SlideShare a Scribd company logo

Introduction to Critical Systems Engineering (CS 5032 2012)

β€’Download as PPTX, PDFβ€’
β€’
Ian Sommerville
Ian Sommerville

Introductory lecture for course on Critical Systems Engin

TechnologyBusiness
1 of 25
Critical Systems Engineering Prof Ian Sommerville Dr John Rooksby Critical systems engineering, 2012 Slide 1
Course aims β€’ When you have completed this course, you should: – understand what is meant by a critical system and have learned about different types of critical systems. – understand the fundamental concepts of system dependability and security and know about the key technical activities – specification, development and assurance - in critical systems engineering. – understand that critical systems are usually not simply technical systems but are socio-technical systems that include people and processes and are profoundly affected by organisational politics and policies. Critical systems engineering, 2012 Slide 2
Presentation β€’ 3 hour slot, one afternoon per week (normally Thursdays) from 13.30 to 16.30. Short breaks at 14.25 and 15.35. β€’ Benefits of this approach – Gives time for coverage of a topic so that you don’t forget material between lectures – Provides an opportunity to integrate work on case studies with the lecture material – Allows time for class exercises where required β€’ Problems – More tiring for students (and lecturer) than separate lecture slots Critical systems engineering, 2012 Slide 3
Course topics β€’ Introduction to critical systems (IS), System failure (JR) β€’ Requirements engineering, dependability concepts (IS) β€’ Human error and reliability (JR) β€’ Dependability specification (IS) β€’ Learning from failure (JR) β€’ Dependability engineering, fault tolerant system architectures (IS) Critical systems engineering, 2012 Slide 4
Course topics β€’ Organisations and organisational failure (JR) β€’ Security engineering (IS) β€’ Methods of dependability assurance, dependability cases (IS) β€’ Critical infrastructure and the internet (JR) Critical systems engineering, 2012 Slide 5
Assessment β€’ Examination (40%) – Covering all topics in the course β€’ Coursework (60%) – Two pieces of coursework – 1 on the technical and 1 on the socio-technical aspect of the course. Each will be of equal weight (30%) Critical systems engineering, 2012 Slide 6
Web site http://www.cs.st- andrews.ac.uk/~ifs/Teaching/MScCritSysEng2012/index. html Copies of slides are on Slideshare (as well as studres) and will be linked from the course web site. Twitter: @StACS5032CritSy Critical systems engineering, 2012 Slide 7
Critical systems Critical systems engineering, 2012 Slide 8
Critical system essentials Safety The system should not harm people or the system’s environment Reliability Availability The system must operate without The system must be available to serious failures deliver services when requested to do so Security The system must be able to protect itself and its data from malicious use Critical systems engineering, 2012 Slide 9
Classes of critical system β€’ Safety-critical systems – Failure results in loss of life, injury or damage to the environment e.g. chemical plant protection system; β€’ Mission-critical systems – Failure results in failure of some goal-directed activity e.g. spacecraft navigation system; β€’ Business-critical systems – Failure results in high economic losses e.g. customer accounting system in a bank; β€’ Infrastructure systems – Failure results in a loss of infrastructure capability e.g. power distribution control system, broadband communications, etc. Critical systems engineering, 2012 Slide 10
Critical systems stack Critical system External systems X Operating system and middleware System hardware Infrastructure systems Physical infrastructure Critical systems engineering, 2012 Slide 11
System dependencies β€’ Independent critical systems – Infrastructure/hardware is part of the system – System operation is not dependent on external systems – Embedded control systems such as those in medical devices β€’ Critical software systems – Usually rely on commodity hardware/OS – System operation is dependent on external infrastructure provision – Hospital appointments system Critical systems engineering, 2012 Slide 12
Systems of systems β€’ A critical system is rarely a single system but is a network of several software-intensive systems as well as infrastructure systems β€’ Systems that support organisational needs (e.g. an inter-bank payments system) have to be designed to be robust so that they can cope with failures and unavailability in the other systems on which they depend Critical systems engineering, 2012 Slide 13
Systems of systems β€’ Systems of systems (SoS) are complex socio- technical systems with – Different owners and management policies – Distributed operation – Heterogeneous hardware and software β€’ Individual systems may be part of several SoS so – Conflicting requirements from different uses of the system – Complex negotations may be required when system changes are to be made Critical systems engineering, 2012 Slide 14
