This document discusses the key aspects of system dependability, including availability, reliability, safety, and security. It notes that dependability reflects the degree to which users trust a system and defines it as covering attributes like availability, reliability, and security. It also discusses factors that influence perceptions of reliability and availability, such as usage patterns, outage length and number of users affected.
This document discusses the concept of dependability in computer systems. It defines dependability as the extent to which a system operates as expected without failure. Dependability is determined by attributes like availability, reliability, safety, and security. The document outlines these principal properties and how they are related. It also discusses how dependability is perceived subjectively and how availability and reliability can be quantified.
The document discusses critical systems where failures can have severe consequences. It defines four dimensions of dependability - availability, reliability, safety, and security. Development methods for critical systems aim to avoid mistakes, detect and remove errors, and limit damage from failures. The dependability of a system reflects how much users trust that it will operate as expected without failures.
The document discusses critical systems where failures can have severe consequences. It defines four dimensions of dependability - availability, reliability, safety, and security. Development methods for critical systems aim to avoid mistakes, detect and remove errors, and limit damage from failures. The dependability of a system reflects how much users trust that it will operate as expected without failures.
This document provides an overview of key topics from Chapter 11 on security and dependability, including:
- The principal dependability properties of availability, reliability, safety, and security.
- Dependability covers attributes like maintainability, repairability, survivability, and error tolerance.
- Dependability is important because system failures can have widespread effects and undependable systems may be rejected.
- Dependability is achieved through techniques like fault avoidance, detection and removal, and building in fault tolerance.
This document discusses safety engineering for systems that contain software. It covers topics like safety-critical systems, safety requirements, and safety engineering processes. Safety is defined as a system's ability to operate normally and abnormally without harm. For safety-critical systems like aircraft or medical devices, software is often used for control and monitoring, so software safety is important. Hazard identification, risk assessment, and specifying safety requirements to mitigate risks are key parts of the safety engineering process. The goal is to design systems where failures cannot cause injury, death or environmental damage.
System dependability is a composite system property that reflects the degree of trust users have in a system. It is determined by availability, reliability, safety, and security. Dependability is subjective as it depends on user expectations - a system deemed dependable by one user may be seen as unreliable by another if it does not meet their expectations. Formal specifications of dependability do not always capture real user experiences.
The document discusses dependability in systems. It covers topics like dependability properties, sociotechnical systems, redundancy and diversity, and dependable processes. Dependability reflects how trustworthy a system is and includes attributes like reliability, availability, and security. Dependability is important because system failures can have widespread impacts. Both hardware and software failures and human errors can cause systems to fail. Techniques like redundancy, diversity, and formal methods can help improve dependability. Regulation is also discussed as many critical systems require approval from regulators.
This document discusses dependability requirements engineering for large-scale systems. It introduces concepts like dependability, dependability requirement types, and integrated requirements engineering. The document then focuses on safety requirements engineering and discusses an approach using viewpoints and concerns to discover requirements conflicts. An exemplar healthcare records management system is presented to demonstrate the approach, identifying key concerns like safety, privacy, and information quality for the system. Questions are generated from decomposed sub-concerns to help elicit system requirements.
This document discusses the concept of dependability in computer systems. It defines dependability as the extent to which a system operates as expected without failure. Dependability is determined by attributes like availability, reliability, safety, and security. The document outlines these principal properties and how they are related. It also discusses how dependability is perceived subjectively and how availability and reliability can be quantified.
The document discusses critical systems where failures can have severe consequences. It defines four dimensions of dependability - availability, reliability, safety, and security. Development methods for critical systems aim to avoid mistakes, detect and remove errors, and limit damage from failures. The dependability of a system reflects how much users trust that it will operate as expected without failures.
The document discusses critical systems where failures can have severe consequences. It defines four dimensions of dependability - availability, reliability, safety, and security. Development methods for critical systems aim to avoid mistakes, detect and remove errors, and limit damage from failures. The dependability of a system reflects how much users trust that it will operate as expected without failures.
This document provides an overview of key topics from Chapter 11 on security and dependability, including:
- The principal dependability properties of availability, reliability, safety, and security.
- Dependability covers attributes like maintainability, repairability, survivability, and error tolerance.
- Dependability is important because system failures can have widespread effects and undependable systems may be rejected.
- Dependability is achieved through techniques like fault avoidance, detection and removal, and building in fault tolerance.
This document discusses safety engineering for systems that contain software. It covers topics like safety-critical systems, safety requirements, and safety engineering processes. Safety is defined as a system's ability to operate normally and abnormally without harm. For safety-critical systems like aircraft or medical devices, software is often used for control and monitoring, so software safety is important. Hazard identification, risk assessment, and specifying safety requirements to mitigate risks are key parts of the safety engineering process. The goal is to design systems where failures cannot cause injury, death or environmental damage.
System dependability is a composite system property that reflects the degree of trust users have in a system. It is determined by availability, reliability, safety, and security. Dependability is subjective as it depends on user expectations - a system deemed dependable by one user may be seen as unreliable by another if it does not meet their expectations. Formal specifications of dependability do not always capture real user experiences.
The document discusses dependability in systems. It covers topics like dependability properties, sociotechnical systems, redundancy and diversity, and dependable processes. Dependability reflects how trustworthy a system is and includes attributes like reliability, availability, and security. Dependability is important because system failures can have widespread impacts. Both hardware and software failures and human errors can cause systems to fail. Techniques like redundancy, diversity, and formal methods can help improve dependability. Regulation is also discussed as many critical systems require approval from regulators.
This document discusses dependability requirements engineering for large-scale systems. It introduces concepts like dependability, dependability requirement types, and integrated requirements engineering. The document then focuses on safety requirements engineering and discusses an approach using viewpoints and concerns to discover requirements conflicts. An exemplar healthcare records management system is presented to demonstrate the approach, identifying key concerns like safety, privacy, and information quality for the system. Questions are generated from decomposed sub-concerns to help elicit system requirements.
The document provides an overview of key security engineering activities that should be integrated into the software development lifecycle (SDLC). It discusses securing each phase of development through threat modeling, secure coding practices like code reviews, and security testing. The goal is to build security into applications from the start to help prevent vulnerabilities and deliver more robust products.
This document summarizes Chapter 12 of a textbook on dependability and security specification. It discusses risk-driven specification, including identifying risks, analyzing risks, and defining requirements to reduce risks. It also covers specifying safety requirements by identifying hazards, assessing hazards, and analyzing hazards to discover root causes. The goal is to specify requirements that ensure systems function dependably and securely without failures causing harm.
This document summarizes key concepts from Chapter 15 on resilience engineering. It discusses resilience as the ability of systems to maintain critical services during disruptions like failures or cyberattacks. Resilience involves recognizing issues, resisting failures when possible, and recovering quickly through activities like redundancy. The document also covers sociotechnical resilience, where human and organizational factors are considered, and characteristics of resilient organizations like responsiveness, monitoring, anticipation, and learning.
