Software systems are designed and implemented with assumptions about the
environment. However, once the system is deployed, the actual
environment may deviate from its expected behavior, possibly undermining
desired properties of the system. To enable systematic design of
systems that are robust against potential environmental deviations, we
propose a rigorous notion of robustness for software systems. In
particular, the robustness of a system is defined as the largest set of
deviating environmental behaviors under which the system is capable of
guaranteeing a desired property. We describe a new set of design
analysis problems based on our notion of robustness, and a technique for
automatically computing robustness of a system given its behavior
description. We demonstrate potential applications of our robustness
notion on two case studies involving network protocols and
safety-critical interfaces.