technique of Web Services Analysis and Dependability ... - RODIN

fizzlargeΑσφάλεια

3 Νοε 2013 (πριν από 4 χρόνια και 9 μέρες)

71 εμφανίσεις

FMEA
-
technique of

Web Services Analysis

and Dependability
Ensuring


Anatoliy Gorbenko

Vyacheslav Kharchenko

Olga Tarasyuk

National Aerospace University "KhAI“,
Ukraine


Department of Computer Systems

and Networks






1

CONTENT

1.

Introduction


Web Services Technologies;


Purpose & Tasks of the Paper

2.

Analysis of the Web Services by using FMEA
-
technique


Web Services component architectures


Web Services Failure Taxonomy


FMEA
-
tables & results of Web Services analysis

3.

Ensuring Web Services dependability and fault
-
tolerance


Failure effect recovery



Failure prevention


Fault
-
tolerance

& Web Service Diversity


Fault removal

4.

Dependable Web Services development and deployment


Using FMEA
-
technique for dependable Web Services development



The principles of dependable and secure Web Services deployment


Implementation

5.

Conclusion

2

1. Introduction (1)

3


Web Services Technologies

1. Introduction (2)

Web Services

are extensively used now in developing

various business
-
critical applications:


distributed banking systems & Internet auctions
;


hotel/car/flight/train reservation and booking
;


e
-
commerce, e
-
business, e
-
science,

etc.


Web Services dependability attributes
:


Availability and Reliability;


Performance/responsiveness;


Security, etc.



Analysis and ensuring dependability in this architecture

is an emerging area of research and development.


4

1. Introduction (3)


Purpose of this report is:

application

of FMEA
(Failure Modes and Effects Analysis)

-
technique for
Web
Services analysis and
dependability ensuring
.



Tasks of the report are:



Analysis of Web Services failures modes and causes;


Analysis of Web Services failures effect on system,


components and end users;


Determination

of the means for
ensuring dependability:



Failure prevention;



Fault
-
tolerance and failure effect recovery;;



Fault removal
.

5

2.
Analysis of the Web Services by Using


FMEA
-
technique

The use of the FMEA
-
technique

for the Web Services analysis includes:





Web Services decomposition on component parts;



Identification of the typical failures;



Analysis of theirs influence on the Web Services



dependability;



Determination of the necessary means for



fault
-
tolerance and failure effect recovery.



FMEA
-
technique may be an important part of

Web Services dependability guaranteeing program.


6


Web Services component architectures (1)

Web Services Components


1. Hardware Environment;

2. Software Environment:


2.1. Operating System;


2.2. System SW:


2.2.1. Web Server;


2.2.2. Application


Server;


2.2.3. DBMS;


2.3. Application SW:


2.3.1. Servlets;


2.3.2. Stored


procedures &


triggers.

1.
All components in the

same host


7

2.
Fully separated

component architecture


Web Services Components


1. Hardware Environment;

2. Software Environment:


2.1. Operating System;


2.2. System SW:


2.2.1. Web Server;


2.2.2. App Server;


2.2.3. DBMS;


2.3. Application


SW:


2.3.1. Servlets;


2.3.2. Stored


proc. &


triggers.

8


Web Services component architectures (2)


Web Services component architectures (3)

3.
Partially separated
component architecture


9

Web Services Components


1. Hardware Environment;

2. Software Environment:


2.1. Operating System;


2.2. System SW:


2.2.1. Web Server;


2.2.2. App Server;


2.2.3. DBMS;


2.3. Application SW:


2.3.1. Servlets;


2.3.2. Stored


proc. &


triggers.


Web Services
Failure Taxonomy

Software(SW) environment
System services
Environment-dependent failures
Application-specific
failures
Hardware (HW) environment
Operation System (OS)
Web-server
App Server
DBMS
Application
software
(servlets)
DB stored
procedures
and
triggers
Transient (Accidental)
Permanent
No influence
Interruption
Termination
Failure dependence
Failure specification
attributes
Failure modes
Non-evident
Evident
Failure domain
Stability of occurrence
Failure evidence
Influence on operability
10


Hardware failures modes

and effects analysis

Failure Effect

Failure
Domain

Stability of
Occurrence

Failure Cause

Influence
on
Operability

Failure
Evidence

on HW

on SW

on stored
data

on session
data &
calculation

on web
service as
a whole

on user

evident

crash

crash

corruption

data loss

service
abort

deny of
service

1) HW
deteri
oration;

2) pernicious
external influence

termination

evident

crash

suspension



data loss

service
abort

deny of
service

term
ination

evident

hang

crash

corruption

data loss

service
abort

deny of
service

evident

hang

suspension



data loss

service
abort

deny of
service

accidental
failures

non
-
pernicious
external influence
(interference)

interruption

evident

rebooting

restarting



data loss

service
abort

deny of
service

evident







data/
calculation
error

service
exception

deny of
service

HW environment

permanent
failure
s

design faults



non
-
evident







data/
calculation
error



incorrect
service


11


Compressed Format of FMEA
-
Tables

Equivalent
termination

evident

hang

crash

corruption

data loss

abort

DoS

evident

hang

suspension



data loss

abort

DoS

accidental

failures

non
-
pernicious
external influence
(interference)

interruption

evident

rebooting

restarting



data lo
ss

abort

DoS

evident







data/calculation
error

exception

DoS

HW environment

permanent
failures

design faults



non
-
evident







data/calculation
error



incorrect
service


termination

evident

hang

crash

corruption

data loss

abort

DoS

evident

hang

suspension



data loss

abort

DoS

interruption

evident

rebooting

restarting



data loss

abort

DoS

evident







data/calculation
error

exception

DoS

accidental

failures

non
-
pernicious
external influence
(interference)



non
-
evident







data/calculation
error



incorrect
service

termination

evident

hang

crash

corruption

data loss

abort

DoS

evident

h
ang

suspension



data loss

abort

DoS

interruption

evident

rebooting

restarting



data loss

abort

DoS

evident







data/calculation
error

exception

DoS

HW environment

permanent
failures

design faults



non
-
evident







data/calculation
error



incorrect
service


Common
Bus
12


Software failures modes

and effects analysis

Failure Effect

Failure

Domain

Stability of
Occurrence

Failure

Cause

Influence
on
Operability

Failure
evidence

on HW

on SW

on stored
data

on session
data &
calculation

on web
service
as a
whole

on user

OS

termination

evident

hang

crash

corruption

data loss

service
abort

deny of
service

Web

Server

de
sign fault

interruption

evident

hang

OS/Servers/

DBMS/App

suspension



data loss

service
abort

deny of
service

App

Server

transient
failures

interruption

evident

rebooting

restarting



data loss

service
abort

deny of
service

SW environment

DBMS

malicious
impact


(hacker

attack
,
viruses)



evident







data/
calculation
error

service
exception

deny of
service

Servlets

Application SW

Stored
procedures
& triggers

permanent
failures

incorrect

input dat
a



non
-
evident







data/
calculation
error



incorrect
service


13


Results of Web Services failures modes

and effects analysis


Several failures modes can lead to the prolonged or short
-

term service aborting that affects on users as denial of
service.


Some failures result in a non
-
evident incorrect service that
is more dramatic for many applications (e
-
commerce,
critical automation control, etc.) because will entail
serious consequences, financial loss and, finally,
service discrediting.


The prevalent sources of Web Services failures are the
different software components.

14

3. Ensuring Web Services Dependability

and Fault
-
Tolerance

15

Failure effect recovery
Failure prevention
Fault-tolerance
Fault removal
Failure causes
Failure evidence
Stability of occurence
DEPENDABILITY
ENSURING MEANS
Failure domain
Failure effect
CRITERIA OF FAILURES
SPECIFICATION
Dependence

Failure effect recovery


1)

replacement of crashed hardware components;


2) reinstall of crashed software components;


3)

data recovery;


4) system rebooting or restarting of the particular



software services*.



* System rebooting and restarting of the particular


software services and applications can be performed
in automatic mode with the help of hardware or
software implemented watch
-
dog timers to achieve
better availability.


16


Failure prevention

1) quality control techniques employed during the design of the
own developed application software;

2) procedures for input parameter checking;

3) rigorous procedures for system maintenance and
administration;

4) firewalls, security guards and scanners to prevent malicious
failures;

5) software rejuvenation based on forced
restarting/reinitialization of the SW components.


NOTE:

Service publisher has limited means for failure effect
prevention because the most of the HW and SW components


of the Web Service are the COTS
-

(commercial of the shelf)
components developed by third parties
.

