Building the Information Society pp 135-164 | Cite as

# The Evolution of Dependable Computing at the University of Illinois

Conference paper

## Abstract

The University of Illinois has been active in research in the dependable computing field for over 50 years. Fundamental ideas have been proposed and major contributions made by researchers at the University of Illinois in the areas of error detection and recovery, fault tolerance middleware, testing and diagnosis, experimental evaluation and benchmarking of system dependability, dependability modeling, and secure system design and validation. This paper traces the origins of these ideas and their development within the University of Illinois, as well as their influence upon research at other institutions, and outlines current research directions.

### Key words

error detection and recovery experimental evaluation of dependability fault injection dependability modeling secure and survivable system design and validation Download
to read the full conference paper text

### References

- [1]J. Abraham, D. Gajski, “Design of Testable Structures Defined by Simple Loops,”
*IEEE Trans. on Comp*., C-30, 1981, pp. 875–884CrossRefGoogle Scholar - [2]J. Abraham, E. Davidson, J. Patel, “Memory System Design for Tolerating Single-Event Upsets,”
*IEEE Trans. on Nuclear Science*, NS-30,No. 6, 1983, pp. 4339–4344.Google Scholar - [3]J. Abraham, G. Metze, “Roving Diagnosis for High-Performance Digital Systems,”
*Proc. Conf. on Information Sciences andSystems*, 1978, pp. 221–226.Google Scholar - [4]N. Alewine, K. Fuchs, W-M. Hwu, “Application of Compiler-Assisted Multiple Instruction Rollback Recovery to Speculative Execution,” Technical Report CRHC-93-16, University of Illinois, 1993.Google Scholar
- [5]D. Anderson, “Design of Self-Checking Digital Networks,” Coordinated Science Laboratory Technical Report R527, University of Illinois, Urbana, Illinois, 1971.Google Scholar
- [6]D. Anderson, G. Metze, “Design of Totally Self-Checking Circuits for m-out-of-n Codes,”
*IEEE Trans. on Comp*., C-22,No. 3, 1973, pp. 263–269.CrossRefGoogle Scholar - [7]S. Bagchi, “Hierarchical Error Detection in a SIFT Environment,” Ph.D. Thesis, University of Illinois, 2000.Google Scholar
- [8]S. Bagchi, Y. Liu, Z. Kalbarczyk, R. K. Iyer, Y. Levendel, L. Votta, “A Framework for Database Audit and Control Flow Checking for a Wireless Telephone Network Controller,”
*Proc. of Conf. on Dependable Systems and Networks, DSN’01*, July 2001, pp. 225–234.Google Scholar - [9]P. Banerjee, J. Abraham, “Characterization and Testing of Physical Failures in MOS Logic Circuits,”
*IEEE Design and Test*, 1, 1984, pp. 76–86CrossRefGoogle Scholar - [10]P. Banerjee, J. Abraham, “Fault-Secure Algorithms for Multiple Processor Systems,”
*Proc. 11th Int. Symp. on Computer Architecture*, 1984, pp. 279–287.Google Scholar - [11]P. Banerjee, J. Abraham, “A Multivalued Algebra for Modeling Physical Failures in MOS VLSI Circuits,”
*IEEE Trans. on Computer-Aided Design*, CAD-4,No. 3, 1985, pp. 312–321.CrossRefGoogle Scholar - [12]P. Banerjee, J. Abraham, “Bounds on Algorithm-Based Fault Tolerance in Multiple Processor Systems,”
*IEEE Trans. on Comp*., C-35,No. 4, 1986, pp. 296–306.CrossRefGoogle Scholar - [13]H. Bohnenkamp, T. Courtney, D. Daly, S. Derisavi, H. Hermanns, J.-P. Katoen, R. Klaren, V. V. Lam, W. H. Sanders, “On Integrating the Möbius and Modest Modeling Tools,”
*Proc. Int. Conf. on Dependable Systems andNetworks*, San Francisco, CA, June 22–25, 2003, p. 671.Google Scholar - [14]V. Boppana, W. K. Fuchs, “Fault Dictionary Compaction by Output Sequence Removal,”
*Proc. IEEE/A CM Conf. Computer-Aided Design*, Nov. 1994, pp. 576–579.Google Scholar - [15]W. Carter, P. Schneider, “Design of Dynamically Checked Computers,”
*Proc. IFIP Congress 2*, 1968, pp. 878–883.Google Scholar - [16]C. Cha, “Multiple Fault Diagnosis in Combinational Networks,” Coordinated Science Laboratory Technical Report R-650, University of Illinois, Urbana, Illinois, 1974.Google Scholar
- [17]R. Chandra, M. Cukier, R. M. Lefever, W. H. Sanders, “Dynamic Node Management and Measure Estimation in a State-Driven Fault Injector,”
