Academia.eduAcademia.edu

Outline

Title
Abstract
Figures
Introduction
Case Study
Related Works
Conclusions
References
All Topics
Computer Science
Cybersecurity

From trust to dependability through risk analysis

Profile image of Yudistira AsnarYudistira Asnar

2007, … Reliability and Security …

Abstract

The importance of critical systems has been widely recognized and several efforts are devoted to integrate dependability requirements in their development process. Such efforts result in a number of models, frameworks, and methodologies that have been proposed to model and assess the dependability of critical systems. Among them, risk analysis considers the likelihood and severity of failures for evaluating the risk affecting the system.

Figures (6)
Figure 1: Airspace Division between ACC-A and ACC-B?
Figure 1: Airspace Division between ACC-A and ACC-B?
Figure 2: Goal-Risk Model of ATM case study
Figure 2: Goal-Risk Model of ATM case study
Figure 3: SAT and DEN Evidence Propagation
Figure 3: SAT and DEN Evidence Propagation
Figure 5: Extended Goal-Risk Model of ATM case study
Figure 5: Extended Goal-Risk Model of ATM case study
(i.e., Nj is requested by A;). The process terminates when there is no change between the current labels and the previous ones. The risk assessment process uses procedure Apply_Rules (Algorithm 2) to com- bine the evidence for the node N; in actor A; viewpoint (i.e., (Ai, N;)). The evi- dence is computed from all its incoming relations (i.e., decomposition, contribution, and trust relations). Lines 4-5 compute SAT or DEN evidence derived from decompo- sition/contribution relations. In particular, sat_rules and den_rules use the axioms introduced in Fig. 3 where (A;,.N;) is the target node, (Asgrc, Nsrc) is source node(s), FR, represents the type of relation, and array old contains the evidence values of the source node(s). The evidence derived in these steps are stored in arrays sat and den, respectively. Lines 7-9 compute the evidence derived from trust relations. When an actor delegates the fulfillment of a goal or the execution of a task to another actor, the algorithm searches the trust level between them in Trust Base (Line 7). Based on such a level, the algorithm calculates the evidence on the basis of trust using the evidence of the delegatee (Lines 8-9). Essentially, sat_rules_del and den_rules_del computes SAT and DEN evidence using the axioms in Fig. 6 and stores them in arrays sat-t and den-t, respectively.
(i.e., Nj is requested by A;). The process terminates when there is no change between the current labels and the previous ones. The risk assessment process uses procedure Apply_Rules (Algorithm 2) to com- bine the evidence for the node N; in actor A; viewpoint (i.e., (Ai, N;)). The evi- dence is computed from all its incoming relations (i.e., decomposition, contribution, and trust relations). Lines 4-5 compute SAT or DEN evidence derived from decompo- sition/contribution relations. In particular, sat_rules and den_rules use the axioms introduced in Fig. 3 where (A;,.N;) is the target node, (Asgrc, Nsrc) is source node(s), FR, represents the type of relation, and array old contains the evidence values of the source node(s). The evidence derived in these steps are stored in arrays sat and den, respectively. Lines 7-9 compute the evidence derived from trust relations. When an actor delegates the fulfillment of a goal or the execution of a task to another actor, the algorithm searches the trust level between them in Trust Base (Line 7). Based on such a level, the algorithm calculates the evidence on the basis of trust using the evidence of the delegatee (Lines 8-9). Essentially, sat_rules_del and den_rules_del computes SAT and DEN evidence using the axioms in Fig. 6 and stores them in arrays sat-t and den-t, respectively.

Related papers

Risk in Secure and Dependable System: a Survey
Yudistira Asnar

Citeseer

Modeling and analyzing risk is one of the most critical activities in system engineering. Through this measure, an analyst ensures the security and dependability of a system. In secure and dependable community, Security property is defined as confidentiality, integrity, and availability while dependability with reliability, availability, safety, integrity, and maintainability. These attributes can be achieved by means of controlling the risks that can affect to the system. Risk management is a set of activity that consists of organizational analysis, risk identification, risk assessment, risk evaluation, risk treatment, and risk monitoring.