The document discusses specifications for dependability and security. It covers topics like risk-driven specification, safety specification, and security specification. It emphasizes that critical systems specification should be risk-driven as risks pose a threat to the system. The risk-driven approach aims to understand risks faced by the system and define requirements to reduce these risks through phased risk analysis including preliminary, life cycle, and operational risk analysis. Safety specification identifies protection requirements to ensure system failures do not cause harm, with risk identification, analysis, and reduction mirroring hazard identification, assessment, and analysis. An example of a safety-critical insulin pump system is provided to illustrate dependability requirements and risk analysis.
The document discusses critical systems and their dependability requirements. It defines critical systems as those where failure could result in loss of life, environmental damage, or large economic losses. Dependability encompasses availability, reliability, safety, and security. The document uses the example of an insulin pump, a safety-critical system, to illustrate dependability dimensions and how failures could threaten human life. Formal development methods may be required for critical systems due to the high costs of failure.
This document provides an overview of topics in chapter 13 on security engineering. It discusses security and dependability, security dimensions of confidentiality, integrity and availability. It also outlines different security levels including infrastructure, application and operational security. Key aspects of security engineering are discussed such as secure system design, security testing and assurance. Security terminology and examples are provided. The relationship between security and dependability factors like reliability, availability, safety and resilience is examined. The document also covers security in organizations and the role of security policies.
The chapter discusses software evolution, including that software change is inevitable due to new requirements, business changes, and errors. It describes how organizations must manage change to existing software systems, which represent huge investments. The majority of large software budgets are spent evolving, rather than developing new, systems. The chapter outlines the software evolution process and different approaches to evolving systems, including addressing urgent changes. It also discusses challenges with legacy systems and their management.
This document discusses safety standards for critical systems and proposes a new concept called Assured Reliability and Resilience Level (ARRL). It notes that while safety standards aim to reduce risk, their requirements differ across domains. The document argues that Safety Integrity Levels (SIL) alone are not sufficient and that Quality of Service is a more holistic criterion. It also notes standards provide little guidance on composing systems from components. The ARRL concept aims to address these issues and complement SIL by considering factors like component trustworthiness and fault behavior. The document suggests ARRL could help foster cross-domain safety engineering.
Program Robustness is now more important than before, because of the role software programs play in our
life. Many papers defined it, measured it, and put it into context. In this paper, we explore the different
definitions of program robustness and different types of techniques used to achieve or measure it. There
are many papers about robustness. We chose the papers that clearly discuss program or software
robustness. These papers stated that program (or software) robustness indicates the absence of ungraceful
failures. There are different types of techniques used to create or measure a robust program. However,
there is still a wide space for research in this area.
This document discusses systems of systems and complexity. It begins by defining systems of systems and providing examples. Key characteristics of systems of systems include operational and managerial independence of elements, and evolutionary development. The document then covers sources of complexity, including technical, managerial and governance complexity. It discusses how reductionism has traditionally been used to manage complexity in engineering but has limitations for large systems of systems.
The document discusses security engineering design guidelines and system survivability. It covers:
1) Design guidelines that help make secure design decisions and raise security awareness.
2) Guidelines for avoiding single points of failure, failing securely, balancing security and usability, and more.
3) Designing for deployment to minimize vulnerabilities introduced during configuration and installation.
4) Ensuring systems can continue essential services when under attack through resilience and recoverability.
The document discusses reusable software components in safety-critical real-time systems. It notes that safety-critical systems must be certified to demonstrate acceptable safety. The use of off-the-shelf components poses challenges for certification. Contracts and pre/post-conditions can be used to specify requirements for components and ensure consistency across contexts. Reliability must also be considered when components are reused in new environments.
The document discusses safety-critical systems and their dependability. It defines safety-critical systems as those whose failure could result in catastrophic consequences such as loss of life. Examples include failures that caused loss of spacecraft, power outages, and airplane crashes. Dependability is the ability of a system to deliver services and avoid failures. It consists of threats like faults, errors, and failures; attributes like availability and reliability; and means to achieve attributes like fault prevention and fault tolerance. The document outlines techniques used to develop dependable safety-critical systems, including verification, validation, and engineering practices applied at early stages.
The document discusses techniques for achieving dependable software systems. It covers redundancy and diversity approaches including N-version programming where multiple versions of software are developed independently. Dependable system architectures like protection systems and self-monitoring architectures that use redundancy are described. The document emphasizes that a well-defined development process is important for minimizing faults and notes validation activities should include requirements reviews, testing, and change management.
Covers security and privacy issues for software product developers including attacks and defenses, encryption, authentication, authorisation and data protection
An Introduction to Designing Reliable Cloud Services January 2014David J Rosenthal
This document provides an overview of designing reliable cloud services. It discusses key concepts like reliability versus resiliency and recovery-oriented computing. The document outlines a design process including failure mode and effects analysis to plan for failures. Designing for resilience, data integrity, and recoverability are essential principles. Coping strategies should allow services to degrade gracefully when failures occur. The goal is to minimize downtime and keep services available through redundancy and rapid recovery.
For an organization to function efficiently it is important to have security controls to ensure the protection of confidentiality, integrity and availability of information and systems. Compliance is the process of ensuring all systems in an organization met a set of predefined specific rules.
In this article we will address the need for compliance automation and how SecPod’s Saner provides enterprises the ability to automate compliance while minimizing time spent on non-compliant state.
This document discusses the topics of security and dependability in computer systems. It defines dependability as comprising reliability, availability, safety, and security. These properties are interdependent and important for systems where failures could significantly impact users. The document outlines various dependability properties and how they are measured. It discusses how dependability is achieved through techniques like fault avoidance and tolerance. It also distinguishes between safety and reliability, defining safety as preventing harm even if a system fails. Key aspects of safety-critical systems and achieving safety are also covered.
This document provides an overview of reliability engineering topics including software reliability, fault tolerance, and reliability requirements. It discusses key concepts such as availability, reliability, faults, errors and failures. It also describes different fault-tolerant system architectures and reliability metrics including probability of failure on demand, rate of occurrence of failures, and availability. Functional reliability requirements and examples are also presented relating to checking requirements, recovery requirements, redundancy requirements and development process requirements.
The document discusses reliability engineering and fault tolerance. It covers topics like availability, reliability requirements, fault-tolerant architectures, and reliability measurement. It defines key terms like faults, errors, and failures. It also describes techniques for achieving reliability like fault avoidance, fault detection, and fault tolerance. Specific architectures discussed include redundant systems and protection systems that can take emergency action if failures occur.
