- Lukas Pirl, Daniel Richter, Arne Boockmeyer and Andreas Polze
- Seminar on Embedded Operating Systems WiSe20
- Operating Systems & Middleware Group
- Hasso Plattner Institute at the University of Potsdam, Germany
2.5h Facebook outage 2010
- “friendly” DDoS due to wrong configuration value
8h Azure outage 2012
- leap day bug in SSL certificate generation
4.5h Amazon S3 outage 2017
- typo in manual command took “too many” servers down
single component view
systems of systems view
seL4
microkernel¹ no widely-accepted definition to differentiate between the two
¹ no widely-accepted definition here; this is what I think makes sense; feel free to question and have your own view
depends heavily on system under consideration
aspects to consider
different approaches have different advantages and disadvantages, e.g.:
Hardware | Software | |||
---|---|---|---|---|
with contact | without contact | with contact | without contact | |
cost | high | high | low | low |
perturbation | none | none | low | high |
risk of damage | high | low | none | none |
time resolution | high | high | high | low |
injection points | chip pin | chip internal | memory | memory |
software | IO controller | |||
controllability | high | low | high | high |
trigger | yes | no | yes | yes |
repeatability | high | low | high | high |
M.-C. Hsueh, T. K. Tsai, and R. K. Iyer, “Fault injection techniques and tools,” vol. 30, no. 4, pp. 75–82, Apr. 1997.
black-box
white-box
Lena Feinbube