Course: Critical Systems Engineering

Many software systems are now critical systems whose failure can have serious economic, human and social consequences. This course is an advanced software engineering course that is focused on system dependability and security and how business-critical, safety-critical and mission-critical systems can be developed.  For critical systems, we need to be confident that system failure will not have serious adverse effects and this means that a range of analysis and assurance techniques have to be used in their development. These are quite distinct from the methods used for less critical systems development (e.g. agile development methods) and it is important to emphasise that critical systems engineering is not simply a more stringent application of these conventional software engineering techniques.

Aim of the course

The overall aim of this course was to introduce students to the software engineering of critical systems and to discuss how these software engineering techniques differed from the methods and tools used for business system and software product development.


I ran this course using a mixture of lectures and case studies, with case studies chosen according to the lecture topics. Case studies were the focus on in-class discussions. Lectures were generally associated with chapters in my book with two lectures (grouped below) for each chapter. Because of the emerging importance of new topics such as cybersecurity and critical infrastructure, I added to the material in my book. Chapter 4 and all of the chapters in Part 2 of my book (Dependability and Security) are essential reading for the course.

The links below are links to presentations and other material on either Dropbox or Slideshare.

Restrictions on use

You may use any of the material made available here under the  Creative Commons Attribution-Noncommercial-Sharealike International 4.0 license . You must attribute the material to Ian Sommerville.

WARNING: The lecture material may contain copyright images that have been included under the provision for ‘academic fair use’. The material is intended for non-commercial use only. It is not licensed for commercial use and MUST NOT be used for this purpose.

Lecture topics

Why dependability matters

Critical systems engineering

Dependability and security

Socio-technical systems

Requirements engineering

Safety specification

Reliability and security specification

Dependability engineering 1

Dependability engineering 2 

Security engineering 1

Security engineering 2 

Critical systems assurance

Security testing and dependability cases

Critical infrastructure 

Critical infrastructure 2: SCADA systems

Introduction to cybersecurity

Making our systems more secure

Case studies

Kegworth air crash, 1989

This was an air accident that illustrates the complexity of system failure. I used a BBC video in class  which is now available on YouTube . It is copyright of the BBC so maybe shouldn’t be there but it is a good introduction to the complexity of the issues.

Kegworth air crash, 1989  (wikipedia)

Kegworth and complex systems (slides)

Mental health care, patient management

This is a safety and security critical information system. Used in the discussion of critical systems requirements.

The Mental Health Care Patient Management System

The Ariane 5 launch explosion, 1996

The Ariane 5 launcher exploded on its first flight in 1996 as a result of a software problem. This case study explains the problem and why it occurred.

The Ariane 5 launch explosion (You Tube)

Ariane launcher failure

Discussion of causes of Ariane 5 failure

Security vulnerabilities

This case study looks at how buffer overflow vulnerabilities have been used to allow malicious attackers access to systems.

Buffer overflow and the Code Red worm

Smashing the stack for fun and profit  (please don’t try this at home)

The 1988 Internet worm

Incident analysis for the 1988 Internet worm

Security cases

This case study follows up the previous one on security vulnerabilities by discussing the development of security cases to provide assurance that security vulnerabilities have been handled in a system.

Security cases

Arguing security: Creating security assurance cases

The Stuxnet worm

The Stuxnet work is an example of a cyberattack where malware was introduced into the control systems of a nuclear plant with the aim of destroying equipment and slowing up Iran’s nuclear development programme.

Stuxnet worm

Top-10 web vulnerabilities 2019

The Maroochy water breach

The case study discussses an incident in Australia where a malicious insider reprogrammed a sewage system controller to discharge raw sewage. His motivation was that he was not offered a job with the company that developed the system.

Maroochy water breach (slides).

Utility hack led to security overhaul