Lecture Notes in Computer Science 1150 Edited by G. Goos, J. Hartmanis and J. van Leeuwen Advisory Board: W. Brauer D. Gries J. Stoer Andrzej Hlawiczka Jo~o Gabriel Silva Luca Simoncini ).sdE( elbadnepeD gnitupmoC 2-CCDE Second European Dependable Computing Conference Taormina, Italy, October 2-4, 1996 Proceedings regnirpS Series Editors Gerhard Goos, Karlsruhe University.. Germany Juris Hartmanis, Cornell University, ,YN USA Jan van Leeuwen, Utrecht University, The Netherlands Volume Editors Andrzej Hlawiczka Silesian Technical University, Instytut Elektroniki ul. Akademicka ,61 44 100 Gliwice, Poland Jo~o Gabriel Silva Polo II - Universidade, Dep. Eng. lnform~tica Pinhal de Marrocos, 3030 Coimbra, Portugal E-mail: [email protected] Luca Simoncini Universit~i di Pisa, Dip. di Ingegneria dell'Informazione Via Diotisalvi 2, 1-56126 Pisa, Italy E-mail: [email protected] Cataloging-in-Publication data applied for Die Deutsche Bibliothek - CIP-Einheitsaufnahme Dependable computing : proceedings / EDCC-2, Second European Dependable Computing Conference, Taormina, Italy, October 2 - 4, 1996. Andrzej Hlawiczka ... (ed.). - Berlin ; Heidelberg ; New York ; Barcelona ; Budapest ; Hong Kong ; London ; Milan ; Paris ; Santa Clara ; Singapore ; Tokyo : Springer, 1996 (Lecture notes in computer science ; Vol. 1t50) ISBN 3-540-61772-8 NE: Hlawiezka, Andrzej Hrsg.; EDCC <2, i996, Taormina>; GT CR Subject Classification (1991): B.1.3, B.2.3, B.3.4, B.4.5, C.3-4, D.2.4, D.2.8, D.4.5, E.4, J.7 ISSN 0302-9743 ISBN 3-540-61772-8 Springer-Verlag Berlin Heidelberg New York This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks, Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9,1965, in its current version, and permission for use must always be obtained from Springer-Verlag. Violations are liable for prosecution under the German Copyright Law, (cid:14)9 Springer-Verlag Berlin Heidelberg 1996 Printed in Germany Typesetting: Camera-ready by author SPIN 10513762 06/3142 - 5 4 3 2 1 0 Printed on acid-free paper Foreword The Second European Dependable Computing Conference continues the forum for dependable computing started with the first successful event, held in Berlin in October 1994. EDCC has been generated by merging two former conference series - the International Conference on Fault Tolerant Computing Systems held in the Federal Republic of Germany until 1991 and the International Conference on Fault- Tolerant Systems and Diagnostics held in the countries of Eastern Europe until 1990. Dependability, and all its attributes of reliability, availability, safety, security and integrity, is challenging for every computing system, in particular for those whose service is either time constrained or critical. Theoretical and experimental research form the scientific background to enable such applications. The EDCC conference is becoming a meeting point for the exchange of ideas, models, designs and results from all over the world. European research institutions, academia and industries have well established know-how in dealing with both research and applications and are at the frontier in exploiting novel techniques and designs. The work on dependability is supported by interest groups in several European countries. They agreed to set up EDCC as their common platform. The unification of their previous activities is also important from a political point of view, encouraging exchange of experiences matured in different realities and strengthening co-operation between all European countries, with no other limit than the scientific relevance of the work submitted and discussed. In effect this vision of Europe as a "common house" has been enforced also in the EEC co-operative research programmes which see a growing participation of East European countries. The East-West unification character of EDCC is underlined by the composition of the program committee, the external referees, the session chairs, the two program co- chairs and by the fact that the program committee meeting was held in Gliwice, Poland, at the Silesian Technical University. EDCC-2 would not be possible without the substantial contributions of many persons. First, the dedication of the two