Quality Characteristics for Security-Critical

Domain Systems
Engr. Ghulam Qadir
18-MS-SE-07
ghulamqadir14se@gmail.com
Engr. M. Saad Ullah
18-MS-SE-09
Saad.ullah119@gmail.com

Abstract
Security critical domains are those where security of the systems has highest priority. The purpose
of this paper is to find quality characteristics which should be kept in mind for security critical
domains. It is told in this paper that what quality characteristics to apply to the systems where is
maintained and quality of the system is also necessary. It can be said that both quality and security
are important and we want to determine characteristics which the system should possess. For this
purpose, literature review of different papers has been done. Case studies has been conducted and
a methodology is adopted which is illustrated in figure 1.0. It tells about the quality characteristics
in security critical domains.

Literature Review
Software Quality encompasses many characteristics. This paper tells us which characteristic to
choose and allocate resources when there are limited resources. The data were collected from 34
practitioners from 18 organizations in the Chinese safety-critical industries. The results show
two characteristics which must be given priority. One is to pass acceptance test and other is no
critical accident should take place during system usage. Secondary characteristics relate to these
two like Functionality, Suitability, Performance, Efficiency and Reliability. These results
provide implications for industrial policy makers to decide in a better way to allocate resources.
A case study was conducted in order to gather Challenges and requirements for a web 2.0
knowledge repository system from ERP implementations communities. To achieve these
requirements, the article presents EPICS, a web 2.0 system that helps accomplish knowledge reuse
in ERP implementations. Many Open source software packages were used to build. Prototype
deployment at a real-world ERP community shows promising results. Besides reducing budget,
interesting business models emerge as a result of the deployment. (2009)
Four essential topics of self-adaptation were focused, instead of Instead of dealing with a wide
range of topics associated with the field, design space for self-adaptive solutions, software
engineering processes for self-adaptive systems, from centralized to decentralized control, and
practical run-time verification & validation for self-adaptive systems. We present an overview,
suggest future directions, and focus on selected challenges for each topic. This paper
complements and extends a previous roadmap on software engineering for self-adaptive systems
published in 2009 covering a different set of topics, and reflecting in part on the previous paper.
(Dagstuhl Seminar 10431 on Software Engineering for Self-Adaptive Systems, October 2010)
Interview, observation and used of archival data are used during data collection and after that
data is analyzed by looking for a pattern. For the ease of reader, the final report should contain
examples as well as sufficient data. (Guidelines for conducting and reporting case study research
in software engineering, 2008)
In past, researchers use to solve these problems via formal methods like formal correctness
verification. Complex programs require more sources like time, tools etc. which more developers
don’t have. Inspection methods can be more fruitful and less time consuming if they are being
conduct by following right procedures and tools. A group of lecturers were gathered at a
workshop and they deduced a result from their discussion that a good design software would
result in more efficient and easy inspection. Lack of software quality can result in lacking of
user confidence in your system. There is still a lot of room to improve inspection ways and find
out its success. (Guidelines for conducting and reporting case study research in software
engineering, 2003)
ERP Systems has become the need of modern world and IT consulting firms are used for their
gradual and incremental implementation in any organization because of its complexity in terms
of big budget, large-scale scope and terrane dispersed teams. Almost half the budget is spent on
testing, quality control and assurance methods of different phases and agile methods helps a lot
in its effectiveness but it is very tough to choose right agile methods. A brief research as conduct
on agile methods and almost 70% believe that selective agile methods according to scenario can
result in improving quality of ERP implementation. Meetings should be done on regular basis to
reduce miscommunication and enhance the quality and then every task should be evaluated and
tested by using different techniques like unit, automation testing etc. This research paper
concludes that bulk of agile methods can improve quality of all phases of ERP implementation
(Evaluation of Agile Methods for Quality Assurance and Quality Control in ERP
Implementation, 2006)

Methodology
Methodology adopted to extract results is illustrated via following diagram. Diagram has five major goals
and each goal therein has further steps to achieve that goal.
Results and Discussions
Safety critical systems are those which involve heavy risk upon failure. So, it is necessary to make
these systems work properly every time. It means Reliability is one of the required characteristics.
As failure of such systems can bring harm, but there are situations where running the system is as
obligatory as the risk. In these situations, there is no other way but to run the system under huge
risk. In case of failure, the possibility of damage can be minimized by ensuring functionality.
Hence, functionality is the other characteristic which is related to these systems. Optimized
performance must be ensured for these types of systems. Because, in the case of failure, damage
is must. It can be achieved by only allowing most relevant modules and functions to run at the time
of their need. It means only suitable functions should work and rest should not. So, suitability is
the Characteristic which these systems should have. There are conditions where faults occur during
the execution of these systems. To avoid failure, system should tolerate faults that occur during
execution of the system processes. So, Fault-tolerance is the other required characteristic of these
systems.
According to ISO 9126-1 Quality model, functionality has sub-characteristics. Out of these,
security is the characteristic which is must. Hence Security is required attribute. Whereas,
Suitability fall under Functionality. Making Functionality more relevant Characteristic for this
type of systems. Also, according to ISO 9126-1 Quality model, Fault-tolerance fall under
Reliability. So, fault-tolerance can be related to Reliability.

Conclusion
So, it is found that for security-critical domains, functionality (Security, Suitability) and Reliability
(Fault-tolerance) are the two main quality characteristics which are must. By ensuring these
characteristics in security-critical domains, risks of harm can be minimized to a certain degree.

References
(2009). IEEE Conference for Softwares (Early Access). IEEE.

Dagstuhl Seminar 10431 on Software Engineering for Self-Adaptive Systems. (October 2010).

Evaluation of Agile Methods for Quality Assurance and Quality Control in ERP Implementation. (2006).
Adventures Work daily.

Guidelines for conducting and reporting case study research in software engineering. (2003, August 8).

Guidelines for conducting and reporting case study research in software engineering. (2008, December
19).