This chapter discusses dependable systems and covers topics like dependability properties, sociotechnical systems, redundancy and diversity, dependable processes, and formal methods for dependability. It defines dependability as reflecting a user's degree of trust in a system operating as expected without failure. Dependability encompasses attributes like reliability, availability, and security. Formal methods that use mathematical modeling can help reduce errors and improve dependability. Developing dependable systems also requires consideration of the sociotechnical context and dependable engineering processes.
Depandability in Software Engineering SE16koolkampus
The document discusses key concepts related to dependability in critical systems, including reliability, availability, safety, and security. It defines each concept and explains how they are related but distinct. For example, reliability is the probability that a system operates as intended, while safety ensures a system can operate without threatening people or the environment. The document also outlines approaches for achieving dependability, such as avoiding faults, detecting and removing errors, and limiting damage from failures or attacks.
The document provides an overview of key security engineering activities that should be integrated into the software development lifecycle (SDLC). It discusses securing each phase of development through threat modeling, secure coding practices like code reviews, and security testing. The goal is to build security into applications from the start to help prevent vulnerabilities and deliver more robust products.
This document summarizes Chapter 12 of a textbook on dependability and security specification. It discusses risk-driven specification, including identifying risks, analyzing risks, and defining requirements to reduce risks. It also covers specifying safety requirements by identifying hazards, assessing hazards, and analyzing hazards to discover root causes. The goal is to specify requirements that ensure systems function dependably and securely without failures causing harm.
This document summarizes key concepts from Chapter 15 on resilience engineering. It discusses resilience as the ability of systems to maintain critical services during disruptions like failures or cyberattacks. Resilience involves recognizing issues, resisting failures when possible, and recovering quickly through activities like redundancy. The document also covers sociotechnical resilience, where human and organizational factors are considered, and characteristics of resilient organizations like responsiveness, monitoring, anticipation, and learning.
The document discusses specifications for dependability and security. It covers topics like risk-driven specification, safety specification, and security specification. It emphasizes that critical systems specification should be risk-driven as risks pose a threat to the system. The risk-driven approach aims to understand risks faced by the system and define requirements to reduce these risks through phased risk analysis including preliminary, life cycle, and operational risk analysis. Safety specification identifies protection requirements to ensure system failures do not cause harm, with risk identification, analysis, and reduction mirroring hazard identification, assessment, and analysis. An example of a safety-critical insulin pump system is provided to illustrate dependability requirements and risk analysis.
The document discusses critical systems and their dependability requirements. It defines critical systems as those where failure could result in loss of life, environmental damage, or large economic losses. Dependability encompasses availability, reliability, safety, and security. The document uses the example of an insulin pump, a safety-critical system, to illustrate dependability dimensions and how failures could threaten human life. Formal development methods may be required for critical systems due to the high costs of failure.
This document provides an overview of topics in chapter 13 on security engineering. It discusses security and dependability, security dimensions of confidentiality, integrity and availability. It also outlines different security levels including infrastructure, application and operational security. Key aspects of security engineering are discussed such as secure system design, security testing and assurance. Security terminology and examples are provided. The relationship between security and dependability factors like reliability, availability, safety and resilience is examined. The document also covers security in organizations and the role of security policies.
The chapter discusses software evolution, including that software change is inevitable due to new requirements, business changes, and errors. It describes how organizations must manage change to existing software systems, which represent huge investments. The majority of large software budgets are spent evolving, rather than developing new, systems. The chapter outlines the software evolution process and different approaches to evolving systems, including addressing urgent changes. It also discusses challenges with legacy systems and their management.
This document discusses safety standards for critical systems and proposes a new concept called Assured Reliability and Resilience Level (ARRL). It notes that while safety standards aim to reduce risk, their requirements differ across domains. The document argues that Safety Integrity Levels (SIL) alone are not sufficient and that Quality of Service is a more holistic criterion. It also notes standards provide little guidance on composing systems from components. The ARRL concept aims to address these issues and complement SIL by considering factors like component trustworthiness and fault behavior. The document suggests ARRL could help foster cross-domain safety engineering.
Program Robustness is now more important than before, because of the role software programs play in our
life. Many papers defined it, measured it, and put it into context. In this paper, we explore the different
definitions of program robustness and different types of techniques used to achieve or measure it. There
are many papers about robustness. We chose the papers that clearly discuss program or software
robustness. These papers stated that program (or software) robustness indicates the absence of ungraceful
failures. There are different types of techniques used to create or measure a robust program. However,
there is still a wide space for research in this area.
This document discusses systems of systems and complexity. It begins by defining systems of systems and providing examples. Key characteristics of systems of systems include operational and managerial independence of elements, and evolutionary development. The document then covers sources of complexity, including technical, managerial and governance complexity. It discusses how reductionism has traditionally been used to manage complexity in engineering but has limitations for large systems of systems.
The document discusses security engineering design guidelines and system survivability. It covers:
1) Design guidelines that help make secure design decisions and raise security awareness.
2) Guidelines for avoiding single points of failure, failing securely, balancing security and usability, and more.
3) Designing for deployment to minimize vulnerabilities introduced during configuration and installation.
4) Ensuring systems can continue essential services when under attack through resilience and recoverability.
The document discusses reusable software components in safety-critical real-time systems. It notes that safety-critical systems must be certified to demonstrate acceptable safety. The use of off-the-shelf components poses challenges for certification. Contracts and pre/post-conditions can be used to specify requirements for components and ensure consistency across contexts. Reliability must also be considered when components are reused in new environments.
The document discusses safety-critical systems and their dependability. It defines safety-critical systems as those whose failure could result in catastrophic consequences such as loss of life. Examples include failures that caused loss of spacecraft, power outages, and airplane crashes. Dependability is the ability of a system to deliver services and avoid failures. It consists of threats like faults, errors, and failures; attributes like availability and reliability; and means to achieve attributes like fault prevention and fault tolerance. The document outlines techniques used to develop dependable safety-critical systems, including verification, validation, and engineering practices applied at early stages.
The document discusses techniques for achieving dependable software systems. It covers redundancy and diversity approaches including N-version programming where multiple versions of software are developed independently. Dependable system architectures like protection systems and self-monitoring architectures that use redundancy are described. The document emphasizes that a well-defined development process is important for minimizing faults and notes validation activities should include requirements reviews, testing, and change management.
Covers security and privacy issues for software product developers including attacks and defenses, encryption, authentication, authorisation and data protection
An Introduction to Designing Reliable Cloud Services January 2014David J Rosenthal
This document provides an overview of designing reliable cloud services. It discusses key concepts like reliability versus resiliency and recovery-oriented computing. The document outlines a design process including failure mode and effects analysis to plan for failures. Designing for resilience, data integrity, and recoverability are essential principles. Coping strategies should allow services to degrade gracefully when failures occur. The goal is to minimize downtime and keep services available through redundancy and rapid recovery.
