Presentation is loading. Please wait.

Presentation is loading. Please wait.

Diversity for Dependability * Jean-Claude Laprie PRDC’99 — December 16-17, 1999 — Hong Kong * Elaboration on «Diversity against Accidental and Deliberate.

Published byMaximilian Cameron Modified over 9 years ago

Similar presentations

Presentation on theme: "Diversity for Dependability * Jean-Claude Laprie PRDC’99 — December 16-17, 1999 — Hong Kong * Elaboration on «Diversity against Accidental and Deliberate."— Presentation transcript:

1 Diversity for Dependability * Jean-Claude Laprie PRDC’99 — December 16-17, 1999 — Hong Kong * Elaboration on «Diversity against Accidental and Deliberate faults», by Yves Deswarte, Karama Kanoun and Jean-Claude Laprie, in Computer Security, Dependability, and Assurance, P. Amman, B.H. Barnes, S. Jajodia, E.H. Sibley, eds, IEEE Computer Society Press, 1999

2  Diversity: the condition of being different or having differences  Dependability: ability to deliver service that can justifiably be trusted. DEPENDABILITY ATTRIBUTES AVAILABILITY RELIABILITY SAFETY CONFIDENTIALITY INTEGRITY MAINTAINABILITY FAULT PREVENTION FAULT TOLERANCE FAULT REMOVAL FAULT FORECASTING MEANS THREATS FAULTS ERRORS FAILURES SECURITY + + +

3

4

5

6

7 Levels of implementation of diversity User or operator Human-computer interface Application software Design diversity Execution diversity Hardware or executive software Diversity and fault tolerance

8 Diversity at the user or operator level Accidental faults: common practice (e.g., flight control systems) Malicious faults  Shift in assumption: Trust in a single operator Non-collusion of multiple operators Examples  Separation of duty  Trust distribution: secret sharing, threshold cryptography

9 Human-computer interface diversity Malicious faults: authentication  Authentication based on Something the user knows (e.g., password) Something he/she owns (e.g., a token) Something he/she is (biometric information)  All the corresponding mechanisms have limits Diversity e.g.: smartcard activated by PIN, fingerprint matching with patterns stored on a smartcard

10 Application software diversity Accidental faults Design diversity RB, NVP, NSCP Execution diversity Checkpointing & (some) asynchrony Solid faults Elusive faults 44 4 Malicious design faults

11  Design diversity Operational realisations Commercial avionics: massive Railway control and signalling: partial  Practical form: NSCP, where SCP = control and monitoring (e.g., safety bag) Effectiveness: experimental and theoretical evaluations positive  Experimental evaluations : improvement slightly > one order of magnitude  Uncovering of specification faults Cost: overhead for 2SCP ~ 70% (theoretical and experimental result)

12 Observation  Execution diversity Formulation?

13 Hardware and executive software diversity  Unreliability of COTS due to residual design faults  Malicious faults Malicious logic faults Intrusions : exploit residual accidental design faults in OS rather than design faults in security-related software  Effectiveness of application software diversity?

14

15

16 Diversity and fault removal  Adequate mix of approaches  Diversity within each approach VERIFICATION STATIC DYNAMIC STATIC ANALYSIS (INSPECTION, WALKTHROUGH) PROOF CHECKING MODEL CHECKING TESTING

17 Deterministic vs. Statistical testing

18 Diversity and fault forecasting  Accidental faults Fault Tolerance Coverage Error and Fault Handling Coverage Fault Assumption Coverage Failure Mode Coverage Failure Independence Coverage  Malicious faults: security/usability tradeoffs

19 LAAS network Unix 700 users 100 machines 21 months (June 95 - March 97) insider  root 0,1 1 10 100 1000 06/9508/9510/9512/9502/9604/9606/9608/9610/9612/9602/97 METF-MLMETF-MT Number of pathsShortest path

20

Download ppt "Diversity for Dependability * Jean-Claude Laprie PRDC’99 — December 16-17, 1999 — Hong Kong * Elaboration on «Diversity against Accidental and Deliberate."

Similar presentations

An Overview of ABFT in cloud computing

An Overview of ABFT in cloud computing
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
11. Practical fault-tolerant system design Reliable System Design 2005 by: Amir M. Rahmani.

11. Practical fault-tolerant system design Reliable System Design 2005 by: Amir M. Rahmani.
© Chinese University, CSE Dept. Software Engineering / 1 - 1 Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.

© Chinese University, CSE Dept. Software Engineering / Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
Dependability ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.

Dependability ITV Model-based Analysis and Design of Embedded Software Techniques and methods for Critical Software Anders P. Ravn Aalborg University August.
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Dependability TSW 10 Anders P. Ravn Aalborg University November 2009.

Dependability TSW 10 Anders P. Ravn Aalborg University November 2009.
CSE 322: Software Reliability Engineering Topics covered: Dependability concepts Dependability models.

CSE 322: Software Reliability Engineering Topics covered: Dependability concepts Dependability models.
Presented By: Vinay Kumar.  At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.

Presented By: Vinay Kumar.  At the time of invention, Internet was just accessible to a small group of pioneers who wanted to make the network work.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (http://www.cs.umn.edu/Ajanta/publications.html)http://www.cs.umn.edu/Ajanta/publications.html.

Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (
Dependability ITV Real-Time Systems Anders P. Ravn Aalborg University February 2006.

Dependability ITV Real-Time Systems Anders P. Ravn Aalborg University February 2006.
Software Fault Tolerance – The big Picture mMIC-SFT September 2003 Anders P. Ravn Aalborg University.

Software Fault Tolerance – The big Picture mMIC-SFT September 2003 Anders P. Ravn Aalborg University.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering.
Issues on Software Testing for Safety-Critical Real-Time Automation Systems Shahdat Hossain Troy Mockenhaupt.

Issues on Software Testing for Safety-Critical Real-Time Automation Systems Shahdat Hossain Troy Mockenhaupt.
MAFTIA concepts Yves Deswarte & David Powell LAAS-CNRS, France SRI International.

MAFTIA concepts Yves Deswarte & David Powell LAAS-CNRS, France SRI International.

Similar presentations

Ads by Google