View PDFchevron_right
Software reliability models for critical applications
Hào Phạm

1991

This report presents the results of the first phase of the ongoing EG&G Idaho, Inc., Software Reliability Research Program. The program is studying the existing software reliability mc:lels and proposes a state-of-the-art software reliability model that is relevant to the nuclear reactor control environment. This report consists of three parts: (1) summaries of the literature review of existing software reliability and fault tolerant software reliability models and their related issues, (2) proposed technique for saitware reliability enhancement, and (3) general discussion and future research.

View PDFchevron_right
A practical framework for eliciting and modeling system dependability requirements: Experience from the NASA high dependability computing project
Paolo Donzelli

Journal of Systems and Software, 2006

The dependability of a system is contextually subjective and reflects the particular stakeholderÕs needs. In different circumstances, the focus will be on different system properties, e.g., availability, real-time response, ability to avoid catastrophic failures, and prevention of deliberate intrusions, as well as different levels of adherence to such properties. Close involvement from stakeholders is thus crucial during the elicitation and definition of dependability requirements. In this paper, we suggest a practical framework for eliciting and modeling dependability requirements devised to support and improve stakeholdersÕ participation. The framework is designed around a basic modeling language that analysts and stakeholders can adopt as a common tool for discussing dependability, and adapt for precise (possibly measurable) requirements. An air traffic control system, adopted as testbed within the NASA High Dependability Computing Project, is used as a case study.

View PDFchevron_right
Dependability and security models
Arpan Roy

2009

There is a need to quantify system properties methodically. Dependability and security models have evolved nearly independently. Therefore, it is crucial to develop a classification of dependability and security models which can meet the requirement of professionals in both fault-tolerant computing and security community. In this paper, we present a new classification of dependability and security models. First we present the classification of threats and mitigations in systems and networks. And then we present several individual model types such as availability, confidentiality, integrity, performance, reliability, survivability, safety and maintainability. Finally we show that each model type can be combined and represented by one of the model representation techniques: combinatorial (such as reliability block diagrams (RBD), reliability graphs, fault trees, attack trees), state-space (continuous time Markov chains, stochastic Petri nets, fluid stochastic Petri nets, etc) and hierarchical (e.g., fault trees in the upper level and Markov chains in the lower level). We show case studies for each individual model types as well as composite model types.

View PDFchevron_right
System Dependability Models and Archictectures
MARIELLE ANGELA FIANZA

Fianza, 2020

System's design and architecture are very important aspect in building a dependable software system. It is therefore needed a critical understanding and implementation of an architecture to ensure dependability attributes such as availability, reliability, security, safety and resilience. This paper presents a literature review for system dependability architectures, models and methods presented by several authors. Some authors presented models or architectures and other authors presented a comprehensive report regarding measures to address system dependability. Models and architectures reviewed in this paper includes EAST-ADL, DAM, Atanassov intuitionistic fuzzy, GDM, Component-based Software Development (CBSD), Flexible Symmetric Key Crypto Engines and Markov Model.

View PDFchevron_right
Defining a Risk-based Approach to the Design and Technology Usage of Systems to Attain IT Availability and Recoverability Requirements
Michael Azzopardi

This paper explains the overall concept and rationale for defining a risk-based approach to the design and technology usage of systems to achieve a set of differentiated business availability and recoverability classes. It provides an overview of the various dimensions being taken into consideration and also elaborates on the aspects that drive the differentiation of best practices or technical capabilities used to achieve the different classes.

View PDFchevron_right
Dependability Modeling and Analysis in Dynamic Systems
Antonio Puliafito

Dependability evaluation is an important, often indispensable, step in (critical) systems design and analysis processes. The introduction of control and/or computing systems to automate processes increases the overall system complexity and therefore has an impact in terms of dependability. When a system grows, dynamic effects, not present or manifested before, could arise or become significant in terms of reliability/availability: the system could be affected by common cause failures, the system components could interfere, effects due to load sharing arise and therefore should be considered. Moreover it is of interest to evaluate redundancy and maintenance policies. In those cases it is not possible to recur to notations as reliability block diagrams (RBD), fault trees (FT) or reliability graphs (RG) to represent the system, since the statistical independence assumption is not satisfied. Also more enhanced formalisms as dynamic FT (DFT) could result not adequate to the goal.