For an organization to function efficiently it is important to have security controls to ensure the protection of confidentiality, integrity and availability of information and systems. Compliance is the process of ensuring all systems in an organization met a set of predefined specific rules.
In this article we will address the need for compliance automation and how SecPod’s Saner provides enterprises the ability to automate compliance while minimizing time spent on non-compliant state.
This document discusses the topics of security and dependability in computer systems. It defines dependability as comprising reliability, availability, safety, and security. These properties are interdependent and important for systems where failures could significantly impact users. The document outlines various dependability properties and how they are measured. It discusses how dependability is achieved through techniques like fault avoidance and tolerance. It also distinguishes between safety and reliability, defining safety as preventing harm even if a system fails. Key aspects of safety-critical systems and achieving safety are also covered.
This document provides an overview of reliability engineering topics including software reliability, fault tolerance, and reliability requirements. It discusses key concepts such as availability, reliability, faults, errors and failures. It also describes different fault-tolerant system architectures and reliability metrics including probability of failure on demand, rate of occurrence of failures, and availability. Functional reliability requirements and examples are also presented relating to checking requirements, recovery requirements, redundancy requirements and development process requirements.
The document discusses reliability engineering and fault tolerance. It covers topics like availability, reliability requirements, fault-tolerant architectures, and reliability measurement. It defines key terms like faults, errors, and failures. It also describes techniques for achieving reliability like fault avoidance, fault detection, and fault tolerance. Specific architectures discussed include redundant systems and protection systems that can take emergency action if failures occur.
This chapter discusses dependable systems and covers topics like dependability properties, sociotechnical systems, redundancy and diversity, dependable processes, and formal methods for dependability. It defines dependability as reflecting a user's degree of trust in a system operating as expected without failure. Dependability encompasses attributes like reliability, availability, and security. Formal methods that use mathematical modeling can help reduce errors and improve dependability. Developing dependable systems also requires consideration of the sociotechnical context and dependable engineering processes.
Depandability in Software Engineering SE16koolkampus
The document discusses key concepts related to dependability in critical systems, including reliability, availability, safety, and security. It defines each concept and explains how they are related but distinct. For example, reliability is the probability that a system operates as intended, while safety ensures a system can operate without threatening people or the environment. The document also outlines approaches for achieving dependability, such as avoiding faults, detecting and removing errors, and limiting damage from failures or attacks.
This chapter discusses dependable systems and covers several topics related to ensuring system dependability. It defines key dependability properties like availability, reliability, safety and security. It discusses causes of system failures and the importance of dependability. It also covers approaches to improving dependability like redundancy, diversity, and formal methods. Dependable processes with activities like requirements reviews, testing and inspections are also discussed.
This document discusses critical systems and system dependability. It defines critical systems as those where failure could have severe consequences, such as safety-critical systems where failure could result in loss of life. It describes four dimensions of dependability for critical systems: availability, reliability, safety, and security. Availability and reliability refer to a system operating properly and delivering services as expected. Safety ensures a system cannot cause harm or damage. Security protects a system from external attacks. The document uses an insulin pump as an example of a safety-critical system to illustrate dependability requirements and discusses techniques for achieving dependability.
This document outlines the syllabus for a course on Software Engineering and Project Management. It discusses various software development process models including the waterfall model, incremental process models, evolutionary process models, and agile development approaches. Specific models covered include the unified process, extreme programming, and scrum methodology. The document provides details on each model's phases and approach to software development. It also discusses topics like critical systems, system dependability, and reliability.
This document discusses techniques for engineering dependable software systems. It covers topics like redundancy and diversity, dependable processes, and dependable system architectures. Redundancy and diversity are fundamental approaches to achieving fault tolerance. Dependable processes use well-defined and repeatable development practices to minimize faults. Dependable system architectures, like protection systems and self-monitoring architectures, are designed to tolerate faults through techniques such as voting across redundant or diverse versions of the system.
This document discusses techniques for engineering dependable software systems. It covers redundancy and diversity approaches to achieve fault tolerance. Dependable systems are achieved through fault avoidance, detection, and tolerance. Critical systems often use regulated processes and dependable architectures like protection systems, self-monitoring architectures, and N-version programming which involve redundant and diverse components to continue operating despite failures. The document gives examples of how these techniques are applied in systems like aircraft flight control to maximize availability.
Cloud computing has gained popularity over the years, some organizations are using some form of cloud
computing to enhance their business operations while reducing infrastructure costs and gaining more
agility by deploying applications and making changes to applications easily. Cloud computing systems just
like any other computer system are prone to failure, these failures are due to the distributed and complex
nature of the cloud computing platforms.
Cloud computing systems need to be built for failure to ensure that they continue operating even if the
cloud system has an error. The errors should be masked from the cloud users to ensure that users continue
accessing the cloud services and this intern leads to cloud consumers gaining confidence in the availability
and reliability of cloud services.
In this paper, we propose the use of N-Modular redundancy to design and implement failure-free clouds
Cloud computing has gained popularity over the years, some organizations are using some form of cloud
computing to enhance their business operations while reducing infrastructure costs and gaining more
agility by deploying applications and making changes to applications easily. Cloud computing systems just
like any other computer system are prone to failure, these failures are due to the distributed and complex
nature of the cloud computing platforms.
This document discusses resilience engineering and designing resilient systems. It covers topics such as resilience, cybersecurity threats and controls, resilience planning, sociotechnical resilience, and resilient systems design. The key ideas are that resilience involves maintaining critical system services during disruptions, using defensive layers and redundancy to limit failures, and designing systems and processes to recognize, resist, recover from, and reinstate after problems.
This document provides an overview of topics covered in Chapter 14 on Security Engineering. It discusses security engineering and how it is concerned with applying security to applications, as well as security risk assessment and designing systems based on risk assessments. The document outlines the importance of security management, as well as risk management approaches like preliminary risk assessment, life cycle risk assessment, and operational risk assessment. It also discusses designing systems for security through approaches like incorporating security into architectural design, following best practices, and minimizing vulnerabilities introduced during deployment. Finally, the document discusses system survivability and delivering essential services even when under attack.
This document discusses dependability and security in computer systems. It defines dependability as the extent to which a system operates as expected without failure. Dependability is determined by attributes like availability, reliability, safety, and security. A system is considered dependable if it does not fail and continues delivering its expected services. The document outlines the importance of dependability and explains how attributes like availability, reliability, safety, and security are related and impact one another. It provides terminology and concepts regarding faults, failures, hazards, and risks as they relate to system dependability and security.
A Simplified Cost Efficient Distributed System architecture which relies on replication and recovery techniques using monitoring service, proxy service to handle service calls and a specialized server architecture which serves as both backup and standby service provider.
This document is a study guide for a data center availability certification exam. It begins with an introduction to availability, defining key terms like reliability, availability, MTBF, and MTTR. It discusses factors that threaten availability like power issues, inadequate cooling, equipment failures, disasters and human error. It explains how availability is calculated and the limitations of the "five nines" or 99.999% availability standard. Finally, it covers the costs of downtime, distinguishing between direct costs like lost revenue, overtime wages, and indirect costs. The overall document provides a high-level overview of data center availability fundamentals and considerations.
Probability that a product, piece of equipment, or system will perform its intended function for a stated period of time under specified operating conditions.
Resiliency vs High Availability vs Fault Tolerance vs Reliabilityjeetendra mandal
Resiliency describes a storage system's ability to recover from failures or disruptions through self-healing and error correction. High availability focuses on eliminating single points of failure to minimize downtime, but doubles the total cost of ownership. Investing in error recovery mechanisms provides resiliency without doubling costs. Fault tolerance guarantees zero downtime through redundant, actively-maintained copies of data.
This document provides an overview of the process improvement process, including process measurement, analysis, change, and the CMMI framework. It discusses measuring current processes to establish a baseline and analyzing processes to identify bottlenecks. Process changes are then introduced based on the analysis. The goal is to understand existing processes, relate them to models and standards, and identify constraints in order to improve quality, reduce costs and time. Process and product quality are closely linked, so improving processes enhances products.
The document summarizes key aspects of configuration management discussed in Chapter 25, including change management, version management, system building, and release management. Version management involves tracking different versions of software components to prevent interference between changes made by different developers. System building is the process of compiling and linking components to create an executable system. Release management prepares software for external distribution and tracks released system versions.
This document provides an overview of quality management in software engineering. It discusses software quality, standards, reviews, and measurements. Specifically, it covers three key areas:
1) Software quality management is concerned with ensuring software meets required quality levels through organizational processes and standards, applying quality processes at the project level, and establishing quality plans.
2) Quality management activities include independent checks on the development process and deliverables to ensure consistency with standards and goals.
3) Reviews and inspections allow groups to examine software and documentation to identify potential problems and approve progress between development stages.
This document provides an overview of project planning and estimation techniques used in software development. It discusses plan-driven and agile planning approaches. For plan-driven projects, it describes creating a detailed project plan with work breakdown, scheduling, milestones and resource allocation. It also discusses estimation techniques like experience-based estimating and algorithmic models like COCOMO. COCOMO models like application composition, early design, reuse and post-architecture are explained for estimating effort at different stages. Factors affecting accuracy and uncertainty in estimates are also covered.
This document discusses project management and risk management. It covers topics such as managing people, teamwork, risk identification, analysis, planning, monitoring, and strategies to manage common project risks like staff turnover, requirements changes, and underestimating timelines. The key aspects of software project management are planning, reporting, risk assessment, and people management to deliver software on schedule, within budget, and that meets customer expectations.
The document discusses aspect-oriented software development and key concepts in aspect-oriented programming such as aspects, join points, pointcuts, and advice. It covers how aspect-oriented programming supports separation of concerns by encapsulating cross-cutting concerns in aspects. Aspects define where advice code should be inserted via pointcuts specified at join points in the base code. This approach addresses issues like tangling and scattering that arise when implementing cross-cutting concerns in traditional object-oriented design.
This document provides an overview of embedded systems and real-time systems. It discusses embedded software characteristics including responsiveness in real-time. Common architectural patterns for embedded systems like observe and react, environmental control, and process pipeline are described. The document also covers timing analysis, real-time operating systems components, and non-stop system components to ensure continuous operation.
The document discusses service-oriented architecture (SOA) and key concepts in SOA, including:
1) SOA uses independent, reusable services as components for developing distributed systems, with services executing on different computers and communicating through standard protocols.
2) The benefits of SOA include flexibility in where services are provided and enabling inter-organizational computing through simplified information exchange.
3) Key SOA standards include SOAP for message exchange, WSDL for defining service interfaces and bindings, and WS-BPEL for defining service composition workflows.
This document provides an overview of distributed software engineering. It discusses key topics like distributed systems issues, client-server computing, and architectural patterns. Design issues for distributed systems like transparency, openness, scalability, security, and failure management are also covered. The document explains models of interaction, including remote procedure calls and message passing, and how middleware supports interaction and common services in distributed systems.
This document provides an overview of component-based software engineering (CBSE). It discusses key CBSE concepts like components, component models, CBSE processes, and component composition. Components are independent, reusable software entities with well-defined interfaces. A component model defines standards for component implementation and interoperability. CBSE processes include developing components for reuse, and developing software using existing reusable components. Middleware provides platform services to allow component communication.
The document discusses software reuse and chapter 16 of an unknown textbook. It covers several topics related to software reuse including application frameworks, software product lines, and COTS product reuse. Application frameworks provide a collection of abstract and concrete classes that can be extended and customized to create specific applications. Frameworks aim to increase reuse by providing a standardized architecture and interfaces that applications can build upon rather than developing everything from scratch. They must be extended by adding new classes and methods to create a complete application or subsystem.
This document discusses techniques for validating critical systems, including static analysis, reliability testing, and security testing. Static analysis techniques like formal verification, model checking, and automated program analysis examine source code or models without executing programs to check for errors. Reliability testing involves exercising software with test data matching actual usage to measure reliability levels. Validation costs are higher for critical systems due to additional analysis needed to ensure safety.
This document discusses approaches for specifying dependability and security requirements, including risk-driven, safety, and reliability specifications. It covers topics such as identifying risks and hazards, assessing their likelihood and impacts, analyzing root causes using techniques like fault trees, and defining requirements to reduce risks and prevent accidents. Safety requirements for an insulin pump example are provided. The key points are that risk analysis identifies risks that could lead to accidents, hazards are decomposed to discover their causes, and safety requirements ensure hazards do not occur or are limited if they do.
This document provides an overview of sociotechnical systems. It discusses how software systems are part of broader systems that include human, social, and organizational aspects. It describes the layers in a sociotechnical systems stack from equipment to society. Emergent properties, non-determinism, and differing views of success from stakeholders are characteristics of these complex systems. Systems engineering is the process of procuring, developing, and maintaining sociotechnical systems over their lifecycle.
This document discusses software evolution and maintenance. It covers topics like change processes, program evolution dynamics, software maintenance, and legacy system management. It notes that software change is inevitable due to new requirements, business changes, errors that need fixing, and other factors. Most software budgets are spent on evolving existing systems rather than new development. Lehman's laws describe insights into software evolution, such as the notion that change is continuous. Software maintenance involves modifying operational software to fix bugs, adapt to new environments, or add new functionality. Maintenance costs are typically higher than development costs and increase over time as software degrades.
The document provides an overview of software testing concepts including:
- The goals of testing are to validate that software meets requirements and to discover defects.
- There are different types of testing such as unit testing, component testing, and system testing that are done during development.
- Release and user testing are also discussed as later stages of the testing process.
- Key concepts covered include test-driven development, validation vs. defect testing, and strategies for effective unit testing including automated testing and partition testing.
This document discusses the design and implementation chapter of a lecture. It covers topics like using UML for object-oriented design, design patterns, and implementation issues. It then discusses the weather station case study used to illustrate the design process, including defining system context, use cases, architectural design, identifying object classes, design models, and interface specification.
The document discusses architectural design and key concepts:
- Architectural design determines the subsystems of a system and how they communicate. It represents the link between specification and design.
- Views and patterns are used to document architectures. Common views include logical, process, development, and physical views. Patterns like MVC and layered architectures organize systems.
- Architectural design involves decisions like the application architecture, distribution, styles, decomposition, and documentation. Views and non-functional requirements influence these decisions.
The document discusses different types of system models, including context models, interaction models, structural models, and behavioral models. It provides examples of each type of model using a case study of a mental health care patient management system (MHC-PMS). Context models show the environment and other related systems. Interaction models include use case diagrams and sequence diagrams to illustrate interactions between users and the system. Structural models, like class diagrams, depict the organization and architecture of a system through classes and their relationships.
This document discusses requirements engineering for software systems. It covers topics like functional and non-functional requirements, the software requirements document, and requirements processes. Functional requirements describe system services, while non-functional requirements constrain system services and development. Requirements can be ambiguous, incomplete, or inconsistent, so precision is important. Domain requirements impose constraints from the system's operational domain. Both functional and non-functional requirements, as well as domain requirements, are important to consider for software systems.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
International Conference on NLP, Artificial Intelligence, Machine Learning an...gerogepatton
International Conference on NLP, Artificial Intelligence, Machine Learning and Applications (NLAIM 2024) offers a premier global platform for exchanging insights and findings in the theory, methodology, and applications of NLP, Artificial Intelligence, Machine Learning, and their applications. The conference seeks substantial contributions across all key domains of NLP, Artificial Intelligence, Machine Learning, and their practical applications, aiming to foster both theoretical advancements and real-world implementations. With a focus on facilitating collaboration between researchers and practitioners from academia and industry, the conference serves as a nexus for sharing the latest developments in the field.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
ACEP Magazine edition 4th launched on 05.06.2024Rahul
This document provides information about the third edition of the magazine "Sthapatya" published by the Association of Civil Engineers (Practicing) Aurangabad. It includes messages from current and past presidents of ACEP, memories and photos from past ACEP events, information on life time achievement awards given by ACEP, and a technical article on concrete maintenance, repairs and strengthening. The document highlights activities of ACEP and provides a technical educational article for members.
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Embedded machine learning-based road conditions and driving behavior monitoring
Ch11
1. Chapter 11 – Security and Dependability
Lecture 1
1Chapter 11 Security and Dependability
2. Topics covered
Dependability properties
The system attributes that lead to dependability.
Availability and reliability
Systems should be available to deliver service and perform as
expected.
Safety
Systems should not behave in an unsafe way.
Security
Systems should protect themselves and their data from external
interference.
3. System dependability
For many computer-based systems, the most important
system property is the dependability of the system.
The dependability of a system reflects the user’s degree
of trust in that system. It reflects the extent of the user’s
confidence that it will operate as users expect and that it
will not ‘fail’ in normal use.
Dependability covers the related systems attributes of
reliability, availability and security. These are all inter-
dependent.
3Chapter 11 Security and Dependability
4. Importance of dependability
System failures may have widespread effects with large
numbers of people affected by the failure.
Systems that are not dependable and are unreliable,
unsafe or insecure may be rejected by their users.
The costs of system failure may be very high if the failure
leads to economic losses or physical damage.
Undependable systems may cause information loss with
a high consequent recovery cost.
4Chapter 11 Security and Dependability
5. Causes of failure
Hardware failure
Hardware fails because of design and manufacturing errors or
because components have reached the end of their natural life.
Software failure
Software fails due to errors in its specification, design or
implementation.
Operational failure
Human operators make mistakes. Now perhaps the largest
single cause of system failures in socio-technical systems.
5Chapter 11 Security and Dependability
7. Principal properties
Availability
The probability that the system will be up and running and able
to deliver useful services to users.
Reliability
The probability that the system will correctly deliver services as
expected by users.
Safety
A judgment of how likely it is that the system will cause damage
to people or its environment.
Security
A judgment of how likely it is that the system can resist
accidental or deliberate intrusions.
7Chapter 11 Security and Dependability
8. Other dependability properties
Repairability
Reflects the extent to which the system can be repaired in the
event of a failure
Maintainability
Reflects the extent to which the system can be adapted to new
requirements;
Survivability
Reflects the extent to which the system can deliver services
whilst under hostile attack;
Error tolerance
Reflects the extent to which user input errors can be avoided
and tolerated.
8Chapter 11 Security and Dependability
9. Repairability
The disruption caused by system failure can be
minimized if the system can be repaired quickly.
This requires problem diagnosis, access to the failed
component(s) and making changes to fix the problems.
Repairability is a judgment of how easy it is to repair the
software to correct the faults that led to a system failure.
Repairability is affected by the operating environment so
is hard to assess before system deployment.
Chapter 11 Security and Dependability 9
10. Maintainability
A system attribute that is concerned with the ease of
repairing the system after a failure has been discovered
or changing the system to include new features.
Repairability – short-term perspective to get the system
back into service; Maintainability – long-term
perspective.
Very important for critical systems as faults are often
introduced into a system because of maintenance
problems. If a system is maintainable, there is a lower
probability that these faults will be introduced or
undetected.
10Chapter 11 Security and Dependability
11. Survivability
The ability of a system to continue to deliver its services
to users in the face of deliberate or accidental attack
This is an increasingly important attribute for distributed
systems whose security can be compromised
Survivability subsumes the notion of resilience - the
ability of a system to continue in operation in spite of
component failures
11Chapter 11 Security and Dependability
12. Error tolerance
Part of a more general usability property and reflects the
extent to which user errors are avoided, detected or
tolerated.
User errors should, as far as possible, be detected and
corrected automatically and should not be passed on to
the system and cause failures.
Chapter 11 Security and Dependability 12
13. Dependability attribute dependencies
Safe system operation depends on the system being
available and operating reliably.
A system may be unreliable because its data has been
corrupted by an external attack.
Denial of service attacks on a system are intended to
make it unavailable.
If a system is infected with a virus, you cannot be
confident in its reliability or safety.
Chapter 11 Security and Dependability 13
14. Dependability achievement
Avoid the introduction of accidental errors when
developing the system.
Design V & V processes that are effective in discovering
residual errors in the system.
Design protection mechanisms that guard against
external attacks.
Configure the system correctly for its operating
environment.
Include recovery mechanisms to help restore normal
system service after a failure.
Chapter 11 Security and Dependability 14
15. Dependability costs
Dependability costs tend to increase exponentially as
increasing levels of dependability are required.
There are two reasons for this
The use of more expensive development techniques and
hardware that are required to achieve the higher levels of
dependability.
The increased testing and system validation that is required to
convince the system client and regulators that the required levels
of dependability have been achieved.
15Chapter 11 Security and Dependability
17. Dependability economics
Because of very high costs of dependability
achievement, it may be more cost effective to accept
untrustworthy systems and pay for failure costs
However, this depends on social and political factors. A
reputation for products that can’t be trusted may lose
future business
Depends on system type - for business systems in
particular, modest levels of dependability may be
adequate
17Chapter 11 Security and Dependability
18. Availability and reliability
Reliability
The probability of failure-free system operation over a specified
time in a given environment for a given purpose
Availability
The probability that a system, at a point in time, will be
operational and able to deliver the requested services
Both of these attributes can be expressed quantitatively
e.g. availability of 0.999 means that the system is up and
running for 99.9% of the time.
18Chapter 11 Security and Dependability
19. Availability and reliability
It is sometimes possible to subsume system availability
under system reliability
Obviously if a system is unavailable it is not delivering the
specified system services.
However, it is possible to have systems with low reliability
that must be available.
So long as system failures can be repaired quickly and does not
damage data, some system failures may not be a problem.
Availability is therefore best considered as a separate
attribute reflecting whether or not the system can deliver
its services.
Availability takes repair time into account, if the system
has to be taken out of service to repair faults.
19Chapter 11 Security and Dependability
20. Perceptions of reliability
The formal definition of reliability does not always reflect
the user’s perception of a system’s reliability
The assumptions that are made about the environment where a
system will be used may be incorrect
• Usage of a system in an office environment is likely to be quite
different from usage of the same system in a university environment
The consequences of system failures affects the perception of
reliability
• Unreliable windscreen wipers in a car may be irrelevant in a dry
climate
• Failures that have serious consequences (such as an engine
breakdown in a car) are given greater weight by users than failures
that are inconvenient
20Chapter 11 Security and Dependability
21. Reliability and specifications
Reliability can only be defined formally with respect to a
system specification i.e. a failure is a deviation from a
specification.
However, many specifications are incomplete or
incorrect – hence, a system that conforms to its
specification may ‘fail’ from the perspective of system
users.
Furthermore, users don’t read specifications so don’t
know how the system is supposed to behave.
Therefore perceived reliability is more important in
practice.
Chapter 11 Security and Dependability 21
22. Availability perception
Availability is usually expressed as a percentage of the
time that the system is available to deliver services e.g.
99.95%.
However, this does not take into account two factors:
The number of users affected by the service outage. Loss of
service in the middle of the night is less important for many
systems than loss of service during peak usage periods.
The length of the outage. The longer the outage, the more the
disruption. Several short outages are less likely to be disruptive
than 1 long outage. Long repair times are a particular problem.
Chapter 11 Security and Dependability 22
23. Key points
The dependability in a system reflects the user’s trust in
that system.
Dependability is a term used to describe a set of related
‘non-functional’ system attributes – availability, reliability,
safety and security.
The availability of a system is the probability that it will
be available to deliver services when requested.
The reliability of a system is the probability that system
services will be delivered as specified.
23Chapter 11 Security and Dependability
24. Chapter 11 – Security and Dependability
Lecture 2
24Chapter 11 Security and Dependability
25. Reliability terminology
Term Description
Human error or
mistake
Human behavior that results in the introduction of faults into a system. For
example, in the wilderness weather system, a programmer might decide that the
way to compute the time for the next transmission is to add 1 hour to the current
time. This works except when the transmission time is between 23.00 and
midnight (midnight is 00.00 in the 24-hour clock).
System fault A characteristic of a software system that can lead to a system error. The fault is
the inclusion of the code to add 1 hour to the time of the last transmission,
without a check if the time is greater than or equal to 23.00.
System error An erroneous system state that can lead to system behavior that is unexpected
by system users. The value of transmission time is set incorrectly (to 24.XX
rather than 00.XX) when the faulty code is executed.
System failure An event that occurs at some point in time when the system does not deliver a
service as expected by its users. No weather data is transmitted because the
time is invalid.
25Chapter 11 Security and Dependability
26. Faults and failures
Failures are a usually a result of system errors that are
derived from faults in the system
However, faults do not necessarily result in system
errors
The erroneous system state resulting from the fault may be
transient and ‘corrected’ before an error arises.
The faulty code may never be executed.
Errors do not necessarily lead to system failures
The error can be corrected by built-in error detection and
recovery
The failure can be protected against by built-in protection
facilities. These may, for example, protect system resources from
system errors
26Chapter 11 Security and Dependability
27. A system as an input/output mapping
27Chapter 11 Security and Dependability
29. Reliability in use
Removing X% of the faults in a system will not
necessarily improve the reliability by X%. A study at IBM
showed that removing 60% of product defects resulted in
a 3% improvement in reliability.
Program defects may be in rarely executed sections of
the code so may never be encountered by users.
Removing these does not affect the perceived reliability.
Users adapt their behaviour to avoid system features
that may fail for them.
A program with known faults may therefore still be
perceived as reliable by its users.
29Chapter 11 Security and Dependability
30. Reliability achievement
Fault avoidance
Development technique are used that either minimise the
possibility of mistakes or trap mistakes before they result in the
introduction of system faults.
Fault detection and removal
Verification and validation techniques that increase the
probability of detecting and correcting errors before the system
goes into service are used.
Fault tolerance
Run-time techniques are used to ensure that system faults do
not result in system errors and/or that system errors do not lead
to system failures.
30Chapter 11 Security and Dependability
31. Safety
Safety is a property of a system that reflects the system’s
ability to operate, normally or abnormally, without danger
of causing human injury or death and without damage to
the system’s environment.
It is important to consider software safety as most
devices whose failure is critical now incorporate
software-based control systems.
Safety requirements are often exclusive requirements
i.e. they exclude undesirable situations rather than
specify required system services. These generate
functional safety requirements.
31Chapter 11 Security and Dependability
32. Safety criticality
Primary safety-critical systems
Embedded software systems whose failure can cause the
associated hardware to fail and directly threaten people. Example
is the insulin pump control system.
Secondary safety-critical systems
Systems whose failure results in faults in other (socio-
technical)systems, which can then have safety consequences.
For example, the MHC-PMS is safety-critical as failure may lead
to inappropriate treatment being prescribed.
