Component failure mitigation according to failure type

Off-The-Shelf (OTS) software components are being used within complex safety-critical applications. However, to use these untrustworthy components with confidence, it is necessary to ensure that potential failures of the components cannot contribute to system level hazards. This requires the system level effects of component failures to be understood and mitigated using suitable fault tolerance techniques. However, the black-box nature of an OTS component implies the visibility and modifiability of the component is very limited. This restricts the choice of available fault tolerance techniques in mitigating failures of an OTS component. This paper presents a systematic approach to facilitate the selection of appropriate mitigation strategies according to a classification of failure types of an untrustworthy component. This approach enables an untrustworthy component to be used in a safety-critical context with increased confidence