Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Related Work
Conclusions
References
All Topics
Computer Science
Cybersecurity

Dependability and security models

Profile image of Arpan RoyArpan Roy

2009

Abstract

There is a need to quantify system properties methodically. Dependability and security models have evolved nearly independently. Therefore, it is crucial to develop a classification of dependability and security models which can meet the requirement of professionals in both fault-tolerant computing and security community. In this paper, we present a new classification of dependability and security models. First we present the classification of threats and mitigations in systems and networks. And then we present several individual model types such as availability, confidentiality, integrity, performance, reliability, survivability, safety and maintainability. Finally we show that each model type can be combined and represented by one of the model representation techniques: combinatorial (such as reliability block diagrams (RBD), reliability graphs, fault trees, attack trees), state-space (continuous time Markov chains, stochastic Petri nets, fluid stochastic Petri nets, etc) and hierarchical (e.g., fault trees in the upper level and Markov chains in the lower level). We show case studies for each individual model types as well as composite model types.

Related papers

Dependability and its threats: a taxonomy
Brian Randell

2004

This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, confidentiality, integrity, maintainability, etc. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability (faults, errors, failures), and the attributes of dependability. The discussion on the attributes encompasses the relationship of dependability with security, survivability and trustworthiness.

View PDFchevron_right
Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks
Peter Popov

2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE), 2017

This paper offers a new approach to modelling the effect of cyber-attacks on reliability of software used in industrial control applications. The model is based on the view that successful cyber-attacks introduce failure regions, which are not present in non-compromised software. The model is then extended to cover a fault tolerant architecture, such as the 1-out-of-2 software, popular for building industrial protection systems. The model is used to study the effectiveness of software maintenance policies such as patching and "cleansing" ("proactive recovery") under different adversary models ranging from independent attacks to sophisticated synchronized attacks on the channels. We demonstrate that the effect of attacks on reliability of diverse software significantly depends on the adversary model. Under synchronized attacks system reliability may be more than an order of magnitude worse than under independent attacks on the channels. These findings, although not surprising, highlight the importance of using an adequate adversary model in the assessment of how effective various cyber-security controls are.

View PDFchevron_right
Towards a Stochastic Model for Integrated Security and Dependability Evaluation
Games. Com

2006

We present a new approach to integrated security and dependability evaluation, which is based on stochastic modelling techniques. Our proposal aims to provide operational measures of the trustworthiness of a system, regardless if the underlying failure cause is intentional or not. By viewing system states as elements in a stochastic game, we can compute the probabilities of expected attacker behavior, and thereby be able to model attacks as transitions between system states. The proposed game model is based on a rewardand cost concept. A section of the paper is devoted to the demonstration of how the expected attacker behavior is affected by the parameters of the game. Our model opens up for use traditional Markov analysis to make new types of probabilistic predictions for a system, such as its expected time to security failure.

View PDFchevron_right
LITERATURE REVIEW ON DEPENDABLE AND SECURE COMPUTING
IJRCAR JOURNAL

IJRCAR, 2014

Dependability of computer system plays a major role in the field of security. This paper elaborates the need for dependability and expresses a generic concept including some of the special attributes like reliability, availability, safety, confidentiality, integrity and maintainability. Dependability is also the system property that integrates such special attributes like safety, security and survivability. The major coverage aspect of this paper is to summarize the fundamental concepts of dependability. The view of dependability follows factors like threat, errors, failures, fault tolerance, fault prevention, fault forecasting and fault removal. This paper also discuss about the additional features of dependability with respect to trustworthiness. The aim of this paper also includes to explicate the specific concepts in the field of security

View PDFchevron_right
Risk in Secure and Dependable System: a Survey
Yudistira Asnar

Citeseer

Modeling and analyzing risk is one of the most critical activities in system engineering. Through this measure, an analyst ensures the security and dependability of a system. In secure and dependable community, Security property is defined as confidentiality, integrity, and availability while dependability with reliability, availability, safety, integrity, and maintainability. These attributes can be achieved by means of controlling the risks that can affect to the system. Risk management is a set of activity that consists of organizational analysis, risk identification, risk assessment, risk evaluation, risk treatment, and risk monitoring.

