1 prof kharchenko
TRANSCRIPT
-
7/31/2019 1 Prof Kharchenko
1/48
MULTIVERSION TECHNOLOGIES
FOR SAFETY CRITICAL I&C SYSTEMS
AND GREEN COMPUTING
Vyacheslav KharchenkoNational Aerospace University KhAI, Department of Computer Systems & Networks
Research & Production Corporation Radiy,
Centre for Safety Infrastructure-Oriented Research & Analysis
June, 15, 2012, SAFEGUARD Summer School, SSS12, Odessa, Ukraine
S
-
7/31/2019 1 Prof Kharchenko
2/48
2VVER-1000
2VVER-440
2VVER-1000
Kyiv
6VVER-1000
3VVER-1000
Kirovograd(RPC Radiy)
South-Ukrainian NPP
Zaporizhya NPP
Rivne NPP
Khmelnitsky NPPKharkiv
(KhAI, Radiy STC)
S
Total NPPs Capacity: 13,880 MW (8th position in the world,
about 50% of total Ukrainian energy capacity)
Over 60 NPP I&C Radiy-based platform systems since 2003
in Ukraine and Bulgaria
S
12 000 BS, MSc studentsMore than 200 PhD and DrS students810 teachers (450 PhD, 120 DSc)9 faculties, 3 Institutes, 45 Depsmore than 50 specialties
-
7/31/2019 1 Prof Kharchenko
3/48
Competition and active feedbacks ?
Suggestions:
to separate all participants on 3-4 teams for joint discussion
related to asked questions
to discuss questions during 1-3 mins and propose brief
answers/decisions/ideas
to support competition-oriented style
OK?
3 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
4/48
Outline
Motivation ?- Critical applications and problem computer I&C systems dependability and safety ?
- Common cause failure and diversity approach
Multi-version computing foundation- Taxonomy, classification schemes, models of multi-version systems
- Evolution of multi-version technologies and systems (MVS)- SW- and FPGA-based two-version reactor trip systems
Assessment of FPGA- and software-based MVS- Metrics-probabilistic techniques
- Practical issues
Development and implementation MVS- NPP I&Cs
- SOA Web- and Cloud-based systems
Green Computing and Communication (CC)- Dependability and paradigm of green CC
- Directions of R&D&E for green CC
Conclusions. Education activities
4 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
5/48
1. Introduction: Motivation. I&C Safety and Common
Cause Failure (CCF) Problem
Critical applications (CAs) and problem of safety:
- CAs = {Safetycritical (NPP I&C), Mission critical (Space I&C), Business-critical};
- One of the key challenges: digital instrumentation and control systems (I&Cs) are
meanand objectofsafety ensuring for CAs as a whole;
- 2000 2010: 1)17% (5/32) crashes of carrier rockets and 22% (24/109)
spacecrafts systems fatal failures were caused by SW (design) faults
(Aerospace T&T, 2010, 6, National Aerospace University KhAI, Ukraine)
2) 20% failures of NPP are failures of I&Cs (SSTC NRS, 2010).
Dependability safety green computing and communication
Problem of I&Cs safety problem of decreasing CCF probability
CCF simultaneous failure of two or more (all) redundant channels of I&C
The most probable reasons of CCFs (for critical applications) are :
(a) design faults (of SW-, HW- or FPGA-based systems);
(b) multiple physical faults of redundant HW channels caused by
different environment impacts or internal factors;
(c) multiple interaction faults of redundant channels caused by
intrusions directed at identical vulnerabilities of SW components.
5 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
6/48
1. Introduction: Decreasing CCF Risks Using Diversity
Ordinary structure (and time) redundancy is not effective to decrease probability of different CCFs.
What type of redundancy is effective? Version redundancy (or diversity), which is complex
(version proper & structure/time) type of redundancy.
There is representative practice of diversity implementation in different critical and business-critical applications.
6
b
df1
2
V1
V2
V3
df2
Design 1
df3
Design 2
Design 3
Environment
physic if inform. if
df
Environment
(interaction faults, if)
Design
(designfa
ults,
df)
2
if
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
7/48
1. Introduction: Decreasing CCF Risks Using Diversity ?
How you can realize diversity in computer-based systems?
