Chap 8 System Dependability (II)

Read: Sommerville, I. (2001) Software Engineering AddisionWesley : Sixth edition (not 8th ed)

Dependability Reliability & Availability

Reliability and availability are usually considered to be the most important dimensions of dependability because:


If a system is unreliable, it is difficult to ensure safety or security as they may be compromised by system failures If a system is unavailable, the consequent economic losses can be very high
Low Reliability = Safety Low, Security Low, Cost High

Reliability Terminology (I)

System failure System error System fault Human error or mistake

Reliability Terminology (II)

System faults (auto reboot) do not necessarily result in system errors (calculating wrong total) as the faulty state may be transient and it may be corrected before erroneous behavior occurs System errors (printing format) do not necessarily result in system failures (system still usable) as the behavior may also be transient and have no observable effect or the system may include protection that ensures that the erroneous behavior is discovered and corrected before system services are affected
HUH??

Reliability Terminology (III)

System Fault
May/may not produce

System Error

May/may not produce

System failure

Approaches to Improve System Reliability (I)

Fault Avoidance Development techniques are used to either minimize the possibilities of mistakes and/or trap mistakes before these result in system fault. Eg avoiding error-prone programming language constructs like pointers and use static analysis/testing to detect program anomalies

Approaches to Improve System Reliability (II)

Fault Detection & Removal Use of verification and validation techniques that increase the chances that faults will be detected and removed before the system is used. Systematic system testing and debugging is an eg of a fault detection technique

Approaches to Improve System Reliability (III)

Fault Tolerance Use of techniques that ensure that faults in a system do not result in system errors or system failures. The incorporation of selfchecking facilities in a system and the use of redundant system modules are examples of fault tolerance techniques. Eg: Scan disk

Safety Improvement Approaches

Hazard avoidance: The system is designed so that hazards are avoided. Eg a cutting system that requires the operator press two separate buttons at the time Hazard Detection and Removal: The system is designed so that hazards are detected and removed before they result in an accident. Eg a chemical plant system may detect excessive pressure and open a relief valve to reduce these pressures before explosion occurs Damage Limitation: The system may include protection features that minimize the damage that may result from an accident. Eg an aircraft engine normally includes fire extinguishers to counter should fire occurs

System Dependability - Security

Some types of critical system where security is the most important dimension of system dependability military systems, systems for E-Comm and systems involve the processing and interchange of confidential info

Security Types of Vulnerability

Denial of service : The system may be forced into a state where its normal services become unavailable Corruption of programs and data: The S/W components and data of the system may be altered which may affect systems behavior and hence the reliability and safety Disclosure of confidential information: The IS managed by the system may be confidential and external attack may expose this to unauthorized people which could affect the safety of the system and the people depending on the nature of information

Security- Improvement Approaches

Vulnerability avoidance : The system is designed so that vulnerabilities do not occur eg if a system is not connected to an external public network then there is no possibility of an attack from members of the public Attack detection and neutralisation: The system is designed to detect vulnerability and remove them before they result in an exposure for eg the use of virus checker Exposure limitation: The consequences of a successful attack are minimized for eg regular system backups and configuration management policy may allow damaged S/W and data to be re-created