All systems, regardless of how carefully they have been constructed, suffer failures. This paper focuses on developing a formal understanding of failure with respect to system implementations. Furthermore, we would like the system design process to be able to leverage off of this understanding. It is important to deal with failures in a system context, rather than a priori limiting the solution to a particular technology, such as software alone. Our approach is limited to the class of systems that can be modeled by hybrid finite state machines (HFSMs) as described in Winter [1]. The purpose of this paper is to lay out a process, or framework, that can aid in identification and characterization of techniques for dealing with the different types of system threats. This framework leads naturally to a taxonomy of technologies and strategies for dealing with the various types of threats. In this process technologies are used to identify a priority list of technical capabilities for dealing...
Raymond Berg, Victor L. Winter