Page 323 -
P. 323

306   Chapter 11   Dependability and security


                    KEY POINTS



                        Failure of critical computer systems can lead to large economic losses, serious information loss,
                         physical damage, or threats to human life.
                        The dependability of a computer system is a system property that reflects the user’s degree of
                         trust in the system. The most important dimensions of dependability are availability, reliability,
                         safety, and security.

                        The availability of a system is the probability that the system will be able to deliver services to
                         its users when requested to do so. Reliability is the probability that system services will be
                         delivered as specified.
                        Perceived reliability is related to the probability of an error occurring in operational use.
                         A program may contain known faults but may still be experienced as reliable by its users. They
                         may never use features of the system that are affected by the faults.
                        The safety of a system is a system attribute that reflects the system’s ability to operate,
                         normally or abnormally, without injury to people or damage to the environment.
                        Security reflects the ability of a system to protect itself against external attacks. Security
                         failures may lead to loss of availability, damage to the system or its data, or the leakage of
                         information to unauthorized people.
                        Without a reasonable level of security, the availability, reliability, and safety of the system may
                         be compromised if external attacks damage the system. If a system is unreliable, it is difficult to
                         ensure system safety or security, as they may be compromised by system failures.




                   FURTHER RE ADING

                      ‘The evolution of information assurance’. An excellent article discussing the need to protect critical
                      information in an organization from accidents and attacks. (R. Cummings, IEEE Computer, 35 (12),
                      December 2002.) http://dx.doi.org/10.1109/MC.2002.1106181.
                      ‘Designing Safety Critical Computer Systems’. This is a good introduction to the field of safety-
                      critical systems, which discusses the fundamental concepts of hazards and risks. More accessible
                      than Dunn’s book on safety-critical systems. (W. R. Dunn, IEEE Computer, 36 (11), November 2003.)
                      http://dx.doi.org/10.1109/MC.2003.1244533.
                      Secrets and Lies: Digital Security in a Networked World. An excellent, very readable book on
                      computer security which approaches the subject from a sociotechnical perspective. Schneier’s
                      columns on security issues in general (URL below) are also very good. (B. Schneier, John Wiley &
                      Sons, 2004.) http://www.schneier.com/essays.html.
   318   319   320   321   322   323   324   325   326   327   328