View PDFchevron_right
Fault-tree modelling of computer system security
Omar Ba-rukab

2005

View PDFchevron_right
On Stochastic Modeling for Integrated Security and Dependability Evaluation
Svein Knapskog

Journal of Networks, 2006

This paper presents a new approach to integrated security and dependability evaluation, which is based on stochastic modeling techniques. Our proposal aims to pro- vide operational measures of the trustworthiness of a system, regardless if the underlying failure cause is intentional or not. By viewing system states as elements in a stochastic game, we can compute the probabilities of expected attacker behavior, and thereby be able to model attacks as transitions between system states. The proposed game model is based on a reward- and cost concept. A section of the paper is devoted to the demonstration of how the expected attacker behavior is affected by the parameters of the game. Our model opens up for use of traditional Markov analysis to make new types of probabilistic predictions for a system, such as its expected time to security failure.

View PDFchevron_right
Dependability Modeling and Analysis in Dynamic Systems
Antonio Puliafito

Dependability evaluation is an important, often indispensable, step in (critical) systems design and analysis processes. The introduction of control and/or computing systems to automate processes increases the overall system complexity and therefore has an impact in terms of dependability. When a system grows, dynamic effects, not present or manifested before, could arise or become significant in terms of reliability/availability: the system could be affected by common cause failures, the system components could interfere, effects due to load sharing arise and therefore should be considered. Moreover it is of interest to evaluate redundancy and maintenance policies. In those cases it is not possible to recur to notations as reliability block diagrams (RBD), fault trees (FT) or reliability graphs (RG) to represent the system, since the statistical independence assumption is not satisfied. Also more enhanced formalisms as dynamic FT (DFT) could result not adequate to the goal.

View PDFchevron_right
A Framework for Predicting Security and Dependability Measures in Real-time
Svein Knapskog

2000

Summary The complex networked systems of today that our technological and social society relies upon are vulnerable to a large number of failures, accidental as well as intentional. Ideally, the service delivered by such a system should be both dependable and secure. This paper presents a framework for integrated security and dependability assessment. The proposed model is based on traditional

View PDFchevron_right
Methods for Dependability and Security Analysis of Large Networks
Ioannis Chochliouros

2009

View PDFchevron_right

References (62)

