Dependability assessment of GUARDS instances

The generic architectural concepts developed in the European ESPRIT project GUARDS (Generic Upgradable Architecture for Real time Distributed Systems) provide a comprehensive framework from which specific instances can be derived to meet the dependability requirements of various application domains. Three main application domains are considered (railway, nuclear propulsion and space) that correspond to the fields of the three end-user partners of the project. This paper presents the modeling method supporting the assessment of GUARDS instances. The goal is to assist the designers in making objective decisions for defining a specific instance of the generic architecture. After a short summary of the main architectural concepts of GUARDS, the paper describes the major assumptions concerning: i) component types (both hardware and software), ii) fault types, where special attention is paid to potentially correlated faults, and iii) the generic fault tolerance features of GUARDS. The main architectural characteristics of the target instances (one for each application domain) are briefly described. The modeling strategy is summarized and examples of models (stochastic Petri nets) are given. Selected results are then presented and discussed. They exemplify the usefulness of the modeling and evaluation method, in particular in the light of sensitivity analyses with respect to model parameters.