CRITICAL SYSTEM PROPERTIES - SURVEY AND TAXONOMY

Computer systems are increasingly employed in circumstances where thei r failure (or even their correct operation, if they are built to flawe d requirements) can have serious consequences. There is a surprising d iversity of opinion concerning the properties that such critical syste ms' should possess, and the best methods to develop them. The dependab ility approach grew out of the tradition of ultra-reliable and fault-t olerant systems, while the safety approach grew out of the tradition o f hazard analysis and system safety engineering. Yet another tradition is found in the security community, and there are further specialized approaches in the tradition of real-time systems. In this article are examined the critical properties considered in each approach, and the techniques that have been developed to specify them and to ensure the ir satisfaction. Since systems are now being constructed that must sat isfy several of these critical system properties simultaneously, there is particular interest in the extent to which techniques from one tra dition support or conflict with those of another, and in whether certa in critical system properties are fundamentally compatible or incompat ible with each other. As a step toward improved understanding of these issues, it is suggested that a taxonomy, based on Perrow's analysis ( Perrow, C. Normal Accidents: Living with High Risk Technologies. Basic Books, New York, 1984), that considers the complexity of component in teractions and tightness of coupling as primary factors, is used.