MAFTIA’s Interpretation of the IFIP 10.4 Terminology Yves Deswarte LAAS-CNRS Toulouse, France David Powell

Dependability  Trustworthiness of a computer system such that reliance can justifiably be placed on the service it delivers J.-C. Laprie (Ed.),Dependability: Basic Concepts and Terminology in English, French, German, Italian and Japanese, 265p., ISBN , Springer-Verlag, 1992.

The Dependability Tree Dependability Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Impairments Attributes Methods Availability Reliability Safety Confidentiality Integrity Maintainability Fault Error Failure Security

The Dependability Tree Dependability Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Impairments Attributes Methods Availability Reliability Safety Confidentiality Integrity Maintainability Fault Error Failure Security Availability Reliability Safety Confidentiality Integrity Maintainability w.r.t. author- ized actions

Are these attributes sufficient? Dependability Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Impairments Attributes Availability Reliability Safety Confidentiality Integrity Maintainability Fault Error Failure Methods

Security Properties Confidentiality Integrity Auditability Accountability Authenticity Availability Anonymity Secrecy Privacy Non-repudiability Traceability Imputability Opposability Irrefutability

Auditability Accountability Authenticity Anonymity Secrecy Privacy Non-repudiability Tracability Imputability Opposability Irrefutability Security Properties Confidentiality Integrity Availability Auditability Accountability Authenticity Anonymity Secrecy Privacy Non-repudiability Tracability Imputability Opposability Irrefutability

Security Properties  Confidentiality  Integrityof  Availability Information Meta-information existence of operation identity of person personal data message content message origin sender, receiver identity AccountabilityA+I AnonymityC PrivacyC AuthenticityI Non-repudiationA+I

The Dependability Tree Dependability Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Impairments Attributes Methods Availability Reliability Safety Confidentiality Integrity Maintainability Fault Error Failure Security

Fault, Error & Failure Error Failure adjuged or hypothesize d cause of an error that part of system state which may lead to a failure Fault occurs when delivered service deviates from implementing the system function H/W faultBug AttackIntrusionFault

Internal, dormant fault Example: Single Event Latchup SELs (reversible stuck-at faults) may occur because of radiation (e.g., cosmic ray, high energy ions) Satellite on-board computer Internal, active fault SEL Internal, externally-induced fault Vulnerability Cosmic Ray External fault Lack of shielding

Internal, dormant fault Intrusions Intrusions result from (at least partially) successful attacks: Computing System Internal, active fault Intrusion Internal, externally-induced fault Attack External fault Vulnerability account with default password

Who are the intruders? 1: Outsider 2: User 3: Privileged User Authentication Authorization  Authentication Authorization  Authentication  Authorization

Outsiders vs Insiders Outsider: not authorized to perform any of specified object-operations  Insider: authorized to perform some of specified object-operations D: an object- operation domain A: privilege of user a B: privilege of user b outsider intrusion (unauthorized increase in privilege) insider intrusion (abuse of privilege)  Outsider: not authorized to perform any of specified object-operations

The Dependability Tree Dependability Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Impairments Attributes Methods Availability Reliability Safety Confidentiality Integrity Maintainability Fault Error Failure Security

Fault Tolerance Error Failure Fault Fault Treatment DiagnosisIsolationReconfiguration DiagnosisIsolationReconfiguration Error Processing Damage assessment Detection & Recovery

Backward recovery Forward recovery Compensation-based recovery (fault masking) Error Processing

Error Processing (wrt intrusions)  Error (security policy violation) detection o+ Backward recovery (availability, integrity) o+ Forward recovery (availability, confidentiality)  Intrusion masking oFragmentation (confidentiality) oRedundancy (availability, integrity) oScattering

Fault Tolerance Error Failure Fault Fault Treatment DiagnosisIsolationReconfiguration DiagnosisIsolationReconfiguration Error Processing Damage assessment Detection & Recovery

Fault Treatment  Diagnosis odetermine cause of error, i.e., the fault(s)  localization  nature  Isolation oprevent new activation  Reconfiguration oso that fault-free components can provide an adequate, although degraded, service

Fault Treatment (wrt intrusions)  Diagnosis oNon-malicious or malicious (intrusion) oAttack (to allow retaliation) oVulnerability (to allow removal)  Isolation oIntrusion (to prevent further penetration) oVulnerability (to prevent further intrusion)  Reconfiguration oContingency plan to degrade/restore service  inc. attack retaliation, vulnerability removal

FTI

References  Avizienis, A., Laprie, J.-C., Randell, B. (2001). Fundamental Concepts of Dependability, LAAS Report N°01145, April 2001, 19 p.  Deswarte, Y., Blain, L. and Fabre, J.-C. (1991). Intrusion Tolerance in Distributed Systems, in IEEE Symp. on Research in Security and Privacy, Oakland, CA, USA, pp  Dobson, J. E. and Randell, B. (1986). Building Reliable Secure Systems out of Unreliable Insecure Components, in IEEE Symp. on Security and Privacy, Oakland, CA, USA, pp  Laprie, J.-C. (1985). Dependable Computing and Fault Tolerance: Concepts and Terminology, in 15th Int. Symp. on Fault Tolerant Computing (FTCS-15), Ann Arbor, MI, USA, IEEE, pp  J.-C. Laprie (Ed.), Dependability: Basic Concepts and Terminology in English, French, German, Italian and Japanese, 265p., ISBN , Springer-Verlag,  D. Powell, A. Adelsbasch, C. Cachin, S. Creese, M. Dacier, Y. Deswarte, T. McCutcheon, N. Neves, B. Pfitzmann, B. Randell, R. Stroud, P. Veríssimo, M. Waidner. MAFTIA (Malicious- and Accidental-Fault Tolerance for Internet Applications), Sup. of the 2001 International Conference on Dependable Systems and Networks (DSN2001), Göteborg (Suède), 1-4 juillet 2001, IEEE, pp. D-32-D-35.