*Proc. 19th IEEE Symp. on Reliable Distributed Systems*, Nürnberg, Germany, October 16–18, 2000, pp, 248–257.Google Scholar - [18]R. Chandra, R. M. Lefever, M. Cukier, W. H. Sanders, “Loki: A State-Driven Fault Injector for Distributed Systems,”
*Proc. Int. Conf. on Dependable Systems and Networks (DSN-2000)*, New York, NY, June 25–28, 2000, pp. 237–242.Google Scholar - [19]R. Chandra, R. M. Lefever, K. Joshi, M. Cukier, W. H. Sanders, “A Global-State-Triggered Fault Injector for Distributed System Evaluation,”
*IEEE Trans. on Par. and Dist. Systems*, to appear.Google Scholar - [20]H. Chang, E. Manning, C. Metze,
*Fault Diagnosis of Digital Systems*, Huntington, NY: Robert E. Krieger Publishing Company, 1970.MATHGoogle Scholar - [21]M. Chang, W. Fuchs, J. Patel, “Diagnosis and Repair of Memory with Coupling Faults,”
*IEEE Trans. Comp.*, April 1989, pp. 493–500.Google Scholar - [22]S. Chen, J. Xu, Z. Kalbarczyk, R. K. Iyer, K. Whisnant, “Modeling and Evaluating the Security Threats ofTransient Errors in Firewall Software,”
*Int. Journal on Performance Evaluation*, 56, March 2004, pp. 53–72.Google Scholar - [23]S. Chen, K. Pattabiraman, Z. Kalbarczyk, R. K. Iyer, “Formal Reasoning of Various Categories of Widely Exploited Security Vulnerabilities Using Pointer Taintedness Semantics,”
*Proc. 19th IFIP Int’l Information Security Conf. (SEC-2004)*, held as part of 18th IFIP World Computer Congress, August 2004.Google Scholar - [24]S. Chen, Z. Kalbarczyk, J. Xu, R. K. Iyer, “A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities,”
*Proc. Int. Conf. on Dependable Systems and Networks, DSN’03*, June 2003, pp. 605–614.Google Scholar - [25]W. Cheng, “The BACK Algorithm for Sequential Test Generation,”
*Proc. IEEE Int. Conf. on Computer Design*, Oct 1988, pp. 66–69.Google Scholar - [26]W. Cheng, J. Patel, “Concurrent Error Detection in Iterative Logic Arrays,”
*Proc. 14th Int. Symp. on Fault-Tolerant Computing*, 1984, pp. 10–15.Google Scholar - [27]W. Cheng, J. Patel, “A Minimum Test Set for Multiple-Fault Detection in Ripple-Carry Adders,”
*Proc. Int. Conf. on Computer Design*, 1985, pp. 435–438.Google Scholar - [28]W. Cheng, J. Patel, “Multiple-Fault Detection in Iterative Logic Arrays,”
*Proc. Int. Test Conf.*, 1985, pp. 493–499.Google Scholar - [29]W. Cheng, J. Patel, “A Shortest Length Test Sequence for Sequential-Fault Detection in Ripple Carry Adders,”
*Proc. Int. Conf. on Computer-Aided Design*, 1985, pp. 71–73.Google Scholar - [30]R. Chillarege, R. K. Iyer, “Fault Latency in the Memory: An Experimental Study on VAX 11/780,”
*Proc. 16th Int. Symp. on Fault-Tolerant Computing*, 1986.Google Scholar - [31]R. Chillarege, R. K. Iyer, “The Effect of System Workload on Error Latency: An Experimental Study,”
*Proc. ACM SIGMETRICS Conf. on Measurement and Modeling of Computer Systems*, 1985, pp. 69–77.Google Scholar - [32]A. L. Christensen, “Result Specification and Model Connection in the Möbius Modeling Framework,” Master’s Thesis, University of Illinois, 2000.Google Scholar
- [33]G. Clark, T. Courtney, D. Daly, D. Deavours, S. Derisavi, J. M. Doyle, W. H. Sanders, P. Webster, “The Möbius Modeling Tool,”
*Proc. 9th Int. Workshop on Petri Nets and Performance Models*, Aachen, Germany, September 11–14, 2001, pp. 241–250.Google Scholar - [34]G. Clark, W. H. Sanders, “Implementing a Stochastic Process Algebra within the Möbius Modeling Framework,” in Luca de Alfaro and Stephen Gilmore (Eds.),
*Process Algebra and Probabilistic Methods: Performance Modelling and Verification: Proc. Joint Int. Workshop, PAPM-PROBMIV2001*, RWTH Aachen, Germany, September 12–14, 2001,*LNCS*no. 2165, Berlin: Springer, 2001, pp. 200–215.CrossRefGoogle Scholar - [35]T. Courtney, J. Lyons, H. V. Ramasamy, W. H. Sanders, M. Seri, M. Atighetchi, P. Rubel, C. Jones, F. Webber, P. Pal, R. Watro, M. Cukier, J. Gossett, “Providing Intrusion Tolerance with ITUA,”
*Supplemental Volume Int. Conf. on Dependable Systems & Networks (DSN-2002)*, Washington, DC, June 23–26, 2002, pp. C-5-1–C-5-3.Google Scholar - [36]M. Cukier, R. Chandra, D. Henke, J. Pistole, W. H. Sanders, “Fault Injection Based on a Partial View of the Global State of a Distributed System,”
*Proc. 18th IEEE Symp. on Reliable Distributed Systems*, Lausanne, Switzerland, October 19–22, 1999, pp. 168–177.Google Scholar - [37]J. Cusey, J. Patel, “BART: A Bridging Fault Test Generator for Sequential Circuits,”