Socio-technical systems β€’ Socio-technical systems include IT systems and the social and organisational environment in which these systems are used β€’ Key influences are human behaviour, organisational processes and policies, regulations, cultur e Critical systems engineering, 2012 Slide 15
Socio-technical systems Social and political environment Laws, regulations, custom & practice System Business users Software-intensive system processes Organisational policies and culture Organisational strategies and goals Critical systems engineering, 2012 Slide 16
Regulation β€’ Regulators are government-appointed bodies whose job is to ensure that companies and other bodies conform to national and international laws. β€’ This normally involves interpreting the law and government policy and establishing standards and regulations that must be followed by industry. β€’ Examples of regulators – Data protection authority – Civil Aviation authority – Bank of England / Financial Services Authority – Ofgen – electricity and gas regulator Critical systems engineering, 2012 Slide 17
Regulators and critical systems β€’ Some critical systems may have to be certified by regulators before they are put into use. This is particularly true for safety-critical systems. β€’ This means that the regulators check that the system is conformant to current regulations and standards. – This normally involves the system developers producing evidence (a safety case or a dependability case e.g.) that demonstrates that the system is dependable. β€’ Examples of certifiers – Civil Aviation Authority – aircraft systems – Medical Devices Directorate – medical devices and instruments Critical systems engineering, 2012 Slide 18
System criticality β€’ Primary critical systems – Systems where system failure leads directly to an incident that has an associated loss of some kind – Typically, these are control systems or systems that are closely associated with a control system – Example – failure of engine management system in a car causes engine to cut out while driving β€’ Secondary critical systems – Systems whose failure may (but need not) lead to failure in an associated system that then leads to loss of some kind – Example – medical information system that maintains incorrect information about treatment Critical systems engineering, 2012 Slide 19
Critical systems engineering β€’ Focus is on the use of techniques and methods to develop dependable and secure systems. β€’ The costs of critical system failure are so high that development methods may be used that are not cost- effective for other types of system. β€’ An important aim for many critical systems is certification and the development process has to be geared to achieving such certification. β€’ Certification costs can exceed development costs. Critical systems engineering, 2012 Slide 20
Software engineering for critical systems β€’ Formal methods for systems specification and analysis. β€’ Use of specialized tools such as model checkers and static analyzers. β€’ Risk-driven approach to system specification and management. β€’ Argumentation systems to support the development of dependability cases. β€’ Disciplined configuration management of all software and hardware. β€’ Detailed process record keeping. Critical systems engineering, 2012 Slide 21
Denver airport baggage system β€’ System to control baggage transfer at the (then new) Denver airport in the USA. β€’ Example system illustrating some of the issues and problems that arise with complex socio-technical critical systems. β€’ This is a business critical system – the effective functioning of the airport relies on its baggage handling system. Critical systems engineering, 2012 Slide 22
System overview β€’ New baggage handling system, which was software controlled, based on individual baggage carts rather than conveyor belts. β€’ Intention was automated handling so that there was no manual handling of bags from plane to passenger. β€’ Very complex hardware/software system procured from several different companies. β€’ Encountered complex organisational, hardware and software problems. Critical systems engineering, 2012 Slide 23
β€œDenver airport saw the future: It didn’t work” – Baggage system did not recognise blockages and simply continued to unload bags – Bags fell off the carts due to timing problems – System loaded bags onto carts that were already full β€’ At the time of the airport opening, only a very limited version of the system was available. – This system had a 10% error rate (i.e. 10% of bags were delivered to the wrong place) β€’ Airport 18 months late opening β€’ System abandoned in 2005 Critical systems engineering, 2012 Slide 24
Key points β€’ Economic and human activities are increasingly dependent on software-intensive systems. These can be thought of as critical systems. β€’ For critical systems, the costs of failure are likely to significantly exceed the costs of system development and operation. β€’ Consequently, the dependability and security of the system are the most important development considerations. β€’ Critical systems are often subject to external regulation. Critical systems engineering, 2012 Slide 25

