6.3. Proposed Taxonomy and Framework

In this section, we propose a feedback control system (Figure 6.3) as a framework that can generically integrate dependability and security. Key notations and concepts for the illustration of this framework are also provided.

6.3.1. Key Notations of the Feedback Control System Model

The following are conventional notations of feedback control systems. They are tailored whenever needed for our framework.

Control system: A system that is under control, normally under regulators’ control, to achieve the desired objectives.

Desired trajectory: Desired objectives normally specified by the user.

Disturbance: Anything that tends to push system behavior off the track is considered a disturbance. A disturbance can occur within a system or from the external environment.

Feedback: Use of the information observed from a system’s behavior to readjust/regulate the corrective action/control so that the system can achieve the desired objectives.

Feedback control system: A control system that deploys a feedback mechanism. This is also called a closed-loop control system.

Filter: A mechanism retrieving a system’s state to deliver output perceived by the user.

Open-loop control system: A control system without a feedback mechanism.

Regulator: A mechanism that can combine the input/users’ instructions and feedback information to take corrective control actions to make a system’s behavior achieve its desired objectives.

System: A composite constructed from functional components. The interaction of these components may exhibit new features/functions that none of the composite components possess individually.

System output: System behavior perceived by the user.

6.3.2. Definitions of Basic Concepts of Dependability and Security within the Proposed Framework

Correct service: Delivered system behavior is within the error tolerance boundary.

Desired service: Delivered system behavior is at or close to the desired trajectory.

Error: Deviation of system behavior/output from the desired trajectory.

Error tolerance boundary: A range within which the error is considered acceptable by a system or user. This boundary is normally specified by the user.

Fault: Normally the hypothesized cause of an error is called fault [7]. It can be internal or external to a system. An error is defined as the part of the total state of a system that may lead to subsequent service failure. Observing that many errors do not reach a system’s external state and cause a failure, Avizienis et al. [7] have defined active faults that lead to error and dormant faults that are not manifested externally.

Service failure or failure: An event that occurs when system output deviates from the desired service and is beyond the error tolerance boundary.