32Chapter 11 Security and Dependability
33. Safety and reliability
Safety and reliability are related but distinct
In general, reliability and availability are necessary but not
sufficient conditions for system safety
Reliability is concerned with conformance to a given
specification and delivery of service
Safety is concerned with ensuring system cannot cause
damage irrespective of whether
or not it conforms to its specification
33Chapter 11 Security and Dependability
34. Unsafe reliable systems
There may be dormant faults in a system that are
undetected for many years and only rarely arise.
Specification errors
If the system specification is incorrect then the system can
behave as specified but still cause an accident.
Hardware failures generating spurious inputs
Hard to anticipate in the specification.
Context-sensitive commands i.e. issuing the right
command at the wrong time
Often the result of operator error.
34Chapter 11 Security and Dependability
35. Safety terminology
Term Definition
Accident (or mishap) An unplanned event or sequence of events which results in human death or injury,
damage to property, or to the environment. An overdose of insulin is an example of an
accident.
Hazard A condition with the potential for causing or contributing to an accident. A failure of the
sensor that measures blood glucose is an example of a hazard.
Damage A measure of the loss resulting from a mishap. Damage can range from many people
being killed as a result of an accident to minor injury or property damage. Damage
resulting from an overdose of insulin could be serious injury or the death of the user of
the insulin pump.
Hazard severity An assessment of the worst possible damage that could result from a particular hazard.
Hazard severity can range from catastrophic, where many people are killed, to minor,
where only minor damage results. When an individual death is a possibility, a
reasonable assessment of hazard severity is ‘very high’.
Hazard probability The probability of the events occurring which create a hazard. Probability values tend to
be arbitrary but range from ‘probable’ (say 1/100 chance of a hazard occurring) to
‘implausible’ (no conceivable situations are likely in which the hazard could occur). The
probability of a sensor failure in the insulin pump that results in an overdose is probably
low.
Risk This is a measure of the probability that the system will cause an accident. The risk is
assessed by considering the hazard probability, the hazard severity, and the probability
that the hazard will lead to an accident. The risk of an insulin overdose is probably
medium to low.
35Chapter 11 Security and Dependability
36. Safety achievement
Hazard avoidance
The system is designed so that some classes of hazard simply
cannot arise.
Hazard detection and removal
The system is designed so that hazards are detected and
removed before they result in an accident.
Damage limitation
The system includes protection features that minimise the
damage that may result from an accident.
36Chapter 11 Security and Dependability
37. Normal accidents
Accidents in complex systems rarely have a single cause
as these systems are designed to be resilient to a single
point of failure
Designing systems so that a single point of failure does not
cause an accident is a fundamental principle of safe systems
design.
Almost all accidents are a result of combinations of
malfunctions rather than single failures.
It is probably the case that anticipating all problem
combinations, especially, in software controlled systems
is impossible so achieving complete safety is impossible.
Accidents are inevitable.
37Chapter 11 Security and Dependability
38. Software safety benefits
Although software failures can be safety-critical, the use
of software control systems contributes to increased
system safety
Software monitoring and control allows a wider range of
conditions to be monitored and controlled than is possible using
electro-mechanical safety systems.
Software control allows safety strategies to be adopted that
reduce the amount of time people spend in hazardous
environments.
Software can detect and correct safety-critical operator errors.
Chapter 11 Security and Dependability 38
39. Security
The security of a system is a system property that
reflects the system’s ability to protect itself from
accidental or deliberate external attack.
Security is essential as most systems are networked so
that external access to the system through the Internet is
possible.
Security is an essential pre-requisite for availability,
reliability and safety.
39Chapter 11 Security and Dependability
40. Fundamental security
If a system is a networked system and is insecure then
statements about its reliability and its safety are
unreliable.
These statements depend on the executing system and
the developed system being the same. However,
intrusion can change the executing system and/or its
data.
Therefore, the reliability and safety assurance is no
longer valid.
40Chapter 11 Security and Dependability
41. Security terminology
Term Definition
Asset Something of value which has to be protected. The asset may be the software
system itself or data used by that system.
Exposure Possible loss or harm to a computing system. This can be loss or damage to
data, or can be a loss of time and effort if recovery is necessary after a security
breach.
Vulnerability A weakness in a computer-based system that may be exploited to cause loss or
harm.
Attack An exploitation of a system’s vulnerability. Generally, this is from outside the
system and is a deliberate attempt to cause some damage.
Threats Circumstances that have potential to cause loss or harm. You can think of these
as a system vulnerability that is subjected to an attack.
Control A protective measure that reduces a system’s vulnerability. Encryption is an
example of a control that reduces a vulnerability of a weak access control
system
41Chapter 11 Security and Dependability
42. Examples of security terminology (MHC-PMS)
Term Example
Asset The records of each patient that is receiving or has received treatment.
Exposure Potential financial loss from future patients who do not seek treatment
because they do not trust the clinic to maintain their data. Financial loss
from legal action by the sports star. Loss of reputation.
Vulnerability A weak password system which makes it easy for users to set
guessable passwords. User ids that are the same as names.
Attack An impersonation of an authorized user.
Threat An unauthorized user will gain access to the system by guessing the
credentials (login name and password) of an authorized user.
Control A password checking system that disallows user passwords that are
proper names or words that are normally included in a dictionary.
42Chapter 11 Security and Dependability
43. Threat classes
Threats to the confidentiality of the system and its data
Can disclose information to people or programs that do not have
authorization to access that information.
Threats to the integrity of the system and its data
Can damage or corrupt the software or its data.
Threats to the availability of the system and its data
Can restrict access to the system and data for authorized users.
Chapter 11 Security and Dependability 43
44. Damage from insecurity
Denial of service
The system is forced into a state where normal services are
unavailable or where service provision is significantly degraded
Corruption of programs or data
The programs or data in the system may be modified in an
unauthorised way
Disclosure of confidential information
Information that is managed by the system may be exposed to
people who are not authorised to read or use that information
44Chapter 11 Security and Dependability
45. Security assurance
Vulnerability avoidance
The system is designed so that vulnerabilities do not occur. For
example, if there is no external network connection then external
attack is impossible
Attack detection and elimination
The system is designed so that attacks on vulnerabilities are
detected and neutralised before they result in an exposure. For
example, virus checkers find and remove viruses before they
infect a system
Exposure limitation and recovery
The system is designed so that the adverse consequences of a
successful attack are minimised. For example, a backup policy
allows damaged information to be restored
45Chapter 11 Security and Dependability
46. Key points
Reliability is related to the probability of an error
occurring in operational use. A system with known faults
may be reliable.
Safety is a system attribute that reflects the system’s
ability to operate without threatening people or the
environment.
Security is a system attribute that reflects the system’s
ability to protect itself from external attack.
Dependability is compromised if a system is insecure as
the code or data may be corrupted.
46Chapter 11 Security and Dependability