What does diversity mean in general?
Any examples?
Different locks for your apartment
Keep in money on different bank accounts
Others?
What mainresult of diversity application is?
7 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
8/48
1. Introduction: Key Challenges of Diversity Approach
Application
8 June, 15, 2012, SSS'12,Odessa, Ukraine
Aspects Challenges Key questions
New technolo-
gies, possibili-
ties and risks
New technologies (including FPGA) ensure new possibilities for
diversity approach (DA) implementation but they can create new
risks and deficits of safety.
How we should use these possibilities?
Standardsrequirements
Existed standards dont contain detailed requirements andtechniques to assess and apply DA for FPGA-based NPP I&Cs.
What should be severity of regulation for DAimplementation?
CCF risk
decreasing
Key problem is decreasing number of common version faults
(CVF). The CVF number (CCF probability) may be decreased using
several types of diversity (multi-diversity ordiversity of
diversity).
What type (types) and how much versions
developers should use?
Risk
assessment
Problems of CCF risks assessment: inaccurate assessment
either increases risk of fatal failure (understated assessment) or
increases risk of unreasonable costs.
What approach, indicators, methods,
techniques, we should use to assess actual
diversity level and multi-version I&C safety ?
Uniqueness of
MVSs
There are a lot of example of DA implementation but comparative
analysis of MVS application is not enough.
How we may compare experience of
different DA applications?
-
7/31/2019 1 Prof Kharchenko
9/48
1. Introduction: References and Objective
References (Last Publications) Kharchenko V.S., Siora A.A., Bakhmach E.S. Diversity-Scalable Decisions for FPGA-based Safety-Critical I&Cs: from Theory to
Implementation // Proceedings of NPIC&HMIT 2009, Knoxville, USA, April 5-9, 2009.
Kharchenko V.S. (ed). Multi-Version Systems for Critical Applications. - National Aerospace University KhAI, Kharkiv, Ukraine, 2009. - 205 p.
Kharchenko V.S., Bakhmach E.S., Siora A.A., et al. Diversity-Oriented FPGA-based NPP I&C Systems: Safety Assessment, Development,
Implementation // Proceedings of 18th International Conference on Nuclear Engineering ICONE18, May 17-22, 2010, Xi'an, China.
Kharchenko V.S., Siora A.A., Sklyar V.V., Volkovyj A.V. Multi-Version NPP I&C Systems // Proceedings of NPIC&HMIT 2010, Las Vegas,USA, November 7-11, 2010.
Kharchenko V.S., Siora A.A., Volkovyj A.V., Duzhyj. Metric-Probabilistic Assessment of Multi-Version I&C Systems Safety // Dependable
Computer Systems /V. Zamojsky (ed.), LNCS 4351, Springer, 2011.
Kharchenko V.S., Siora A.A., Sklyar V.V. Multi-Version FPGA-based NPP I&C Systems: Evolution of Safety // NPP Safety, InTech, 2011.
Kharchenko V.S. (ed). Case-Assessment of critical program systems. Vol1-3: Quality, Reliability, Safety. National Aerospace University KhAI,
Kharkiv, Ukraine, 2012. - 201 p., 289 p., 302 p.
Review of problems and decisions related to dependable multi-version software- and FPGA-
based I&Cs assessment, development and implementation for critical applications
Brief analysis of challenges and decisions for green computing and communication in context
of dependability and safety issues
9
Objectives
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
10/48
2. Diversity-Oriented Digital I&Cs: Taxonomy
Taxonomy of Diversity
10
Version redundancy (VR) is a kind of redundancy
based ondifferent ways and/or means of achieving a
specified objective.
Diversity or multiversity(MV) is the principle
providing use of several versions to perform the same
function (for a product or process) by two and more (n)options. Multi-diversitymeans use two and more (m) kinds
of VR.
Multi-version system is a system in which n>1
versions-products are used (in general case (n,l)-system or
(n,m,l)-system, l - number of channels).
Strategy of diversityis a set of general criteria and
rules defining principles of VR (kinds and volume) choice.Multi-version technologyis a set of the
interconnected rules and design decisions leading to
development of two or more intermediate or end-products.
