Experimental Risk Assessment and Comparison Using Software Fault Injection

Authors

Abstract

One important question in component-based software development is how to estimate the risk of using COTS components, as the components may have hidden faults and typically the source code is not available for analysis. This question is particularly relevant in scenarios where it is necessary to choose the most reliable COTS when several alternative components of equivalent functionality are available. The estimated risk introduced in the system by each component can help the system integrator in such cases. This paper proposes a practical approach to assess the risk of using a given software component (COTS or non COTS). Although we focus on comparing components, the methodology can be useful to assess the risk in individual modules. The proposed approach uses the injection of realistic residual software faults to assess the impact of possible component failures and uses software complexity metrics to estimate the probability of residual defects in software components. The proposed approach is demonstrated and evaluated in a comparison scenario using two real and competing off-the-shelf components (the RTEMS and the RTLinux real time operating system) in a realistic application of a satellite data handling application used by the European Space Agency.

Subject

Fault Injection

Conference

Dependable Computing and Communications Symposium (DCCS), June 2007