Implications of High Assurance
Modeling of dynamic reconfiguration, fault tolerance, operating modes
Assurance of
- runtime support
- recovery path and fallback configuration
Assurance of upgrade
- transitive closure of dependencies
- impact delimiters to reduce transitive closure
In summary: dependable system upgrade