A Case Study in Requirements for Survivable Systems
• White Paper
Publisher
Software Engineering Institute
Abstract
Increasing societal dependency on critical infrastructure systems is driving emergence of a new category of requirements engineering that addresses survivability objectives. This paper presents a case study in survivability requirements analysis. Survivability is the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents. The Survivable Network Analysis (SNA) method permits assessment of survivability strategies at the requirements and architecture levels. Steps in the SNA method include mission requirements and architecture definition, essential capability definition, compromisable capability definition, and survivability analysis. Essential service scenarios and intrusion scenarios play key roles in the method. Survivability requirements must be defined for intrusion resistance, recognition, and recovery. This case study summarizes the application and results of applying the SNA method to a subsystem of a large-scale, distributed healthcare system. The study recommended specific modifications to requirements to support survivability objectives.