Security and Dependability in Software System

System dependability

For many computer-based systems, the most important system property is the dependability of the system.
The dependability of a system reflects the user’s degree of trust in that system. It reflects the extent of the user’s confidence that it will operate as users expect and that it will not ‘fail’ in normal use.
Dependability covers the related systems attributes of reliability, availability, safety, and security. These are all inter-dependent.

Importance of dependability

Systems that are not dependable and are unreliable, unsafe or insecure are likely to be rejected by their users
The costs of system failure may be very high if the failure leads to economic losses or physical damage
Undependable systems may cause information loss with a high consequent recovery cost

Causes of failure

Hardware failure

Hardware fails because of design and manufacturing errors or because components have reached the end of their natural life

Software failure

Principal dependability properties

Availability

The probability that the system will be up and running and able to deliver useful services to users

Reliability

The probability that the system will correctly deliver services as expected by users

Safety

Security

A judgment of how likely it is that the system can resist accidental or deliberate intrusions

Other dependability properties

Repairability

Reflects the extent to which the system can be repaired in the event of a failure

Maintainability

Survivability

Reflects the extent to which the system can deliver services whilst under hostile attack

Error tolerance

Dependability achievement

Avoid the introduction of accidental errors when developing the system
Design V & V processes that are effective in discovering residual errors in the system
Design protection mechanisms that guard against external attacks
Include recovery mechanisms to help restore normal system service after a failure

Dependability attribute dependencies

A system may be unreliable because its data has been corrupted by an external attack

Denial of service attacks on a system are intended to make it unavailable

If a system is infected with a virus, you cannot be confident in its reliability or safety

Dependability costs

Dependability costs tend to increase exponentially as increasing levels of dependability are required

There are two reasons for this:

The use of more expensive development techniques and hardware that are required to achieve the higher levels of dependability
The increased testing and system validation that is required to convince the system client and regulators that the required levels of dependability have been achieved

Reliability terminology

Term	Description
Human error or mistake	Human behavior that results in the introduction of faults into a system.
System fault	A characteristic of a software system that can lead to a system error.
System error	An erroneous system state that can lead to system behavior that is unexpected by system users.
System failure	An event that occurs at some point in time when the system does not deliver a service as expected by its users.

Security terminology

Term	Definition
Asset	Something of value which has to be protected. The asset may be the software system itself or data used by that system.
Exposure	Possible loss or harm to a computing system. This can be loss or damage to data, or can be a loss of time and effort if recovery is necessary after a security breach.
Vulnerability	A weakness in a computer-based system that may be exploited to cause loss or harm.
Attack	An exploitation of a system’s vulnerability. Generally, this is from outside the system and is a deliberate attempt to cause some damage.
Threats	Circumstances that have potential to cause loss or harm. You can think of these as a system vulnerability that is subjected to an attack.
Control	A protective measure that reduces a system’s vulnerability. Encryption is an example of a control that reduces a vulnerability of a weak access control system

Courses