*Proc. Int. Test Conf.*, Nov. 1997, pp. 838–847.Google Scholar - [38]D. Daly, P. Buchholz, W. H. Sanders, “An Approach for Bounding Reward Measures in Markov Models Using Aggregation,” submitted for publication.Google Scholar
- [39]T. Davis, R. Kunda, K. Fuchs, “Testing of Bit-Serial Multipliers,”
*Proc. Int. Conf. on Computer Design*, 1985, pp. 430–434.Google Scholar - [40]D. D. Deavours, “Formal Specification of the Möbius Modeling Framework,” Doctoral Dissertation, University of Illinois, 2001.Google Scholar
- [41]D. D. Deavours, G. Clark, T. Courtney, D. Daly, S. Derisavi, J. M. Doyle, W. H. Sanders, P. G. Webster, “The Möbius Framework and Its Implementation,”
*IEEE Trans. on Software Eng.*, 28,No. 10, October 2002, pp. 956–969.CrossRefGoogle Scholar - [42]D. D. Deavours, W. H. Sanders, “The Möbius Execution Policy,”
*Proc. 9th Int. Workshop on Petri Nets and Performance Models*, Aachen, Germany, September 11–14, 2001, pp. 135–144.Google Scholar - [43]D. D. Deavours, W. H. Sanders, “Möbius: Framework and Atomic Models,”
*ibid*., pp. 251–260.Google Scholar - [44]S. Derisavi, P. Kemper, W. H. Sanders, “Symbolic State-space Exploration and Numerical Analysis of State-sharing Composed Models,”
*Proc. 4th Int. Conf. on the Numerical Solution of Markov Chains*, Urbana, IL, USA, Sept, 3–5, 2003, pp. 167–189.Google Scholar - [45]S. Derisavi, P. Kemper, W. H. Sanders, “Symbolic State-space Exploration and Numerical Analysis of State-sharing Composed Models,”
*Linear Algebra and Its Applications (LAA)*, to appear.Google Scholar - [46]S. Derisavi, P. Kemper, W. H. Sanders, T. Courtney, “The Möbius State-level Abstract Functional Interface,”
*Performance Evaluation*, 54,No. 2, October 2003, pp. 105–128.CrossRefGoogle Scholar - [47]Y. Deswarte, L. Blain, J. C. Fabre, “Intrusion Tolerance in Distributed Computing Systems,”
*Proc. IEEE Symp. on Research in Security & Privacy*, May 1991, pp. 110–121.Google Scholar - [48]J. Dussault, “On the Design of Self-Checking Systems under Various Fault Models,” Coordinated Science Lab. Technical Report R-781, Univ. of Illinois, Urbana, IL, 1977.Google Scholar
- [49]B. Dutertre, V. Crettaz, V. Stavridou, “Intrusion-tolerant Enclaves,”
*Proc. IEEE Int. Symp. on Security & Privacy*, Oakland, CA, May 2002, pp. 216–224.Google Scholar - [50]A. Friedman, L. Simoncini, “System-Level Fault Diagnosis,”
*Computer*(Spec. Issue on Fault-Tolerant Computing), 13,No. 3, 1980, pp. 47–53.CrossRefGoogle Scholar - [51]K. Goswami, R. K. Iyer, L. Young, “DEPEND: A Simulation-Based Environment for System Level Dependability Analysis,”
*IEEE Trans. on Comp.*, vol. 46,no. 1, 1997, pp.60–74.CrossRefGoogle Scholar - [52]G. Greenstein, J. Patel, “E-PROOFS: A CMOS Bridging Fault Simulator,”
*Proc. IEEE/ACM Conf. on Computer-AidedDesign*, Nov. 1992, pp. 268–271.Google Scholar - [53]W. Gu, Z. Kalbarczyk, R. K. Iyer, “Error Sensitivity of the Linux Kernel Executing on PowerPC G4 and Pentium 4 Processors,”
*Proc. Conf. on Dependable Systems & Networks, DSN’04*, June 2004.Google Scholar - [54]W. Gu, Z. Kalbarczyk, R.K. Iyer, Z. Yang, “Characterization of Linux Kernel Behavior under Errors,”
*Proc. Conf. on Dependable Systems & Networks, DSN’03*, June 2003, pp. 459–468.Google Scholar - [55]J. Gunnels, D. Katz, E. Quintana-Orti, R. van de Geijn, “Fault-Tolerant High-Performance Matrix Multiplication: Theory and Practice,”
*Proc. Conf. on Dependable Systems andNetworks, DSN’01*, July 2001, pp. 47–56.Google Scholar - [56]V. Gupta, V. Lam, H. V. Ramasamy, W. H. Sanders, S. Singh, “Dependability and Performance Evaluation of Intrusion-Tolerant Server Architectures,”
*Dependable Computing: Proc. First Latin-American Symposium (LADC 2003)*, São Paulo, Brazil, October 21–24, 2003,*LNCS*vol. 2847 (Rog’erio de Lemos, Taisy Silva Weber, and João Batista Camargo Jr., eds), Berlin: Springer, 2003, pp. 81–101.Google Scholar - [57]I. Hamzaoglu, J. Patel, “Test Set Compaction Algorithms for Combinational Circuits,”
*Proc. IEEE/ACM Int. Conf. Computer-Aided Design*, Nov. 1998, pp. 283–289.Google Scholar - [58]I. Hamzaoglu, J. Patel, “Reducing Test Application Time for Full Scan Embedded Cores,” Proc.
