Dependability
Dependability is that property of a computer system such that reliance can justifiably be placed on the service it delivers. It generally includes the notions of availability (ability to use a system or service) and reliability (continuous operation of a system or service), as well as integrity, maintainability, and safety.
Monographs
[Avižienis-Laprie-Randell-Landwehr-2004TR . ]
Algirdas Avižienis, Jean-Claude Laprie, Brian Randell, Carl Landwehr
"Basic Concepts and Taxonomy of Dependable and Secure Computing",
Technical Research Report, TR 2004-47, 2004,
available from http://drum.lib.umd.edu/bitstream/1903/6459/1/TR_2004-47.pdf
Abstract: "This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures."
ResiliNets Keywords: Dependability
Keywords: Dependability, security, trust, faults, errors, failures, vulnerabilities, attacks, fault tolerance, fault removal, fault forecasting
[Avižienis-Laprie-Randell-2004 (doi) .]
Edited by Renè Jacquart,
“Dependability and Its Threats: A Taxonomy“, Algirdas Avižienis, Jean-Claude Laprie, Brian Randell,
Building the Information Society,
Springer, Boston US, 2004, pp. 91–120
ISBN 978-1-4020-8156-9
IFIP International Federation for Information Processing (IFIP) World Computer Congress, Vol. 156, 2004,
Abstract: “This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, confidentiality, integrity, maintainability, etc. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability (faults, errors, failures), and the attributes of dependability. The discussion on the attributes encompasses the relationship of dependability with security, survivability and trustworthiness.”
Keywords: dependability, availability, reliability, safety, confidentiality, integrity, maintainability, security, survivability, trustworthiness, faults, errors, failures
ResiliNets Keywords: dependability, resilience,
Notes:
[Laprie-2008 .]
Jean-Claude Laprie
“From Dependability to Resilience“,
IEEE/IFIP International Conference on Dependable Systems and Networks(DSN), (Fast Abstracts) , 2008
Abstract: “definition of resilience”
Keywords: resilience, dependability, ReSIST
ResiliNets Keywords: dependability, resilience
Notes:
[Laprie-2005 (doi) .]
Jean-Claude Laprie
“Resilience for the Scalability of Dependability“,
IEEE International Symposium on Network Computing and Applications,, Cambridge MA, 2005, pp. 5–6
Abstract: “The current state-of-knowledge and state-of-the-art reasonably enable the construction and operation of critical systems, be they safety-critical or availability-critical. The situation drastically worsens when considering large, networked, evolving, systems either fixed or mobile, with demanding requirements driven by their domain of application. There is statistical evidence that these emerging systems suffer from a significant drop in dependability and security in comparison with the former systems. The cost of failures in service is growing rapidly, as a consequence of the degree of dependence placed on computing systems, up to several million euros per hour of downtime for some businesses.”
Keywords: availability-critical system, fault tolerance, safety-critical system, system dependability, system failure, system security, fault tolerant computing;system recovery, ubiquitous computing
ResiliNets Keywords: dependability, resilience
Notes:
[Avižienis-Laprie-1986 (doi) .]
Algirdas Avižienis, Jean-Claude Laprie
“Dependable Computing: From Concepts to Design Diversity“,
Proceedings of the IEEE, 1986, pp. 629–638
Abstract: “The paper presents a development model focused on the production of dependable systems. Three classes of processes are distinguished: 1) the system creation process which builds on the classical development steps (requirements, design, realization, integration); 2) dependability processes (i.e., fault prevention, fault tolerance, fault removal and fault forecasting); and 3) other supporting processes such as quality assurance and certification. The proposed approach relies on the identification of basic activities for the system creation process and for the dependability processes, and then on the analysis of the interactions among the activities of each process and with the other processes. Finally, to support the development of dependable systems, we define for each system creation activity, a checklist that specifies the key issues related to fault prevention, fault tolerance, fault removal, and fault forecasting, that need to be addressed”
Keywords: assembly systems, availability, computer errors, computer science, fault tolerance, fault tolerant systems, guidelines, redundancy , safety , terminology
ResiliNets Keywords: dependability, resilience
Notes:
[Kaâniche-Laprie-Blanquart-2000 (doi).]
