Page 307 -
P. 307
290 Chapter 11 Dependability and security
As computer systems have become deeply embedded in our business and personal
lives, the problems that result from system and software failure are increasing.
A failure of server software in an e-commerce company could lead to a major loss of
revenue, and possibly also customers for that company. A software error in an
embedded control system in a car could lead to expensive recalls of that model for
repair and, in the worst case, could be a contributory factor in accidents. The infec-
tion of company PCs with malware requires expensive cleanup operations to sort out
the problem and could result in the loss or damage to sensitive information.
Because software-intensive systems are so important to governments, companies,
and individuals, it is essential that widely used software is trustworthy. The software
should be available when required and should operate correctly and without undesir-
able side effects, such as unauthorized information disclosure. The term ‘depend-
ability’ was proposed by Laprie (1995) to cover the related systems attributes of
availability, reliability, safety, and security. As I discuss in Section 11.1, these prop-
erties are inextricably linked, so having a single term to cover them all makes sense.
The dependability of systems is now usually more important than their detailed
functionality for the following reasons:
1. System failures affect a large number of people. Many systems include function-
ality that is rarely used. If this functionality were left out of the system, only a
small number of users would be affected. System failures, which affect the
availability of a system, potentially affect all users of the system. Failure may
mean that normal business is impossible.
2. Users often reject systems that are unreliable, unsafe, or insecure. If users find
that a system is unreliable or insecure, they will refuse to use it. Furthermore,
they may also refuse to buy or use other products from the same company that
produced the unreliable system, because they believe that these products are
also likely to be unreliable or insecure.
3. System failure costs may be enormous. For some applications, such as a reactor
control system or an aircraft navigation system, the cost of system failure is
orders of magnitude greater than the cost of the control system.
4. Undependable systems may cause information loss. Data is very expensive to collect
and maintain; it is usually worth much more than the computer system on which it is
processed. The cost of recovering lost or corrupt data is usually very high.
As I discussed in Chapter 10, software is always part of a broader system. It exe-
cutes in an operational environment that includes the hardware on which the soft-
ware executes, the human users of that software, and the organizational or business
processes where the software is used. When designing a dependable system, you
therefore have to consider:
1. Hardware failure System hardware may fail because of mistakes in its design,
because components fail as a result of manufacturing errors, or because the
components have reached the end of their natural life.
