Layered architecture for critical database design

摘要

Integrity, security, and safety are desired properties of database systems destined for use in critical applications. These properties are desirable because they determine a system's credibility. However, demonstrating that a system does, in fact, preserve these properties when implemented is a difficult task. The difficulty depends on the complexity of the associated design. The authors explore architectural paradigms that have been demonstrated to reduce system complexity and, thus, reduce the cost associated with certifying that the above properties are present in the final implementation. The approach is based on the tenet that the design is divided into multiple layers. The critical functions and data make up the bottom layer, where the requirements for integrity, security, and safety are most rigid. Certification is dependent on the use of formal methods to specify and analyze the system. Appropriate formal methods are required to support certification that multiple properties are present in the final implementation. These methods must assure a rigid mapping from the top-level specification down through the implementation details. Application of a layered architecture reduces the scope of the design that must be formally specified and analyzed. This paper describes a generic, layered architecture and a formal model for specification and analysis of complex systems that require rigid integrity security, and safety properties.