Chapter 12 – Dependability and security specification. The objective of this chapter is to explain how to specify functional and non-functional dependability and security requirements. When you have read this chapter, you will: understand how a risk-driven approach can be used for identifying and analyzing safety, reliability, and security requirements; understand how fault trees can be used to help analyze risks and derive safety requirements;. | Chapter 12 – Dependability and Security Specification Lecture 1 1 Chapter 12 Dependability and Security Specification Topics covered Risk-driven specification Safety specification Security specification Software reliability specification 2 Chapter 12 Dependability and Security Specification Dependability requirements Functional requirements to define error checking and recovery facilities and protection against system failures. Non-functional requirements defining the required reliability and availability of the system. Excluding requirements that define states and conditions that must not arise. 3 Chapter 12 Dependability and Security Specification Risk-driven specification Critical systems specification should be risk-driven. This approach has been widely used in safety and security-critical systems. The aim of the specification process should be to understand the risks (safety, security, etc.) faced by the system and to define requirements that reduce these risks. 4 Chapter 12 . | Chapter 12 – Dependability and Security Specification Lecture 1 1 Chapter 12 Dependability and Security Specification Topics covered Risk-driven specification Safety specification Security specification Software reliability specification 2 Chapter 12 Dependability and Security Specification Dependability requirements Functional requirements to define error checking and recovery facilities and protection against system failures. Non-functional requirements defining the required reliability and availability of the system. Excluding requirements that define states and conditions that must not arise. 3 Chapter 12 Dependability and Security Specification Risk-driven specification Critical systems specification should be risk-driven. This approach has been widely used in safety and security-critical systems. The aim of the specification process should be to understand the risks (safety, security, etc.) faced by the system and to define requirements that reduce these risks. 4 Chapter 12 Dependability and Security Specification Stages of risk-based analysis Risk identification Identify potential risks that may arise. Risk analysis and classification Assess the seriousness of each risk. Risk decomposition Decompose risks to discover their potential root causes. Risk reduction assessment Define how each risk must be taken into eliminated or reduced when the system is designed. 5 Chapter 12 Dependability and Security Specification Risk-driven specification 6 Chapter 12 Dependability and Security Specification Phased risk analysis Preliminary risk analysis Identifies risks from the systems environment. Aim is to develop an initial set of system security and dependability requirements. Life cycle risk analysis Identifies risks that emerge during design and development . risks that are associated with the technologies used for system construction. Requirements are extended to protect against these risks. Operational risk analysis Risks associated with the system user .