*29th Int. Symp. on Fault-Tolerant Computing*, June 1999, pp. 260–267.Google Scholar - [59]I. Hartanto, V. Boppana, W. Fuchs, J. Patel, “Diagnostic Test Generation for Sequential Circuits,”
*Proc. IEEE VLSI Test Symp*., April 1997, pp. 196–202.Google Scholar - [60]J. Hayes, “A NAND Model for Fault Diagnosis in Combinational Logic Networks,”
*IEEETrans. on Comp.*, C-20, 1971, pp. 1496–1506.CrossRefMathSciNetGoogle Scholar - [61]F. Hsu, K. Butter, J. Patel, “A Case Study on the Implementation of the Illinois Scan Architecture,”
*Proc. Int. Test Conf.*, Oct-Nov 2001, pp. 538–547.Google Scholar - [63]K. Huang, J. Abraham, “Low-Cost Schemes for Fault Tolerance in Matrix Operations with Array Processors,”
*Proc. 12th Int. Symp. on Fault-Tolerant Computing*, 1982, pp. 330–337.Google Scholar - [64]K. Huang, J. Abraham, “Algorithm-Based Fault Tolerance for Matrix Operations,”
*IEEE Trans. on Comp.*(Spec. Issue Reliable & Fault-Tolerant Comp.), C-33, 1984, pp. 518–528.CrossRefGoogle Scholar - [65]K. Huang, J. Abraham, “Fault-Tolerant Algorithms and their Applications to Solving Laplace Equations,”
*Proc. Int. Conf. on Parallel Processing*, 1984, pp. 117–122.Google Scholar - [66]R. K. Iyer, D. Rossetti, “A Measurement-Based Model for Workload Dependency of CPU Errors,”
*IEEE Trans. on Comp.*, C-35,No. 6, 1986.Google Scholar - [67]R. K. Iyer, D. Rossetti, “Effect of System Workload on Operating System Reliability: A Study on the IBM 3081,”
*IEEE Trans. on Software Eng.*(Spec. Issue Software Reliability, Part 1), 1985, pp. 1438–1448.Google Scholar - [68]I. Jansch, B. Courtois, “Strongly Language Disjoint Checkers,”
*Proc. 15th Int. Symp. on Fault-Tolerant Computing*, 1985, pp. 390–395.Google Scholar - [69]H. S. Javitz, A. Valdes, “The SRI IDES Statistical Anomaly Detector,”
*Proc. IEEE Symp. on Research in Security and Privacy*, Oakland, CA, May 1991, pp. 316–376.Google Scholar - [70]K. R. Joshi, M. Cukier, W. H. Sanders, “Experimental Evaluation of the Unavailability Induced by a Group Membership Protocol,”
*Dependable Computing EDCC-4: Proc. 4*^{th}*European Dependable Computing Conf.*, Toulouse, France, Oct 23–25, 2002, pp. 140–158.Google Scholar - [71]J. Jou, J. Abraham, “Fault-Tolerant Matrix Operations on Multiple Processor Systems Using Weighted Checksums,”
*Proc. SPIE Conf.*, 1984, pp. 94–101.Google Scholar - [72]J. Jou, J. Abraham, “Fault-Tolerant FFT Networks,”
*Proc. Int. Symp. on Fault-Tolerant Computing*, 1985, pp. 338–343.Google Scholar - [73]Z. Kalbarczyk, R. K. Iyer, S. Bagchi, K. Whisnant, “Chameleon: A Software Infrastructure for Adaptive Fault Tolerance,”
*IEEE Trans. on Par. andDist. Systems*, 10,No. 6, June 1999, pp. 560–579.CrossRefGoogle Scholar - [74]M. Kalyanakrishnam, R. K. Iyer, J. Patel, “Reliability of Internet Hosts: A Case Study from End User’s Perspective,”
*Proc. 6th Int. Conf. on Computer Communications and Networks*, Las Vegas, 1996, pp. 418–423.Google Scholar - [75]M. Kalyanakrishnam, Z. Kalbarczyk, R. Iyer, “Failure Data Analysis of LAN of Windows NT Based Computers,”
*Proc. of 18th Symp. on Reliable and Distributed Systems, SRDS’ 99*, Lausanne, Switzerland, 1999, pp. 178–187.Google Scholar - [76]S. Krishnamurthy, “An Adaptive Quality of Service Aware Middleware for Replicated Services,” Ph.D. Thesis, University of Illinois, 2002.Google Scholar
- [77]S. Krishnamurthy, W. H. Sanders, M. Cukier, “An Adaptive Quality of Service Aware Middleware for Replicated Services,”
*IEEE Trans. on Par. and Dist. Systems*, 14,No. 11, November 2003, pp. 1112–1125.CrossRefGoogle Scholar - [78]S. Kuo, K. Fuchs, “Efficient Spare Allocation in Reconfigurable Arrays,”
