Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Dependability and Trust in Organisational and Domestic Computer Systems Safecomp

Dependability and Trust in Organisational and Domestic Computer Systems Safecomp

Ratings: (0)|Views: 3 |Likes:
Published by Guy Dewsbury
paper outlining the origins of the dependability of domestic systems models.
paper outlining the origins of the dependability of domestic systems models.

More info:

Published by: Guy Dewsbury on Feb 07, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/03/2014

pdf

text

original

 
S. Anderson et al. (Eds.): SAFECOMP 2003, LNCS 2788, pp. 103–115, 2003.© Springer-Verlag Berlin Heidelberg 2003
A Dependability Model for Domestic Systems
Guy Dewsbury
*
,Ian Sommerville, Karen Clarke, and Mark Rouncefield
Computing Department, Lancaster University, Lancaster LA1 4YR, UK
{g.dewsbury,k.m.clarke,m.rouncefield}@lancaster.ac.uk
Abstract.
Technically-based models of dependability such as Laprie’s modelsuggest that there are attributes that should be reflected in the design of asystem. These attributes tend to be attributes of the software or hardware andthe models assume that system operators can be treated in the same way assoftware or hardware components. While this approach may be valid for somecontrol systems with tightly specified operational processes, we argue that itmust be extended if it is to be applied to systems where there is significantdiscretion on the part of the user as to how they will use the system. Inparticular, for systems in the home, we argue that the notion of dependabilityshould be broadened This paper suggests that through the design of assistivetechnology (AT) systems for older people we can demonstrate the user shouldbe placed at the centre of the process when considering system dependability.
1
Introduction
Ever since computers and computer software were used as essential components incritical systems the dependability of computer-based systems has been a concern. The1980’s, in particular, saw a surge in research in safety-critical systems and majoradvances in our understanding of the dependability of computer-based systems havebeen made since that period. This work on dependability has been mostly concernedwith the use of computer-based systems as control systems and protection systems so,inevitably, dependability research and practice has been driven by the requirements of this type of system.Now, however, it is not only protection and control systems that are criticalsystems. National infrastructures and businesses depend on large scale informationsystems that must have a high-level of availability and reliability. Embedded systemsare no longer just situated within organisations but are also fundamental to thesuccessful operation of our cars and, increasingly, our homes. ‘Failure’ of thesesystems can have serious organisational or personal consequences so paying attentionto system dependability is essential.Home systems that incorporate computers are typically composed of assemblies of relatively low-cost, off-the-shelf devices. With a few, very expensive, exceptionsthese devices are stand-alone devices with hard-wired communications between them. 
*
Corresponding author:
 g.dewsbury@lancaster.ac.uk
 
