Design for Trustworthiness
Trustworthy means that a software product or component is safe, reliable, and secure. Software design is the important first, not the final, step toward creating trustworthy systems . In this chapter we provide design techniques and constraints on the software implementation that will lead toward that end. The goal of the design process is to create simple and concise solutions. Simplicity improves reliability, and conciseness reduces the time and cost of implementation .
Often, software system development is dominated by schedules and cost. Sometimes performance and functional technical requirements become an issue. Rarely has trustworthiness been considered in any but the most critical systems, but this is changing. Society as a whole is beginning to recognize that not only must software designers consider how the software will perform, they must account for the consequences of failures. Trustworthiness encompasses this concern.
Software fault tolerance is at the heart of building trustworthy software, although that may seem a contradiction in terms. Trustworthy software is stable. Therefore, it must be sufficiently fault tolerant that it does not crash at minor flaws and will shut down in an orderly way in the face of major trauma. Trustworthy software does what it is supposed to do and can repeat that action time after time, always producing the same kind of output from the same kind ...