View PDFchevron_right
Defining a Framework for the Development and Management of Dependability Cases
George Despotou

Advances in Water Resources

Dependability cases are a concept that has primarily emerged from safety cases. A dependability case constitutes a clear, defensible, and traceable argument that a system is acceptably dependable to operate in a given operational context. This includes any requirements that are crucial to the stakeholders' envisioned system operation. A dependability case can be thought of as a driver communicating assurance about the various facets of a system's operation. The importance of assuring the achievement of dependability attributes is readily apparent in many examples of systems and in specific System of Systems -a class of systems that exhibits a combination of characteristics such as, complexity, autonomy and geographic dispersion. Establishing a dependability case is not a monolithic process, but involves a number of processes and concepts that contribute in overcoming a number of challenges. These include elicitation and apportionment of dependability requirements, resolution of conflicts between dependability attributes and evolution of case. In this paper we present a dependability case framework. The framework includes three processes that have been proposed to overcome the stated challenges, and it can constitute the basis for further additions on the concept. The concept of dependability cases is supported by two pylons. Description of concepts used and their associations (static representation) and definition of the processes that contribute to the construction of the dependability case. The static representation of the framework is defined in a (domain specific) metamodel. Furthermore the processes that participate in the evolution of the dependability case are described along with their prerequisites and contributions to the dependability case. Dr Tim Kelly is a Lecturer in software and safety engineering within the Department of Computer Science at the University of York. His expertise lies predominantly in the areas of safety case development and management. Tim has published over 70 papers on safety case development in international journals and conferences and has been an invited panel speaker on software safety issues. Richard Paige is a senior lecturer in software engineering at the University of York, where he undertakes research in model-driven development, model management, software architectures, safety critical systems, and agile processes.

View PDFchevron_right
Dependability analysis activities merged with system engineering, a real case study feedback
Frédéric KRATZ

ESREL 2011, 2011

HAL is a multidisciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

View PDFchevron_right
Dependability and Security Models * (Keynote Paper
Kishor S Trivedi

— There is a need to quantify system properties methodically. Dependability and security models have evolved nearly independently. Therefore, it is crucial to develop a classification of dependability and security models which can meet the requirement of professionals in both fault-tolerant computing and security community. In this paper, we present a new classification of dependability and security models. First we present the classification of threats and mitigations in systems and networks. And then we present several individual model types such as availability, confidentiality, integrity, performance, reliability, survivability, safety and maintainability. Finally we show that each model type can be combined and represented by one of the model representation techniques: combinatorial (such as reliability block diagrams (RBD), reliability graphs, fault trees, attack trees), state-space (continuous time Markov chains, stochastic Petri nets, fluid stochastic Petri nets, etc) and hierarchical (e.g., fault trees in the upper level and Markov chains in the lower level). We show case studies for each individual model types as well as composite model types.

View PDFchevron_right

References (27)