*IEEE Design and Test*, Feb. 1987, pp. 24–31.Google Scholar - [79]S. Laha, J. Patel, “Error Correction in Arithmetic Operations using Time Redundancy,”
*Proc. 13th Int. Symp. on Fault-Tolerant Computing*, 1983, pp. 298–305.Google Scholar - [80]V. V. Lam, P. Buchholz, W. H. Sanders, “A Structured Path-Based Approach for Computing Transient Rewards of Large CTMCs,”
*Proc. 2004 Int. Conf. on Quantitative Evaluation of Systems (QEST)*, Twente, The Netherlands, September 27–30, 2004.Google Scholar - [81]C. Landwehr, “Formal Models for Computer Security,”
*Computer Surveys*, 13,No. 3, Sept. 1981.Google Scholar - [82]R. M. Lefever, M. Cukier, W. H. Sanders, “An Experimental Evaluation of Correlated Network Partitions in the Coda Distributed File System,”
*Proc. 22nd Int. Symp. on Reliable Distributed Systems (SRDS’03)*, Florence, Italy, October 6–8, 2003, pp. 273–282.Google Scholar - [83]B. Littlewood, S. Brocklehurst, N. Fenton, P. Mellor, S. Page, D. Wright, J. Dobson, J. McDermid, D. Gollmann, “Towards Operational Measures of Computer Security,”
*Journal of Computer Security*, vol. 2,no. 2-3, pp. 211–229, 1993.Google Scholar - [84]J. Lowry, “An Initial Foray into Understanding Adversary Planning and Courses of Action,”
*Proc. DARPA Information Survivability Conf. and Exposition II (DISCEX’01)*, pp. 123–133, 2001.Google Scholar - [85]F. Luk, “Algorithm-Based Fault Tolerance for Parallel Matrix Equation Solvers,”
*Proc. SPIE Conf. (Real-Time Signal Processing VIII)*, 564, 1985.Google Scholar - [86]L. Malhis, “Development and Application of an Efficient Method for the Solution of Stochastic Activity Networks with Deterministic Activities,” Doctoral Dissertation, University of Arizona, 1996.Google Scholar
- [87]L. Malhis and W. H. Sanders, “An Efficient Two-Stage Iterative Method for the Steady-State Analysis of Markov Regenerative Stochastic Petri Net Models,”
*Performance Evaluation*, 27&28, October 1996, pp. 583–601.Google Scholar - [88]E. Manning, “On Computer Self-Diagnosis: Part I and II,”
*IEEE Trans. Electronic Comp.*, EC-15, 1966, pp. 873–890.CrossRefGoogle Scholar - [89]R. Marlett, “An Effective Test Generation System for Sequential Circuits,”
*Proc. Design Automation Conf.*, June 1986, pp. 250–256.Google Scholar - [90]R. Marlett, “On the Design and Testing of Self-Diagnosable Computers,” Coordinated Science Laboratory Technical Report R-293, University of Illinois, Urbana, IL, 1966.Google Scholar
- [91]E. McCluskey, F. Clegg, “Fault Equivalence in Combinational Logic Networks,”
*IEEE Trans. on Comp.*, C-20, 1971, pp. 1286–1293.CrossRefMathSciNetGoogle Scholar - [92]R. Meagher, J. Nash, “The ORDVAC,”
*Review of Electronic Digital Computers*, 1952, pp. 37–43.Google Scholar - [93]D. Muller, J. Bartky, “A Theory of Asynchronous Circuits,”
*Proc. Int. Symp. on Theory of Switching*, 1959, pp. 204–243.Google Scholar - [94]R. Nair, S. Thatte, J. Abraham, “Efficient Algorithms for Testing Semiconductor Random-Access Memories,”
*IEEE Trans. on Comp.*, C-27,No. 6, 1978, pp. 572–576.CrossRefMathSciNetGoogle Scholar - [95]N. Nakka, J. Xu, Z. Kalbarczyk, R. K. Iyer, “An Architectural Framework for Providing Reliability and Security Support,”
*Proc. Conf. on Dependable Systems and Networks, DSN’04*, June 2004.Google Scholar - [96]N. Neves, K. Fuchs, “Coordinated Checkpointing Without Direct Coordination,”
*Proc. Int. Computer Performance and Dependability Symp. (IPDS)*, 1998.Google Scholar - [97]N. Neves, K. Fuchs, “RENEW: A Tool for Fast and Efficient Implementation of Checkpoint Protocols,” Proc.