104 G. Dewsbury et al.
However, in the very near future, it is clear that connecting these devices to ahome network with some centralized control system will become a reality. To someextent, standards such as ISO 9000, BS EN 29999 and BS EN 1441 [1] already allowthis for assistive technology systems intended to provide support for elderly anddisabled people in their home and notions of a ‘home media network’ have beenproposed [2].In this paper, we argue that the model of system dependability that is appropriatefor control and protection systems must be extended if it is to be applicable todomestic computer-based systems. We propose an extended model that embraces thetraditional model but which includes the user and the system’s environment ratherthan positioning them outside the system boundary. That is, when a computer-basedsystem is installed in a domestic environment, we should not just be concerned withwhether or not that system is failure-free. Rather, the overall system dependabilitydepends on whether or not it fulfils its intended purpose as far as the system users areconcerned. If it does not do so, then it will not be used. This situation is equivalent toan unplanned system failure rate of 100% - hardly a dependable system.In deriving the model proposed here, we have drawn on research that we areundertaking in dependable assistive technology design for installation in the homesof older people. The users of the assistive technologies may suffer from a range of disabilities with assistive technology used to help them overcome these disabilitiesand cope with everyday life in their own home. These elderly people depend on thistechnology to maintain a reasonable quality of life but, all too often, the technologylets them down. Sometimes, it simply fails to operate but, more often, it is not orcannot be used as intended because its design does not take into account the specificneeds of the elderly users, the context where the system will be installed and thenatural human desire to control rather than be controlled by technology.In the remainder of the paper, we introduce Laprie’s dependability model andexamine some of the assumptions that underlie that model. We challenge theapplicability of some of these assumptions for domestic systems in sections thatdiscuss the role of the user in domestic systems and the distinctions between homeand organisational environments. We then go on to introduce our view of dependability as it is applied to domestic systems, suggesting that as well as‘traditional’ dependability attributes, dependable home systems must also beacceptable to their users, fit in with their daily routines and lifestyle and support useradaptation as user needs change.
2
Computer System Dependability
 'HSHQGDELOLW\
LVGHILQHGDVWKDWSURSHUW\RIDFRPSXWHUV\VWHPVXFKWKDW UHOLDQFHFDQMXVWLILDEO\EHSODFHGRQWKHVHUYLFHLWGHOLYHUV7KHVHUYLFHGHOLYHUHGE\DV\VWHPLVLWVEHKDYLRXUDVLWLVSHUFHSWLEOHE\LWVXVHUVDXVHULVDQRWKHUV\VWHPKXPDQRUSK\VLFDOZKLFKLQWHUDFWVZLWKWKHIRUPHU
>@
Traditionally, it is considered that computing systems are characterised by fivefundamental properties: functionality, usability, performance, cost and dependability[4]. The core features of dependability models tend to assume that dependability is atechnical attribute and that the dependable features are within the computer system
 
A Dependability Model for Domestic Systems 105
itself. Critical systems require that the functionality of the software and hardware arefree of faults, resilient to external attacks, and provide a high level of confidence. AsLaprie [5] suggests (1995) dependability can be considered according to differentproperties that allow attributes of dependability to be defined as
WKHUHDGLQHVVIRUXVDJHOHDGVWRDYDLODELOLW\WKHFRQWLQXLW\RIVHUYLFHOHDGVWRUHOLDELOLW\WKHQRQRFFXUUHQFHRIFDWDVWURSKLFFRQVHTXHQFHVRQWKHHQYLURQPHQWOHDGVWRVDIHW\WKHQRQRFFXUUHQFHRIXQDXWKRUL]HGGLVFORVXUHRILQIRUPDWLRQOHDGVWRFRQILGHQWLDOLW\WKHQRQRFFXUUHQFHRILPSURSHUDOWHUDWLRQVRILQIRUPDWLRQOHDGVWRLQWHJULW\WKHDELOLW\WRXQGHUJRUHSDLUVDQGHYROXWLRQVOHDGVWRPDLQWDLQDELOLW\
>@
These attributes and properties allow the dependability theorist to consider thedistinctions between faults, errors and failures. These can be framed within thenotions of ‘fault prevention’, ‘fault tolerance’, ‘fault removal’, and ‘faultforecasting’, which enable the software designer to trace and prevent undesirableproblems. Laprie develops these ideas in the forms of a dependability tree whichlocates dependability within three categories: Attributes, Means and Impairmentsfrom which a number of attributes extend (Figure 1). The dependability tree allowsthe software engineer and the designer to picture how faults and problems arederived, and thus are avoided. Hence dependability can be considered to be theextent to which its operation is free of failure [7].
Fig. 1.
Laprie’s Dependability Tree
[8]The basis of Laprie’s dependability model was extensive work on the safety andreliability of computer based control and protection systems. The model thereforereflects the nature of these systems and how they are used and is clearly based on anumber of assumptions:
That errors arise inevitably from faults (the hypothesised cause of anerror). Faults can be failures of other systems so a failure of adevelopment system to detect an incorrect variable initialisation isreflected as a fault in the operational system. When this initialisation iscarried out, an error has arisen.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->