Multi-version life cycle, multi-version project,
diversity metrics
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
11/48
Structure of 2-Version Reactor Trip System Based on Radiy Platform
V1(FPGA1.1)
V2
(FPGA2.1)
MooN2oo3,
2oo4V1
(FPGA1.2)
V2
(FPGA2.2)
V1(FPGA1.N)
V2
(FPGA2.N)
Main system
Diverse system
OR
Track 1 Track 2 Track N
Track 1' Track 2' Track N'
Cab
inets
Cabinets
...
...
.
.
.
.
.
.
MooN2oo3,
2oo4
The Radiy platform-based RTS design
consists of two
independent and diverse
divisions:
-FPGA1 / FPGA2;
(orFPGA / MP);
- other diversity types.
Safety actuation by
either division initiates
reactor shutdown. Each division is
composed of three (or
four) separate channels.
2. Diversity-Oriented Digital I&Cs: Example
June, 15, 2012, SSS'12,Odessa, Ukraine11
-
7/31/2019 1 Prof Kharchenko
12/48
2. Diversity-Oriented Digital I&Cs: Fault & Metric -
Based Model of Diversity
One-version system (a): number of design faults equals N(N= Card F) and any fault of set Fis
fatal (and is an equivalent of CCF): == 1.
Two-version system (b,c): CCF metric= NCCF / N, NCCF = CardF1 F2; Ni = CardFi;
SF metric i = 1 -; DCCF metricd = NDCCF / N; UDCCF metric = = NUDCCF /N;=d +.
12 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
13/48
13
(a) Ps = P(DF) P(PF)
(b) Ps = P(DF) (1 - (1 - P(PF1))(1 - P(PF2)))
(c) Ps = P(DF) (1 - (1 - P(PF1) P(DF1))x
(1 - P(PF2)P(DF2)))
If main and diverse subsystems are 2oo3
Ps = P(DF)(1- (1-3P2(PF1) P
2(DF1) + 2P3(PF1)
P3(DF1))(1- 3P2(PF1) P
2(DF1) + 2P3(PF1) P
3(DF1)))
2. Diversity-Oriented Digital I&Cs: RBD-Based Model
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
14/48
Assessment of diversity ?
How we can calculate beta (metric of diversity)?
What information may be used?
Any propositions/techniques?
14 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
15/48
2. Diversity-Oriented Digital I&Cs: Classifications of
Diversity Types
Classification of SW-based systems (IEC 60880:2006,)life cycle models and processes of development (V-model, spiral model,);
conceptual diversity (traditional vs modular arithmetic, CAD vs GA design,)
resources and means (different human resources, languages, tools);
project decisions(different architectures, platforms, protocols, ).
Classification of FPGA-oriented systems (V. Kharchenko, 2007)diversity of electronic elements; diversity of CASE-tools;
diversity of development languages; diversity of specifications.
process (development and verification) diversity
15
NPP I&C-oriented classification (NUREG/CR-6303, 1993; NUREG/CR-7007, R. Wood, 2009)human orlife cycle diversity(different design companies, teams,);
design diversity(different technologies, architectures);
software diversity(different languages, algorithms, logic, OS,);
functional diversity(different purposes, functions, actuation means,);
signal diversity(different parameters, physical effects, sensors);
equipment diversity(different manufacturers, designs, CPU,).
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
16/48
16 June, 15, 2012, SSS'12,Odessa, Ukraine
2. Diversity-Oriented Digital I&Cs: FPGA Technology
FPGA (Field Programmable Gate Array) is a semiconductor
device that can be programmed after manufacturing.
FPGA integrated circuit is a hardware
functions of this hardware are programmed, i.e. configuredby means of hardware description language (HDL)
configuration (FPGA electronic design) can be updated
even after the product has been installed
FPGA technology is very convenient for development of
safety critical I&Cs (Reactor Trip Systems)
FPGA technology allows to realize a lot ofdifferent
diversity oriented process-product decisions
http://upload.wikimedia.org/wikipedia/commons/f/fa/Altera_StratixIVGX_FPGA.jpg -
7/31/2019 1 Prof Kharchenko
17/48
FPGA Technology ?
FPGA technology is very convenient for development of safety critical
I&Cs (Reactor Trip Systems)
FPGA technology allows to realize a lot of different diversity oriented
process-product decisions
Why?
FPGA versus Microprocessor (as a chip and technology)?What about risks of applications for safety critical domains?
Main advantages/disadvantages of FPGA?
17 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
18/48
18 June, 15, 2012, SSS'12,Odessa, Ukraine
Diversity types Implementation
Diversity of
programmable
components (A)
Diversity of manufacturers of FPGA (A1) Altera vs. Actel
Diversity of technologies of FPGA producing (A2) SRAM vs. Antifuse
Diversity of FPGA families (A3) Cyclone vs. ProASIC (based on A1)
Diversity of FPGA from the same family (A4) different families (based on A1)
Diversity of printed circuitboards (PCBs) (B) Diversity of PCB development technologies andmanufacturers Different manufacturers but the same technology
Diversity of
CASE-tools (C)
Diversity of CASE-tools developers (C1) Altera vs. Actel
Diversity of CASE-tools (C2) Quartus II vs. Libero (based on C1)
Diversity of CASE-tools configurations (C3) Different tools for design but the same for verification
Diversity of languages of
FPGA projects
development (D)
Diversity of language kinds (D1) Graphic Notation and HDL are used
Diversity of hardware description languages (D2) VHDL vs. Verilog
Diversity of specification
presentation (E)
Diversity of FPGA
initial specification languages (E1)
The same language
Diversity of FPGA
specification models (E2)
B&HDL used for Altera
Diversity of processes (P) Diversity of development processes (P1) Different teams
Diversity of verification processes (P2) Different departments
Diversity of maintenance (P3) Different development teams
2. Diversity-Oriented Digital I&Cs: Types of Diversity for FPGA
-
7/31/2019 1 Prof Kharchenko
19/48
2. Diversity-Oriented Digital I&Cs: Cube of Diversity
19
NUREG 6303-based
classification
Classification of SW- based
systems
Classification FPGA-basedsystems
Cube coordinates: Life cycle (LC) stages; levels of project decisions (PD); kindof version redundancy (VR).(V. Kharchenko, E. Bakhmach, A.Siora, V. Sklyar, V. Tokarev, NPIC-HMIT, 2009)
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
20/48
2. Diversity-Oriented Digital I&Cs: Matrix of FPGA Decisions
(Stages 1,2)
Stage of FPGA-
based I&C life
cycle
Types of version redundancy
1 Diversity of
electronic elements
(EE)
2 Diversity of CASE-
tools
3 Diversity of project
development
languages
4 Diversity of scheme
speci-fication (SS)
1 Development
of block-diagrams
according with
signal formation
algorithms
1.2.1 Different developers
of CASE-tools
1.2.2 Different CASE-tools
kinds
1.2.3 Different CASE-tools
configurations
1.4.1 Different SSs
1.4.2-1.4.4 Combination of
couples of diverse CASE-
tools and SSs
2 Development of
program models
of signal
embedding of
algorithms in
CASE-tools
environment)
2.2.1 Different developers
of CASE-tools2.2.2 Different CASE-tools
kinds
2.2.3 Different CASE-
tools configurations
2.3.1 Joint use of graphical
scheme language and HDL2.3.2 Different HDLs
2.3.3-2.3.8 Combination of
couples of diverse CASE-
tools and HDLs
20 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
21/48
2. Diversity-Oriented Digital I&Cs: Matrix of FPGA Decisions
(Stages 3,4)
Stage of FPGA-
based I&C life
cycle
Types of version redundancy
1 Diversity of electronic
elements (EE)
2 Diversity of CASE-tools 3 Diversity of project
development languages
4 Diversity of scheme
specification (SS)
3 Integration of
program models
of signal
formation
algorithms in
CASE-tools
environment
3.2.1 Different developers of
CASE-tools
3.2.2 Different CASE-tools kinds3.2.3 Different CASE-tools
configurations
3.3.1 Joint use of graphical
schemes and HDL
3.3.2 Different HDLs3.3.3 3.3.8 Combination of
couples of diverse CASE-tools
and HDLs
4 Implementatio
n of integrated
program modelsin FPGA
4.1 Different
manufacturers of EEs
4.2 Different technologiesof EEs production
4.3 Different families of
EEs
4.4 Different element
kinds of EE families
4.2.1 Different developers of
CASE-tools
4.2.2 Different CASE-tools kinds4.2.3 Different CASE-tools
configurations 4.2.4-4.2.15
Combination of couples of
diverse CASE-tools and EEs
21 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
22/48
Version Redundancy for FPGA Technology ?
What kinds of diversity (version redundancy) for FPGA-based projects
you can propose?
Any examples?
What kinds of diversity are themost effective?
Why?
22 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
23/48
3. Models of Multi-Version Systems:
One- and Multi-Version I&Cs
23
One-version W(1) and multi-version W(n) systems are defined by 4 and 6 variables:
W(1) = {X, Y, Z,},
W(n) = {X, Y, Z,, V, } = {W(1), V, },
whereX, Y, Z sets of input signals, internal conditions (states) and output signals
correspondingly;
= {i, i=1, ..., a} set of I&C functions (e.g. actuation functions or algorithms of reactor
trip system);
V= {vj,j=1, ..., n}set of versions with output signals Z1,, Zn (or signals Zid, d= 1,, ni;ni number of versions for function i;i~ vj= { vij,j=1,...,ni}) ;= {s, s=1, ..., } mappingZiZ.
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
24/48
24
The model W(n) does not take into account the possibility of applying several diversity kinds.
Set of version redundancy kinds R= {rd, d=1,..., m} may be decomposed on subsets for
versions of products vprd(tj) and processes vprc(tj): R= ( Rprdj)U( Rprcj).
The different diversity kinds, rR, are accumulated in final versions of multi-version system. It
is described by special mapping: RV.
Mapping is presented by Boolean matrix djwhere dj= 1, if diversity kind rpis used inversion vj, and if not dj= 0.
Multi-version system ormulti-diversion system W(n,m) is described by formula:
W(n,m) = {X, Y, Z, , V, ,R, } = {W(1), V, , R, } = {W(n), R, } .
3. Models of Multi-Version Systems: Multi-Diversion I&Cs
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
25/48
25
Correspondence between set of versions Vand set of redundant channels = {cq, q=1,...,l}
is defined by mappingQ: VC.
This mapping is presented by Boolean matrix Q = jg, , , where gj=1, if version vi is
realized by channel cj, and if not gj= 0.
Hence the model of multi-diversion system is the following:
W(n,m,l) = {X, Y, Z, , V, , R, , , Q} = { W(n), R, , , Q} = { W(n,m), , Q}.
Multi-version systems with temporal redundancy and iterations of algorithms (performingfunctions) are indicated as W(n,m,l,).
Note: number of parallel (structural) versions , and sequential versions realized by use one
channel).
3. Models of Multi-Version Systems: General Case
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
26/48
Tree of MVS Structures
(as a Fault-Tolerant
Systems)
n number of versions;m number of version
redundancy kinds;
number of time iterations.
26
3. Models of Multi-Version Systems: Tree of Structures
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
27/48
4. Development of Multi-Version FPGA-Based I&Cs:
Sets of Decisions
27 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
28/48
4. Development of Multi-Version FPGA-Based I&Cs:
Two Versions
28
Version 1
Version 2
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
29/48
V1(FPGA1.1)
V2(FPGA2.1)
MooN2oo3,2oo4
V1(FPGA1.2)
V2(FPGA2.2)
V1(FPGA1.N)
V2(FPGA2.N)
Main system
Diverse system
OR
Track 1 Track 2 Track N
Track 1' Track 2' Track N'
C
abinets
Ca
binets ...
...
.
.
.
.
.
.
MooN2oo3,2oo4
MooN2oo3,2oo4
The Radiy platform-based RTS design
consists of two
independent and diverse
divisions:- FPGA1 / FPGA2;
- other diversity types.
Safety actuation by
either division initiates
reactor shutdown.
Each division is
composed of three (or
four) separate channels.
Radiy has provided
RTSs for 4 NPPs in
Ukraine (24 sets).
June, 15, 2012, SSS'12,Odessa, Ukraine29
4. Development of Multi-Version FPGA-Based I&Cs:
Reactor Trip System Based on Radiy Platform
-
7/31/2019 1 Prof Kharchenko
30/48
30
Web-
CWS
Application-
CAS
CDB
COS
X
Z
Linux
Solaris
WinNT
MacOS X
HP-UX
Proxy-
Internet
Web/Application
Apache Tomcat
BEA
WebLogic
Caucho Resin
Oracle
10g
MySQL
Firebird
5. Development of Multi-Version SOA-Based Systems:
Example of Web-Architecture
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
31/48
31
BEA
WebLogic
ApacheTomcat
IBM Web
Sphere
Oracle Application
Server 10g
Caucho Resin
JBoss
SAP AG WebApplication Server
Sun Java Web
Application Server
Win2K
MacOSX
Solaris
Linux
WinXP
HP-UX
AIX
Apache
MS IIS
Lotus Domino Go
Sun ONE Web
Server
MSSQL
MySQL
Oracle 10g
Firebird
DB2
PostgreSQL
Interbase
5. Development of Multi-Version SOA-Based Systems:
Multi-Component Graph
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
32/48
32
5. Development of Multi-Version SOA-Based Systems:
Intrusion-Tolerant Cloud Computing
June, 15, 2012, SSS'12,Odessa, Ukraine
Database
Database
Vulnerability databases
(CERT, ISS, NVD, Mitre,
OSVDB, Secuna, etc.)
Companies - SW
developers (Microsoft,
Apache, IBM, Oracle, etc.)
Configuration
controller
OS
Web-server
App-serverDBMS
Client instance
active
configuration
spare
configurations
(images)
Get list of activevulnerabilities Get list of
patches
Replace active configuration|change settings | rejuvenate
Update | upgrade |change settings
Estimate security
risks of active andspare configurations
Cloud
provider
Cloud-Based MV Architecture
Tool (Vulnerability Tracker)
(A. Gorbenko, V. Kharchenko, O.Tarasyuk, A. Romanovsky. Intrusion-Avoiding Architecture Making
Use of Diversity in the Cloud-Based Deployment Environment, LNCS, Springer, 2011)
-
7/31/2019 1 Prof Kharchenko
33/48
Version Redundancy for Web-Services and SOA-systems ?
What kinds of diversity (version redundancy) for SOA-based projects
you can propose?
Any examples?
What kinds of diversity are themost effective?
Why?
33 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
34/48
6. Multi-Version Technologies
A set ofmulti-version technologies (MVTs) is described by matrices: diversity metrics D = dij and cost values = ij .
MVS LC is presented by a bipolar N-level graph (graph of MVTs).
Selection of MVT (optimal way in the graph) is fulfilled according with criteria diversity (safety) -reliability-cost.
(Kharchenko V.S., Sklyar V.V. (edits). FPGA-based NPP I&C Systems: Development and Safety Assessment. - RPC Radiy, National Aerospace University KhAI,SSTC on Nuclear and Radiation Safety, 2008. - 188 p.)
34 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
35/48
Choice of Version Redundancy ?
How you formulate task of choice of version redundancy according with
criteria safety/cost?
35 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
36/48
7. Assessment of Multi-Version Digital I&Cs: Methods
1. Theoretical-set metrics methods:- Eilers diagram for sets of version design faults (+ vulnerabilities);
- matrix of diversity metrics;
- calculation and analysis ofdiversity metrics.
2. Probabilistic methods:
a) RBD & metric-based assessment:
- RBD development taking into account: MVS architecture, sets of faults (design (individual, group, absolute) and
physical);- calculation of reliability/safety indicators;
b) Markov models (multi-fragmental technique, imbedded MMs);
c) Bayesian methods.
3. Interval mathematics-based assessment:
- choice of model (SRGMs or others);
- determination of parameter intervals and interval assessment of reliability/safety indicators.
4. Soft computing-based assessment:- fussy logic;
- genetic algorithms (GA).
5. Expert and experimental methods:
- metric-based assessment using direct and indirect diversity metrics;
- fault injection-based assessment.
