Project topics and materials
Get Complete Project Material File(s) Now! »
Introduction
IT systems are ubiquitous in today’s interconnected society and play a vital role in a number of industries such as banking, telecommunications and aviation. Software, in particular, is embedded in most technical and electronic products, ranging from massive machines such as airplanes to lightweight devices such as mobile phones. Software applications are essential to the proper functioning of these products and their associated service offerings. Due to the reliance of modern living on these products and services, software failures that result in their unavailability or malfunctioning can cause disasters and may even be fatal. Unfortunately, such software failures have occurred since the beginning of the computer age, as is evidenced by the number of highly publicised IT accidents reported in the media.
One example of a crisis caused by a software failure is the system outage that occurred at the Royal Bank of Scotland (RBS), a major bank in the UK, in December 2013. Due to an unspecified technical glitch, the bank’s various electronic channels were unavailable for a day and customers were unable to make payments or withdraw cash with their debit cards (Finnegan, 2013). This failure was not the first experienced by RBS. In June 2012, another major outage occurred and left millions of customers unable to access their bank accounts for four days, due to a failure in a piece of batch-scheduling software. As a result, deposits were not reflected in bank accounts, payrolls were delayed, credit ratings were downgraded and utility bills were not paid (Worstall, 2012). Recently, in November 2014, RBS was fined million pounds by British regulators for the software failure that occurred in 2012 (BBC News, 2014).
Preventing the recurrence of catastrophes such as the examples quoted above is crucial and requires a thorough post-mortem investigation to determine and rectify the root cause. To ensure the validity of its results, such an investigation must be based on reliable digital evidence such as log files, database dumps and reports from system-monitoring tools. Sound evidence of the software failure promotes the objectivity and comprehensiveness of the investigation, which implies greater accuracy of the results. Furthermore, reliable evidence is valuable in the event that the software failure leads to a product liability lawsuit.
However, current informal approaches to failure analysis do not promote the collection and preservation of digital evidence. Rather than depending on objective evidence analysis, failure analysis methods often rely on the investigator’s experience with the system to identify the cause of the problem. Troubleshooting in particular, which is usually the first response to a system failure, focuses on restoring the system to its operational state as quickly as possible.
This allows little time and resources to collect evidence of the failure. Besides, system restoration often requires rebooting, which destroys or tampers with valuable information that could pinpoint the root cause of the problem (Trigg & Doulis, 2008). Both these ‘solutions’ leave the system vulnerable to the recurrence of a similar failure.
CHAPTER 1 INTRODUCTION
1.1 Introduction
1.2 Thesis statement
1.3 Problem statement
1.4 Research Questions
1.5 Scope and context of the study
1.6 Research methodology
1.7 Terminology used in the thesis
1.8 Defining the near-miss concept
1.8.1 Current definitions of near miss
1.8.2 Proposed definition of a near miss for software systems
1.9 Layout of thesis
CHAPTER 2 SOFTWARE FAILURES: OVERVIEW OF RECENT CASES
2.1 Introduction
2.2 Background on software failures
2.3 Overview of recent major software failures
2.4 Case study of software-induced radiation overdoses: AECL Therac-25, Multidata RTP/2
and Varian IMRT
2.5 Requirements for accurate failure investigation
2.6 Conclusion
CHAPTER 3 USING DIGITAL FORENSICS FOR ACCURATE INVESTIGATION OF SOFTWARE FAILURES
3.1 Introduction
3.2 Overview of digital forensics
3.2.1 Introduction to digital forensics
3.2.2 Digital forensic applications
3.3 Motivation for using digital forensics for software failure investigations .
3.4 The scientific foundation of digital forensics .
3.5 Best practices in digital forensics
3.6 The digital forensic process
3.7 Conclusion
CHAPTER 4 THE ADAPTED DIGITAL FORENSIC PROCESS FOR FAILURE
INVESTIGATIONS
4.1 Introduction
4.2 Challenges to the forensic investigation of software failures
4.2.1 The volatility of digital evidence
4.2.2 The lack of forensic tools and techniques for the root-cause analysis of software
failures
4.2.3 The need to minimise downtime following a failure
4.2.4 The need for continuous system monitoring
4.3 Previous work on the forensic investigation of software failures
4.4 The forensic failure investigation process
4.5 Application of the forensic failure investigation process – Case study of Therac-25
accidents
4.6 Critical assessment of the failure investigation process
4.7 Conclusion
CHAPTER 5 NEAR-MISS ANALYSIS: AN OVERVIEW
CHAPTER 6 THE NEAR-MISS DETECTION AND PRIORITISATION MODE
CHAPTER 7 THE NMS ARCHITECTURE
CHAPTER 8 PROTOTYPING THE NMS – THE DESIGN PHASE
