Model-Based Failure Management for Distributed Reactive Systems

摘要

Failure management is key to the development of safety-critical, distributed, reactive systems common in such applications as avionics, automotive, and sensor/actuator networks. Specific challenges to effective failure management include (ⅰ) developing an understanding of the application domain so as to define what constitutes a failure; (ⅱ) disentangling failure management concepts at design and runtime; and (ⅲ) detecting and mitigating failures at the level of systems-of-systems integration. In this paper, we address (ⅰ) and (ⅱ) by developing a failure ontology for logical and deployment architectures, respectively, including a mapping between the two. This ontology is based on the interaction patterns (or services) defining the component interplay in a distributed system. We address (ⅲ) by defining detectors and mitigators at the service/interaction level - we discuss how to derive detectors for a significant subset of the failure ontology directly from the interaction patterns. We demonstrate the utility of our techniques using a large scale oceano-graphic sensor/actuator network.