On the Definition of Survivability J. C. Knight and K. J. Sullivan, Department of Computer Science, University of Virginia, December 2000.

Slides:



Advertisements
Similar presentations
h Protection from cyber attacks is achieved by acting on several levels: first, at the physical and material, placing the server in a place as safe as.
Advertisements

Gender Perspectives in Introduction to Tariffs Gender Module #5 ITU Workshops on Sustainability in Telecommunication Through Gender & Social Equality.
Risk Management Introduction Risk Management Fundamentals
Auditing Concepts.
Lecture 1: Overview modified from slides of Lawrie Brown.
Term Paper OLOMOLA,Afolabi( ). Dependability Modellling.
Software Requirements
1 Software Testing and Quality Assurance Lecture 38 – Software Quality Assurance.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
© 2002 South-Western Publishing 1 Chapter 10 Foreign Exchange Futures.
Ensuring Non-Functional Properties. What Is an NFP?  A software system’s non-functional property (NFP) is a constraint on the manner in which the system.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering.
Course Instructor: Aisha Azeem
Chapter 11: Testing The dynamic verification of the behavior of a program on a finite set of test cases, suitable selected from the usually infinite execution.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
1 Engineering Economic Decisions Lecture No.1 Professor C. S. Park Fundamentals of Engineering Economics Copyright © 2005.
Session 3 – Information Security Policies
Chapter 7 Administration of the Fire Department
EMPLOY THE RISK MANAGEMENT PROCESS DURING JOB PLANNING and EXECUTION
SMB’s Options Training Program Presents:
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Chapter 34 risk management Section 34.1 Business Risk Management
1 System Models. 2 Outline Introduction Architectural models Fundamental models Guideline.
1 Can We Trust the Computer? What Can Go Wrong? Case Study: The Therac-25 Increasing Reliability and Safety Perspectives on Failures, Dependence, Risk,
Lecture3 : Change Control Lecturer: Kawther Abas 447CS – Management of Programming Projects.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems 1.
Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 4 Slide 1 Project management l Organising, planning and scheduling software projects.
The Sarbanes-Oxley Act of PricewaterhouseCoopers Introduction of Panel Members The Sarbanes-Oxley Act of 2002 Sample testing of controls Marcus.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
M. Frize, Winter 2003 Reliability and Medical Devices Prof. Monique Frize, P. Eng., O.C. ELG5123/ February 2003.
Copyright © 2007 Pearson Education Canada 1 Chapter 24: Assurance Services: Internal Auditing and Government Auditing.
Building Dependable Distributed Systems Chapter 1 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Chapter 3 Project Management Chapter 3 Project Management Organising, planning and scheduling software projects.
CONCEPT OF MIS. Management “Management can be defined as a science of using resources rationally (utilization of resources in judicious manner using appropriate.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. NFP Design Techniques Software Architecture Lecture 20.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. NFP Design Techniques Software Architecture Lecture 20.
Idaho RISE System Reliability and Designing to Reduce Failure ENGR Sept 2005.
1 SWE 513: Software Engineering People II. 2 Future Experience What will you be doing one year from now? Ten years from now?
CS4730 Real-Time Systems and Modeling Fall 2010 José M. Garrido Department of Computer Science & Information Systems Kennesaw State University.
Basic Concepts of Dependability Jean-Claude Laprie DeSIRE and DeFINE Workshop — Pisa, November 2002.
Chap 4. Project Management - Organising, planning and scheduling
Test Strategy Best Practices By Gabriel Rodriguez.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
1. INTRODUCTION  December 17, 2010 : Start of the revolution’s first spark by the immolation of the young Mohamed Bouazizi.  December 19, 2010 : Protests.
©Ian Sommerville 2000Dependability Slide 1 Chapter 16 Dependability.
1 Software Engineering, 8th edition. Chapter 3 Courtesy: ©Ian Sommerville 2006 Sep 16, 2008 Lecture # 3 Critical Systems.
McGraw-Hill/Irwin © The McGraw-Hill Companies 2010 Auditing the Financing/Investing Process: Long-Term Liabilities, Stockholders’ Equity and Income Statement.
Survivability Architectures : Issues and Approaches Presented by Erion Lin Department of Information Management, National Taiwan University.
1 Software Testing and Quality Assurance Lecture 38 – Software Quality Assurance.
Testing throughout Lifecycle Ljudmilla Karu. Verification and validation (V&V) Verification is defined as the process of evaluating a system or component.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Computer Security Introduction
CS457 Introduction to Information Security Systems
Critical systems design
Security Engineering.
ROLE OF CSDs IN POLITICAL DISTURBANCES
The Importance of Project Risk Management
Fault Tolerance Distributed Web-based Systems
Software Architecture Lecture 20
Database Security &Threats
Computer Security Introduction
Overview Dependability: "[..] the trustworthiness of a computing system which allows reliance to be justifiably placed on the service it delivers [..]"
State University of Telecommunications
Presentation transcript:

