FREE ELECTRONIC LIBRARY - Dissertations, online materials

Pages:     | 1 |   ...   | 3 | 4 || 6 | 7 |   ...   | 27 |

«Software Fault Reporting Processes in Business-Critical Systems Jon Arvid Børretzen Doctoral Thesis Submitted for the partial fulfilment of the ...»

-- [ Page 5 ] --

Safety-critical: A safety-critical system could be a computer, electronic or electromechanical system where a hazardous event may cause injury or even death to human beings, or physical harm to other objects that interact with the system. Examples are aircraft control systems and nuclear power-station control systems, where an accident in most cases will lead to economic losses as well as injury and other physical damage. Common tools to design safety-critical systems are redundancy and formal methods, and a spectrum of specialized technologies exist for safety-critical systems (Hazop, Fault-tree analysis etc). The IEC 61508 standard is intended to be a basic functional safety standard applicable to all kinds of industry, and is also used to define the safety standards of some safety-critical systems [IEC 61508].

Mission-critical: The term mission-critical system reflects military usage and is used to describe activities, processing etc., that are deemed vital to the organization's business success and, possibly, its very existence. Some major software systems are described as mission-critical if such a system, product or service experiences a failure or is otherwise unavailable to the organization, it will have a significant negative impact upon the organization. Such systems typically include support for accounts/billing, customer balances, computer-controlled machinery and production lines, just-in-time ordering, and delivery scheduling. Examples of related technologies are Enterprise Resource Planning tools, such as SAP [SAP].

Performance-critical: The SEI defines performance-criticality as the ability of software-intensive systems to perform successfully under adverse circumstances, e.g., under heavy or unexpected load or in the presence of subsystem failures. One trivial example of this is the performance of the SMS telecom services during New Years Eve.

Some services like this can have critical functions, and yet, the behaviour of systems under such circumstances is often less than acceptable [SEI].

Business-critical: The difference between a business-critical and a regular commercial software system is really defined by the business. There is no established general definition telling us which software applications are critical to an operation. In a retail business, a Customer Relationship Management (CRM) system may be the most important. On the other hand, it may be the manufacturing or supplier management software that is the most important. We need to consider the impact of relevant services from software on the business operations, and determine how much value each brings to the business and the impacts of such software parts being unavailable. The impact can be lost revenue, corrupted data or lost user time, as well as indirect and more elusive losses in customer reputation, goodwill, slipped deadlines, and increased levels of stress among employees and customers.

Non-critical: Although important enough, some types of software will simply not be classified as critical. Word processors, spreadsheets and graphical design software are examples of such software. Of course it is expected that such tools are reasonably faultfree and stable, but should they fail, the damage will usually be limited, typically a person-day of effort in the worst case scenario.

Figure 2-5 shows the relationship between business-criticality and the other types of criticality defined here. As we see, safety-, performance-, and mission-critical systems can also be business-critical, but a business-critical system need not be one of the others. Table 2-1 illustrate the overlap between the different categories.

Figure 2-5 Relationship of business-critical and other types of criticality

Table 2-1 Examples of different systems’ criticality Criticality Example category Safety-critical Nuclear reactor control system.

Performance-critical Electronic toll collection in traffic, must process and transfer information quickly enough to keep up with traffic.

Mission-critical Software handling financial transactions between banks.

Functional and non-functional aspects of such applications are considered.

Business-critical Software handling financial transactions between banks. As mission-critical, but wider consequences are also considered.

Non-critical Computer games, word processor application.

2.7 Techniques and methods used to develop safety-criticalsystems

There are a number of methods and techniques that are commonly employed when making safety-critical systems. Some of them will be presented here and related to business-critical computing. According to [Leveson95] and [Rausand91], the most

common ones are the following:

o PHA (Preliminary Hazard analysis): Preliminary Hazard Analysis (PHA) is used in the early project life cycle stages to identify critical system functions and broad system hazards, so as to enable hazard elimination, reduction or control further on in the project. The identified hazards are assessed and prioritized, and safety design criteria and requirements are identified. A PHA is started early in the concept exploration phase so that safety considerations are included in tradeoff studies and design alternatives. This process is iterative, with the PHA being updated as more information about the design is obtained and as changes are being made. The results serve as a baseline for later analysis and are used in developing system safety requirements and in the preparation of performance and design specifications. Since PHA starts at the concept formation stage of a project, little detail is available, and the assessments of hazard and risk levels are therefore qualitative. A PHA should be performed by a small group with good knowledge about the system specifications.

