Socio-technical Systems Dependability and Security - HW4

11.4 Giving reasons for your answer, suggest which dependability attributes are likely to be most critical for the following systems.

An Internet server provided by an ISP with thousands of customers: 
Repairability for quick recovery after any failures.
Availability and Reliability for constant service uptime as expected by the user.
Survivability for continued service under attacks.

 A computer controlled scalpel used in keyhole surgery:  
Reliability for consistent service. Should not fail during surgery.
Maintainability so that it keeps up with the medical/technological advancements.
Safety so that it does not cause any damage.
Security  so that the system is not able to be interfered with.  

A directional control system used in satellite launch vehicle:  
Essentially the same as the computer controlled scalpel with the addition of Error Tolerance to provide handling for any issues.

An Internet-based personal finance management system:  
Error Tolerance to handle any issues the user may encounter.
Availability and Reliability to keep the service up as expected by the user.
Survivability to keep service up under attacks.
Security to prevent any sensitive data from being accessed by anyone other than the authorized user.

11.7 In a medical system that is designed to deliver radiation to treat tumors, suggest one hazard that may arise and propose one software feature that may be used to ensure that the identified hazard does not result in an accident.
 There is a possibility that the radiation calculations could fail, and deliver too much or too little radiation to the patient. So you should create a feature that will act as a failsafe if the system delivers an amount of radiation outside defined limits.



 11.9 Using the MHC-PMS as an example, identify three threats to this system (in addition to the threat shown in  Figure 11.8). Suggest controls that might be put in place to reduce the chances of a successful attack based on these threats. 
1. An attacker can use social engineering to access the credentials of an authorized user an access the system. To control this the employees should be educated regarding the risks and ways to avoid social engineering.
2. An attacker can seek to interrupt the system by attempting something like a DDoS. This threat can be avoided by implementing good software survivability practices.
3. An attacker can seek to intercept information in the system and change it, putting the integrity of that information at risk. This can be avoided by keeping the information encrypted and ensuring that it is sent over a secure connection.