Recommended

Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specificationAryan Ajmer
Β 
Critical Systems
Critical SystemsCritical Systems
Critical SystemsUsman Bin Saad
Β 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineeringsommerville-videos
Β 
Emergent properties
Emergent propertiesEmergent properties
Emergent propertiessommerville-videos
Β 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliabilitysommerville-videos
Β 
System success and failure
System success and failureSystem success and failure
System success and failuresommerville-videos
Β 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITSIan Sommerville
Β 
Critical systems intro
Critical systems introCritical systems intro
Critical systems introsommerville-videos
Β 

Recommended

Critical systems specification
Critical systems specificationCritical systems specification
Critical systems specificationAryan Ajmer
Β 
Critical Systems
Critical SystemsCritical Systems
Critical SystemsUsman Bin Saad
Β 
Critical systems engineering
Critical systems engineeringCritical systems engineering
Critical systems engineeringsommerville-videos
Β 
Emergent properties
Emergent propertiesEmergent properties
Emergent propertiessommerville-videos
Β 
Availability and reliability
Availability and reliabilityAvailability and reliability
Availability and reliabilitysommerville-videos
Β 
System success and failure
System success and failureSystem success and failure
System success and failuresommerville-videos
Β 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITSIan Sommerville
Β 
Critical systems intro
Critical systems introCritical systems intro
Critical systems introsommerville-videos
Β 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
Β 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependabilitysommerville-videos
Β 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.sommerville-videos
Β 
Software engineering socio-technical systems
Software engineering socio-technical systemsSoftware engineering socio-technical systems
Software engineering socio-technical systemsDr. Loganathan R
Β 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resiliencesommerville-videos
Β 
System dependability
System dependabilitySystem dependability
System dependabilitysommerville-videos
Β 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernssommerville-videos
Β 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
Β 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
Β 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
Β 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
Β 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million usersIan Sommerville
Β 
System engineering
System engineeringSystem engineering
System engineeringDr.M.Karthika parthasarathy
Β 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9Ian Sommerville
Β 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
Β 
Ch12 safety engineering
Ch12 safety engineeringCh12 safety engineering
Ch12 safety engineeringsoftware-engineering-book
Β 
Developing ics cyber security improvement plan(5)
Developing ics cyber security improvement plan(5)Developing ics cyber security improvement plan(5)
Developing ics cyber security improvement plan(5)Nicole Valerio
Β 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101Donald E. Hester
Β 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
Β 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
Β 
CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013Ian Sommerville
Β 
Socio technical systems (LSCITS EngD)
Socio technical systems (LSCITS EngD)Socio technical systems (LSCITS EngD)
Socio technical systems (LSCITS EngD)Ian Sommerville
Β 

More Related Content

What's hot

Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security EngineeringMuhammad Asim
Β 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependabilitysommerville-videos
Β 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.sommerville-videos
Β 
Software engineering socio-technical systems
Software engineering socio-technical systemsSoftware engineering socio-technical systems
Software engineering socio-technical systemsDr. Loganathan R
Β 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resiliencesommerville-videos
Β 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernssommerville-videos
Β 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
Β 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and proceduresCAS
Β 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systemssommerville-videos
Β 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information SecuritySARJERAO Sarju
Β 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million usersIan Sommerville
Β 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9Ian Sommerville
Β 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
Β 
Developing ics cyber security improvement plan(5)
Developing ics cyber security improvement plan(5)Developing ics cyber security improvement plan(5)
Developing ics cyber security improvement plan(5)Nicole Valerio
Β 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101Donald E. Hester
Β 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Tripwire
Β 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance EnergyTech2015
Β 

What's hot (20)

Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Β 
Infrastructure dependability
Infrastructure dependabilityInfrastructure dependability
Infrastructure dependability
Β 
Intro to requirements eng.
Intro to requirements eng.Intro to requirements eng.
Intro to requirements eng.
Β 
Software engineering socio-technical systems
Software engineering socio-technical systemsSoftware engineering socio-technical systems
Software engineering socio-technical systems
Β 
Infrastructure resilience
Infrastructure resilienceInfrastructure resilience
Infrastructure resilience
Β 
System dependability
System dependabilitySystem dependability
System dependability
Β 
Stakeholders, viewpoints and concerns
Stakeholders, viewpoints and concernsStakeholders, viewpoints and concerns
Stakeholders, viewpoints and concerns
Β 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
Β 
It security controls, plans, and procedures
It security controls, plans, and proceduresIt security controls, plans, and procedures
It security controls, plans, and procedures
Β 
Introducing sociotechnical systems
Introducing sociotechnical systemsIntroducing sociotechnical systems
Introducing sociotechnical systems
Β 
is_1_Introduction to Information Security
is_1_Introduction to Information Securityis_1_Introduction to Information Security
is_1_Introduction to Information Security
Β 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
Β 
System engineering
System engineeringSystem engineering
System engineering
Β 
Ch14-Software Engineering 9
Ch14-Software Engineering 9Ch14-Software Engineering 9
Ch14-Software Engineering 9
Β 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
Β 
Ch12 safety engineering
Ch12 safety engineeringCh12 safety engineering
Ch12 safety engineering
Β 
Developing ics cyber security improvement plan(5)
Developing ics cyber security improvement plan(5)Developing ics cyber security improvement plan(5)
Developing ics cyber security improvement plan(5)
Β 
System Security Plans 101
System Security Plans 101System Security Plans 101
System Security Plans 101
Β 
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)
Β 
Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance Irv Badr: Managing Risk Safety and Security Compliance
Irv Badr: Managing Risk Safety and Security Compliance
Β 

Similar to Introduction to Critical Systems Engineering (CS 5032 2012)

CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013Ian Sommerville
Β 
Socio technical systems (LSCITS EngD)
Socio technical systems (LSCITS EngD)Socio technical systems (LSCITS EngD)
Socio technical systems (LSCITS EngD)Ian Sommerville
Β 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013Ian Sommerville
Β 
Requirements Engineering (CS 5032 2012)
Requirements Engineering (CS 5032 2012)Requirements Engineering (CS 5032 2012)
Requirements Engineering (CS 5032 2012)Ian Sommerville
Β 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013Ian Sommerville
Β 
Cis 2303 lo1 part 1_weeks_1_2 - student ver
Cis 2303 lo1 part 1_weeks_1_2 - student verCis 2303 lo1 part 1_weeks_1_2 - student ver
Cis 2303 lo1 part 1_weeks_1_2 - student verAhmad Ammari
Β 
information system analysis and design
information system analysis and designinformation system analysis and design
information system analysis and designEndalkachewYazie1
Β 
Lecture-2-Architectural_Concepts.pdf
Lecture-2-Architectural_Concepts.pdfLecture-2-Architectural_Concepts.pdf
Lecture-2-Architectural_Concepts.pdfAkilaGamage2
Β 
Foundations Fundamentals
Foundations FundamentalsFoundations Fundamentals
Foundations Fundamentalsishtiaq47
Β 
Cyber physical systems and robotics
Cyber physical systems and roboticsCyber physical systems and robotics
Cyber physical systems and roboticstrinhanhtuan247
Β 
Systematic Architecture Design
Systematic Architecture DesignSystematic Architecture Design
Systematic Architecture DesignGESSI UPC
Β 
Systems Practice in Engineering (SPiE)
Systems Practice in Engineering (SPiE)Systems Practice in Engineering (SPiE)
Systems Practice in Engineering (SPiE)mikeyearworth
Β 
Software Evolution_Se lect3 btech
Software Evolution_Se lect3 btechSoftware Evolution_Se lect3 btech
Software Evolution_Se lect3 btechIIITA
Β 
Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...UBMCanon
Β 
Sociotechnical systems resilience
Sociotechnical systems resilienceSociotechnical systems resilience
Sociotechnical systems resilienceJean-RenΓ© RUAULT
Β 
Software architecture simplified
Software architecture simplifiedSoftware architecture simplified
Software architecture simplifiedPrasad Chitta
Β 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITSIan Sommerville
Β 

Similar to Introduction to Critical Systems Engineering (CS 5032 2012) (20)

CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013CS 5032 L1 critical socio-technical systems 2013
CS 5032 L1 critical socio-technical systems 2013
Β 
Socio technical systems (LSCITS EngD)
Socio technical systems (LSCITS EngD)Socio technical systems (LSCITS EngD)
Socio technical systems (LSCITS EngD)
Β 
CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013CS 5032 L4 requirements engineering 2013
CS 5032 L4 requirements engineering 2013
Β 
Requirements Engineering (CS 5032 2012)
Requirements Engineering (CS 5032 2012)Requirements Engineering (CS 5032 2012)
Requirements Engineering (CS 5032 2012)
Β 
Socio technical system
Socio technical systemSocio technical system
Socio technical system
Β 
CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013CS 5032 L3 socio-technical systems 2013
CS 5032 L3 socio-technical systems 2013
Β 
Cis 2303 lo1 part 1_weeks_1_2 - student ver
Cis 2303 lo1 part 1_weeks_1_2 - student verCis 2303 lo1 part 1_weeks_1_2 - student ver
Cis 2303 lo1 part 1_weeks_1_2 - student ver
Β 
information system analysis and design
information system analysis and designinformation system analysis and design
information system analysis and design
Β 
Chapter 01
Chapter 01Chapter 01
Chapter 01
Β 
Lecture-2-Architectural_Concepts.pdf
Lecture-2-Architectural_Concepts.pdfLecture-2-Architectural_Concepts.pdf
Lecture-2-Architectural_Concepts.pdf
Β 
Foundations Fundamentals
Foundations FundamentalsFoundations Fundamentals
Foundations Fundamentals
Β 
Cyber physical systems and robotics
Cyber physical systems and roboticsCyber physical systems and robotics
Cyber physical systems and robotics
Β 
Systematic Architecture Design
Systematic Architecture DesignSystematic Architecture Design
Systematic Architecture Design
Β 
Systems Practice in Engineering (SPiE)
Systems Practice in Engineering (SPiE)Systems Practice in Engineering (SPiE)
Systems Practice in Engineering (SPiE)
Β 
Software Evolution_Se lect3 btech
Software Evolution_Se lect3 btechSoftware Evolution_Se lect3 btech
Software Evolution_Se lect3 btech
Β 
Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...Systems Engineering and Requirements Management in Medical Device Product Dev...
Systems Engineering and Requirements Management in Medical Device Product Dev...
Β 
Sociotechnical systems resilience
Sociotechnical systems resilienceSociotechnical systems resilience
Sociotechnical systems resilience
Β 
Software architecture simplified
Software architecture simplifiedSoftware architecture simplified
Software architecture simplified
Β 
Ooad
OoadOoad
Ooad
Β 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
Β 

More from Ian Sommerville

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale SystemsIan Sommerville
Β 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintroIan Sommerville
Β 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recoveryIan Sommerville
Β 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineeringIan Sommerville
Β 
Requirements reality
Requirements realityRequirements reality
Requirements realityIan Sommerville
Β 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems designIan Sommerville
Β 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITSIan Sommerville
Β 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-studyIan Sommerville
Β 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
Β 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureIan Sommerville
Β 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
Β 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
Β 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
Β 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureIan Sommerville
Β 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
Β 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsIan Sommerville
Β 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
Β 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
Β 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013Ian Sommerville
Β 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013Ian Sommerville
Β 

More from Ian Sommerville (20)

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
Β 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
Β 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
Β 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
Β 
Requirements reality
Requirements realityRequirements reality
Requirements reality
Β 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
Β 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
Β 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
Β 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
Β 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failure
Β 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disaster
Β 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
Β 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2
Β 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructure
Β 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
Β 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systems
Β 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013
Β 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013
Β 
CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013CS5032 L11 validation and reliability testing 2013
CS5032 L11 validation and reliability testing 2013
Β 
CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013CS 5032 L12 security testing and dependability cases 2013
CS 5032 L12 security testing and dependability cases 2013
Β 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
Β 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
Β 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
Β 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
Β 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
Β 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
Β 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
Β 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
Β 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
Β 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
Β 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
Β 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
Β 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
Β 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraΓΊjo
Β 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
Β 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
Β 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
Β 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
Β 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
Β 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
Β 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Β 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Β 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Β 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Β 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Β 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Β 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Β 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Β 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Β 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Β 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Β 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Β 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Β 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Β 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Β 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Β 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Β 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Β 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Β 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Β 

Introduction to Critical Systems Engineering (CS 5032 2012)

  • 1. Critical Systems Engineering Prof Ian Sommerville Dr John Rooksby Critical systems engineering, 2012 Slide 1
  • 2. Course aims β€’ When you have completed this course, you should: – understand what is meant by a critical system and have learned about different types of critical systems. – understand the fundamental concepts of system dependability and security and know about the key technical activities – specification, development and assurance - in critical systems engineering. – understand that critical systems are usually not simply technical systems but are socio-technical systems that include people and processes and are profoundly affected by organisational politics and policies. Critical systems engineering, 2012 Slide 2
  • 3. Presentation β€’ 3 hour slot, one afternoon per week (normally Thursdays) from 13.30 to 16.30. Short breaks at 14.25 and 15.35. β€’ Benefits of this approach – Gives time for coverage of a topic so that you don’t forget material between lectures – Provides an opportunity to integrate work on case studies with the lecture material – Allows time for class exercises where required β€’ Problems – More tiring for students (and lecturer) than separate lecture slots Critical systems engineering, 2012 Slide 3
  • 4. Course topics β€’ Introduction to critical systems (IS), System failure (JR) β€’ Requirements engineering, dependability concepts (IS) β€’ Human error and reliability (JR) β€’ Dependability specification (IS) β€’ Learning from failure (JR) β€’ Dependability engineering, fault tolerant system architectures (IS) Critical systems engineering, 2012 Slide 4
  • 5. Course topics β€’ Organisations and organisational failure (JR) β€’ Security engineering (IS) β€’ Methods of dependability assurance, dependability cases (IS) β€’ Critical infrastructure and the internet (JR) Critical systems engineering, 2012 Slide 5
  • 6. Assessment β€’ Examination (40%) – Covering all topics in the course β€’ Coursework (60%) – Two pieces of coursework – 1 on the technical and 1 on the socio-technical aspect of the course. Each will be of equal weight (30%) Critical systems engineering, 2012 Slide 6
  • 7. Web site http://www.cs.st- andrews.ac.uk/~ifs/Teaching/MScCritSysEng2012/index. html Copies of slides are on Slideshare (as well as studres) and will be linked from the course web site. Twitter: @StACS5032CritSy Critical systems engineering, 2012 Slide 7
  • 8. Critical systems Critical systems engineering, 2012 Slide 8
  • 9. Critical system essentials Safety The system should not harm people or the system’s environment Reliability Availability The system must operate without The system must be available to serious failures deliver services when requested to do so Security The system must be able to protect itself and its data from malicious use Critical systems engineering, 2012 Slide 9
  • 10. Classes of critical system β€’ Safety-critical systems – Failure results in loss of life, injury or damage to the environment e.g. chemical plant protection system; β€’ Mission-critical systems – Failure results in failure of some goal-directed activity e.g. spacecraft navigation system; β€’ Business-critical systems – Failure results in high economic losses e.g. customer accounting system in a bank; β€’ Infrastructure systems – Failure results in a loss of infrastructure capability e.g. power distribution control system, broadband communications, etc. Critical systems engineering, 2012 Slide 10
  • 11. Critical systems stack Critical system External systems X Operating system and middleware System hardware Infrastructure systems Physical infrastructure Critical systems engineering, 2012 Slide 11
  • 12. System dependencies β€’ Independent critical systems – Infrastructure/hardware is part of the system – System operation is not dependent on external systems – Embedded control systems such as those in medical devices β€’ Critical software systems – Usually rely on commodity hardware/OS – System operation is dependent on external infrastructure provision – Hospital appointments system Critical systems engineering, 2012 Slide 12
  • 13. Systems of systems β€’ A critical system is rarely a single system but is a network of several software-intensive systems as well as infrastructure systems β€’ Systems that support organisational needs (e.g. an inter-bank payments system) have to be designed to be robust so that they can cope with failures and unavailability in the other systems on which they depend Critical systems engineering, 2012 Slide 13
  • 14. Systems of systems β€’ Systems of systems (SoS) are complex socio- technical systems with – Different owners and management policies – Distributed operation – Heterogeneous hardware and software β€’ Individual systems may be part of several SoS so – Conflicting requirements from different uses of the system – Complex negotations may be required when system changes are to be made Critical systems engineering, 2012 Slide 14
  • 15. Socio-technical systems β€’ Socio-technical systems include IT systems and the social and organisational environment in which these systems are used β€’ Key influences are human behaviour, organisational processes and policies, regulations, cultur e Critical systems engineering, 2012 Slide 15
  • 16. Socio-technical systems Social and political environment Laws, regulations, custom & practice System Business users Software-intensive system processes Organisational policies and culture Organisational strategies and goals Critical systems engineering, 2012 Slide 16