*28th Int. Symp. on Fault-Tolerant Computing*, 1998, pp.58–67.Google Scholar - [98]T. Niermann, J. Patel, “HITEC: A Test Generation Package for Sequential Circuits,”
*Proc. European Design Automation Conf.*, Feb. 2001, pp. 214–218.Google Scholar - [99]T. Niermann, W. Cheng and J. Patel, “PROOFS: A Fast Memory Efficient Sequential Circuit Fault Simulator,”
*IEEE Trans. On Computer-Aided Design*, Feb. 1992, pp. 198–207.Google Scholar - [100]W. D. Obal II, “Measure-Adaptive State-Space Construction Methods,” Doctoral Dissertation, University of Arizona, 1998.Google Scholar
- [101]W. D. Obal II, W. H. Sanders, “An Environment for Importance Sampling Based on Stochastic Activity Networks,”
*Proc. 13th Symp. on Reliable Distributed Systems*, Dana Point, CA, October, 1994, pp. 64–73.Google Scholar - [102]W. D. Obal II, W. H. Sanders, “State-Space Support for Path-based Reward Variables,”
*Proc. Int. Computer Performance and Dependability Symp. (IPDS)*, September 7–9, 1998, Durham, North Carolina, USA, pp. 228–237.Google Scholar - [103]W. D. Obal II, W. H. Sanders, “State-Space Support for Path-based Reward Variables,”
*Performance Evaluation*, 35, 1999, pp. 233–251.MATHCrossRefGoogle Scholar - [104]P. Pal, F. Webber, R. Schantz, J. Loyall, R. Watro, W. Sanders, M. Cukier, J. Gossett, “Survival by Defense-Enabling,”
*Proc. New Security Paradigms Workshop 2001*, Cloudcroft, New Mexico, September 11–13, 2001, pp. 71–78.Google Scholar - [105]J. Patel, L. Fung, “Concurrent Error Detection in ALUs by Recomputing with Shifted Operands,”
*IEEE Trans. onComp.*, C-31, 1982, pp. 589–595.CrossRefGoogle Scholar - [106]J. Patel, L. Fung, “Concurrent Error Detection in Multiply and Divide Arrays,”
*IEEE Trans. on Comp.*, C-32, 1983, pp. 417–422.CrossRefGoogle Scholar - [107]C. Payne, T. Markham, “Architecture and Applications for a Distributed Embedded Firewall,”
*Proc. 17th Annual Computer Security Applications Conf. (ACSAC’01)*, New Orleans, Louisiana, October 2001.Google Scholar - [108]L. Pollard and J. Patel, “Correction of Errors in Data Transmission using Time Redundancy,”
*Proc. 13th Int. Symp. on Fault-Tolerant Computing*, 1983, pp. 314–317.Google Scholar - [109]F. Preparata, G. Metze, R. Chien, “On the Connection Assignment Problem of Diagnosable Systems,”
*IEEE Trans. on Electronic Comp.*, EC-16,No. 6, 1967, pp. 848–854.CrossRefGoogle Scholar - [110]M. A. Qureshi, “Construction and Solution of Markov Reward Models,” Doctoral Dissertation, University of Arizona, 1996.Google Scholar
- [111]M. A. Qureshi, W. H. Sanders, “A New Methodology for Calculating Distributions of Reward Accumulated During a Finite Interval,”
*Proc. 26th Int. Symp. on Fault-Tolerant Computing*, Sendai, Japan, June 1996, pp. 116–125.Google Scholar - [112]H. V. Ramasamy, M. Cukier, W. H. Sanders, “Formal Verification of an Intrusion-Tolerant Group Membership Protocol,”
*IEICE Trans. on Information and Systems*Spec. issue on Dependable Computing, E86-D,No. 12, December 2003, pp. 2612–2622.Google Scholar - [113]H.V. Ramasamy, P. Pandey, J. Lyons, M. Cukier, W.H. Sanders, “Quantifying the Cost of Providing Intrusion Tolerance in Group Communication Systems,”
*Proc. Int. Conf. on Dependable Systems & Networks (DSN’02)*, Washington, DC, June 23–26, 2002, pp. 229–238.Google Scholar - [114]J. Rearick, J. Patel, “Fast and Accurate CMOS Bridging Fault Simulation,”
*Proc. Int. Test Conf.*, Oct. 1993, pp. 54–62.Google Scholar - [115]Y. Ren, “AQuA: A Framework for Providing Adaptive Fault Tolerance to Distributed Applications,” Ph.D. thesis, University oflllinois at Urbana-Champaign, 2001.Google Scholar
- [116]Y.(J.) Ren, D.E. Bakken, T. Courtney, M. Cukier, D.A. Karr, P. Rubel, C. Sabnis, W.H. Sanders, R.E. Schantz, M. Seri, “AQuA: An Adaptive Architecture that Provides Dependable Distributed Objects,”
*IEEE Trans. on Comp.*, 52,No. 1, January 2003, pp. 31–50.CrossRefGoogle Scholar - [117]Y. Ren, M, Cukier, W.H. Sanders, “An Adaptive Algorithm for Tolerating Value Faults and Crash Failures,”
*IEEETrans. on Par. & Dist. Systems*, 12,No. 2, Feb. 2001, pp. 173–192.CrossRefGoogle Scholar - [118]D. Reynolds, C. Metze, “Fault Detection Capabilities of Alternating Logic,”
*IEEE Trans. on Comp.*, C-27, 1978, pp. 1093–1098.CrossRefMathSciNetGoogle Scholar - [119]P. Ryan, S. Rawat, W. Fuchs, “Two-stage Fault Location,”