o HAZOP (Hazard and Operability Analysis): This is a method to identify possible safety-related or operational problems that can occur during the use and maintenance of a system. Both Preliminary Hazard Analysis and Hazard and Operability Analysis (HAZOP) are performed to identify hazards and potential problems that the stakeholders see at the conceptual stage, and that could be created by system usage. A HAZOP study is a systematic analysis of how deviations from the intended design specifications in a system can arise, and whether these deviations can result in hazards. Both analysis methods build on information that is available at an early stage of the project. This information can be used to reduce the severity or build safeguards against the effects of the identified hazards. HAZOP is a creative team method, using a set of guidewords to trigger creative thinking among the stakeholders and the cross-functional team in RUP. The guidewords are applied to all parts and aspects of the system concept plan and early design documents, to find and eliminate possible deviations from design intentions. An example of a guideword is MORE. This will mean an increase of some quantity in the system. For example, by using the “MORE” guideword on “a customer client application”, you would have “MORE customer client applications”, which could spark ideas like “How will the system react if the servers get swamped with customer client requests?” and “How will we deal with many different client application versions making requests to the servers?” A HAZOP study is conducted by a team consisting of four to eight persons with a detailed knowledge of the system to be analysed. The main difference between HazOp and PHA is that PHA is a lighter method that needs less effort and available information than the HAZOP method. Since HAZOP is a more thorough and systematic analysis method, the results will be more specific. If there is enough information available for a HAZOP study, and the development team can spare the effort, a HAZOP study will most likely produce more precise and suitable results for a safety requirement specification.

o FMEA (Failure Modes and Effects Analysis): The method of Failure Modes and Effects Analysis, alternatively the variant Failure Modes, Effects and Criticality Analysis (FMECA), is used to study the potential effects of fault occurrences in a system. Failure Modes and Effects Analysis is a method for analyzing potential reliability problems early in the development cycle. Here, it is easier to overcome such issues, thereby enhancing the reliability through design. FMEA is used to identify potential failure modes, determine their effect on the operation of the system, and identify actions to mitigate such failures. A crucial step is anticipating what might go wrong with a product. While anticipating every failure mode is not possible, the development team should formulate a extensive list of potential failure modes. Early and consistent use of FMEAs in the design process can help the engineer to design out failures and produce more reliable and safe products. FMEAs can also be used to capture historical information for use in future product improvement.

o FTA (Fault Tree Analysis): A Fault Tree Analysis diagram is a logical diagram which illustrates the connection between an unwanted event and the causes of this event. The causes can include environment factors, human error, strange combinations of “innocent” events, normal events and outright component failures.

The two main results are: 1) The fault tree diagram which shows the logical structure of failure effects. 2) The cut-sets, which show the sets of events which can cause the top event – system failure. If we can assign probability values or failure rates to each basic event, we can also get quantitative predictions for Mean Time To Failure (MTTF) and failure rate for the system.

o ETA (Event-tree analysis): An event-tree is a graphical representation of a sequence of related events. Each branching point in the tree is a point in time where we can get one of two or more possible consequences. The event-tree can be described with or without branching probabilities. In economical analyses it is customary to assign a benefit or cost to each possible alternative – or branch. An event tree can help our understanding and documentation of one or more sequences of events in a system or part of a system. Areas where we can use event-trees are: 1) Study of error propagation through a complete system – people, operational

procedures, hardware, and software. 2) Build usage scenarios to enhance HazOp:

“what could happen if…?” o CCA (Cause-Consequence Analysis): Cause-consequence analysis (CCA) is a two-part system safety analytical technique that combines Fault Tree Analysis and Event Tree Analysis. Fault Tree Analysis considers the “causes” and Event Tree Analysis considers the “consequences”, and hence both deductive and inductive analysis is used. The purpose of CCA is to identify chains of events that can result in unwanted consequences. With the probabilities of the various events in a CCA diagram, the probabilities of the various consequences can be calculated, thus establishing the risk level of the system. A CCA starts with a critical event and determines the causes of the event (using top-down or backward search) and the consequences it might create (using forward search). The cause-consequence diagram can show both temporal dependencies and causal relationships among events. The notation builds on the FTA and ETA notations, and extends these with timing, condition and decision alternatives. The result is a diagram (along with elaborated documentation), showing both a logical structure of the cause of a critical event and a graphical representation of the effect the critical event can have on the system. CCA enables probability assessments of success/failure outcomes at staged increments of system examination. Also, the CCA method helps in creating a link between the FTA and ETA methods. CCA shows the sequence of events explicitly, which makes CCA diagrams especially useful in studying start-up, shutdown and other sequential control issues. Other advantages are that multiple outcomes are analyzed from each critical event, and different levels of success/failure are distinguishable, as CCA may be used for quantitative assessment.

In addition to these techniques, we included the Safety Case method tool for use alongside the other safety criticality analysis methods. The purpose is to keep track of the requirements and information acquired when using safety criticality analysis methods. Usage of the Safety Case method is also presented in paper P1.

o Safety Case: The Safety Case method seeks to minimise safety risks and commercial risks by constructing a demonstrable safety case. Bishop and Bloomfield [Adelard98, Bishop98] define a safety case as: “A documented body of evidence that provides a convincing and valid argument that a system is adequately safe for a given application in a given environment”. The safety case method is a vehicle for managing safety claims, containing a reasoned argument that a system is or will be safe. It is manifested as a collection of data, metadata and logical arguments. The Safety Case documents will answer questions like “How will we argue that this system can be trusted/ is safe?” The Safety Case shows how safety requirements are decomposed and addressed, and will provide an appropriate answer to the above questions. The layered structure of the Safety Case allows lifetime evolution and helps to establish the safety requirements at different detail levels.

Table 2-2 shows a comparison of the safety criticality analysis methods we have considered. The properties shown are relevant when choosing between such analysis techniques. The costs involved are described for each method by the properties “Formalization” and “Effort needed”. Other properties are the requirements for available system information, which can range from a sketchy system description to a full system description including all technical documentation and code. The process stage is also important, as it tell us where in the development cycle the technique is best suited.

–  –  –

2.8 Empirical Software Engineering Empirical Software engineering is not software development per se, but a branch of software engineering research and practice which emphasizes empirical studies to investigate processes, methods, techniques and technology.

Pages:     | 1 |   ...   | 3 | 4 || 6 | 7 |   ...   | 27 |

Similar works:

«A Mature Approach: Using a Unilateral or Voluntary Extension of Maturities to Restructure Italian Debt Recommendations by: Andrew Edelen Paige Gentry Jessalee Landfried Theresa Monteleone May 9, 2012 INTRODUCTION Italy’s sovereign debt problem is primarily a liquidity problem. In late 2011, interest rates on ten-year Italian bonds soared, peaking at above 7 percent. With a debt-to-GDP ratio over 120 percent, interest rates that high would quickly prove unsustainable. Commentators began...»

«This PDF is a selection from a published volume from the National Bureau of Economic Research Volume Title: Quantifying Systemic Risk Volume Author/Editor: Joseph G. Haubrich and Andrew W. Lo, editors Volume Publisher: University of Chicago Press Volume ISBN: 0-226-31928-8; ISBN-13: 978-0-226-31928-5 Volume URL: http://www.nber.org/books/haub10-1 Conference Date: November 6, 2009 Publication Date: January 2013 Chapter Title: Hedge Fund Tail Risk Chapter Author(s): Tobias Adrian, Markus K....»

«CURRICULUM VITAE MENAHEM SPIEGEL January 2004 Office: Department of Finance and Economics Home: 37 Oval Rd. Graduate School of Management Millburn, NJ 07041 Rutgers University 111 Washington Street Phone:(973) 376-0696 Newark, NJ 07102-1895 Phone: (973) 353-5899 E-Mail: mspiegel@rbs.rutgers.edu EDUCATION PhD.(1975) Economics, University of Chicago M.A.(1972) Economics, University of Chicago B.A.(1969) Economics, Hebrew University of Jerusalem POST GRADUATE STUDIES Legal Institute for...»

