Many software systems are now critical systems whose failure can have serious economic, human and social consequences. This course is an advanced software engineering course that is focused on system dependability and security and how business-critical, safety-critical and mission-critical systems can be developed. For critical systems, we need to be confident that system failure will not have serious adverse effects and this means that a range of analysis and assurance techniques have to be used in their development. These are quite distinct from the methods used for less critical systems development (e.g. agile development methods) and it is important to emphasise that critical systems engineering is not simply a more stringent application of these conventional software engineering techniques.
Aim of the course
The overall aim of this course was to introduce students to the software engineering of critical systems and to discuss how these software engineering techniques differed from the methods and tools used for business system and software product development.
Lectures
I ran this course using a mixture of lectures and case studies, with case studies chosen according to the lecture topics. Case studies were the focus on in-class discussions. Lectures were generally associated with chapters in my book with two lectures (grouped below) for each chapter. Because of the emerging importance of new topics such as cybersecurity and critical infrastructure, I added to the material in my book. Chapter 4 and all of the chapters in Part 2 of my book (Dependability and Security) are essential reading for the course.
The links below are links to presentations and other material on either Dropbox or Slideshare.
Restrictions on use
You may use any of the material made available here under the Creative Commons Attribution-Noncommercial-Sharealike International 4.0 license . You must attribute the material to Ian Sommerville.
WARNING: The lecture material may contain copyright images that have been included under the provision for ‘academic fair use’. The material is intended for non-commercial use only. It is not licensed for commercial use and MUST NOT be used for this purpose.
Lecture topics
Reliability and security specification
Dependability engineering 2
Security engineering 1
Security engineering 2
Critical systems assurance
Security testing and dependability cases
Critical infrastructure 2: SCADA systems
Introduction to cybersecurity
Making our systems more secure
Case studies
Kegworth air crash, 1989
This was an air accident that illustrates the complexity of system failure. I used a BBC video in class which is now available on YouTube . It is copyright of the BBC so maybe shouldn’t be there but it is a good introduction to the complexity of the issues.
Kegworth air crash, 1989 (wikipedia)
Kegworth and complex systems (slides)
Mental health care, patient management
This is a safety and security critical information system. Used in the discussion of critical systems requirements.
The Mental Health Care Patient Management System
The Ariane 5 launch explosion, 1996
The Ariane 5 launcher exploded on its first flight in 1996 as a result of a software problem. This case study explains the problem and why it occurred.
The Ariane 5 launch explosion (You Tube)
Discussion of causes of Ariane 5 failure
Security vulnerabilities
This case study looks at how buffer overflow vulnerabilities have been used to allow malicious attackers access to systems.
Buffer overflow and the Code Red worm
Smashing the stack for fun and profit (please don’t try this at home)
Incident analysis for the 1988 Internet worm
Security cases
This case study follows up the previous one on security vulnerabilities by discussing the development of security cases to provide assurance that security vulnerabilities have been handled in a system.
Arguing security: Creating security assurance cases
The Stuxnet worm
The Stuxnet work is an example of a cyberattack where malware was introduced into the control systems of a nuclear plant with the aim of destroying equipment and slowing up Iran’s nuclear development programme.
Top-10 web vulnerabilities 2019
The Maroochy water breach
The case study discussses an incident in Australia where a malicious insider reprogrammed a sewage system controller to discharge raw sewage. His motivation was that he was not offered a job with the company that developed the system.
Maroochy water breach (slides).