Merging paradigms of survivability and security: stochastic faults and designed faults

Authors:
J. McDermott;A. Kim;J. Froscher
Affiliations:
Naval Research Laboratory, Washington, DC;Naval Research Laboratory, Washington, DC;Naval Research Laboratory, Washington, DC
Venue:
Proceedings of the 2003 workshop on New security paradigms
Year:
2003

Citing 7
Cited 3

Fault tolerance in distributed systems

Fault tolerance in distributed systems
Network security: private communication in a public world

Network security: private communication in a public world
A compositional approach to performance modelling

A compositional approach to performance modelling
Reaching Agreement in the Presence of Faults

Journal of the ACM (JACM)
The box calculus: a new causal algebra with multi-label communication

Advances in Petri Nets 1992, The DEMON Project
Recovery semantics for a DB/DC system

ACM '73 Proceedings of the ACM annual conference
Using Memory Errors to Attack a Virtual Machine

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy

Information Assurance: Dependability and Security in Networked Systems

Information Assurance: Dependability and Security in Networked Systems
A Coordination Model for Improving Software System Attack-Tolerance and Survivability in Open Hostile Environments

International Journal of Distributed Sensor Networks - Sensor Networks, Ubiquitous and Trustworthy Computing
Quantified security is a weak hypothesis: a critical survey of results and assumptions

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop

Quantified Score

Hi-index	0.00

Visualization

Abstract

Faults are examined by both the security and fault tolerance communities. These communities have strikingly different views of the types of faults that exist, the way they are modeled, and how they are addressed. One community can pronounce a system survivable but the other community would not find this to be so. This leaves us with two approaches that both fail to be comprehensive, depending on which community is looking at the system. While intrusion-tolerance and security researchers look at faults in terms of statistically dependent events caused by the hard intruder, the fault tolerance literature assumes that faults are statistically independent and can be described as random variables with probability distributions. When considering the survivability of a system, we cannot assume that the system is susceptible to only one type of fault or the other, but this is common practice in both communities. A new paradigm is needed.