Mohamed Kaaniche, Jean-Claude Laprie, Jean-Paul Blanquart
“Dependability Engineering of Complex Computing Systems“,
Proceedings of IEEE International Conference on Engineering of Complex Computer Systems, (ICECCS), Tokyo Japan, 2000, pp. 36–46
Abstract: “The paper presents a development model focused on the production of dependable systems. Three classes of processes are distinguished: 1) the system creation process which builds on the classical development steps (requirements, design, realization, integration); 2) dependability processes (i.e., fault prevention, fault tolerance, fault removal and fault forecasting); and 3) other supporting processes such as quality assurance and certification. The proposed approach relies on the identification of basic activities for the system creation process and for the dependability processes, and then on the analysis of the interactions among the activities of each process and with the other processes. Finally, to support the development of dependable systems, we define for each system creation activity, a checklist that specifies the key issues related to fault prevention, fault tolerance, fault removal, and fault forecasting, that need to be addressed.”
ResiliNets Keywords: dependability, resilience
Keywords: application software, certification, fault tolerance, fault tolerant systems, hardware, IEC standards, predictive models, Production systems, Quality assurance, standards development
Notes:
[Birolini-2004]
Alessandro Birolini
Reliability Engineering: Theory and Practice 4th ed.
Springer Verlag 2004.
Abstract: “This book shows how to build in, evaluate, and demonstrate reliability & availability of components, equipment, systems. It presents the state-of-the-art of reliability engineering, both in theory and practice, and is based on the author's 30 years experience in this field, half in industry and half as Professor of Reliability Engineering at the ETH, Zurich. The structure of the book allows rapid access to practical results. Besides extensions to cost models and approximate expressions, new in this edition are investigations on common cause failures, phased-mission systems, availability demonstration and estimation, confidence limits at system level, trend tests for early failures or wearout, as well as a review of maintenance strategies, an introduction to Petri nets and dynamic FTA, and a set of problems for home-work. Methods and tools are given in a way that they can be tailored to cover different reliability requirement levels and be used for safety analysis as well. This book is a textbook establishing a link between theory and practice, with a large number of tables, figures, and examples to support the practical aspects.”
Keywords: ISO 9000, ISO 9001-2000, maintainability, maintenance, quality, reliability, risk, safety
ResiliNets Keywords: dependability, availability, reliability, probability, analysis
[Blischke-Murthy-2003]
Wallace R. Blischke and D.N. Prabhakar Murthy, editors
Case Studies in Reliability and Maintenance
Wiley 2003.
Abstract: “Reliability is one of the most important characteristics defining the quality of a product or system, both for the manufacturer and the purchaser. One achieves high reliability through careful monitoring of design, materials and other input, production, quality assurance efforts, ongoing maintenance, and a variety of related decisions and activities. All of these factors must be considered in determining the costs of production, purchase, and ownership of a product. [...]
- Case studies from fields such as aerospace, automotive, mining, electronics, power plants, dikes, computer software, weapons, photocopiers, industrial furnaces, granite building cladding, chemistry, and aircraft engines
- A logical organization according to the life cycle of a product or system
- A unified format of discussion enhanced by tools, techniques, and models for drawing one's own conclusions
- Pertinent exercises for reinforcement of ideas”
ResiliNets Keywords: dependability, reliability, case studies
[Blischke-Murthy-2000]
Wallace R. Blischke and D.N. Prabhakar Murthy, editors
Reliability: Modelling, Prediction, and Optimization
Wiley 2003.