*Proc. Int. Test Conf.*, Oct. 1991, pp. 963–968.Google Scholar - [120]C. Sabnis, M. Cukier, J. Ren, P. Rubel, W. H. Sanders, D. E. Bakken, D. A. Karr, “Proteus: A Flexible Infrastructure to Implement Adaptive Fault Tolerance in AQuA,” in C. B. Weinstock and J. Rushby (Eds.),
*Dependable Computing for Critical Applications 7*, vol. 12 in*Dependable Computing and Fault-Tolerant Systems*(A. Avizienis, H. Kopetz, and J. C. Laprie, Eds.), pp. 149–168. Los Alamitos, CA: IEEE CS, 1999.CrossRefGoogle Scholar - [121]A. Saleh, J. Serrano, J. Patel, “Reliability of Scrubbing Recovery Techniques for Memory Systems,”
*IEEE Trans. on Reliability*, April 1990, pp. 114–122.Google Scholar - [122]W. H. Sanders, “Construction and Solution of Performability Models Based on Stochastic Activity Networks,” Doctoral Dissertation, University of Michigan, 1988.Google Scholar
- [123]W. H. Sanders, “Integrated Frameworks for Multi-Level and Multi-Formalism Modeling,”
*Proc. of PNPM’99: 8th Int. Workshop on Petri Nets and Performance Models*, Zaragoza, Spain, September 8–10, 1999, pp. 2–9.Google Scholar - [124]W. H. Sanders, M. Cukier, F. Webber, P. Pal, R. Watro, “Probabilistic Validation of Intrusion Tolerance,”
*Supplemental Volume Int. Conf. on Dependable Systems & Networks (DSN-2002)*, Washington, DC, June 23–26, 2002, pp. B-78–B-79.Google Scholar - [125]W. H. Sanders, R. S. Freire, “Efficient Simulation of Hierarchical Stochastic Activity Network Models,”
*Discrete Event Dynamic Systems: Theory and Applications*, 3,No. 2/3, July 1993, pp. 271–300.MATHCrossRefGoogle Scholar - [126]W. H. Sanders, J. F. Meyer, “Reduced Base Model Construction Methods for Stochastic Activity Networks,”
*IEEE Journal on Selected Areas in Communications*, special issue on*Computer-Aided Modeling, Analysis, and Design of Communication Networks*, vol. 9,no. 1, Jan. 1991, pp. 25–36.CrossRefGoogle Scholar - [127]W. H. Sanders, J. F. Meyer, “Stochastic Activity Networks: Formal Definitions and Concepts,” in E. Brinksma, H. Hermanns, and J. P. Katoen (Eds.),
*Lectures on Formal Methods and Performance Analysis, First EEF/Euro Summer School on Trends in Computer Science, Berg en Dal, The Netherlands, July 3–7, 2000, Revised Lectures, LNCS*no. 2090, pp. 315–343. Berlin: Springer, 2001.CrossRefGoogle Scholar - [128]W. H. Sanders, J. F. Meyer, “A Unified Approach for Specifying Measures of Performance, Dependability, and Performability,”
*Dependable Computing for Critical Applications*, Vol. 4 of*Dependable Computing and Fault-Tolerant Systems*(ed. A. Avizienis, H. Kopetz, and J. Laprie), Springer-Verlag, 1991, pp. 215–237.Google Scholar - [129]W.H. Sanders, W.D. Obal II, M.A. Qureshi, F.K. Widjanarko, “The
*UltraSAN*Modeling Environment,”*Performance Evaluation*, 24,No. 1, Oct.–Nov. 1995, pp. 89–115.MATHCrossRefGoogle Scholar - [130]D. Schertz, G. Metze, “A New Representation for Faults in Combinational Digital Circuits,”
*IEEE Trans. on Comp.*, C-21,No. 8, 1972, pp. 858–866.Google Scholar - [131]D. Schertz, “On the Representation of Digital Faults,” Coordinated Science Laboratory Technical Report R418, University of Illinois, Urbana, Illinois, 1969.Google Scholar
- [132]D. Schertz, G. Metze, “On the Indistinguishability of Faults in Digital Systems,”
*Proc. 6th Ann. Allerton Conf. on Circuit and System Theory*, 1968, pp. 752–760.Google Scholar - [133]M. Seri, T. Courtney, M. Cukier, V. Gupta, S. Krishnamurthy, J. Lyons, H. Ramasamy, J. Ren, W. H. Sanders, “A Configurable CORBA Gateway for Providing Adaptable System Properties,”
*Supplemental Volume Int. Conf. on Dependable Systems & Networks (DSN-2002)*, Washington, DC, June 23–26, 2002, pp. G-26–G-30.Google Scholar - [134]S. Seshu, D. Freeman, “The Diagnosis of Asynchronous Sequential Switching Systems”,
*IRE Trans. onElectronic Comp.*, EC-11,No. 4, 1962, pp. 459–465.MathSciNetCrossRefGoogle Scholar - [135]S. Seshu, “The Logic Organizer and Diagnosis Programs”, Coordinated Science Laboratory Technical Report R226, University of Illinois, Urbana, IL, 1964.Google Scholar
- [136]S. Seshu, “On an Improved Diagnosis Program”,
*IEEE Trans. on Electronic Comp. EC-14*,No. 1, 1965, pp. 76–79.CrossRefGoogle Scholar - [137]S. Singh, M. Cukier, W. H. Sanders, “Probabilistic Validation of an Intrusion-Tolerant Replication System,”
*Proc. Int. Conf. on Dependable Systems and Networks (DSN-2003)*, San Francisco, CA, June 22–25, 2003, pp. 615–624.Google Scholar - [138]J. Smith, “On Necessary and Sufficient Conditions for Multiple Fault Undetectability,”