36 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
37/48
7. Assessment of Multi-Version Digital I&Cs: RBDs
37
(blue physical faults, yellow design faults)
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
38/48
7. Assessment of Multi-Version Digital I&Cs:
Check-List & Metric & RBD-Based Technique
38 June, 15, 2012, SSS'12,Odessa, Ukraine
I&C Design and
Documentation
Check-list-based
analysis of
applicable
diversity types
Metric-based
assessment of
diversity
RBD and
Markovian model-
based assessment
Results of
assessment
Table of
diversity types
Values
of metrics
Weight
coefficients
RBDs, MMs for
typical
structures
-
7/31/2019 1 Prof Kharchenko
39/48
7. Assessment of Multi-Version Digital I&Cs: Check-List
39 June, 15, 2012, SSS'12,Odessa, Ukraine
Diversity kinds Result of analysisYes/No Implementation
Diversity of
programmable
components (A)
Diversity of manufacturers of FPGA (A1) Yes Altera vs. Actel
Diversity of technologies of FPGA producing (A2) Yes SRAM vs. Antifuse
Diversity of FPGA families (A3) Yes Cyclone vs. ProASIC (based on A1)
Diversity of FPGA from the same family (A4) Yes different families (based on A1)
Diversity of printed circuit
boards (PCBs) (B)
Diversity of PCB development technologies and
manufacturers
Yes Different manufacturers but the same technology
Diversity of
CASE-tools (C)
Diversity of CASE-tools developers (C1) Yes Altera vs. Actel
Diversity of CASE-tools (C2) Yes Quartus II vs. Libero (based on C1)
Diversity of CASE-tools configurations (C3) Yes Different tools for design but the same for verification
Diversity of languages of
FPGA projects
development (D)
Diversity of language kinds (D1) Yes Graphic Notation and HDL are used
Diversity of hardware description languages (D2) Yes VHDL vs. Verilog
Diversity of specification
presentation (E)
Diversity of FPGA
initial specification languages (E1)
No The same language
Diversity of FPGA
specification models (E2)
Yes B&HDL used for Altera
Diversity of processes (P) Diversity of development processes (P1) Yes Different teams
Diversity of verification processes (P2) Yes Different departments
Diversity of maintenance (P3) Yes Different development teams
-
7/31/2019 1 Prof Kharchenko
40/48
40
8. Implementation of Multi-Version I&Cs:
Matrix Diversity-Critical Domains
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
41/48
(Law Negation of Negation for NPP RTS)
HW1(FPGA1)
HW2(FPGA2)
SW1(MP1)
SW2(MP2)
HW SW(MP)
HW HW
FPGA1(IP-HW/SW)
FPGA2
2000s
Radiy
1990s
WH, Siemens,
1980s
FPGA
SW
HW
FPGA1(IP-HW/SW)1
FPGA2(IP-HW/SW)2
2005-2010Radiy
? (NDC1) ? (NDC2)Naturally Dependable
Chip (NDC)?
41
8. Implementation of Multi-Version I&Cs:
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
42/48
Reactor Trip System More 30 sets
(main and diverse)Zaporozhye NPP-1 2004, 2005
Zaporozhye NPP-3 2003, 2007
Zaporozhye NPP-2 2009, 2011
Rovno NPP-4 2004, 2004
Rovno NPP-3 2004, 2005Rovno NPP-1 2007, 2007
Rovno NPP-2 2009, 2010
Khmelnitsky NPP-2 2004, 2004
Khmelnitsky NPP-1 2007, 2007
South-Ukraine NPP-1 2003, 2005
South-Ukraine NPP-2 2006, 2007
8. Implementation of Multi-Version I&Cs: RPC Radiy Experience
June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
43/48
9. Dependability, Safety and
Green Computing and Communication
Key Challenges in Green Computing and Communication
Information and Communication Technologies as a mean for ensuring of green:green car,
green & smart energy grid,
smart & green houses, cities, the Earth
Information and Communication Technologies as a objective for ensuring of green (2%!):green chip (MC, FPGA):
energy modulated computing,
compiler tunings,
diversity (diversity approach!) clocking
green wireless networks:
adaptive access pointsadaptive WLN-based systems
green data centers for Cloud Computing
Dependability, safety and energy critical applications
green&safe automotive and on-board aviation systems
43 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
44/48
Green Computing and Communication ?
