Abstract
Operator mistakes have been identified as a significant source of unavailability in Internet services. In our previous work, we proposed operator action validation as a framework for detecting mistakes while hiding them from the service and its users. Unfortunately, previous validation strategies have limitations: they require known instances of correct behavior for comparison and they fail to detect latent mistakes, i.e. those that do not lead to unexpected behaviors during the validation process. In this paper, we propose a novel validation strategy, called model-based validation, that addresses these limitations and complements the other strategies. Modelbased validation introduces a new language for service engineers to write assertions about expected behaviors, proper configurations, and proper structural characteristics, and an associated runtime system, which executes the assertions and monitors the service’s execution. Our evaluation demonstrates that model-based validation is highly effective at detecting and hiding both activated and latent mistakes.