Abstract: “Bringing together business and engineering to reliability analysis With manufactured products exploding in numbers and complexity, reliability studies play an increasingly critical role throughout a product's entire life cycle-from design to post-sale support. Reliability: Modeling, Prediction, and Optimization presents a remarkably broad framework for the analysis of the technical and commercial aspects of product reliability, integrating concepts and methodologies from such diverse areas as engineering, materials science, statistics, probability, operations research, and management. [...] Provides engineers, operations managers, and applied statisticians with both qualitative and quantitative tools for solving a variety of complex, real-world reliability problems. A wealth of examples and case studies accompanies:
- Comprehensive coverage of assessment, prediction, and improvement at each stage of a product's life cycle
- Clear explanations of modeling and analysis for hardware ranging from a single part to whole systems
- Thorough coverage of test design and statistical analysis of reliability data
- A special chapter on software reliability
- Coverage of effective management of reliability, product support, testing, pricing, and related topics”
ResiliNets Keywords: dependability, reliability, analysis
[Andrews-Moss-2002]
John D. Andrews and T. Robert Moss
Reliability and Risk Assessment 2nd ed.
ASME Press 2002.
Abstract: “Risk assessment and analysis are required for every engineering project, contract, piece of equipment, design, and employment situation. Reliability is the other critical element for smooth running engineering projects and operations. [...] Using case studies and judicious use of mathematics, short examples, and key text highlights, the expert authors explore this potentially complex field and guide the practicing or academic engineer to a working understanding of the subject.”
ResiliNets Keywords: dependability, reliability, fault tolerance, risk assessment, availability, analysis
[Billinton-Allan-1992 ]
Roy Billinton and Ronald N. Allan
Reliability Evaluation of Engineering Systems, 2nd ed.
Plenum Press, 1992.
ResiliNets Keywords: dependability, availability, reliability, probability, Markov modelling
[Geffroy-Motet-2002 ]
Jean-Claude Geffroy and Gilles Motet
Design of Dependable Computing System
Kluwer Academic Publishers, 2002.
Abstract: “Today computing systems are more and more complex and they assume more and more responsibilities in all sectors of human activity. Unfortunately, many faults can harm the development or the use of these products. Destructive mechanisms transform faults into errors and finally failures altering the delivered service. For critical systems, the consequences of these failures can be catastrophic, but for most non-critical systems, failures are nowadays unacceptable. Hence, it is necessary to take dependability attributes into account, along the product lifecycle. This book aims at providing a general overview of the dependability of computing systems: impairments and protective means. Issues, concepts and techniques are considered from a system point of view, and are illustrated by both hardware and software technologies.“
ResiliNets Keywords: dependability, faults, errors, failures, redundancy, design, testing
[Melliar-Smith_Randell-1976]
P.M. Melliar-Smith and B. Randell
Software Reliability: The Role of Programmed Exception Handling
ACM SIGOPS Operating Systems Review, Volume 11 , Issue 2 (April 1977),
Proceedings of an ACM conference on Language design for reliable software, Pages: 95 - 100, Year of Publication: 1977, ISSN:0163-5980
Abstract: “The paper discusses the basic concepts underlying the issue of software reliability, and argues that programmed exception handling is inappropriate for dealing with suspected software errors. Instead it is shown, using an example program, how exception handling can be combined with the recovery block structure. The result is to improve the effectiveness with which problems due to anticipated faulty input data, hardware components, etc., are dealt with, while continuing to provide means for recovering from unanticipated faults, including ones due to residual software design errors.“
ResiliNets Keywords: terminology, faults, errors, failures
[Schneider-1999]
F.B. Schneider (editor)
Trust in Cyberspace
NATIONAL ACADEMY PRESS, Washington, D.C. 1999, ISBN-13: 978-0309065580
ResiliNets Keywords: terminology, faults, errors, failures
IFIP Working Group 10.4 – Dependable Computing and Fault Tolerance
[Laprie-1994 .]
Jean-Claude Laprie (ed.)
Dependability: Basic Concepts and Terminology,
IFIP WG 10.4 – Dependable Computing and Fault Tolerance
(draft), Aug. 1994.
Abstract: "This document is aimed at informal but precise definitions characterizing the various attributes of computing systems dependabilty. It is a contribution to the work undertaken within the “ Reliable and Fault Tolerant Computing” scientific and technical community in order to porpose clear and widely acceptable definitions for some basic concepts. This document results from revising and updating the English language section of [Laprie-1992]."
ResiliNets Keywords: Dependability, availability, reliability
[Avižienis-Laprie-Randell-2001 .]
Algirdas Avižienis, Jean-Claude Laprie, Brian Randell,
"Fundamental Concepts of Computer System Dependability",
IARP/IEEE-RAS Workshop on Robot Dependability: Technological Challenge of Dependable Robots in Human Environments,
Seoul, Korea, May 21-22, 2001
Abstract: "Dependability is the system property that integrates such attributes as reliability, availability, safety, security, survivability, maintainability. The aim of the presentation is to summarize the fundamental concepts of dependability. After a historical perspective, definitions of dependability are given. A structured view of dependability follows, according to a) the threats, i.e., faults, errors and failures, b) the attributes, and c) the means for dependability, that are fault prevention, fault tolerance, fault removal and fault forecasting."
ResiliNets Keywords: Dependability
[Avižienis-Laprie-Randell-Landwehr-2004 (doi) . ]
Algirdas Avižienis, Jean-Claude Laprie, Brian Randell, Carl Landwehr
"Basic Concepts and Taxonomy of Dependable and Secure Computing",
IEEE Transactions on Dependable and Secure Computing, Vol. 1, No. 1, January 2004, pp. 11-33
Abstract: "This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance cross a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures."
ResiliNets Keywords: Dependability
Keywords: Fault-tolerance, survivability, reliability, dependability, history of dependability
[Avižienis-Laprie-Randell-Landwehr-2004TR . ]
Algirdas Avižienis, Jean-Claude Laprie, Brian Randell, Carl Landwehr
"Basic Concepts and Taxonomy of Dependable and Secure Computing",
Technical Research Report, TR 2004-47, 2004,
available from http://drum.lib.umd.edu/bitstream/1903/6459/1/TR_2004-47.pdf
Abstract: "This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures."
ResiliNets Keywords: Dependability
Keywords: Dependability, security, trust, faults, errors, failures, vulnerabilities, attacks, fault tolerance, fault removal, fault forecasting
ANSA Framework
[Edwards-Rees 1994 .]
Nigel Edwards and Owen Rees,
A Model for Failures in Dependable Systems,
ANSA Technical Report, March, 1994
Abstract: “This document describes a model for failures in dependable systems. A general failure model is described in terms of a system consisting of interacting components. This model is then applied to an object-based interaction model. The model is based on events which occur with some value at some time. Components in the system observe events and have expectations which define regions in a value, time space. A failure is detected when what is observed does not match what is expected. The concepts in the model can be used to analyse a given configuration of engineering mechanisms, application components and infrastructure to determine what failures can and cannot be tolerated by this configuration. This can then be mapped onto an application-level statement: what failures the applications can and cannot tolerate. The intention is that the model should provide the underlying framework for further work on dependable distributed computing. Some familiarity with basic principles of object-based distributed computing is assumed.”
ResiliNets Keywords: dependability, survivability, performability
Keywords: Failure model, expectations
Notes: Defines expectations in time × value space, in which dependability and performability are measured as occurrences with respect to expectations.
[Edwards-1994-A .]
Nigel Edwards,
An ANSA Analysis of Open Dependable Distributed Computing
Technical Report, October 1994
Abstract: "System dependability is increasing in importance in the market place. A recent report predicts that the market for fault-tolerant systems will double in the next three years. Within the context of large open distributed systems, dependability will be particularly important: the more components a system has the greater the probability that one of those components will be faulty. Over the next two to three years, the ANSA work on dependability aims to develop the technology for building open dependable distributed systems on industry standards platforms such as DCE and CORBA. This paper looks at some of the requirements which will be placed on this technology. A failure model has been developed; its use in the design of dependable systems is being investigated. An engineering model is being developed which will provide a choice of mechanisms, enhancing the functionality of the basic platform, so that it can meet the dependability requirements of applications. A programming model is being developed to help programmers meet the requirements of the chosen engineering. A core component of both the engineering and programming models is an extended transaction framework."
ResiliNets Keywords: Dependability
Keywords:
[Edwards-1994-B .]