program co-chairs Joho Gabriel Silva and Andrzej Hlawiczka who did excellent work in both paper processing and running the program committee. Thanks are also due to all external referees and to the members of the program committee who reliably performed very serious and dedicated work in the difficult part of evaluating the papers. Ettore Ricciardi contributed a lot in publicising and disseminating information about the conference. IV The organisation was supported by the AICA Working Group on Dependability in Computing Systems, by the University of Pisa, and IEI and CNUCE of the Italian CNR. Their help is gratefully acknowledged. The conference has received generous financial support from several organisations: the Office of Naval Research Europe, Ansaldo Transporti, and the Italian National Council of Research. With their support it was possible to offer the participants warm hospitality to make the scientific exchange possible in a relaxed and nice setting. Final thanks are due to Springer-Verlag for publishing the conference proceedings in the well-known series Lecture Notes in Computer Science. I hope that EDCC-2 will be a successful continuation of this series and that the participants will find its technical and scientific contribution interesting. I also hope that all participants will enjoy Taormina and Sicily for their outstanding beauty and the hospitality of the Italian island. July 1996 Luca Simoncini General Chairman Preface Europe is certainly an exciting place to live at this end of the millennium. The big wall that divided us has fallen, but it is not all roses on the other side. Other potential walls lurk at each turn of the road that, we hope, leads to a Europe of peace and prosperity for all its inhabitants. The second European Dependable Computing Conference, EDCC-2, is a contribution of the dependable computing community to strengthen what unites us and keep away the devils that have turned us against each other so many times in the past. Without any isolationism -- the conference is European just because it is promoted mostly by Europeans on European soil, otherwise it is totally open to contributions from all over the world. May the smooth collaboration between the two program co-chairs, one from Central Europe and the other from Western Europe, be an indication of what lies ahead for Europe. As the second conference of a series, the program committee had the added responsibility of keeping up with the high scientific standards set forth by the first. For us, program co-chairs, it was a great honor to be considered capable of maintaining that standard, and we certainly did our best for it. The 66 received papers were subjected to rigorous reviewing by 146 referees from 24 countries. All regular papers were reviewed by at least four different people, except 4 that were reviewed by three people. The industrial track submissions were reviewed by three members of the program committee. The program committee, that comprised 41 people from 20 countries, was in charge of the final decision on acceptance and rejection. It should come as no surprise that the discussion was very lively when it met in Gliwice, Poland, on May 13 and 14, in the premises of the University Club of the Silesian Technical University. In the end, 26 papers were accepted, 4 of them on the industrial track. On next day, May 15, many of us attended, also in Gliwice, the EDCC-2 Companion Workshop. There we had the opportunity to listen to short presentations on the current research activities of many of the program committee members, and we had the privilege of witnessing the formation of the Polish Association for Dependability. We wish it a long and fruitful life. The industrial track, where less demanding papers from industry could be submitted, reporting on the problems and successes of using dependability techniques in industrial practice, managed to attract a small number of good quality papers that otherwise would not be considered. It is our view that they enrich the conference, and we recommend that such a track be maintained in the future. IIIV For the conference itself the single track structure was maintained, with ample time for