Abstract
This paper discusses measures to make a distributed system based on the Time-Triggered Architecture resistant to arbitrary node failures. The presented approach introduces a central guardian as part of the interconnection network. This guardian acts as a supervising unit to node computers by checking for compliance to the fault hypothesis at the network interface of the node. By implementing appropriate algorithms the guardian is able to transform failure modes (of nodes) that cannot be tolerated by the fault hypothesis of the TTP/Cprotocol. This transformation ensures that — at the interface to correct nodes — even an arbitrarily faulty node will be compliant to the fault hypothesis of the TTP/C communication protocol.