  1. Y. Asnar and P. Giorgini. Modelling and Analysing Risk at Organizational Level. Technical Report DIT-06-063, DIT -University of Trento, September 2006.
  2. Y. Asnar, P. Giorgini, and J. Mylopoulos. Risk Modelling and Reasoning in Goal Models. Technical Report DIT-06-008, DIT -University of Trento, February 2006.
  3. A. Avizienis, J.-C. Laprie, B. Randell, and C. E. Landwehr. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Trans. on Dependable and Sec. Comput., 1(1):11-33, 2004.
  4. T. Bedford and R. Cooke. Probabilistic Risk Analysis: Foundations and Methods. Cambridge University Press, 2001.
  5. R. Butler, J. Maddalon, A. Geser, and C. Muñoz. Simulation and Verification I: Formal Analysis of Air Traffic Management Systems: The Case of Conflict Res- olution and Recovery. In Proc. of the 35th Conf. on Winter Simulation (WSC'03), pages 906-914. IEEE Press, 2003.
  6. S. A. Butler. Security Attribute Evaluation Method: a Cost-Benefit Approach. In Proc. of the Int. Conf. on Software Eng. (ICSE'02), pages 232-240, New York, NY, USA, 2002. ACM Press.
  7. S. Campadello, L. Compagna, D. Gidoin, P. Giorgini, S. Holtmanns, J. Latan- icki, V. Meduri, J.-C. Pazzaglia, M. Seguran, R. Thomas, and N. Zanone. S&D Requirements Specification. Research report A7.D2.1, SERENITY consortium, July 2006. EU-IST-IP 6th Framework Programme -SERENITY 27587.
  8. S. Cox, B. Jones, and D. Collinson. Trust Relations in High-Reliability Organi- zations. Risk Analysis, 26(5):1123-1138, 2006.
  9. R. Falcone and C. Castelfranchi. Social Trust: A Cognitive Approach. In Trust and Deception in Virtual Societies, pages 55-90. Kluwer Academic Publishers, Norwell, MA, USA, 2001.
  10. M. S. Feather. Towards a Unified Approach to the Representation of, and Reason- ing with, Probabilistic Risk Information about Software and its System Interface. In Proc. of IEEE ISSRE'04, pages 391-402. IEEE CS Press, November 2004.
  11. M. S. Feather, S. L. Cornford, K. A. Hicks, and K. R. Johnson. Applications of tool support for risk-informed requirements reasoning. Computer Systems Sci- ence & Engineering.
  12. P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone. Modeling Security Re- quirements Through Ownership, Permission and Delegation. In Proc. of RE'05, pages 167-176. IEEE CS Press, 2005.
  13. P. Giorgini, F. Massacci, J. Mylopoulos, and N. Zannone. Modelling Social and Individual Trust in Requirements Engineering Methodologies. In Proc. of iTrust'05, volume 3477 of LNCS, pages 161-176. Springer, 2005.
  14. P. Giorgini, J. Mylopoulos, E. Nicchiarelli, and R. Sebastiani. Formal Reasoning Techniques for Goal Models. Journal of Data Semantics, 1(1):1-20, October 2003.
  15. J. Jacobson. Safety Validation of Dependable Transportation Systems. In Proc. of ITSC'05, pages 1-6, 2005.
  16. S. Jajodia, P. Samarati, V. S. Subrahmanian, and E. Bertino. A unified framework for enforcing multiple access control policies. In Proc. of the 1997 ACM SIGMOD Int. Conf. on Management of Data, pages 474-485. ACM Press, 1997.
  17. A. Jøsang and S. Presti. Analysing the Relationship Between Risk and Trust. In Proc. of iTrust'04, volume 2995 of LNCS, pages 135-145. Springer, 2004.
  18. S. Lee, R. Gandhi, and G. Ahn. Security Requirements Driven Risk Assessment for Critical Infrastructure Information Systems. In Proc. of SREIS'05, 2005.
  19. D. Manchala. Trust Metrics, Models and Protocols for Electronic Commerce Transactions. In Proc. of ICDCS'98, pages 312-321. IEEE CS Press, 1998.
  20. N. Mayer, A. Rifaut, and E. Dubois. Towards a Risk-Based Security Require- ments Engineering Framework. In Proc. of REFSQ'05, 2005.
  21. D. M. Nicol, W. H. Sanders, and K. S. Trivedi. Model-Based Evaluation: From Dependability to Security. IEEE Trans. on Dependable and Sec. Comput., 1(1):48-65, 2004.
  22. D. Shapiro and R. Shachter. User-Agent Value Alignment. In Proc. of The 18th Nat. Conf. on Artif. Intell. AAAI, 2002.
  23. B. Shawn and F. Paul. Multi-Attribute Risk Assessment. Technical Report CMU- CS-01-169, Carnegie Mellon University, December 2001.
  24. I. Sommerville. Software Engineering. Addison Wesley, 7th edition, May 2004.
  25. M. Stamatelatos, W. Vesely, J. Dugan, J. Fragola, J. Minarick, and J. Railsback. Fault Tree Handbook with Aerospace Applications. NASA, 2002.
  26. US-Department of Defense. Department of Defense Information Technolgoy Se- curity Certification and Accreditation Process (DITSCAP) Application Manual, July 2000.
  27. E. Yu. Modelling strategic relationships for process reengineering. PhD thesis, University of Toronto, 1996.

