Chapter 4

Modeling Dependability Features

Chapter written by R. France,

Colorado State University, CSD, USA

4.1. Introduction

Developers of embedded systems often must address multiple, possibly competing, concerns or objectives in their designs. Objectives compete when meeting one objective restricts the degree which other objectives can be met. For example, design features that enforce security policies may be associated with performance characteristics that make it difficult to meet stringent performance requirements. In these situations developers need to make tradeoffs in order to balance the competing objectives.

Trade-off analysis involves developing and evaluating alternative forms of features that address design objectives. The ease of replacing a feature by an alternative feature is dependent on how the feature is embedded in the design. Replacing a feature that is encapsulated in a design module is often easier than replacing a feature that is spread across and tangled with other features. We refer to the latter type of features as crosscutting features. It may not be possible to avoid crosscutting features in a design: A decision to modularize a design based on a select set of features may force other features to crosscut the design. For example, a decision to base the modularization of a banking system design on services provided will result in a crosscutting service authorization feature: Functionality for authorizing the services will be included in each module describing ...