SURVEY OF EXISTING DEPENDABILITY MODELS (This is a preliminary survey and characterization of
published dependability models conducted by Fraunhofer Center - MD)
RELIABILITY MODELS
Reliability growth models
These models derive reliability predictions from failure data (and failure trends). They capture failure behavior during testing and extrapolate it to behavior during operation. An example of models in this class is the Musa model [Musa 1998]. Drawbacks of these models are that they have assumptions that might not be true, such as all failures are similar, or all failure occurrences are independent. characterization
Input Domain Models
These models derive correctness probability estimate from test cases that execute properly. They use properties of the software input domain. An example is the Nelson model [Nelson 1978]. Their drawbacks are: § Need very large number of test cases § Assume that the input domain can be thoroughly identified and classified into equivalence classes characterization
Structural/Architectural Models
These models derive reliability estimates by combining estimates from different modules (components) of the software. Their emphasis is on the architecture/structure of the software. They are widely used in fault tolerant systems. Examples of models in this class are given in [Dugan 1995] and [Scott 1987]. The main drawback of these models is that they assume that the failure rate of sub-systems is available but in fact how to estimate it is not known. characterization
Early Prediction Models
These models use characteristics of the software and the software development process throughout the development cycle and extrapolate to operational behavior. Examples of models in this class can be found in [Gaffney 1988], [Rome 1992]. Their major drawback is that they derive the failure rate from defect density. characterization
SECURITY MODELS
Security Process Model (SSE-CMM)
Systems Security Engineering Capability Maturity Model (SSE-CMM) describes characteristics of security engineering process that needs to be in place. It does not describe a particular process or sequence but provides indirect measure of system security. [Hefner et. al 2000] characterization
Bayesian Forecasting Model
Buchanan et al. (2001) propose an agent-based novel application of Bayesian forecasting technique to predict user actions. When invalid behavior occurs several actions can be taken. characterization
Bayesian Belief Networks (BBN) Safety Assessment Model is developed by SERENE project under the ESPRIT Framework IV (Fenton et. al 1996-1998). The model proposes formalism to a decision problem where several data sources are utilized in evaluating the safety. BBNs are also known as belief networks, causal probabilistic networks, causal nets, graphical probability networks, probabilistic cause-effect models, and probabilistic influence diagrams. characterization
ROBUSTNESS MODELS
Robustness Models - Ballista Project
The Ballista Project developed a methodology for testing robustness. Ballista provides a way to directly measure software robustness without requiring source code or behavioral specifications. As a result, product developers can use robustness metrics to compare off-the-shelf software components, and component developers can measure their effectiveness at exception handling. characterization