presentation and discussion of each paper, and industrial and regular papers in the same sections. We hope that very interesting discussions will take place. The selected papers cover most of the areas of dependable computing, from evaluation and modeling to testing, from design and distribution to security, from replication and diagnosis to safety. The breath of the program will, we hope, appeal to most researchers in the field. We would also like to acknowledge the continued support of the Prof. Luca Simoncini, conference chair, and of Dr. David Powell, Program Chair of EDCC-1. David's database was essential to solve many tasks in the lengthy process that leads to a conference program; more relevant still, his wise advice enabled us to avoid many pitfalls and solve more satisfactorily many of the problems encountered. Finally, we hope that EDCC-2 has given a significant contribution to help establish EDCC as a high quality conference series. July 1996 Joao Gabriel Silva Andrzej Hlawiczka Program Co-Chairs Organization Committee General Chair Luca Simoncini University of Pisa Italy Program Co-Chairs Jo~o Gabriel Silva Andrzej Hlawiczka University of Coimbra Silesian Technical University Portugal Poland Finance and Local Arrangements Chair Ettore Ricciardi IEI - CNR, Pisa Italy International Liaison Chairs North America: Asia: Ravi Iyer Hideo Fujiwara University of Illinois at Urbana Nara Institute of Science and Champaign Technology USA Japan Program Committee Sergio Arevalo, Spain Jean Arlat, France Algirdas Avizienis, Lithuania Dimitri Avreski, Bulgaria Andrea Bondavalli, Italy Andrea Clematis, Italy Pierre Jacques Courtois, Belgium Yves Deswarte, France Klaus Echtle, Germany Michael Goessel, Germany Elena Gramatova, Slovakia Karl Erwin Grosspietch, Germany Boudewijn Haverkort, Netherlands Bjarne Helvik, Norway Jan Hlavicka, Czech Republic Johan Karlsson, Sweden Hubert Kirrmann, Switzerland Andrzej Krasniewski, Poland Henryk Krawczyk, Poland Jean Claude Laprie, France Bev Littlewood, U.K. Henrique Madeira, Portugal Erik Maehle, Germany Piero Maestrini, Italy Miroslaw Malek, Germany Giorgio Mongardi, Italy Gilles Muller, France Andras Pataricza, Hungary David Powell, France Anders P. Ravn, Denmark Michel Renovell, France Ernst Schmitter, Germany Santosh Shrivastava, U.K. Egor .S Sogomonian, Russia Janusz Sosnowski, Poland Bernd Straube, Germany Pascale Thevenod-Fosse, France Rajmund Ubar, Estonia Paulo Verissimo, Portugal External Referees Altman J. Gramatova E. Nett E. Amir Y. Grosspietsch K.-E Ni L.M. Andersen H.R. Guerraoui. R. Nicolaidis M. Arevalo S. Guthoff J. Novak O. Arlat J. Harari S. Nusbaumer H.J. Avresky D.R Harbour M.G. Pataricza A. Banerjee P. Haverkort B.R. Pleinevaux P. Belli F. Helvik B.E. Powel D. Bernardeschi C. Hiltunen M. Pravossoudovitch S. Bertolino A. Hlavicka J. Prinetto P. Bertrand Y. Issarny V. Puente J.D.L. Bidan C. Joubert P. Randell B. Bondawalli A. Juanole G. Ravn A.P. Bruck J. Kaiser J. Raynal M. Buchs D. Kanawati G.A. Renovell M. Carrasco J. Karlsson J. Rodrigues L. Carreira J. Kemnitz G. Rosenberg H.A. Chojcan J. Kikuno T. Rufino J. Ciardo G. Kirrman H. Rushby J. Ciufoletti A. Kopetz H. Sanders W. Clematis A. Krasniewski A. Santucci J.-F. Courtois P.-J. Krawczyk H. Sapiecha K. Cunha J.C. Krumm H. Schlichting R. Dal Cin M. Kunz W. Schmitter E. de Lemos R. Landrault C. Schneeweiss W.G. Deconinck G Laprie J.-C. Schoitsch E. Decotignie J.-D. Leveugle R. Schwartz M. Deswarte Y. Littlewood B. Selenyi E. Di Giandomenico F. Lo J.-C. Sens P. Dilger E. Lotti G. Sericola B. Drabek V. Lovric T. Shrivastava S.K. Draber S. Madeira H. Siegrist T. Echtle K. Maehle E. Sieh V. Escherman B. Maestrini P. Sifakis J. Ezhilchelvan P. Majzik I. Silva L.M. Fernandez E.B. Malek M. Slimani Y. Frankl P. Marie R. Sogomonian E.S. Fujiwara E. Mitrani I. Soler J.-L. Gantenbein R. Mittal R. Sosnowski J. Gaudel M.-C. Mongardi G. Sparmann U. Geisselhardt W. Morin C. Stalhane T. Girard P. Moustefaoui A. Steininger A. G6ssel M. Muller G. Stopp A. IX Straube B. Tyrrel A.M. Waeselynck H. Strigini L. Ubar R. PC Wellings A. Suri N. van de Goar A.J. Wunderlich H.-J. Thevenod P. Verissimo P. Xu J. Torin J. Vlcek K. Yu-Pang T. Tretmans J. Voges U.