Dependability Arguments With Trusted Bases
An approach is suggested for arguing that a system is dependable. The key idea is to structure the system so that critical requirements are localized in small, reliable subsets of the system's components called trusted bases. This paper describes an idiom for modeling systems with trusted bases, and a technique for analyzing a dependability argument - the argument that a trusted base is sufficient to establish a requirement. Traditional approaches to dependability focus on ex post facto methods, such as verification, testing, and inspection. Despite advances in these methods, achieving dependability in a complex system still poses a formidable challenge.