Page 310 -
P. 310
11.1 Dependability properties 293
Of course, these dependability properties are not all applicable to all systems. For
the insulin pump system, introduced in Chapter 1, the most important properties are
availability (it must work when required), reliability (it must deliver the correct dose
of insulin), and safety (it must never deliver a dangerous dose of insulin). Security is
not an issue as the pump will not maintain confidential information. It is not net-
worked and so cannot be maliciously attacked. For the wilderness weather system,
availability and reliability are the most important properties because the costs of
repair may be very high. For the patient information system, security is particularly
important because of the sensitive private data that is maintained.
As well as these four main dependability properties, you may also think of other
system properties as dependability properties:
1. Repairability System failures are inevitable, but the disruption caused by failure
can be minimized if the system can be repaired quickly. For that to happen, it
must be possible to diagnose the problem, access the component that has failed,
and make changes to fix that component. Repairability in software is enhanced
when the organization using the system has access to the source code and has
the skills to make changes to it. Open source software makes this easier but the
reuse of components can make it more difficult.
2. Maintainability As systems are used, new requirements emerge and it is impor-
tant to maintain the usefulness of a system by changing it to accommodate these
new requirements. Maintainable software is software that can be adapted eco-
nomically to cope with new requirements, and where there is a low probability
that making changes will introduce new errors into the system.
3. Survivability A very important attribute for Internet-based systems is survivability
(Ellison et al., 1999b). Survivability is the ability of a system to continue to
deliver service whilst under attack and, potentially, whilst part of the system is
disabled. Work on survivability focuses on identifying key system components
and ensuring that they can deliver a minimal service. Three strategies are used to
enhance survivability—resistance to attack, attack recognition, and recovery
from the damage caused by an attack (Ellison et al., 1999a; Ellison et al., 2002).
I discuss this in more detail in Chapter 14.
4. Error tolerance This property can be considered as part of usability and reflects
the extent to which the system has been designed so that user input errors are
avoided and tolerated. When user errors occur, the system should, as far as pos-
sible, detect these errors and either fix them automatically or request the user to
reinput their data.
The notion of system dependability as an encompassing property was introduced
because the dependability properties of availability, security, reliability, and safety are
closely related. Safe system operation usually depends on the system being available
and operating reliably. A system may become unreliable because an intruder has cor-
rupted its data. Denial of service attacks on a system are intended to compromise the
