Chapter 11 describes Dependability and Security attributes that are prevalent in successful software engineering.
11.4 For An Internet server provided by an ISP with thousands of customers, security would be be the most critical because internet services are networked. This can provide a gate way for intrusions.
For A computer-controlled scalpel used in keyhole surgery, safety would be critical because the scalpel will be used for medical treatment and could possibility hurt someone. However, you would want the probability of someone getting injured from the scalpel to very low or non-existent. Making safety the most important dependability attribute in this situation.
For A directional control system used in a satellite launch vehicle, maintainability would be very important. Because the device has to help with direction changing it will have new requirements emerging at any moment so the system should be able to cope with these changes.
For An internet-based personal finance management system, survivability is the most important. The system can be under many attacks. So it is important for the system to still be able to run under these attacks.
11.7 One hazard that can arise from a radiation system is over-dosage. A software feature that can be added to avoid (hazard avoidance) this problem is having the system shut off whenever it reaches a lethal dosage of radiation.
11.9
Threat to confidentiality - Someone can find out a login for a staff member and get information on patients and their treatment.
To avoid this, staff members can have stronger passwords, but not so restrictive that they write it down. A happy medium needs to be executed.
Threat to integrity - Someone can accidentally delete a patient's profile completely.A log of deleted can be kept everyday just in case data is deleted on accident.
Threat to availability - A criminal gets access to the system and shuts it down for a particular amount of time.The system need good maintainability. It needs to be able to come back on after this type of attack. There needs to be a way to distinguish that this was not an authorized user who shut down the system.
No comments:
Post a Comment