  1. T. Angskun, et al., Reliability Analysis of Self-Healing Network using Discrete-Event Simulation, Proc. of CCGrid 2007.
  2. ANSI T1A1.2 Working Group on Network Survivability Performance, Technical Report on Enhanced Network Survivability Performance, ANSI, Tech. Rep. TR No. 68, 2001.
  3. A. Avizienis, J.-C. Laprie, B. Randell, Fundamental concepts of dependability, TR, LAAS-New Castle University-UCLA, 2001.
  4. A. Avizienis, J.-C. Laprie, B. Randell, C. Landwehr, Basic concepts and taxonomy of dependable and secure computing, IEEE Trans. Dependable and Secure Computing, 1(1) 2004.
  5. Y. Bao, X. Sun, K. S. Trivedi, A Workload-Based Analysis of Software Aging, and Rejuvenation, IEEE Trans. Reliability 54(3), 2005.
  6. D. Chen, K.S. Trivedi, "Analysis of Periodic Preventive Maintenance with General System Failure Distribution," Proc. of PRDC 2001.
  7. D. Chen, et al., "Reliability and availability analysis for the JPL Remote Exploration and Experimentation System," Proc. of DSN 2002.
  8. D. Chen, K. S. Trivedi, Closed-form analytical results for condition- based maintenance, Reliability Engineering and System Safety 76, 2002.
  9. D. Chen, K. S. Trivedi, Optimization for condition-based maintenance with semi-Markov decision process, Reliability Engineering and System Safety 90, 2005.
  10. S. D. Chi, et al., Network security modeling and cyber attack simulation methodology, Proc. of ACISP 2001.
  11. G. Ciardo, K. S. Trivedi, A Decomposition Approach for Stochastic Reward Net Models, Perform. Eval., 18(1), 1993.
  12. H. Choi, W Wang, K. S. Trivedi, "Analysis of conditional MTTF of fault tolerant system", Microelectron and Reliability 38,(3), 1998.
  13. P. K. Choudhary, B. B. Madan, K. S. Trivedi, "Modeling and Simulation of Integrated Voice/Data Cellular Communication with Generally Distributed Delay For End Voice Calls," Proc. of WSC 2005.
  14. S. Convey, D. Cook, M. Franz, An Attack Tree for the Border Gateway Protocol, 2003 : http://tools.ietf.org/html/draft-ietf-rpsec-bgpattack-00
  15. Dependability, http://www.cs.cornell.edu/Projects/secft/
  16. J. B. Dugan, K. S. Trivedi, Coverage Modeling for Dependability Analysis of Fault-Tolerant Systems, IEEE Trans. Computer, 38(6), 1989.
  17. R. J. Ellison, D. A. Fisher, R. C. Linger, H. F. Lipson, T. Longstaff, N. R. Mead. Survivable Network Systems: An Emerging Discipline. Technical Report CMU/SEI-97-TR-013, 1997.
  18. I. Eusgeld, F. C. Freiling, and R. Reussner (Eds.), Dependability Metrics, LNCS 4909, 2008.
  19. R. Geist, K. S. Trivedi, Reliability Estimation of Fault-Tolerant Systems: Tools and Techniques, IEEE Trans. Computer, 23(7), 1990.
  20. K. Goseva-Popstojanov, K. S. Trivedi, Stochastic Modeling Formalisms for Dependability, Performance and Performability, LNCS 1769, 2000
  21. K. Goseva-Popstojanova, F. Wang, R. Wang, F. Gong, K. Vaidyanathan, K. Trivedi, B. Muthusamy, "Characterizing intrusion tolerant systems using a state transition model," Proc. of DARPA Information Survivability Conference & Exposition II, 2001.
  22. M. Grottke, K. Trivedi, Fighting Bugs: Remove, Retry, Replicate, and Rejuvenate. IEEE Trans. Computer 40(2), 2007
  23. G. Haring, R. Marie, R. Puigjaner, K. S. Trivedi, Loss Formulae and Their Application to Optimization for Cellular Networks, IEEE Trans. Veh. Technology, 50, 2001.
  24. R. S. Hanmer, D. T. McBride, V. B. Mendiratta, Comparing Reliability and Security: Concepts, Requirements, and Techniques, Bell Labs. Technical Journal, 12(3), 2007.
  25. P. E. Heegard, K. S. Trivedi, Network survivability modeling, Computer Networks 53(8), 2009.
  26. O. C. Ibe, R. C. Howe, K. S. Trivedi, Approximate Availability Analysis of VAXcluster Systems, IEEE Trans. Reliability 38(1), 1989.
  27. E. Jonsson, L. Strömberg, S. Lindskog, "On the functional relation between security and dependability impairments," Proc. of NSPW 1999.
  28. E. Jonsson, "Towards an integrated conceptual model of security and dependability," Proc. of ARES 2006.
  29. D. S. Kim, F. Machida, K. S. Trivedi, "Availability Modeling and Analysis of a Virtualized System," Proc. of PRDC 2009.
  30. Z. Kincses, "Attack tree of smart cards", Technical Report, 2007.
  31. M. Lanus, L. Yin, K. S. Trivedi, Hierarchical composition and aggregation of state-based availability and performability models. IEEE Trans. Reliability, 52(1), 2003.
  32. N. Levitt, S. Cheung, "Common Techniques in Fault-Tolerance and Security," Proc. of DCCA 1994.
  33. H. F. Lipson, D. A. Fisher, Survivability-a new technical and business perspective on security, Proc. of NSPW 1999.
  34. Y. Liu and K. S. Trivedi, Survivability Quantification: The Analytical Modeling Approach, Int. J. Performability Engineering, 2(1) 2006.
  35. Y. Liu, Survivability of Networked Systems, PhD Dissertation, Duke University, 2008.
  36. B. B. Madan , K. S. Trivedi, Security modeling and quantification of intrusion tolerant systems using attack-response graph, J. High Speed Networks, 13(4), 2004
  37. M. Malhotra, K. S. Trivedi, "Reliability Modeling of Disk Array Systems," Proc. of TOOLS 1992.
  38. M. Malhotra, K. S. Trivedi, "A Methodology for Formal Expression of Hierarchy in Model Solution,"" Proc. of PNPM, 1993.
  39. Y. Ma, J. J. Han, K. S. Trivedi, Composite Performance and Availability Analysis of Communications Networks: A Comparison of Exact and Approximate Approaches, IEEE Trans. Vehi. Technology, 50(5), 2001.
  40. C. Meadows, "Applying the dependability paradigm to computer security," Proc. of NSPW 1995.
  41. C. Meadows, J. McLean, "Security and dependability: then and now," Proc. Computer Security, Dependability and Assurance: From Needs to Solutions, 1998.
  42. A. P. Moore et al., Attack Modeling for Information Security and Survivability, CMU TR, 2001.
  43. D. M. Nicol, W. H. Sanders, K. S. Trivedi, Model-Based Evaluation: From Dependability to Security, IEEE Trans. Dependable and Secure Computing, 1(1), 2004.
  44. B. Parhami, From defects to failures: a view of dependable computing, Computer Architecture News 16(4), 1988.
  45. Quality Concepts and Terminology, part 1: Generic Terms and Definitions. Document ISO/TC 176/SC 1 N 93, 1992.
  46. H. V. Ramasamy and M. Schunter, Architecting Dependable Systems Using Virtualization, In Workshop on DSN-2007.
  47. ResiliNets Wiki, Available at: https://wiki.ittc.ku.edu/resilinets_wiki/index.php/Main_Page
  48. K. Sallhammar, B. E. Helvik, S. J. Knapskog, "Towards a stochastic model for integrated security and dependability evaluation," Proc. of ARES 2006.
  49. H. S. Seo and T. Cho, Modeling and Simulation for Detecting a Distributed Denial of Service Attack, Proc. of AI 2002.
  50. O. Sheyner et al., Automated Generation and Analysis of Attack Graphs, Proc. of IEEE SP 2002.
  51. R. M. Smith, K. S. Trivedi, A. V. Ramesh, Performability Analysis: Measures, an algorithm and a case study, IEEE Trans. Computers C- 37(4), 1988
  52. W. E. Smith, K. S. Trivedi, L. A. Tomek, J. Ackaret, Availability analysis of blade server systems, IBM Systems J. 47(4), 2008.
  53. B. C. Soh, T. S. Dillon, "On Modelling and Analysis of Latency Problem in Fault-Tolerant Systems," Proc. 5th Int. GI/ITG/GMA Conference on Fault-Tolerant Computing Systems, Tests, Diagnosis, Fault Treatment 1991.
  54. K. S. Trivedi, S. Hunter, S. Garg, R. Fricks, "Reliability Analysis Techniques Explored Through a Communication Network Example," Proc. of CADTED 1996.
  55. K. S. Trivedi, Availability Analysis of Cisco GSR 12000 and Juniper M20/M40, Technical Report.
  56. K. S. Trivedi, Probability and Statistics with Reliability, Queuing, and Computer Science Applications. John Wiley & Sons, 2nd edition, 2001.
  57. K. S. Trivedi, R. Vasireddy, D. Trindade, S. Nathan, R. Castro, "Modeling High Availability Systems," Proc. of PRDC 2006.
  58. K. S. Trivedi, D. Wang, D. J. Hunt, A. Rindos, W. E. Smith, B. Vashaw, "Availability Modeling of SIP Protocol on IBM(c) WebSphere(c)," Proc. PRDC 2008.
  59. B. Tuffin, P. K. Choudhary, C. Hirel, K. S. Trivedi, "Simulation versus Analytic-Numeric Methods: a Petri Net Example," Proc. of the 2nd VALUETOOLS Conference 2007.
  60. K. Vaidyanathan, D. Selvamuthu, K. S. Trivedi, "Analysis of Inspection-Based Preventive Maintenance in Operational Software Systems," Proc. of SRDS 2002.
  61. J. P. Walters, Z. Liang, W. Shi and V. Chaudhary, "Wireless sensor network security: A survey", Journal of Security in Distributed, Grid, Mobile, and Pervasive Computing, 2007.
  62. H. Wang, P. Liu, "Modeling and evaluating the survivability of an intrusion tolerant database system," Proc. of ESORICS 2006.

