dependable systems

8/9/2019 Dependable Systems

1/24

DEPENDABLEDEPENDABLE

SYSTEMSSYSTEMSFOR QUALITY CAREFOR QUALITY CARE


2/24

SYSTEMSYSTEMRELIABILITY RELIABILITY

AVAILABILITY AVAILABILITY

CONFIDENTIALICONFIDENTIALITY TY

DATADATA

INTEGRITY INTEGRITY

RESPONSIVRESPONSIVENESSENESS

SAFETY SAFETY

DEPENDABILITY


3/24

DEPENDABILITY

HOLISTIC measurement of the extent to whicha system can justifiably be relied on to deliver the services expected of it

always in a PROGRESSION rather thanRETROGRESSION


4/24

ATTRIBUTES OF DEPENDABILITY

ATTRIBUTE DESCRIPTIONSystem reliability system consistently

behaves in the same

wayService availability required services are

present and usablewhen they are needed

Confidentiality sensitive information

is disclosed only to


5/24

ATTRIBUTES OF DEPENDABILITY

ATTRIBUTE DESCRIPTIONData integrity Data are not

corrupted or

destroyedResponsiveness The system responds

to user input within anexpected andacceptable timeperiod

Safety the system does not


6/24

WHAT IF SOME OR MOST OF THEATTRIBUTES FOR DEPENDABILITY

ARE MISSING???

DEPENDABILITY ISSUESARISE


7/24

DEPENDABILITY ISSUES

CareGroup catastrophe (2003)Worm attack at Covenant HealthPower outage at Kaiser PermanenteBlaster and SoBig worm attacks


8/24

WHAT IS THEN THE SOLUTIONFOR

THESE ISSUES?ANSWER: GUIDELINES FORDEPENDABILITY


9/24

DEPENDABLE SYSTEMSGUIDELINES

Guideline 1: Dependability Architecture

Guideline 2: Anticipate Failures

Guideline 3: Anticipate Success

Guideline 4: Hire Meticulous Managers

Guideline 5: Dont Be Adventurous


10/24

ARCHITECT FORDEPENDABILITY

SIMPLIFIED, INTEGRATED STRUCTURE ANDYET, NO-SINGLE DEPENDABILITY

No critical component is dependent on acomponent less trustworthy than itself (Fig. 15.1) CREATION FROM BOTTOM-UP Security and safety services are only as

dependable as the operating systems, networks,and other system services on which they depend

GUIDELINEGUIDELINE11


11/24

Vulnerabilities from the bottom structure willcreate a domino effectNo single component should be capable of

bringing the system down should thatcomponent fail

ARCHITECT FORDEPENDABILITY



12/24

COMPLEXITY VULNERABILITY

Design flaws increase in proportion to theincreasing complexity and speed of theprocessors (Moors Law)This vulnerability makes the system prone to

malicious softwares (malwares)

ANTICIPATE FAILURESGUIDELINEGUIDELINE22


13/24

Availability of fail-safe options, fault detector softwares, anti-malware and backup recoveryprograms

Application-specific features should beimplementedSafety-critical systems should be designed andbuilt to fail in a SAFE state

ANTICIPATE FAILURESGUIDELINEGUIDELINE22


14/24

The systems planning process should anticipatebusiness success---and the consequential needfor larger networks, more systems, new

applications, and additional integrationE.g. Use-case scenarios that anticipate hospital and

clinic mergers, acquisitions, and a growingpatient/customer base

It enhances future planning and possibleintegration

ANTICIPATE SUCCESSGUIDELINEGUIDELINE33


15/24

Hiring individuals who are good FORECASTERS- who know that failures will occur and accept thatfailures are most likely to occur when they are

least expected

Applying good managerial skills in managing andmonitoring the system and network performance,managing the workload, and practicing gooddecision-making skills

HIRE METICULOUSMANAGERS



16/24

PROVEN = BEST SUCCESS

USE ONLY the PROVEN methods, tools,technologies, and products that have been inproduction, under conditions, and at a scalesimilar to the intended environment

DONT BE ADVENTUROUSGUIDELINEGUIDELINE55


17/24

IF THE HEALTH CARE SYSTEMSARE TO BE EXAMINED,

WILL THE SYSTEMS BEDEPENDABLE?


18/24

ASSESSING THEHEALTHCARE INDUSTRY

OBSERVATIONS OF DEPENDABILITY INHEALTH SYSTEMS


19/24

ARCHITECTUREGUIDELINGUIDELINE 1E 1

Healthcareorganizationscompose their

systems from the topdownSelection of users

interface IT

analyst-vendornegotiation production

Isolated, complexdepartmental

HIPAA securityregulation:

Security mgmt.

Secured responsibilityInformation accessmgmt.

Security awarenessand training

Security incidentprocedures

Contingency planningEvaluationBusiness associate

GRADEGRADEDD


20/24

ANTICIPATEFAILURES


GRADEGRADEDD

Commercial, clinicalsoftware applications areNOT subject to FDAcertification or any othertype of certification

Complex architecturefurther increases failures,and may lead to loss of

human lifee.g. Therac-25 failurePCs that connect to the

enterprise network fromoutside serve as channelsfor transporting malicious

FDA Improvementin the reportingsystem and

development of procedures andguidelines specificfor software


21/24

ANTICIPATESUCCESS


GRADEGRADECC

Healthcareorganizations expecttheir software

applications,computer systems,and networks towork

However, they donot foresee that theirsuccess may increaseneed for processingpower and

Sharing theexperience to otherorganizations by

the CIO of CareGroup


22/24

ITMANAGEMENT

GUIDELINGUIDELINE 4E 4

GRADEGRADECC

Health care organizations may hireIT managers who may understand

the healthcare business, but may notunderstand the fragile nature of IT orthe importance of the Guideline 1

(Architecture) for dependability,leading to LOOSE composites of departmental systems

Very low investment in IT (2%) andsubsequent meager budget for IT


23/24

ADVENTUROUS TECHNOLOGY


GRADEGRADECC

Historically:cliniciansresiliency tochange

Today: Moreadventurous

approaches tohealth caree.g. wireless

networking,

Fallback:Wireless potential

of broadcasting vitalsensitive data toenterprises

Handheld devices weak authentication,no separation of execution domain,weak encryption,

vulnerability to


24/24

dependable systems

Documents