Nigel Edwards,
Building Dependable Distributed Systems
Technical Report, February 1994
Abstract: "This document describes the basic concepts and technologies used in building open dependable distributed systems and how they relate to the ANSA work on dependability. Chapter One discusses the basic concepts used to describe dependability. The notion of failure is fundamental to these concepts. Hence it looks at the pathology of failures (how they propagate), assigning fault, and the role of failure models and hierarchies. An overview of the ANSA failure model is given. Chapter Two gives an overview of the ANSA work on dependability. This aims to provide the technology for building open dependable distributed systems on industry standards platforms such as DCE and CORBA. The engineering model provides a choice of mechanisms to enhance the functionality of the basic platform to meet the requirements of applications for dependability. The programming model helps programmers meet the requirements of the chosen engineering. An extended transaction framework and a management model are core components of the engineering and programming models."
ResiliNets Keywords: Dependability
Keywords:
ATIS PRQC (Network Performance Reliability and Quality of Service) Committee
Formerly ANSI T1A1
[ATIS-T1.TR.24-1993 . ]
T1A1.2 Working group
Technical Report on Network Survivability Performance,
Technical Report No.24,
T1A1.2/93-001R3, November 1993
Abstract: "This Technical Report provides information on the network survivability performance of telecommunications networks. Although techniques, parameters and methods needed to study network survivability performance are defined, recommended parameters objectives are not established."
ResiliNets Keywords: Survivability
Keywords:
[ATIS-T1.TR.24A-1997 . ]
T1A1.2 Working group
A Technical Report on Network Survivability Performance (Supplement to Technical Report No.24),
Technical Report No.24A,
T1A1.2/97-001R3, August 1997
Abstract: "This supplement to Committee T1 Technical Report No.24 (TR No.24) on Network Survivability Performance addresses the need for a common understanding and for techniques assessing network sruvivability. This Technical Report resolves some of the issues and questions left for further study, and clarifies several TR No.24 definitions. TR No.24 emphasizes the classification of network failures (i.e., identifying whether or not a service outage has occurred) and addresses the quantification of failure events, and techniques to measure the severity of the failure. This report also provides improved measures of failures with respect to service outage severity. It classifies the architectures and services of industry segments other than wireline (i.e., wireless, cable TV, and satellite) and provides methods in the corresponding appendices to calculate outage index values for voiceband telephony service outages."
ResiliNets Keywords: Survivability
Keywords:
[ATIS-T1.TR.55-1998 . ]
T1A1.2 Working group
A Technical Report on Reliability and Survivability Aspects of the Interactions Between the Internet and the Public Telecommunications Network,
Technical Report No.55,
T1A1.2/98-001R6, October 1998
Abstract: "This Technical Report addresses the reliability and survivability aspects of the interactions between the Internet and the Public Telecommunications Network (PTN). It examines the general architectures of both networks and the interfaces between them. This document offers suggestions for meeting reliability challenges posed by changing network traffic characteristics. Two major categories of solutions are introduces:network engineering and network architecture. Within these categories, alternatives may be selected depending on the operator's local circumstances."
