Part II - Dependability and Security

Question 1

Why is system dependability important?

Answer 1

System dependability is important because failure of critical computer systems can lead to large economic losses, serious information loss, physical damage or threats to human life.

Question 2

What is system dependability, and what are its sub categories?

Answer 2

The dependability of a computer system is a system property that reflects the user’s degree of trust in the system. The most important dimensions of dependability are availability, reliability, safety, security, and resilience.

Question 3

What is a sociotechnical system?

Answer 3

Sociotechnical systems include computer hardware, software, and people, and are situated within an organization. They are designed to support organizational or business goals and objectives.

Question 4

Describe the process of making a system dependable

Answer 4

The process should include verification and validation activities at all stages, from requirements definition through to system implementation.

Question 5

What is a formal method of dependability, and why is it not widely used?

Answer 5

Formal methods, where a formal model of a system is used as a basis for development, help reduce the number of specification and implementation errors in a system. However, formal methods have had a limited take-up in industry because of concerns about the cost-effectiveness of this approach.

Question 6

How do you make a system reliable?

Answer 6

By avoiding the introduction of faults, by detecting and removing faults before system deployment, and by including fault-tolerance facilities that allow the system to remain operational after a fault has caused a system failure.

Question 7

What are some reliability metrics?

Answer 7

Reliability metrics include probability of failure on demand (POFOD), rate of occurrence of fail- ure (ROCOF), and availability (AVAIL).

Question 8

How can you tell if a system is reliable?

Answer 8

By checking if the system meets the defined reliability requirements, such as checking and redundancy requirements, which help the system meet its non-functional reliability requirements.

Question 9

What kinds of features are stressed in dependable system specific architectures?

Answer 9

Dependable system architectures are system architectures that are designed for fault tolerance. A number of architectural styles support fault tolerance, including protection systems, self- monitoring architectures, and N-version programming.

Question 10

Why is it so difficult to ensure software diversity?

Answer 10

Software diversity is difficult to achieve because it is practically impossible to ensure that each version of the software is truly independent.

Question 11

How does one implement dependable programming?

Answer 11

Dependable programming relies on including redundancy in a program as checks on the validity of inputs and the values of program variables.

Question 12

How does one test the reliability of a system?

Answer 12

Statistical testing is used to estimate software reliability. It relies on testing the system with test data that matches an operational profile, which reflects the distribution of inputs to the software when it is in use.

Question 13

What is a safety critical system?

Answer 13

Safety-critical systems are systems whose failure can lead to human injury or death.

Question 14

How does one control potential hazards?

Answer 14

A hazard-driven approach may be used to understand the safety requirements for safety-critical systems. You identify potential hazards and decompose them (using methods such as fault tree analysis) to discover their root causes. You then specify requirements to avoid or recover from these problems.

Question 15

What should someone do if they were designing a safety critical system?

Answer 15

It is important to have a well-defined, certified process for safety-critical systems development. The process should include the identification and monitoring of potential hazards.

Question 16

What is static analysis

Answer 16

Static analysis is an approach to V & V that examines the source code (or other representation) of a system, looking for errors and anomalies. It allows all parts of a program to be checked, not just those parts that are exercised by system tests.

Question 17

What is model checking?

Answer 17

Model checking is a formal approach to static analysis that exhaustively checks all states in a system for potential errors.

Question 18

What is security engineering?

Answer 18

Security engineering focuses on how to develop and maintain software systems that can resist malicious attacks intended to damage a computer-based system or its data.

Question 19

What kinds of security threats exist?

Answer 19

Security threats can be threats to the confidentiality, integrity, or availability of a system or its data.

Question 20

How does one handle security risks?

Answer 20

Security risk management involves assessing the losses that might ensue from attacks on a system, and deriving security requirements that are aimed at eliminating or reducing these losses.

Question 21

How does one define security requirements?

Answer 21

To specify security requirements, you should identify the assets that are to be protected and define how security techniques and technology should be used to protect these assets.

Question 22

How can one organize a system to increase security?

Answer 22

Key issues when designing a secure systems architecture include organizing the system structure to protect key assets and distributing the system assets to minimize the losses from a successful attack.

Question 23

How can one organize a system to increase security?

Answer 23

Key issues when designing a secure systems architecture include organizing the system structure to protect key assets and distributing the system assets to minimize the losses from a successful attack.

Question 24

Why are security design guidelines good?

Answer 24

Security design guidelines sensitize system designers to security issues that they may not have considered. They provide a basis for creating security review checklists.

Question 25

Why is security engineering so difficult?

Answer 25

Security validation is difficult because security requirements state what should not happen in a system, rather than what should. Furthermore, system attackers are intelligent and may have more time to probe for weaknesses than is available for security testing.

Question 26

What is resilience engineering?

Answer 26

The resilience of a system is a judgment of how well that system can maintain the continuity of its critical services in the presence of disruptive events, such as equipment failure and cyberattacks.

Question 27

What is the 4 R model of resilience?

Answer 27

Resilience should be based on the 4 Rs model—recognition, resistance, recovery, and reinstatement.

Question 28

What is the mindset behind resilience engineering?

Answer 28

Resilience planning should be based on the assumption that networked systems will be subject to
cyberattacks by malicious insiders and outsiders and that some of these attacks will be successful.

Question 29

How should systems be designed when concerned with resilience?

Answer 29

Systems should be designed with a number of defensive layers of different types. If these layers are effective, human and technical failures can be trapped and cyberattacks resisted.

Question 30

How does one start when making a system resilient?

Answer 30

Business resilience requirements should be the starting point for designing systems for resil- ience. To achieve system resilience, you have to focus on recognition and recovery from prob- lems, recovery of critical services and assets, and reinstatement of the system.

Question 31

What is an important aspect of resilience engineering

Answer 31

An important part of design for resilience is identifying critical services, which are those services that are essential if a system is to ensure its primary purpose. Systems should be designed so that these services are protected and, in the event of failure, recovered as quickly as possible.