Fault Tolerance via Diversity for Off-the-Shelf Products: A Study with SQL Database Servers

Gashi, Ilir; Popov, Peter; Strigini, Lorenzo

doi:10.1109/tdsc.2007.70208

Cited by 49 publications

(43 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We have fully described these studies and provided analysis of the results in [4] and [3]. We will be utilizing the results of those studies in this paper as empirical evidence with one of the models, as well as for verification of assumptions.…”

Section: Background and Related Work 21 Analysis Of Faults In Ots Dbmentioning

confidence: 99%

“…In this section we will use the results of our previous studies with the bugs [4], [3] (which we summarized in section 2.1) to derive empirical estimates of β. The results of the first study from running the DBMS product faults that could be run on each pair and the failures that they cause are given in Table 1: -n A are faults reported in product A -n AB are product A reported faults that also affect B -n B are faults reported in product B -n BA are product B reported faults that also affect A.…”

Section: Empirical Derivation Of β β β βmentioning

confidence: 99%

“…This means that using a 1-out-of-2 FT-node may reduce the failure rate product. We also compared β values for successive versions of the same DBMS product pairs using the results from our second study [3] (described in section 2.1). These can be compared with the faults found in the earlier releases.…”

Section: Empirical Derivation Of β β β βmentioning

confidence: 99%

“…With regard to the dependability of a fault tolerant DBMS, we have reported previously on a study with the publicly available fault reports of four OTS DBMS products (both open-source and closed development) [4] and later releases of two of them [3]. We found that a high number of these faults would not be tolerated (or even detected) by the existing non-diverse faulttolerant schemes but did not cause failures in any two diverse DBMS products.…”

Section: Introductionmentioning

confidence: 99%

“…We have studied some of these issues with OTS database servers or database management system (DBMS) products: a complex category of OTS products. The architectural solutions for implementing a fault-tolerant DBMS using diverse OTS database products are given in [3].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Reliability Modeling of a 1-Out-Of-2 System: Research with Diverse Off-The-Shelf SQL Database Servers

Bishop

Gashi

Littlewood

et al. 2007

The 18th IEEE International Symposium on Software Reliability (ISSRE '07)

Self Cite

View full text Add to dashboard Cite

Fault tolerance via design diversity is often the only viable way of achieving sufficient dependability levels when using off-the-shelf components. We have reported previously on studies with bug reports of four open-source and commercial off-the-shelf database servers and later release of two of them. The results were very promising for designers of fault-tolerant solutions that wish to employ diverse servers: very few bugs caused failures in more than one server and none caused failure in more than two. In this paper we offer details of two approaches we have studied to construct reliability growth models for a 1-out-of-2 fault-tolerant server which utilize the bug reports. The models presented are of practical significance to system designers wishing to employ diversity with off-the-shelf components since often the bug reports are the only direct dependability evidence available to them.

show abstract

Section: Background and Related Work 21 Analysis Of Faults In Ots Dbmentioning

confidence: 99%

Section: Empirical Derivation Of β β β βmentioning

confidence: 99%

Section: Empirical Derivation Of β β β βmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Reliability Modeling of a 1-Out-Of-2 System: Research with Diverse Off-The-Shelf SQL Database Servers

Bishop

Gashi

Littlewood

et al. 2007

The 18th IEEE International Symposium on Software Reliability (ISSRE '07)

Self Cite

View full text Add to dashboard Cite

show abstract

Analysis of operating system diversity for intrusion tolerance

Garcia

Bessani

Gashi

et al. 2013

Softw. Pract. Exper.

Self Cite

View full text Add to dashboard Cite

One of the key benefits of using intrusion-tolerant systems is the possibility of ensuring correct behavior in the presence of attacks and intrusions. These security gains are directly dependent on the components exhibiting failure diversity. To what extent failure diversity is observed in practical deployment depends on how diverse are the components that constitute the system. In this paper, we present a study with operating system's (OS's) vulnerability data from the NIST National Vulnerability Database (NVD). We have analyzed the vulnerabilities of 11 different OSs over a period of 18 years, to check how many of these vulnerabilities occur in more than one OS. We found this number to be low for several combinations of OSs. Hence, although there are a few caveats on the use of NVD data to support definitive conclusions, our analysis shows that by selecting appropriate OSs, one can preclude (or reduce substantially) common vulnerabilities from occurring in the replicas of the intrusion-tolerant system. ‡ A specific type of bug, regarding security, is usually called a vulnerability. Once a vulnerability is discovered, it can be maliciously exploited. If the exploited vulnerability leads to the software system deviating from its intended requirements or security policy, then the system is deemed to have failed. The system can fail on a single or combination of the following security properties: confidentiality, availability, and integrity. In the rest of this paper, we will use the terms fault and vulnerability interchangeably. 736 M. GARCIA ET AL.faulty. To satisfy this provision, system components need to exhibit failure diversity, that is, the probability that a majority of components fail at the same time should be negligible (or else the system as a whole will fail). This failure diversity assumption is easier to justify when one is concerned with accidental faults, such as power outages, disk crashes, or message corruption due to noise in communication lines. However, for design faults of any kind, including security vulnerabilities, the assumption is difficult to guarantee. If multiple components contain the same vulnerabilities, then a single attack can compromise all of them, therefore defeating the aim of intrusion tolerance system in providing improved security.To reduce the probability of vulnerabilities existing in more than one component, design diversity [3] can be employed: each component uses diverse software to perform the same functions, with the expectation that the differences will reduce the occurrence of common vulnerabilities, that is, vulnerabilities that exist in more than one system. Byzantine fault-tolerant replication often suggest the use of replica diversity (e.g., [4][5][6][7][8][9][10][11][12][13][14]), under the (sometimes implicit) assumption that they exhibit failure diversity. In this work, we want to empirically assess to what extent failure diversity is exhibited in a complex category of OTS software, namely operating systems (OSs).We focus our study on OS because they are a...

show abstract