Software Failure Investigation (eBook)

Professor Jan Eloff graduated in 1985 with a PhD in Computer Science. Up to June 2015 he was appointed as the Research Director for SAP Research in Africa and is currently appointed as Deputy Dean Research & Postgraduate studies: Faculty of Eng., Built Environment and IT (EBIT) and as a full professor in computer science at the University of Pretoria. From 2007 he is an associate-editor of the Computers & Security journal and an editorial member for the international Computer Fraud & Security bulletin published by Elsevier. He is an internationally recognised researcher and has published 113 peer reviewed papers with 3537 citations.Dr. Madeleine Bihina Bella has over 10 years of industry experience with expertise in IT security and business analysis working in leading roles in a number of multinationals across various industries. She is also a part-time computer science lecturer. In 2015 she graduated with a PhD in Computer Science from the University of Pretoria specializing in the field of digital forensics. Her research focused on near-miss analysis as a novel technique to improve the forensic investigation of software failures. ”. She received a number of awards for her doctoral research including the South African Women in Science Award, the Google Women Techmakers sholarship and the L’Oréal/UNESCO Regional Fellowship for Women in Science in Sub-Saharan Africa. She has published a number of journal and conference papers.

Contents 6
Chapter 1: Introduction 9
1.1 Introduction: Software Failures and the Investigation Thereof 9
1.2 Objectives, Scope and Context of This Book 12
1.3 Main Terminology Used in This Book: Definitions 13
1.4 Layout of This Book: How to Use the Rest of the Book 13
Chapter 2: Software Failures: An Overview 15
2.1 Introduction 15
2.2 Overview of Software Failures 15
2.3 Overview of Major Software Failures 17
2.4 Software Failures According to Industry 27
2.5 Requirements for Accurate Software Failure Investigation 30
2.6 Conclusion 32
Chapter 3: Near-Miss Analysis: An Overview 33
3.1 Introduction 33
3.2 Background and Review on Near-Miss Analysis 35
3.3 Tools and Techniques Used in Near-Miss Analysis 36
3.4 Benefits of Near Miss-Analysis Over Failure Analysis 38
3.5 Benefits of Analysing Near Misses Instead of Earlier Precursors 39
3.6 Near-Miss Analysis Success Stories 40
3.7 Challenges to Near-Miss Analysis in the Software Industry 40
3.8 A Structured Approach Towards Applying Near-Miss Analysis for Software Failure Investigations 41
3.9 Conclusion 45
Chapter 4: A Methodology for Investigating Software Failures Using Digital Forensics and Near-Miss Analysis 46
4.1 Introduction 46
4.2 Overview of Digital Forensics 46
4.3 Motivation for Using Digital Forensics for Software Failure Investigations 48
4.4 Digital Forensic Building Blocks 52
4.4.1 Overview of Best Practices in Digital Forensics 56
4.5 The Adapted Digital Forensic Process Model for Software Failure Investigations Incorporating the Use of Near-Miss Analysis 57
4.5.1 Phase 1: Evidence Collection 58
4.5.2 Phase 2: System Restoration 59
4.5.3 Phase 3: Root-Cause Analysis 59
4.5.4 Phase 4: Countermeasures Specifications 61
4.6 Interfacing the Proposed “Adapted Digital Forensic Process Model for Software Failure Investigations” with Existing IT Governance Frameworks such as ITIL 63
4.7 Conclusion 63
Chapter 5: A Well-Defined Model for Near-Miss Detection and Prioritisation 64
5.1 Introduction 64
5.2 Formal Definition of a Near Miss for Software Systems 64
5.3 Overview of Reliability Theory and Failure Probability Formula for IT Systems 67
5.4 The Reliability Theory of Redundant Hardware Components 68
5.5 Failure Probability Formula for Hardware Components 69
5.6 Proposed Failure Probability Formula for Software Components 69
5.7 Mathematical Modelling for Near-Miss Failure Probability 70
5.8 Prioritisation of Near Misses and the Near-Miss Prioritisation Formula 73
5.9 Conclusion 75
Chapter 6: An Architecture for a Near-Miss Management System (NMS) 76
6.1 Introduction 76
6.2 The NMS Architecture 76
6.3 The Near-Miss Monitor 77
6.4 The Near-Miss Classifier 79
6.5 The Near-Miss Data Collector 79
6.6 The Failure Prevention 79
6.7 The Event Investigation 79
6.8 Conclusion 80
Chapter 7: Practical Demonstration of Conducting a Near-Miss Analysis Investigation for Software Failures 82
7.1 Introduction 82
7.2 The Aims of the Prototype 82
7.3 Setting Up the Lab Environment 83
7.3.1 The Logs of a Software Failure on the Application Layer 84
7.3.2 System Logs 85
7.3.3 The Investigation Tools 87
7.4 Near-Miss Indicators 89
7.4.1 Formulate Hypothesis 90
7.4.2 Predict Evidence for the Hypothesis 90
7.4.3 Test Hypothesis with Experiment 90
7.4.4 Technical Set-Up 90
7.4.5 Results 91
7.4.6 SOM Analysis of Latency: Result 93
7.4.7 Technical Set-Up 93
7.4.8 Result 94
7.4.9 Technical Set-Up 95
7.4.10 Result 95
7.4.11 Technical Set-Up 98
7.4.12 Result 98
7.5 Near-Miss Formula 101
7.6 Conclusion 107
Appendix: Technical Details of the SOM Analysis 108
SOM Map Creation Process 108
How to Read Viscovery SOMine Output Maps: Example of First 1000 Records 108
Adding the Number of Running Processes to the C++ Program 110
Bibliography 111
Index 123