*IEEE Trans. on Comp.*, C-28, 1979, pp. 801–802CrossRefGoogle Scholar - [139]J. Smith, “The Design ofTotally Self-Checking Combinational Circuits,” Coordinated Science Laboratory Technical Report R-737, University of Illinois, Urbana, IL, 1976.Google Scholar
- [140]J. Smith, G. Metze, “On the Existence of Combinational Networks with Arbitrary Multiple Redundancies,” Coordinated Science Laboratory Technical Report R-692, University of Illinois, Urbana, IL, 1975.Google Scholar
- [141]J. Smith, G. Metze, “Strongly Fault-Secure Logic Networks,”
*IEEE Trans. on Comp.*, C-27,No. 6, 1978, pp. 491–499.CrossRefMathSciNetGoogle Scholar - [142]F. Stevens, “Validation of an Intrusion-Tolerant Information System Using Probabilistic Modeling,” Master’s Thesis, University of Illinois, 2004.Google Scholar
- [143]D. Stott, B. Floering, D. Burke, Z. Kalbarczyk, R. K. Iyer, “NFTAPE: A Framework for Assessing Dependability in Distributed Systems with Lightweight Fault Injectors,”
*Proc. Int. Computer Performance & Dependability Symp. (IPDS)*, March 2000, pp. 91–100.Google Scholar - [144]D. Stott, P. Jones, M. Hamman, Z. Kalbarczyk, R. Iyer, “NFTAPE: Network Fault Tolerance and Performance Evaluator,”
*Proc. Int. Conf. on Dependable Systems and Networks, DSN’02*, June 2002, pp. 542.Google Scholar - [145]D. Suk, S. Reddy, “A March Test for Functional Faults in Semiconductor Random Access Memories,”
*IEEE Trans. on Comp.*, C-30, 1981, pp. 982–984.CrossRefGoogle Scholar - [146]S. Thatte, J. Abraham, “Testing of Semiconductor Random Access Memories,”
*Proc. 7th Int. Symp. on Fault-Tolerant Computing*, 1977, pp. 81–87.Google Scholar - [147]S. Thatte, J. Abraham, “Test Generation for Microprocessors,”
*IEEE Trans. on Comp.*, C-29,No. 6, 1980, pp. 429–441.CrossRefMathSciNetGoogle Scholar - [148]K. To, “Fault Folding for Irredundant and Redundant Combinational Circuits”,
*IEEE Trans. on Comp. C-22*,No. 11, 1973, pp. 1008–1015.CrossRefMathSciNetGoogle Scholar - [149]T. Tsai, M-Ch. Hsueh, H. Zhao, Z. Kalbarczyk, R. K. Iyer, “Stress-based and Pathbased Fault Injection,”
*IEEE Trans. on Comp.*, 48,No. 11, Nov. 1999, pp. 1183–1201.CrossRefGoogle Scholar - [150]J. Tvedt, “Solution of Large-Sparse Stochastic Process Representations of Stochastic Activity Networks,” Master’s Thesis, University of Arizona, 1990.Google Scholar
- [151]E. Ulrich and T. Baker, “The Concurrent Simulation of Nearly Identical Digital Systems,”
*Proc. 10th Design Automation Workshop*, June 1973, pp. 145–150.Google Scholar - [152]A. P. A. van Moorsel, W. H. Sanders, “Adaptive Uniformization,”
*ORSA Communications in Statistics: Stochastic Models*, 10,No. 3, August 1994, pp. 619–648.MATHCrossRefGoogle Scholar - [153]A. P. A. van Moorsel, W. H. Sanders, “Transient Solution of Markov Models by Combining Adaptive & Standard Uniformization,”
*IEEE Trans. on Reliability*, 46,No. 3, September 1997, pp. 430–440.CrossRefGoogle Scholar - [154]L. Wang, Z. Kalbarczyk, R. K. Iyer, H. Vora, T. Chahande, “Checkpointing of Control Structures in Main Memory Database Systems,”
*Proc. Conf. on Dependable Systems and Networks, DSN’04*, June 2004.Google Scholar - [155]Y. Wang, K. Fuchs, “Optimal Message Log Reclamation for Independent Checkpointing,” Technical Report CRHC-93-07, University of Illinois, 1993.Google Scholar
- [156]D. Wheeler and J. Robertson, “Diagnostic Programs for the ILLIAC,”
*Proc. IRE 41*, 1953, pp. 1320–1325.Google Scholar - [157]K. Whisnant, R,K. Iyer, Z. Kalbarczyk, P.H. Jones III, D.A. Rennels, R. Some, “The Effects of an ARMOR-Based SIFT Environment on the Performance and Dependability of User Applications,”
*IEEE Trans. on Software Eng.*, 30,No. 4, April 2004, pp. 257–277.CrossRefGoogle Scholar - [158]K. Whisnant, Z. Kalbarczyk, R. Iyer, “A System Model for Reconfigurable Software,”
*IBM Systems Journal*, 42,No. 1, 2003, pp. 45–59.CrossRefGoogle Scholar - [159]J. Xu, S. Chen, Z. Kalbarczyk, R. K. Iyer, “An Experimental Study of Security Vulnerabilities Caused by Errors,”
*Proc. Conf. on Dependable Systems and Networks, DSN’01*, July 2001, pp. 421–430.Google Scholar - [160]J. Xu, Z. Kalbarczyk, R.K. Iyer, “Transparent Runtime Randomization for Security,”
*Proc. Symp. on Reliable and Distributed Systems, SRDS’03*, October 2003.Google Scholar - [161]J. Xu, Z. Kalbarczyk, R. Iyer, “Networked Windows NT System Filed Failure Data Analysis,”
*Proc. Pacific Rim Int. Symp. on Dependable Computing*, Hong Kong, 1999.Google Scholar

## Copyright information

© Springer Science + Business Media, Inc. 2004