Related papers

The operating risk assessment for dependable systems
Gabriela Tont

2009

The dependable and predictable behaviour of systems provides the basis for trustworthiness and confidence in any meaningful realizations of the global Information Society. However, the expectation and perception of robustness, complexity and resilience of systems are changing under the pressures of new business, technological and societal drivers. The operating risk estimation is aligning in the larger framework of solving business and technical issues by adopting solution and decision-making under the simultaneous multi-objective conditions Dependability approached through its main attributes: Reliability, Availability, Maintainability Safety and Security (RAMSS) has requirements that may be identified by analyzing the risks faced by critical systems. Excluding requirements that systems face related to maintain nominal specification of states and conditions, a basic taxonomy of requirements is dedicated to of the functional ones regarding error checking, recovery and protection aga...

View PDFchevron_right
A framework for dependability engineering of critical computing systems
Jean-paul Blanquart

Safety Science, 2002

This paper presents a development model focused on the production of dependable systems. Three classes of processes are distinguished: 1) the system creation process which builds on the classical development steps (requirements, design, realization, integration); 2) dependability processes (i.e., fault prevention, fault tolerance, fault removal and fault forecasting); and 3) other supporting processes such as quality assurance and certification. The proposed approach relies on the identification of basic activities for the system creation process and for the dependability processes, and then on the analysis of the interactions among the activities of each process and with the other processes. Finally, to support the development of dependable systems, we define for each system creation activity, a checklist that specifies the key issues that need to be addressed with respect to each dependability process.

View PDFchevron_right
Dependability and its threats: a taxonomy
Brian Randell

2004

This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, confidentiality, integrity, maintainability, etc. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability (faults, errors, failures), and the attributes of dependability. The discussion on the attributes encompasses the relationship of dependability with security, survivability and trustworthiness.

View PDFchevron_right
The unified model of dependability: Putting dependability in context
Paolo Donzelli

IEEE Software, 2004

Individuals and organizations increasingly use sophisticated software systems from which they demand great reliance. "Reliance" is contextually subjective and depends on the particular stakeholder's needs; therefore, in different circumstances, the stakeholders will focus on different properties of such systems, e.g., continuity, availability, performance, real-time response, ability to avoid catastrophic failures, capability of resisting adverse conditions, and prevention of deliberate privacy intrusions. The concept of dependability enables these various concerns to be subsumed within a single conceptual framework.

View PDFchevron_right
Survivability Model for Security and Dependability Analysis of a Vulnerable Critical System
K. Trivedi

2018 27th International Conference on Computer Communication and Networks (ICCCN), 2018

This paper aims to analyze transient security and dependability of a vulnerable critical system, under vulnerability-related attack and two reactive defense strategies, from a severe vulnerability announcement until the vulnerability is fully removed from the system. By severe, we mean that the vulnerability-based malware could cause significant damage to the infected system in terms of security and dependability while infecting more and more new vulnerable computer systems. We propose a Markov chain-based survivability model for capturing the vulnerable critical system behaviors during the vulnerability elimination process. A high-level formalism based on Stochastic Reward Nets is applied to automatically generate and solve the survivability model. Survivability metrics are defined to quantify system attributes. The proposed model and metrics not only enable us to quantitatively assess the system survivability in terms of security risk and dependability, but also provide insights on the system investment decision. Numerical experiments are constructed to study the impact of key parameters on system security, dependability and profit.

View PDFchevron_right

Related topics

  • Computer Security And Reliability
  • Environmental Economics
  • Failure Analysis
  • Risk Analysis
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved