1. MAFTIA’s Interpretation of the IFIP 10.4 Terminology Yves Deswarte LAAS-CNRS Toulouse, France deswarte@laas.fr David Powell

2. Dependability  Trustworthiness of a computer system such that reliance can justifiably be placed on the service it delivers J.-C. Laprie (Ed.),Dependability: Basic Concepts and Terminology in English, French, German, Italian and Japanese, 265p., ISBN 3-211-82296-8, Springer-Verlag, 1992.

3. The Dependability Tree Dependability Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Impairments Attributes Methods Availability Reliability Safety Confidentiality Integrity Maintainability Fault Error Failure Security

4. The Dependability Tree Dependability Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Impairments Attributes Methods Availability Reliability Safety Confidentiality Integrity Maintainability Fault Error Failure Security Availability Reliability Safety Confidentiality Integrity Maintainability w.r.t. author- ized actions

5. Are these attributes sufficient? Dependability Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Impairments Attributes Availability Reliability Safety Confidentiality Integrity Maintainability Fault Error Failure Methods

6. Security Properties Confidentiality Integrity Auditability Accountability Authenticity Availability Anonymity Secrecy Privacy Non-repudiability Traceability Imputability Opposability Irrefutability

7. Auditability Accountability Authenticity Anonymity Secrecy Privacy Non-repudiability Tracability Imputability Opposability Irrefutability Security Properties Confidentiality Integrity Availability Auditability Accountability Authenticity Anonymity Secrecy Privacy Non-repudiability Tracability Imputability Opposability Irrefutability

8. Security Properties  Confidentiality  Integrityof  Availability Information Meta-information existence of operation identity of person personal data message content message origin sender, receiver identity AccountabilityA+I AnonymityC PrivacyC AuthenticityI Non-repudiationA+I

9. The Dependability Tree Dependability Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Impairments Attributes Methods Availability Reliability Safety Confidentiality Integrity Maintainability Fault Error Failure Security

10. Fault, Error & Failure Error Failure adjuged or hypothesize d cause of an error that part of system state which may lead to a failure Fault occurs when delivered service deviates from implementing the system function H/W faultBug AttackIntrusionFault

11. Internal, dormant fault Example: Single Event Latchup SELs (reversible stuck-at faults) may occur because of radiation (e.g., cosmic ray, high energy ions) Satellite on-board computer Internal, active fault SEL Internal, externally-induced fault Vulnerability Cosmic Ray External fault Lack of shielding

12. Internal, dormant fault Intrusions Intrusions result from (at least partially) successful attacks: Computing System Internal, active fault Intrusion Internal, externally-induced fault Attack External fault Vulnerability account with default password

13. Who are the intruders? 1: Outsider 2: User 3: Privileged User Authentication Authorization  Authentication Authorization  Authentication  Authorization

14. Outsiders vs Insiders Outsider: not authorized to perform any of specified object-operations  Insider: authorized to perform some of specified object-operations D: an object- operation domain A: privilege of user a B: privilege of user b outsider intrusion (unauthorized increase in privilege) insider intrusion (abuse of privilege)  Outsider: not authorized to perform any of specified object-operations

15. The Dependability Tree Dependability Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Impairments Attributes Methods Availability Reliability Safety Confidentiality Integrity Maintainability Fault Error Failure Security

16. Fault Tolerance Error Failure Fault Fault Treatment DiagnosisIsolationReconfiguration DiagnosisIsolationReconfiguration Error Processing Damage assessment Detection & Recovery

17. Backward recovery Forward recovery Compensation-based recovery (fault masking) 4567 123 3 1213 11 123 123 123 4567 4567 Error Processing

18. Error Processing (wrt intrusions)  Error (security policy violation) detection o+ Backward recovery (availability, integrity) o+ Forward recovery (availability, confidentiality)  Intrusion masking oFragmentation (confidentiality) oRedundancy (availability, integrity) oScattering

19. Fault Tolerance Error Failure Fault Fault Treatment DiagnosisIsolationReconfiguration DiagnosisIsolationReconfiguration Error Processing Damage assessment Detection & Recovery

20. Fault Treatment  Diagnosis odetermine cause of error, i.e., the fault(s)  localization  nature  Isolation oprevent new activation  Reconfiguration oso that fault-free components can provide an adequate, although degraded, service

21. Fault Treatment (wrt intrusions)  Diagnosis oNon-malicious or malicious (intrusion) oAttack (to allow retaliation) oVulnerability (to allow removal)  Isolation oIntrusion (to prevent further penetration) oVulnerability (to prevent further intrusion)  Reconfiguration oContingency plan to degrade/restore service  inc. attack retaliation, vulnerability removal

22. FTI http://www.research.ec.org/maftia/

23. References  Avizienis, A., Laprie, J.-C., Randell, B. (2001). Fundamental Concepts of Dependability, LAAS Report N°01145, April 2001, 19 p.  Deswarte, Y., Blain, L. and Fabre, J.-C. (1991). Intrusion Tolerance in Distributed Systems, in IEEE Symp. on Research in Security and Privacy, Oakland, CA, USA, pp.110-121.  Dobson, J. E. and Randell, B. (1986). Building Reliable Secure Systems out of Unreliable Insecure Components, in IEEE Symp. on Security and Privacy, Oakland, CA, USA, pp.187-193.  Laprie, J.-C. (1985). Dependable Computing and Fault Tolerance: Concepts and Terminology, in 15th Int. Symp. on Fault Tolerant Computing (FTCS-15), Ann Arbor, MI, USA, IEEE, pp.2-11.  J.-C. Laprie (Ed.), Dependability: Basic Concepts and Terminology in English, French, German, Italian and Japanese, 265p., ISBN 3-211-82296-8, Springer-Verlag, 1992.  D. Powell, A. Adelsbasch, C. Cachin, S. Creese, M. Dacier, Y. Deswarte, T. McCutcheon, N. Neves, B. Pfitzmann, B. Randell, R. Stroud, P. Veríssimo, M. Waidner. MAFTIA (Malicious- and Accidental-Fault Tolerance for Internet Applications), Sup. of the 2001 International Conference on Dependable Systems and Networks (DSN2001), Göteborg (Suède), 1-4 juillet 2001, IEEE, pp. D-32-D-35.