  • 17. Regulation β€’ Regulators are government-appointed bodies whose job is to ensure that companies and other bodies conform to national and international laws. β€’ This normally involves interpreting the law and government policy and establishing standards and regulations that must be followed by industry. β€’ Examples of regulators – Data protection authority – Civil Aviation authority – Bank of England / Financial Services Authority – Ofgen – electricity and gas regulator Critical systems engineering, 2012 Slide 17
  • 18. Regulators and critical systems β€’ Some critical systems may have to be certified by regulators before they are put into use. This is particularly true for safety-critical systems. β€’ This means that the regulators check that the system is conformant to current regulations and standards. – This normally involves the system developers producing evidence (a safety case or a dependability case e.g.) that demonstrates that the system is dependable. β€’ Examples of certifiers – Civil Aviation Authority – aircraft systems – Medical Devices Directorate – medical devices and instruments Critical systems engineering, 2012 Slide 18
  • 19. System criticality β€’ Primary critical systems – Systems where system failure leads directly to an incident that has an associated loss of some kind – Typically, these are control systems or systems that are closely associated with a control system – Example – failure of engine management system in a car causes engine to cut out while driving β€’ Secondary critical systems – Systems whose failure may (but need not) lead to failure in an associated system that then leads to loss of some kind – Example – medical information system that maintains incorrect information about treatment Critical systems engineering, 2012 Slide 19
  • 20. Critical systems engineering β€’ Focus is on the use of techniques and methods to develop dependable and secure systems. β€’ The costs of critical system failure are so high that development methods may be used that are not cost- effective for other types of system. β€’ An important aim for many critical systems is certification and the development process has to be geared to achieving such certification. β€’ Certification costs can exceed development costs. Critical systems engineering, 2012 Slide 20
  • 21. Software engineering for critical systems β€’ Formal methods for systems specification and analysis. β€’ Use of specialized tools such as model checkers and static analyzers. β€’ Risk-driven approach to system specification and management. β€’ Argumentation systems to support the development of dependability cases. β€’ Disciplined configuration management of all software and hardware. β€’ Detailed process record keeping. Critical systems engineering, 2012 Slide 21
  • 22. Denver airport baggage system β€’ System to control baggage transfer at the (then new) Denver airport in the USA. β€’ Example system illustrating some of the issues and problems that arise with complex socio-technical critical systems. β€’ This is a business critical system – the effective functioning of the airport relies on its baggage handling system. Critical systems engineering, 2012 Slide 22
  • 23. System overview β€’ New baggage handling system, which was software controlled, based on individual baggage carts rather than conveyor belts. β€’ Intention was automated handling so that there was no manual handling of bags from plane to passenger. β€’ Very complex hardware/software system procured from several different companies. β€’ Encountered complex organisational, hardware and software problems. Critical systems engineering, 2012 Slide 23
  • 24. β€œDenver airport saw the future: It didn’t work” – Baggage system did not recognise blockages and simply continued to unload bags – Bags fell off the carts due to timing problems – System loaded bags onto carts that were already full β€’ At the time of the airport opening, only a very limited version of the system was available. – This system had a 10% error rate (i.e. 10% of bags were delivered to the wrong place) β€’ Airport 18 months late opening β€’ System abandoned in 2005 Critical systems engineering, 2012 Slide 24
  • 25. Key points β€’ Economic and human activities are increasingly dependent on software-intensive systems. These can be thought of as critical systems. β€’ For critical systems, the costs of failure are likely to significantly exceed the costs of system development and operation. β€’ Consequently, the dependability and security of the system are the most important development considerations. β€’ Critical systems are often subject to external regulation. Critical systems engineering, 2012 Slide 25

Editor's Notes

  1. The effective functioning of our personal lives, society and economy is now dependent on software-intensive systemsMany of these systems are critical systems – systems where failure or lack of availability has a serious human, environmental or economic effect.Examples of critical systemsControl systems for complex equipment, such as an aircraft flight control systemInfrastructure systems that manage national infrastructure (power, water, telecommunications, railways, etc.)Healthcare systems that manage patient informationAlso give examples of non-critical systems e.g. games, PC applications,