al.  The ELEKTRA railway signalling system: field experience with an actively replicated system with diversity , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing. Digest of Papers.