Scribd
Upload
227 views

Chapter 10

The document discusses reasons for software dependability and the importance of considering systems as sociotechnical rather than just technical. It provides examples of government functions supported by complex sociotechnical systems that cannot be fully automated. The document also explains differences between redundancy and diversity, and reasons why formal methods should be used for developing safety-critical systems like train control systems. Regulators are suggested to impose views on development methods to ensure safety, though this may inhibit some innovation.

Uploaded by

Htet Htet Oo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
227 views

Chapter 10

The document discusses reasons for software dependability and the importance of considering systems as sociotechnical rather than just technical. It provides examples of government functions supported by complex sociotechnical systems that cannot be fully automated. The document also explains differences between redundancy and diversity, and reasons why formal methods should be used for developing safety-critical systems like train control systems. Regulators are suggested to impose views on development methods to ensure safety, though this may inhibit some innovation.

Uploaded by

Htet Htet Oo
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Chapter 10

10.1. Suggest six reasons why software dependability is important in most


sociotechnical systems.

Six reasons why dependability is important are:


 Users may not use the system if they don't trust it.
 System failure may lead to a loss of business.
 An undependable system may lose or damage valuable data.
 An undependable system may damage its external environment.
 The reputation of the company who produced the system may be damaged
hence affecting other systems.
 The system may be in breach of laws on consumer protection and the
fitness of goods for purpose.

10.2 Explain with an example why resilience to cyber-attacks is a very important


characteristic of system dependability

Safe system operation depends on being available and operating reliably.


- A system may become unreliable because an intruder has corrupted its data.
-Denial-of-service attacks on a system are intended to compromise the system’s
availability.
-If a system is infected with a virus, you cannot then be confident in its reliability
or safety because the virus may change its behavior.

10.3 Using an example, explain why it is important when developing dependable


systems to consider these as sociotechnical systems and not simply as technical
software and hardware systems.

In a computer system, the software and hardware are interdependent – it is more


than the sum of its parts. System dependability is influenced by all of the
elements in a socio-technical system – hardware, software, people and
organisations.
The best example to understand the considerations for sociotechnical systems as
dependable software is nuclear system used by scientists.
The dependable software is considered as sociotechnical systems because of the
following:
 Diversity and redundancy are main components of dependable software.
also main components of sociotechnical systems
 The repeatable processes are not executed on the basis of individual
judgement or interpretation in dependable software. This is also the main
ability of sociotechnical systems. The judgement of using repeatable
processes is done by team members
 Selection of process model is done in a similar way in both types of systems
 Agile development is used in both systems

10.4 Give two examples of government functions that are supported by complex
sociotechnical systems and explain why, in the foreseeable future, these functions
cannot be completely automated

Two examples of government functions are


-Health related services and
-Department of home affairs.
As long as such systems provide services to different types of human users with
backgrounds, capabilities, and personalities, these functions cannot be
completely automated.

10.5 Explain the difference between redundancy and diversity

Redundancy Diversity
It means that the spare capabilities of It means that there are different types
the system can be used if any part of of redundant components in the
the system is causing failure system, thus increasing the chances
that they will not fail in exactly the
same way
A similar fault can be repeated There are different components for
the same task, so diversity can’t lead
to failure
Recovery process is involved Diversity also involves recovery
process but using different
components
Redundant components are involved Different component with the same
in software systems to ensure the functionality are involved in diversity
same functionality with respect to
other components of the system

10.6 Explain why it is reasonable to assume that the use of dependable processes
will lead to the creation of dependable software

The basic assumption underlying dependable processes is that if a particular process


can be shown to have developed a dependable system, √√ then reuse of that process
should also lead to a dependable system√√.
Dependable processes are visible so that it is possible to see what activities have been
carried out√√√ – therefore, assuming that there is extensive process support for
checking and analysis, it can be shown that the software has been properly verified√√.√
The repeatability of dependable processes is also important as this means that irrespective of
who is doing the work, the same process should be carried out. √√√

10.7 Give two examples of diverse, redundant activities that might be


incorporated into dependable processes.

Agile based development using non-object-oriented programming

Plan driven development using object-oriented programming

10.8 Give two reasons why different versions of a system based on software
diversity may fail in a similar way

1. The system may include explicit diversity policies and so should fail in
completely different ways.
-In this case overall reliability of a diverse system is obtained by
multiplying the reliabilities of each channel.
- If each channel has a probability of failure on demand, the 3-
channel is a million time greater than the reliability of a single
channel system

2. Achieving the complete channel independence is impossible.


independent design team often make the mistakes or
misunderstands the same of the specification
 If the requirements are incorrect or they are based on
misunderstanding about the environment of the system, then
these mistakes will be reflected
 In a critical system, the V-space is a detailed document based
on the system’s requirements, which provides full details to
the teams on how the system should behave.
 There is no scope for interrelation by the software developers,
if there are errors in this document, and then these will be
presented to all of the development teams and implemented
in all versions of the system

10.9 You are an engineer in charge of the development of a small, safety-critical


train control system, which must be demonstrably safe and secure. You suggest
that formal methods should be used in the development of this system, but your
managers is skeptical of this approach. Write a report highlighting the benefits of
formal methods and presenting a case for their use in this project.

Formal methods are mathematical approaches to software development where


you define a formal method of the software. You may then formally analyze this
model to search for errors and inconsistencies, prove that a program is consistent
with this model, or you may apply a series of correctness-preserving
transformations to the model to generate a program.

The advantages are:


1. As you develop a formal specification in detail, you develop a deep and
detailed understanding of the system requirements discovered early are
usually much cheaper to correct
2. As the specification is expressed in a language with formally defined
semantics, you can analyze it automatically to discover inconsistencies and
incompleteness
3. If you use a method such as the B method, you can transform the formal
specification into a program through a sequence of correctness-preserving
transformations. The resulting program is therefore guaranteed to meet its
specification
4. Program testing costs may be reduced because you have verified the
program against its specification

During the use of formal methods fewer errors in the delivered software were
reported.

This system can be used in most of the super-fast train systems to ensure their
safety. As it uses regular language, so, it can be easily understood by the train
operators.

10.10 It has been suggested that the need for regulation inhibits innovation and
that regulators force the use of older methods of systems development that have
been used on other systems. Discuss whether or not you think this is true and the
desirability of regulators imposing their views on what methods should be used.

-some cases regulators force the use of already used or older methods for system
development.
-regulators are mostly used in security and safety systems.
- If the method used to develop a new system is already implemented in any
other system, then all the drawback of this system can be understood in an
effective manner.
-The new system will be free from all such errors which are faced in the past
Most cases regulators force use formal method for development
- system requirements for the system can be fully understood in a detailed and
deep manner
- testing cost will be minimized.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy