Software Engineering, 9th Edition by Ian Sommerville

Author:Ian Sommerville
Language: eng
Format: mobi, epub, pdf
Published: 2011-01-12T05:59:01+00:00

15

Dependability and

security assurance

Objectives

The objective of this chapter is to describe the verification and validation

techniques that are used in the development of critical systems. When

you have read this chapter, you will:

■ understand how different approaches to static analysis may be used in

the verification of critical software systems;

■ understand the basics of reliability and security testing and the

inherent problems of testing critical systems;

■ know why process assurance is important, especially for software that

has to be certified by a regulator;

■ have been introduced to safety and dependability cases that present

arguments and evidence of system safety and dependability.

Contents

15.1 Static analysis

15.2 Reliability testing

15.3 Security testing

15.4 Process assurance

15.5 Safety and dependability cases

394

Chapter 15 ■ Dependability and security assurance

Dependability and security assurance is concerned with checking that a critical sys-

tem meets its dependability requirements. This requires verification and validation

(V & V) processes that look for specification, design, and program errors that may

affect the availability, safety, reliability, or security of a system.

The verification and validation of a critical system has much in common with the

validation of any other software system. The V & V processes should demonstrate

that the system meets its specification and that the system services and behavior sup-

port the customer’s requirements. In doing so, they usually uncover requirements

and design errors and program bugs that have to be repaired. However, critical sys-

tems require particularly stringent testing and analysis for two reasons:

1.

Costs of failure The costs and consequences of critical systems failure are

potentially much greater than for non-critical systems. You lower the risks of

system failure by spending more on system verification and validation. It is usu-

ally cheaper to find and remove defects before the system is delivered than to

pay for the consequent costs of accidents or disruptions to system service.

2.

Validation of dependability attributes You may have to make a formal case to

customers and a regulator that the system meets its specified dependability require-

ments (availability, reliability, safety, and security). In some cases, external regula-

tors, such as national aviation authorities, may have to certify that the system is safe

before it can be deployed. To obtain this certification, you have to demonstrate how

the system has been validated. To do so, you may also have to design and carry out

special V & V procedures that collect evidence about the system’s dependability.

For these reasons, verification and validation costs for critical systems are usually

much higher than for other classes of systems. Typically, more than half of a critical

system’s development costs are spent on V & V.

Although V & V costs are high, they are justified as they are usually signifi-

cantly less than the losses that result from an accident. For example, in 1996,

a mission-critical software system on the Ariane 5 rocket failed and several satel-

lites were destroyed. No one was injured but the total losses from this accident were

hundreds of millions of dollars. The subsequent enquiry discovered that deficien-

cies in system V & V were partly responsible for this failure. More effective

reviews, which would have been relatively cheap, could have discovered the

problem that caused the accident.

Although the primary focus of dependability and security assurance

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.