«International Journal of Academic Research in Business and Social Sciences July 2013, Vol. 3, No. 7 ISSN: 2222-6990 Impact of Spiritual Intelligence on the Staff Happiness (Case Study: Golpayegan Petrochemical Company) Dr.Ali Nasr Isfahani Assistant Professor, Department of Management, Faculty of Administrative sciences and Economics, University of Isfahan, Isfahan, Iran Hamideh Nobakht Master of Business management.Islamic Azad University,Mobarekeh Branch, Isfahan,Iran DOI:...»

«Dr Cornelio Oyola Abungu EDUCATION: B. S. (1967) in Economics with a minor in Mathematics Jarvis Christian College Hawkins, Texas 75765 M. S. (1969) in Mathematics with a minor in Educational Administration East Texas State University, Commerce, Texas 75428 Ed. D. (1975) in Educational Administration with minors in (i) Mathematics and (ii) Secondary and Higher Education East Texas State University, Commerce, Texas 75428 FURTHER STUDIES IN COMPUTER SCIENCE (1981-83) Memphis State University,...»

«Chapter 2 Theoretical Perspectives: Economics, Culture, Politics Introduction A variety of theoretical perspectives provide insight into immigration. Economics, which assumes that actors engage in utility maximization, represents one framework. From this perspective, it is assumed that individuals are rational actors, i.e., that they make migration decisions based on their assessment of the costs as well as benefits of remaining in a given area versus the costs and benefits of leaving....»

«14 March 2016 Lucio Sarno PERSONAL DETAILS Date of birth: 10th December 1970 Citizenship: Italian Office: Faculty of Finance, Cass Business School, 106 Bunhill Row, London EC1Y 8TZ, UK Personal webpage: http://www.cass.city.ac.uk/faculty/l.sarno E-mail: lucio.sarno@city.ac.uk AFFILIATIONS Current affiliations  Cass Business School, City University London: Professor of Finance, 2009Deputy Dean, 2013-14 Head of the Faculty of Finance, 2009-14  Centre for Economic Policy Research (CEPR),...»

«Using Quantile Regression to Estimate Capital Buffer Requirements for Japanese Banks David E. Allen School of Accounting, Finance and Economics, Edith Cowan University, Australia Robert Powell1 School of Accounting, Finance and Economics, Edith Cowan University, Australia Abhay Kumar Singh School of Accounting, Finance and Economics, Edith Cowan University, Australia Abstract This paper investigates the impact of extreme fluctuations in bank asset values on the capital adequacy and default...»

«Corporate Social Responsibility and Financial Performance in the Airport Industry Eleni Rapti (eleni.rapti.09@ucl.ac.uk) and Francesca Medda (f.medda@ucl.ac.uk) QASER Laboratory University College London Gower Street, London, WC1E 6BT UK Abstract In the last two decades corporate social responsibility (CSR), particularly when related to environmental issues, has been discussed extensively in the business literature. However, defining and measuring CSR remains a complicated process. One of the...»

«Discussion Paper Series 2005 – 09 Department of Economics Royal Holloway College University of London Egham TW20 0EX ©2005 Alexander K. Koch and Hans-Theo Normann. Short sections of text, not to exceed two paragraphs, may be quoted without explicit permission provided that full credit including © notice, is given to the source.Giving in Dictator Games: Regard for Others or Regard by Others?∗ Alexander K. Kocha and Hans-Theo Normannb† a Royal Holloway College, University of London and...»

«FREE BANKING AND CREDIT CREATION: IMPLICATIONS FOR BUSINESS CYCLE THEORY JOHN P. COCHRAN AND STEVEN T. CALL For the element of Time, which is the center of the chief difficulty of almost every economic problem, is itself absolutely continuous: Nature knows no partition of time into long periods and short; but the two shade into one another by imperceptible gradations, and what is the short period for one problem is a long period for another. (Marshall 1936) W hile the element of time may be the...»

«Optimal taxation, social contract and the four worlds of welfare capitalism Amedeo Spadaro∗• ∗ Paris School of Economics, Paris • Universitat de les Illes Balears, Palma de Mallorca Abstract1 Drawing from the formal setting of the optimal tax theory (Mirrlees 1971), the paper identifies the level of Rawlsianism of some European social planners starting from the observation of real data and redistribution systems and uses it to build a metric that allows measuring the degree of...»

<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.