sources of risks cit304 university of sunderland
Post on 20-Dec-2015
215 views
TRANSCRIPT
![Page 1: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/1.jpg)
Sources of Risks
CIT304University of Sunderland
![Page 2: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/2.jpg)
References
• P. Neumann, 1995, Computer-Related Risks, Addison-Wesley, ISBN: 0-201-55805-X
![Page 3: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/3.jpg)
Risks in Development• System conceptualization
– Miss-assessment of the technology.
• Requirements definition – Erroneous, incomplete,
or inconsistent requirements.
• System design – Fundamental
misconceptions or flaws.
• Implementation – Various errors.
• Support systems – Faulty or poor tools.
• System analysis – False assumptions or
erroneous models.
• Testing – Incomplete or erroneous
testing.
• Evolution – Sloppy maintenance and
upgrades.
• Decommission – Premature removal;
removal of components
used elsewhere.
![Page 4: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/4.jpg)
Risks in Use
• Environment – Earthquakes, floods, fires, etc.
• Animals – E.g., squirrelcide.
• Infrastructure – Loss of power, air conditioning
• Hardware – Malfunction due to ageing or transients
• Software – Bugs
• Communications – Outages, interference, and jamming
• Human Limitations – Installation or misuse
![Page 5: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/5.jpg)
Note Well…
• Risks are not just security…• By the way, security risks tend to be:– Mostly involving insiders– Mostly involving human behavior– Sometimes resulting from unwarranted assumptions
– Often are due to design errors or incomplete understanding of a system or technology
![Page 6: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/6.jpg)
System Conceptualization
• Misunderstanding of the technology– Too far– Not far enough
• Cost overruns• Schedule overruns• Lack of FeasibilityExample—MIFASS (Marine Fire and Air Support System). The agency direction was to use a CPU somewhat slower than a first generation Apple II. There was no recovery.
![Page 7: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/7.jpg)
Requirements Definition
• Erroneous requirements• Incomplete requirements• Inconsistent requirementsExtremely common and expensive. Missing requirements are the worst problem.
![Page 8: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/8.jpg)
System Design
• Fundamentally false assumptions– E.g., infinite speed of light
• Erroneous modelsExample: the FAA’s Advance Automation System. The contractor assumed that the average statement in Ada generated 5 machine instructions (actually it was 10) and that the speed of a 10 MHz machine was (with parallelism) 20 MHz (actually it was 12 MHz). There was no recovery.
![Page 9: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/9.jpg)
Implementation
• Various and varied.– Chip fabrication (Intel’s early Pentium chip)
– Wiring– Programming bugs– Trojan horses– Viruses
We will discuss this.
![Page 10: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/10.jpg)
Support Systems
• Faulty or poor tools– Language choice– Compiler/debugger– Bad tools– Editing
CASE tools never met their expectations…Sometimes reflect failure to meet standards.Sometimes is deliberate on the part of a vendor.
![Page 11: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/11.jpg)
System Analysis
• False assumptions about– World– Operating environment– Human behavior
• Erroneous models and simulationsPrototypes help here.
![Page 12: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/12.jpg)
Testing
• Incomplete testing• Erroneous testing• Faulty code verificationWhat is a testable requirement? One way of dealing with this is Test-Driven Development (TDD), where you write the unit tests first. We teach this in CSE301.
![Page 13: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/13.jpg)
Evolution
• Sloppy maintenance and upgrades.• Misconceptions• New flaws• Loss of design coherencyMaintenance organizations do not attract the best engineers. Design the system so it can be maintained by entry-level staff.
![Page 14: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/14.jpg)
Decommission
• Premature removal.• Removal of components needed elsewhere.
• Hidden dependencies• Replacement not done in time• Hardware and software end of life
• Vendor profiteering
![Page 15: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/15.jpg)
Environment
• Earthquake• Flood• Fire• Temperature extremes• EMI• Etc…
![Page 16: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/16.jpg)
Animals
• Sharks (underwater cables)• Squirrels (enjoy fibre and cabling)• Monkeys (inquisitive)• Birds (watch your neighborhood telephone poles)
• Horses (enjoy practical jokes)• Cattle• Pigs• Etc.
![Page 17: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/17.jpg)
Infrastructure
• Power• Air Conditioning• Physical Security
![Page 18: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/18.jpg)
Hardware
• Ageing• Transients• Environmental problems• Errors in Design
![Page 19: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/19.jpg)
Software
• Bugs of many sorts– System development– Change implementation– Maintenance
![Page 20: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/20.jpg)
Communications
• Outages• Natural interference• Jamming
– Intentional– Accidental
• Tapping• Other
![Page 21: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/21.jpg)
Human Error
• Installation• Misuse
– Intentional– Unintentional
![Page 22: Sources of Risks CIT304 University of Sunderland](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d445503460f94a21aef/html5/thumbnails/22.jpg)
Adverse Effects
• A myriadDiscuss…