Part II - Dependability and Security Flashcards
Why is system dependability important?
System dependability is important because failure of critical computer systems can lead to large economic losses, serious information loss, physical damage or threats to human life.
What is system dependability, and what are its sub categories?
The dependability of a computer system is a system property that reflects the user’s degree of trust in the system. The most important dimensions of dependability are availability, reliability, safety, security, and resilience.
What is a sociotechnical system?
Sociotechnical systems include computer hardware, software, and people, and are situated within an organization. They are designed to support organizational or business goals and objectives.
Describe the process of making a system dependable
The process should include verification and validation activities at all stages, from requirements definition through to system implementation.
What is a formal method of dependability, and why is it not widely used?
Formal methods, where a formal model of a system is used as a basis for development, help reduce the number of specification and implementation errors in a system. However, formal methods have had a limited take-up in industry because of concerns about the cost-effectiveness of this approach.
How do you make a system reliable?
By avoiding the introduction of faults, by detecting and removing faults before system deployment, and by including fault-tolerance facilities that allow the system to remain operational after a fault has caused a system failure.
What are some reliability metrics?
Reliability metrics include probability of failure on demand (POFOD), rate of occurrence of fail- ure (ROCOF), and availability (AVAIL).
How can you tell if a system is reliable?
By checking if the system meets the defined reliability requirements, such as checking and redundancy requirements, which help the system meet its non-functional reliability requirements.
What kinds of features are stressed in dependable system specific architectures?
Dependable system architectures are system architectures that are designed for fault tolerance. A number of architectural styles support fault tolerance, including protection systems, self- monitoring architectures, and N-version programming.
Why is it so difficult to ensure software diversity?
Software diversity is difficult to achieve because it is practically impossible to ensure that each version of the software is truly independent.
How does one implement dependable programming?
Dependable programming relies on including redundancy in a program as checks on the validity of inputs and the values of program variables.
How does one test the reliability of a system?
Statistical testing is used to estimate software reliability. It relies on testing the system with test data that matches an operational profile, which reflects the distribution of inputs to the software when it is in use.
What is a safety critical system?
Safety-critical systems are systems whose failure can lead to human injury or death.
How does one control potential hazards?
A hazard-driven approach may be used to understand the safety requirements for safety-critical systems. You identify potential hazards and decompose them (using methods such as fault tree analysis) to discover their root causes. You then specify requirements to avoid or recover from these problems.
What should someone do if they were designing a safety critical system?
It is important to have a well-defined, certified process for safety-critical systems development. The process should include the identification and monitoring of potential hazards.
What is static analysis
Static analysis is an approach to V & V that examines the source code (or other representation) of a system, looking for errors and anomalies. It allows all parts of a program to be checked, not just those parts that are exercised by system tests.
What is model checking?
Model checking is a formal approach to static analysis that exhaustively checks all states in a system for potential errors.
What is security engineering?
Security engineering focuses on how to develop and maintain software systems that can resist malicious attacks intended to damage a computer-based system or its data.
What kinds of security threats exist?
Security threats can be threats to the confidentiality, integrity, or availability of a system or its data.
How does one handle security risks?
Security risk management involves assessing the losses that might ensue from attacks on a system, and deriving security requirements that are aimed at eliminating or reducing these losses.
How does one define security requirements?
To specify security requirements, you should identify the assets that are to be protected and define how security techniques and technology should be used to protect these assets.
How can one organize a system to increase security?
Key issues when designing a secure systems architecture include organizing the system structure to protect key assets and distributing the system assets to minimize the losses from a successful attack.
How can one organize a system to increase security?
Key issues when designing a secure systems architecture include organizing the system structure to protect key assets and distributing the system assets to minimize the losses from a successful attack.
Why are security design guidelines good?
Security design guidelines sensitize system designers to security issues that they may not have considered. They provide a basis for creating security review checklists.