On the Definition of Survivability J. C. Knight and K. J. Sullivan, Department of Computer Science, University of Virginia, December 2000.

Outline Introduction Introduction Definitions of Survivability Definitions of Survivability Critical Information System Characteristics Critical Information System Characteristics Survivability Survivability Example Example Conclusion and Future Work Conclusion and Future Work

Introduction

Introduction Failure of the information systems will often cause a major loss of service, and so their dependability has become a major concern. Failure of the information systems will often cause a major loss of service, and so their dependability has become a major concern. Dependability is a system property that is usually stated as a set of requirements with which the system has to comply. Dependability is a system property that is usually stated as a set of requirements with which the system has to comply.

Introduction (Cont ’ d) Dependability has many facets: Dependability has many facets: Reliability (R(t)) Reliability (R(t)) Availability (A(t)) Availability (A(t)) Safety Safety

Introduction (Cont ’ d) R(t), is defined to be the probability that the system will meet its requirements up until time t when operating in a prescribed environment. R(t), is defined to be the probability that the system will meet its requirements up until time t when operating in a prescribed environment. A(t), is the probability that the system will be operating correctly at time t. A(t), is the probability that the system will be operating correctly at time t.

Introduction (Cont ’ d) Different facets of dependability are suitable for different systems. Different facets of dependability are suitable for different systems. Reliability: Avionics Reliability: Avionics Availability: School Availability: School Safety: Nuclear Weapon Safety: Nuclear Weapon

Introduction (Cont ’ d) What is needed is a precise notion of what forms of degraded service are acceptable to the application, under what circumstances each from is most useful, and the fraction of time degraded service level acceptable. What is needed is a precise notion of what forms of degraded service are acceptable to the application, under what circumstances each from is most useful, and the fraction of time degraded service level acceptable.

Definitions of Survivability

Aircraft combat survivability is the capability of an aircraft to avoid and/or withstand a man- made hostile environment. Aircraft combat survivability is the capability of an aircraft to avoid and/or withstand a man- made hostile environment. A property of a system, subsystem, equipment, process, or procedure that provides a defined degree of assurance that the named entity will continue to function during and after a natural or man-made disturbance. A property of a system, subsystem, equipment, process, or procedure that provides a defined degree of assurance that the named entity will continue to function during and after a natural or man-made disturbance.

Definitions of Survivability (Cont ’ d) The degree to which essential functions are still available even though some part of the system is down. The degree to which essential functions are still available even though some part of the system is down. The ability of a network computing system to provide essential services in the presence of attacks and failures, and recover full services in a timely manner. The ability of a network computing system to provide essential services in the presence of attacks and failures, and recover full services in a timely manner.

Definitions of Survivability (Cont ’ d) Above all, they do not have the precision needed to permit a clear determination of whether a given system should be considered to be survivable and what are essential services. Above all, they do not have the precision needed to permit a clear determination of whether a given system should be considered to be survivable and what are essential services. A second problem with a definition of this form is that it provide no testable criterion for the term being defined. A second problem with a definition of this form is that it provide no testable criterion for the term being defined.

Critical Information System Characteristics

System Size System Size Critical information systems are very large. Critical information systems are very large. Externally Observable Damage Externally Observable Damage Externally observable damage must be both expected and dealt with. Externally observable damage must be both expected and dealt with. Damage and Repair Sequences Damage and Repair Sequences Less service available over time as damage increases and progressively more available as repairs are conducted. Less service available over time as damage increases and progressively more available as repairs are conducted.

Critical Information System Characteristics (Cont ’ d) Time-Dependent Damage Effects Time-Dependent Damage Effects The impact or loss associated with damage tends to increase with time. The impact or loss associated with damage tends to increase with time. Heterogeneous Criticality Heterogeneous Criticality Long-term power outage are more critical to hospitals than to homes. Long-term power outage are more critical to hospitals than to homes.

Critical Information System Characteristics (Cont ’ d) Complex Operational Environment Complex Operational Environment They carry risks of natural, accidental, and malicious disruption from a wide variety of sources. They carry risks of natural, accidental, and malicious disruption from a wide variety of sources. Time-Varying Operational Environment Time-Varying Operational Environment Security threats have increased dramatically from negligible levels to significant threats in recent times. Security threats have increased dramatically from negligible levels to significant threats in recent times.

Critical Information System Characteristics (Cont ’ d) For the developer of a critical information system, knowing what service is require in the event that full service cannot be provided is very important. For the developer of a critical information system, knowing what service is require in the event that full service cannot be provided is very important.

Survivability

Survivability Informally by a survivable system we mean a system that has the ability to continue to provide service (possibly degraded or different) in a given operating environment what various events cause major damage to the system or its operating environment. Informally by a survivable system we mean a system that has the ability to continue to provide service (possibly degraded or different) in a given operating environment what various events cause major damage to the system or its operating environment. In fact, the appropriate goal of survivability is to maintain as much of the fundamental customer value of the services stream as is cost-effective. In fact, the appropriate goal of survivability is to maintain as much of the fundamental customer value of the services stream as is cost-effective.

Survivability (Cont ’ d) We observe that survivability needs to specify the various different forms of tolerable service that the system is to provide given notion that circumstances might force a change in service to the user. We observe that survivability needs to specify the various different forms of tolerable service that the system is to provide given notion that circumstances might force a change in service to the user. The set of tolerable services are the different form of service that the system must be capable of providing. The set of tolerable services are the different form of service that the system must be capable of providing.

Survivable System A system is survivable if it complies with it ’ s survivability specification. A system is survivable if it complies with it ’ s survivability specification.

Survivability and Fault Tolerance The informal notion of an event that causes damages which we have used is referred to formally as a fault. The informal notion of an event that causes damages which we have used is referred to formally as a fault. Fault tolerance is a mechanism that can be used to achieve certain dependability properties. Fault tolerance is a mechanism that can be used to achieve certain dependability properties.

Survivability and Fault Tolerance (Cont ’ d) Describing a system as fault tolerant is really a statement about the system ’ s design, not its dependability. Describing a system as fault tolerant is really a statement about the system ’ s design, not its dependability. Survivability is a dependability property, it is not synonymous with fault tolerance. Survivability is a dependability property, it is not synonymous with fault tolerance.

Survivability and Security A survivable system is expected to continue to provide one of the forms of tolerable service after many different forms of damage have occurred. A survivable system is expected to continue to provide one of the forms of tolerable service after many different forms of damage have occurred. Security is impacted by some aspects of design for dependability since the introduction of redundancy makes protection of a system from deliberate faults more diffcult. Security is impacted by some aspects of design for dependability since the introduction of redundancy makes protection of a system from deliberate faults more diffcult.

Survivability Specification E = A statement of the assumed operating environment for the system. E = A statement of the assumed operating environment for the system. R = A set of specifications each of which is a complete statement of a tolerable form of service that a system must provide. R = A set of specifications each of which is a complete statement of a tolerable form of service that a system must provide. P = A probability distribution across the set of specifications, R. P = A probability distribution across the set of specifications, R.

Survivability Specification (Cont ’ d) M = A finite-state machine denoted by the four- tuple with the following meanings. M = A finite-state machine denoted by the four- tuple with the following meanings. S: A finite set of states each of which has a unique label which is one of the specifications defined in R. S: A finite set of states each of which has a unique label which is one of the specifications defined in R. S 0 : is the initial or preferred state for the machine. S 0 : is the initial or preferred state for the machine. V: A finite set of customer values. V: A finite set of customer values. T: A state transition matrix. T: A state transition matrix.

The Meaning of Four-Tuple Environment─E Environment─E E is a definition of the environment in which the survivable system has to operate. E is a definition of the environment in which the survivable system has to operate. Specification─R Specification─R R is the set of specifications of tolerable forms of service for the system R is the set of specifications of tolerable forms of service for the system

The Meaning of Four-Tuple (Cont ’ d) Probability Distribution─P Probability Distribution─P A probability is associated with each member of the set R with the sum of these probabilities being one. A probability is associated with each member of the set R with the sum of these probabilities being one. The critical quantities that cannot be determined are the probability of a failure of most forms of software and the probability of a malicious attack against a system. The critical quantities that cannot be determined are the probability of a failure of most forms of software and the probability of a malicious attack against a system.

The Meaning of Four-Tuple (Cont ’ d) Finite-state Machine─F Finite-state Machine─F F is defines precisely how and when the system is required to move from providing one form of tolerable service to another. F is defines precisely how and when the system is required to move from providing one form of tolerable service to another. The computation of customer value associated with the different states(V) has to be an on-going activity since value changes with time and other factors. The computation of customer value associated with the different states(V) has to be an on-going activity since value changes with time and other factors.

Example

Hypothetical Banking Network

Survivability Specification Example

Survivability Specification Interpretation R 1 Preferred. R 1 Preferred. This specification defines complete and normal functionality. This specification defines complete and normal functionality. R 2 Industry/Government. R 2 Industry/Government. This specification limits service to major industrial and government clients only. This specification limits service to major industrial and government clients only. Services are restricted to electronic transfer of large sums. Services are restricted to electronic transfer of large sums.

Survivability Specification Interpretation (Cont ’ d) R 3 Financial Markets. R 3 Financial Markets. This specification defines service for all the major financial markets including the stock, bond the commodity markets, but no other client organizations. This specification defines service for all the major financial markets including the stock, bond the commodity markets, but no other client organizations. R 4 Government Bonds. R 4 Government Bonds. This specification defines service for processing of sales and redemptions of government bonds only and only by major corporate clients. This specification defines service for processing of sales and redemptions of government bonds only and only by major corporate clients.

Survivability Specification Interpretation (Cont ’ d) R 5 Foreign Exchange. R 5 Foreign Exchange. This specification defines service in which transfers of foreign currency into or out of country are the only available service. This specification defines service in which transfers of foreign currency into or out of country are the only available service.

Survivability Specification Interpretation (Cont ’ d) Time and Value Factor Time and Value Factor The settlement by the clearing houses and the Federal Reverse Bank occurs during the late afternoon. The settlement by the clearing houses and the Federal Reverse Bank occurs during the late afternoon. Domestic markets are closed at night. Domestic markets are closed at night. Stock, bond, and commodity markets must be accommodated when trading volumes are exceptionally and unexpectedly high. Stock, bond, and commodity markets must be accommodated when trading volumes are exceptionally and unexpectedly high.

Survivability Specification Interpretation (Cont ’ d) Clearly, customer values associated with the financial payment system vary dramatically over time. Clearly, customer values associated with the financial payment system vary dramatically over time.

Conclusion and Future Work

Formal definition of survivability. Formal definition of survivability. Value evaluation. Value evaluation. Time function evaluation. Time function evaluation. Quantitative index to evaluate survivability. Quantitative index to evaluate survivability.

Thanks For Your Attention

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.