Related papers

Dependability and Security Models * (Keynote Paper
Arpan Roy

2009

There is a need to quantify system properties methodically. Dependability and security models have evolved nearly independently. Therefore, it is crucial to develop a classification of dependability and security models which can meet the requirement of professionals in both fault-tolerant computing and security community. In this paper, we present a new classification of dependability and security models. First we present the classification of threats and mitigations in systems and networks. And then we present several individual model types such as availability, confidentiality, integrity, performance, reliability, survivability, safety and maintainability. Finally we show that each model type can be combined and represented by one of the model representation techniques: combinatorial (such as reliability block diagrams (RBD), reliability graphs, fault trees, attack trees), state-space (continuous time Markov chains, stochastic Petri nets, fluid stochastic Petri nets, etc) and hierarchical (e.g., fault trees in the upper level and Markov chains in the lower level). We show case studies for each individual model types as well as composite model types.

View PDFchevron_right
Basic concepts and taxonomy of dependable and secure computing
Brian Randell

2004

This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures.

View PDFchevron_right
Survivability Model for Security and Dependability Analysis of a Vulnerable Critical System
K. Trivedi

2018 27th International Conference on Computer Communication and Networks (ICCCN), 2018

This paper aims to analyze transient security and dependability of a vulnerable critical system, under vulnerability-related attack and two reactive defense strategies, from a severe vulnerability announcement until the vulnerability is fully removed from the system. By severe, we mean that the vulnerability-based malware could cause significant damage to the infected system in terms of security and dependability while infecting more and more new vulnerable computer systems. We propose a Markov chain-based survivability model for capturing the vulnerable critical system behaviors during the vulnerability elimination process. A high-level formalism based on Stochastic Reward Nets is applied to automatically generate and solve the survivability model. Survivability metrics are defined to quantify system attributes. The proposed model and metrics not only enable us to quantitatively assess the system survivability in terms of security risk and dependability, but also provide insights on the system investment decision. Numerical experiments are constructed to study the impact of key parameters on system security, dependability and profit.

View PDFchevron_right
Power-hierarchy among dependability model types
Kishor S Trivedi

IEEE Transactions on Reliability, 1994

a hierarchy, among the most commonly used types of dependability models, according to their modeling power. Among the combinatorial (non-state-space) model types, we show that fault trees with repeated events are the most powerful in terms of kinds of dependencies among various system components that can be modeled (which is one metric of modeling power). Reliability graphs are less powerful than fault trees with repeated events but more powerful than reliabrrity block diagrams and fault trees without repeated events. By virtue of the constructive nature of our proofs, we provide algorithms for converting from one model type to another. Among the Markov (state-space) model types, we consider continuous-time Markov chains, generalized stochastic Petri nets, Markov reward models, and &ochasW ' reward wts. These are more powerful than combinatorial-model types in that they can capture dependencies such as a shared repair facility between system components. However, they are analytically tractable only under certain distributional assumptions such as exponential failure-& repair-time distributions. They are also subject to an exponentially large state space. The equivalence among various Markov-model types is well known and thus only briefly discussed.

View PDFchevron_right
Model-based evaluation: from dependability to security
Kishor S Trivedi

IEEE Transactions on Dependable and Secure Computing, 2004

The development of techniques for quantitative, model-based evaluation of computer system dependability has a long and rich history. A wide array of model-based evaluation techniques is now available, ranging from combinatorial methods, which are useful for quick, rough-cut analyses, to state-based methods, such as Markov reward models, and detailed, discrete-event simulation. The use of quantitative techniques for security evaluation is much less common, and has typically taken the form of formal analysis of small parts of an overall design, or experimental red team-based approaches. Alone, neither of these approaches is fully satisfactory, and we argue that there is much to be gained through the development of a sound model-based methodology for quantifying the security one can expect from a particular design. In this work, we survey existing model-based techniques for evaluating system dependability, and summarize how they are now being extended to evaluate system security. We find that many techniques from dependability evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.

View PDFchevron_right

Related topics

  • Markov Processes
  • Secure Communication
  • Fault Tree Analysis
  • Security Model
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved