Security and Dependability in Software System

Security and Dependability in Software System

System dependability

  • For many computer-based systems, the most important system property is the dependability of the system.
  • The dependability of a system reflects the user’s degree of trust in that system. It reflects the extent of the user’s confidence that it will operate as users expect and that it will not ‘fail’ in normal use.
  • Dependability covers the related systems attributes of reliability, availability, safety, and security. These are all inter-dependent.

Importance of dependability

  • Systems that are not dependable and are unreliable, unsafe or insecure are likely to be rejected by their users
  • The costs of system failure may be very high if the failure leads to economic losses or physical damage
  • Undependable systems may cause information loss with a high consequent recovery cost

Causes of failure

Hardware failure

  • Hardware fails because of design and manufacturing errors or because components have reached the end of their natural life

Software failure

  • Software fails due to errors in its specification, design or implementation

Principal dependability properties

Availability

  • The probability that the system will be up and running and able to deliver useful services to users

Reliability

  • The probability that the system will correctly deliver services as expected by users

Safety

  • A judgment of how likely it is that the system will cause damage

Security

  • A judgment of how likely it is that the system can resist accidental or deliberate intrusions

Other dependability properties

Repairability

  • Reflects the extent to which the system can be repaired in the event of a failure

Maintainability

  • Reflects the extent to which the system can be adapted to new requirements

Survivability

  • Reflects the extent to which the system can deliver services whilst under hostile attack

Error tolerance

  • Reflects the extent to which user input errors can be avoided and tolerated

Dependability achievement

  • Avoid the introduction of accidental errors when developing the system
  • Design V & V processes that are effective in discovering residual errors in the system
  • Design protection mechanisms that guard against external attacks
  • Include recovery mechanisms to help restore normal system service after a failure

Dependability attribute dependencies

A system may be unreliable because its data has been corrupted by an external attack

Denial of service attacks on a system are intended to make it unavailable

If a system is infected with a virus, you cannot be confident in its reliability or safety

Dependability costs

Dependability costs tend to increase exponentially as increasing levels of dependability are required

There are two reasons for this:

  • The use of more expensive development techniques and hardware that are required to achieve the higher levels of dependability
  • The increased testing and system validation that is required to convince the system client and regulators that the required levels of dependability have been achieved

Reliability terminology

Term Description
Human error or

mistake

 Human behavior that results in the introduction of faults into a system.
System fault A characteristic of a software system that can lead to a system error.
System error An erroneous system state that can lead to system behavior that is unexpected by system users.
System failure An event that occurs at some point in time when the system does not deliver a service as expected by its users.

Security terminology

Term Definition
Asset Something of value which has to be protected. The asset may be the software system itself or data used by that system.
Exposure Possible loss or harm to a computing system. This can be loss or damage to data, or can be a loss of time and effort if recovery is necessary after a security breach.
Vulnerability A weakness in a computer-based system that may be exploited to cause loss or harm.
Attack An exploitation of a system’s vulnerability. Generally, this is from outside the system and is a deliberate attempt to cause some damage.
Threats Circumstances that have potential to cause loss or harm. You can think of these as a system vulnerability that is subjected to an attack.
Control A protective measure that reduces a system’s vulnerability. Encryption is an example of a control that reduces a vulnerability of a weak access control system
author avatar
saqib

You may also like

Use Case Diagram
2 June, 2023

Use Case Diagram  UML A simple but very effective model used during the analysis phase for analysing requirements through the process of exploring user interactions with the system. The process involves documenting Who initiates an interaction, What information goes into …

Activity Diagrams in Software Engineering
31 May, 2023

UML Activity Diagrams What is UML Diagram…? UML stands for “Unified Modeling Language”. It is a industry-standard graphical language for specifying, visualizing, constructing and documenting the artifacts of software system. The UML uses mostly graphical notation to express the analysis’ …

Software Testing
26 May, 2023

Software Testing Program testing Testing shows that a program does what it is intended to do and to discover program defects before it is put into use. To test, you execute a program using artificial data. Check the results of …

Leave A Reply