What does it mean?
green chip (MC, FPGA):
energy modulated computing,
compiler tunings,diversity (diversity approach!) clocking
green wireless networks:
adaptive access points
(adaptive parameters?)adaptive WLN-based systems
(adaptive parameters + algorithm of interaction for access points?)
44 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
45/48
10. Education Activities: Critical Multi-Version
Computing, Safeware Engineering
MSc(and PhD) Specialty Critical Computing TEMPUS-MASTAC project MS- and PhD-Studies on Critical Computing (2006-2009www.mastac.org.ua):
- universities of Ukraine (National Aerospace University KhAI), UK, Finland;
- 6 courses (including courses Fault-Tolerant FPGA-Based I&Cs, Foundations of Multi-Version Systems and
Technologies,etc.).
MSc, PhD (and Industrial Training) Specialty Safety IT-Engineering TEMPUS-SAFEGUARD project National Safeware Engineering Network of Centres of Innovative Academia-
Industry Handshaking (2010-2013www.mastac.org.ua):
- universities and RTCs of Ukraine (National Aerospace University KhAI, RPC Radiy), UK (London City University,
Newcastle University, Adelard), Italy (Naples University, ISTI), Sweden (KTH), Finland (Abo Academy);
- 10 MSc-, PhD- and training Safety Case courses (including Scalable Diversity-Based Technologies for Safety-
Critical Applications, etc.).
45 June, 15, 2012, SSS'12,Odessa, Ukraine
http://www.mastac.org.ua/http://www.mastac.org.ua/http://www.mastac.org.ua/http://www.mastac.org.ua/ -
7/31/2019 1 Prof Kharchenko
46/48
10. Education Activities:
Green Computing and Communication (GCC)
GCC-Curriculum structureMaster CoursesMSc1. Foundations of Green Computing and CommunicationMSc2. Technologies of Green ComputingMSc3. Technologies of Green CommunicationMSc4. Technologies of Green Regulators and Robotics
PhD coursesPhD1. Standardization of Green Computing and CommunicationPhD2. Research and Development (R&D) for Green FPGA-Based ComputingPhD3. R&D for Green Mobile ApplicationsPhD4. R&D for Green Wireless-Based Computing and CommunicationPhD5. R&D for Green ICT-Infrastructures (Critical and Commercial)PhD6. R&D of ITs for Smart Energy Infrastructures
PhD7. GCC-Oriented Optimization and Decision Making
Training coursesTC1. Techniques and Tools (Cases) for Green ComputingTC2. Techniques and Tools for Green CommunicationTC3. Techniques and Tools for GCC Project Management
46 June, 15, 2012, SSS'12,Odessa, Ukraine
-
7/31/2019 1 Prof Kharchenko
47/48
10. Conclusions
1. Key challenges related to diversity-oriented computer systems are the following:
- existing standards are not enough detailed to make all necessary decisions concerning diversity;
- multi-version I&Cs are still unique, failures occurred rarely, failures data arent enough representative;
- methods of diversity assessment and kind selection, as a rule, are based on expert approach.
We have a few techniques to assess real diversity using quantitative indicators.
2. SW and FPGA technology allows to develop:- multi-version systems with different product-process version redundancy (Cubeof diversity),
- diversity scalable multi-tolerant decisions for safety-critical NPP I&Cs.
3.Proposed models of MVSs & MVTs are base :
- to choice cost(and energy)-effective technique,
- to develop architecture taking into account requirements to diversity, dependability(+ limitations)
4.These issues are applied on development of NPP I&C by use ofplatform RADIY.
Scalability of diversityis ensured by changing types, depth and method of diversity choice.
5. Green computing and communication = energy critical applications
6.Future: more detailed standards, techniques and tools to assess, choice and realize MVSs
Educational aspect!
47 June, 15, 2012, SSS'12,Odessa, Ukraine
Beauty of nature is in a diversity and in green
-
7/31/2019 1 Prof Kharchenko
48/48
Beauty of nature is in a diversity and in green
Questions, please?
!
!
Thank for your attention!