17


Fault
-
tolerance (1)

Permanent
Accidental
Evident
Non-
evident
Hardware
environment
Software
environment
Transient
Partial HW
redundancy
Complite HW
redundancy
Evident
HW diversity
SW replication
or diversity
Operation retry
Evident
Replication of
the System SW
Permanent
Diversity of
the System SW
Complite
HW redundancy
or diversity
Non-
evident
Evident
Non-
evident
Failure mode
Failure
domain
Stability of
Occurrence
Failure
Evidence
Fault-tolerant means
Application
Software
Permanent
Evident
Non-
evident
Application-specific
exceptions handling
Diversity of the
Application SW
18


Fault
-
tolerance (2)

Diversity

is one of the most efficient method for

Web Services fault
-
tolerance provision.


Diversity

of Web Services

can be used for:


Hardware platform;


Operating Systems;


Web & Application Servers;


DBMS and, finally,


for Application Software.

It can by applied both
separately

and in many
various
combinations
.

19


Fault Removal

Fault removal of the Web Services based, first of
all, on the systematic
applying of the updates and
patches

for hardware (microcode updates) and
software developed by third parties (OS, drivers,
web and application servers, DBMS).


Fault removal from the own developed application
software is performed both during the development
phase and the maintenance.

20

4. Dependable Web Services Development
and Deployment



Using FMEA
-
technique for Dependable

Web Services Development


Web
Service
FMEA Tables
Means for Fault-Tolerance
and Dependability Ensuring
Common
Detailed
Existed
Additional
Updating
System Requirements
General scheme of Web Services FMEA
-
analysis

and dependability ensuring


21

Detailed scheme of Web Services FMEA
-
analysis


and dependability ensuring


22


The principles of Dependable and Secure
Web Services Deployment

1.

Defence in Depth and Diversity
(DD&D).



2. Adaptability and Update

(A&U).


23

Defence in Depth and Diversity

(DD&D) Principle

DD&D principle provides:


1)

joint usage of existed security and fault
-
tolerance
facilities at the different levels of the Web Service
architecture (
Defence in Depth
);

2)

using of
Diversity

at the different levels of the
Web Service architecture (HW platform, OS,
System and Application SW, etc.).

Here, the
compatibility

between different facilities
and diversity modes

must be taken into account.

24

Adaptability and update (A&U)

principle

The essence of this principle is the
dynamic changing of
Web Service architecture and diversity mode according
to observed failures and intrusions (
Adaptability
)
.

For that the
intellectual monitors
can be used


to detect failures and intrusions;


to analyse their modes, effects and causes;


to choose the better Web Service configuration.


These means can include
external alarm services

to
notify automatically about recent Internet security
vulnerabilities, novel viruses and to distribute security
updates and patches

(
Update
)
.

25


Implementation (1)

26

Architecture of dependable Web Services upgrading

A.

Gorbenko, V.

Kharchenko, P.

Popov, A.

Romanovsky, A.

Boyarchuk.

Development of Dependable Web Services out of Undependable Web Components. CS
-
TR: 863,

School of Computing Science, University of Newcastle upon Tyne, UK, Oct 2004, 36 pages.



Implementation (2)

27

Architecture of dependable
and Secure WSs
Deployment


5. Conclusion

(1)

1. Publishers of Web Services have a
limited possibility for
fault prevention and fault removal

of the most Web
Services components, developed by third parties.



=>

Thus,
redundancy in combination with diversity

is
one of the basic means of dependability ensuring and
fault tolerance provision.


2. However, using diversity in Web Service architecture
requires detailed researches and addition solutions
because
it can lead to the addition security violations
.


28

5. Conclusion

(2)

3.The non
-
evident failures are the most critical for the
majority areas of Web Services applications.


4. The additional adaptive reliable algorithms and means
of voting and failures diagnosis must be implemented
for the ensuring tolerance to the non
-
evident failures
and prevention of losses of the processed (in
-
service)
requests.

29

5. Conclusion

(3)

5. FMEA
-
tables may be dynamically updated during Web
Service operation. It will allow (jointly with
implementation of DD&D and A&U principles) to
increase the effectiveness of the used means of
dependability ensuring.




6. Fulfilled analysis can be extended by taking into
account the lacks of required resources or services and
service unavailability due to network failures. Besides,
the critical analysis of different failures modes can be
performed.


30