Page 355 -
P. 355

Chapter
                  338
                  338   Chapter 12   Dependability and security specification12   Dependability and security specification


                      12.3. In the insulin pump system, the user has to change the needle and insulin supply at regular
                           intervals and may also change the maximum single dose and the maximum daily dose that
                           may be administered. Suggest three user errors that might occur and propose safety
                           requirements that would avoid these errors resulting in an accident.
                      12.4. A safety-critical software system for treating cancer patients has two principal components:
                             A radiation therapy machine that delivers controlled doses of radiation to tumor sites. This
                              machine is controlled by an embedded software system.
                             A treatment database that includes details of the treatment given to each patient.
                              Treatment requirements are entered in this database and are automatically downloaded to
                              the radiation therapy machine.

                           Identify three hazards that may arise in this system. For each hazard, suggest a defensive
                           requirement that will reduce the probability that these hazards will result in an accident.
                           Explain why your suggested defense is likely to reduce the risk associated with the hazard.

                      12.5. Suggest appropriate reliability metrics for the classes of software systems below. Give
                           reasons for your choice of metric. Predict the usage of these systems and suggest appropriate
                           values for the reliability metrics.
                             a system that monitors patients in a hospital intensive care unit
                             a word processor
                             an automated vending machine control system

                             a system to control braking in a car
                             a system to control a refrigeration unit
                             a management report generator

                      12.6. A train protection system automatically applies the brakes of a train if the speed limit for
                           a segment of track is exceeded, or if the train enters a track segment that is currently signaled
                           with a red light (i.e., the segment should not be entered). Giving reasons for your answer,
                           choose a reliability metric that might be used to specify the required reliability for such
                           a system.
                      12.7. There are two essential safety requirements for the train protection system:
                             The train shall not enter a segment of track that is signaled with a red light.
                             The train shall not exceed the specified speed limit for a section of track.
                           Assuming that the signal status and the speed limit for the track segment are transmitted to
                           onboard software on the train before it enters the track segment, propose five possible
                           functional system requirements for the onboard software that may be generated from the
                           system safety requirements.
   350   351   352   353   354   355   356   357   358   359   360