### High-Level Modeling Environments for the Dependability Assessment of Dynamic Systems (14.00-15.30, 01.04.2008)

Max Walter (Speaker) |
Marc Bouissou |
Salvatore Distefano |

Fault-tolerant systems are typically evaluated using stochastic models which compute the system's dependability from the properties of its components. In most cases, either fault trees (FT) or reliability block diagrams (RBD) are used to specify the redundancy structure of the system. Together with information on the failure and repair distribution of each component, the dependability of the system can be computed using algorithms based on basic probability calculus.

The above-mentioned techniques are very mature and well understood both in industry and academic environments. However, the solution methods which are normally applied only work under the assumption that there are no dependencies and interactions between the components of the system.

In practice, this assumption is not true as there are failures with a common cause, error propagations, load sharing, standby-redundancy, multi-phase systems, limited repair capacities and so on. Therefore, classical solution methods of fault trees or block diagrams are based on simplified assumptions and will deliver inaccurate and often dangerously over-optimistic results.

In this tutorial, we show how more accurate results can be obtained using state-based models like Markov chains, stochastic Petri nets or models defined by a stochastic process algebra. However, we also show that these kind of models cannot compete in terms of their usability: in comparison to fault trees or block diagrams, they are hard to learn, not very intuitive, and lack desirable properties like modularization or the support for a stepwise refinement.

The main part of the tutorial will therefore discuss a novel generation of modeling methods which are based on an automatic translation of a set of high-level input diagrams into equivalent state-based models. The following approaches will be discussed: dynamic fault trees (DFT), dynamic reliability block diagrams (DRBD), boolean logic driven Markov processes (BDMP), and the Simple but Extensive, Structured Availability Modeling Environment (OpenSESAME).

Real-world case studies from the areas telecommunication, web-services, and other critical infrastructures (e.g. electricity, water and computing systems) serve as a mean to compare the different approaches and show their benefits in comparison to traditional techniques.

### Towards a Stochastic Network Calculus - Comparison of Different Approaches (16.00-17.30, 01.04.2008)

Prof. Dr. Jens B. Schmitt (Speaker) |

Network Calculus has proven as an elegant system theory for performance guarantees in communication networks. However, as a worst-case analysis method it also faces frequent critique with respect to its pessimistic assumptions and corresponding low efficiency for resource management decisions based on its calculations. Therefore, for some time there has been an ongoing quest for a stochastic network calculus which preserves the elegance of the conventional deterministic network calculus and yet allows for a stochastic relaxation of the worst-case perspective, thus promising to achieve more efficient resource allocations at low violation probabilities for the performance guarantees.

In this tutorial, existing approaches towards a stochastic network calculus are presented and compared with each other. The focus will be on the basic definitions for stochastic arrival and service curves in what we perceive as the main proposals. The sometimes subtle discrepancies of the basic definitions in these proposals result in interesting and significant differences with respect to (1) how far the elegance of network calculus can be preserved, (2) how much improvement over deterministic network calculus can be attained, and (3) how applicable the models are to realistic traffic assumptions.