ResiliNets Keywords: Reliability, Survivability
Keywords:
[ATIS-T1.TR.68-2001 . ]
T1A1.2 Working group
Technical Report on Enhanced Network Survivability Performance,
Technical Report No.68,
ATIS-T1.TR.68-2001, February 2001
Abstract: "This Technical Report (TR) provides information on the network survivability performance of telecommunications networks. Although techniques, parameters, and methods needed to study network survivability performance are defined, recommended parameter objectives are not established. This document is intended to provide a basis for designing and operating telecommunications networks to meet users' expectations regarding network survivability, fulfilling the need for a common understanding, and assessment techniques. It emphasizes the classification of network failures (i.e., identifying whether or not a service outage has occurred) and provides a framework to quantify the severity of failure events. This TR also provides improved measures of failures with respect to service outage severity. It classifies the architectures and services of all industry segments (i.e., wireline, Internet, wireless, cable TV, and satellite) and provides methods to calculate outage index values for communication service outages. "
ResiliNets Keywords: Survivability
Keywords:
[ATIS-T1.TR.70-2001 . ]
T1A1.2 Working group
Reliability/Availability Framework for IP-based Networks and Services,
Technical Report No. 70,
ATIS-T1.TR.70-2001, August 2001
Abstract: "This Technical Report (TR) addresses the grwoing concerns from the telecommunications community about the reliability/availability of Internet Protocol (IP)-based telecommunications networks, including the services provided under failure conditions. It is intended to provide a framework for designing and operating IP-based telecommunications networks to meet users' expectations regarding network reliability and service availability"
ResiliNets Keywords: Reliability, Availability
Keywords:
[ATIS-T1.TR.78-2003 . ]
T1A1.2 Working group
Access Availability of Routers in IP-Based Networks,
Technical Report No.78,
ATIS-T1.TR.78-2003, January 2003
Abstract: "This Technical Report (TR) introduces the concepts for use in assessing the availability of access to IP-based telecommunications networks. The calculation is based on the access availability of IP routers in the network. The TR presents alternate methods for weighting the availability calculation in terms of customers, ports and bandwidth. This technical report is intended as the first in a series of Technical Reports, on the reliability metrics for IP-based networks. The next report will include Backbone networks thereby permitting a complete network availability assessment."
ResiliNets Keywords: Availability
Keywords:
[ATIS-T1.524-2004 . ]
Reliability-related Metrics and Terminology for Network Elements in Evolving Communications Networks,
American National Standard for Telecommunications T1.524-2004,
ATIS/ANSI T1A1.2, 23 June 23 2004
Abstract: “This standard defines reliability-related metrics, features, and terminology for communication networks to foster industry-wide consistent nomenclature and methodology when specifying and measuring reliability-related attributes.”
ResiliNets Keywords: Reliability metrics
[ATIS-T1.TR.XX-2004 . ]
T1A1.2 Working group
Reliability Aspects of Next Generation Networks,
Draft Technical Report No. xx,
ATIS-PP-0100002, May 2004
Abstract: "This Technical Report (TR) provides initial information on the reliability and availability aspects of Next Generation Networks (NGNs). NGN-specific characteristics are discussed in terms of their relevancy to reliability-related aspects. Recommended reliability-related metric and parameter objectives are not established. The document discusses reliability-related aspects such as requirements, design considerations and modeling. It is intended to provide a basis for a common understanding of some of the reliability challenges for NGN."
ResiliNets Keywords: Reliability
Keywords:
ITU Standards
(references here)
Models
[Nicol-Sanders-Trivedi-2004 (doi) .]
D.M. Nicol, W.H. Sanders, and K.S. Trivedi,
“Model-Based Evaluation: From Dependability to Security”,
IEEE Transactions on Dependable and Secure Computing, vol.1, #1, March 2004, pp. 48–65
ResiliNets Keywords:
Keywords: Markov processes, fault tolerant computing, security of data, software reliability, Markov reward models, dependability evaluation, discrete-event simulation, model-based evaluation, performability evaluation, security evaluation, stochastic modeling, system dependability, system security
Abstract: “The development of techniques for quantitative, model-based evaluation of computer system dependability has a long and rich history. A wide array of model-based evaluation techniques is now available, ranging from combinatorial methods, which are useful for quick, rough-cut analyses, to state-based methods, such as Markov reward models, and detailed, discrete-event simulation. The use of quantitative techniques for security evaluation is much less common, and has typically taken the form of formal analysis of small parts of an overall design, or experimental red team-based approaches. Alone, neither of these approaches is fully satisfactory, and we argue that there is much to be gained through the development of a sound model-based methodology for quantifying the security one can expect from a particular design. In this work, we survey existing model-based techniques for evaluating system dependability, and summarize how they are now being extended to evaluate system security. We find that many techniques from dependability evaluation can be applied in the security domain, but that significant challenges remain, largely due to fundamental differences between the accidental nature of the faults commonly assumed in dependability evaluation, and the intentional, human nature of cyber attacks.”
Notes:
