Page 393 -
P. 393
376 Chapter 14 Security engineering
Denial of service attacks
Denial of service attacks attempt to bring down a networked system by bombarding it with a huge number of
service requests. These place a load on the system for which it was not designed and they exclude legitimate
requests for system service. Consequently, the system may become unavailable either because it crashes with
the heavy load or has to be taken offline by system managers to stop the flow of requests.
http://www.SoftwareEngineering-9.com/Web/Security/DoS.html
Of course, these are not the only design issues that are important for security. Every
application is different and security design also has to take into account the purpose,
criticality, and operational environment of the application. For example, if you are
designing a military system, you need to adopt their security classification model
(secret, top secret, etc.). If you are designing a system that maintains personal infor-
mation, you may have to take into account data protection legislation that places
restrictions on how data is managed.
There is a close relationship between dependability and security. The use of
redundancy and diversity, which is fundamental for achieving dependability, may
mean that a system can resist and recover from attacks that target specific design or
implementation characteristics. Mechanisms to support a high level of availability
may help the system to recover from so-called denial of service attacks, where the
aim of an attacker is to bring down the system and stop it working properly.
Designing a system to be secure inevitably involves compromises. It is certainly
possible to design multiple security measures into a system that will reduce the
chances of a successful attack. However, security measures often require a lot of
additional computation and so affect the overall performance of a system. For exam-
ple, you can reduce the chances of confidential information being disclosed by
encrypting that information. However, this means that users of the information have
to wait for it to be decrypted and this may slow down their work.
There are also tensions between security and usability. Security measures some-
times require the user to remember and provide additional information (e.g., multi-
ple passwords). However, sometimes users forget this information, so the additional
security means that they can’t use the system. Designers therefore have to find a bal-
ance between security, performance, and usability. This will depend on the type of
system and where it is being used. For example, in a military system, users are famil-
iar with high-security systems and so are willing to accept and follow processes that
require frequent checks. In a system for stock trading, however, interruptions of
operation for security checks would be completely unacceptable.
14.2.1 Architectural design
As I have discussed in Chapter 11, the choice of software architecture can have
profound effects on the emergent properties of a system. If an inappropriate
architecture is used, it may be very difficult to maintain the confidentiality and
