basic concepts and taxonomy of dependable and secure
play

Basic Concepts and Taxonomy of Dependable and Secure Computing - PDF document

Basic Concepts and Taxonomy of Dependable and Secure Computing Presented By H. Momeni Instructor: Dr. Abdollahi Azgomi Reliable Software Design Course Iran University of Science and Technology Spring 2007 The Basic Concepts


  1. Basic Concepts and Taxonomy of Dependable and Secure Computing Presented By H. Momeni Instructor: Dr. Abdollahi Azgomi Reliable Software Design Course Iran University of Science and Technology Spring 2007 The Basic Concepts • System Function, Behavior, Structure, and Service • The Threats to Dependability and Security • Dependability, Security, and Their Attributes • The Means to Attain Dependability and Security Reliable Software Design Course 2 Spring 2007 - IUST 1

  2. System Function • System is an entity that interacts with its environment (other systems, hardware, software, humans) • Systems are characterized by fundamental properties: functionality, performance, dependability and security, and cost • The function of a system is what the system is intended to do and is described by the functional specification Reliable Software Design Course 3 Spring 2007 - IUST Behavior • The behavior of a system is what the system does to implement its function and is described by a sequence of states. • The total state of a given system is the set of the following states: computation, communication, stored information, interconnection, and physical condition. Reliable Software Design Course 4 Spring 2007 - IUST 2

  3. Structure • The structure of a system is what enables it to generate the behavior • A system is composed of a set of components bound together in order to interact Reliable Software Design Course 5 Spring 2007 - IUST Service • The service delivered by a system is its behavior as it is perceived by its users • A user is another system that receives service from the provider • The part of the provider’s total state that is perceivable at the service interface is its external state. Reliable Software Design Course 6 Spring 2007 - IUST 3

  4. The Threats to Dependability and Security Concepts • Correct service is delivered when the service implements the system function. • Service failure, is an event that occurs when the delivered service deviates from correct service • A service failure is a transition from correct service to incorrect service to not implementing the system function • Service outage: the period of delivery of incorrect service • Service restoration: transition from incorrect service to correct service Reliable Software Design Course 7 Spring 2007 - IUST Threats • A service failure means that at least on ore more external state of the system deviate from the correct service state. • The deviation is called an error • Error is the part of the total state of the system that may lead to service failure • The cause of a error is called a fault • A fault is active when it cause an error, otherwise is dormant Reliable Software Design Course 8 Spring 2007 - IUST 4

  5. Dependability and Security Attributes • The original definition of dependability is the ability to deliver service that can justifiably be trusted. • Dependability attributes: – availability: readiness for correct service. – reliability: continuity of correct service. – safety: absence of catastrophic consequences on the users and the environment. – integrity: absence of improper system alterations. – maintainability: ability to undergo modifications and repairs. Reliable Software Design Course 9 Spring 2007 - IUST Dependability and Security Attributes (cont’d) • Security attributes: – availability: for authorized action – confidentiality: absence of unauthorized disclosure of information – integrity: absence of unauthorized system alterations. Reliable Software Design Course 10 Spring 2007 - IUST 5

  6. The Means to Attain Dependability and Security • Fault prevention – prevent the occurrence or introduction of faults . • Fault tolerance – avoid service failures in the presence of faults. • Fault removal – reduce the number and severity of faults. • Fault forecasting – estimate the present number, the future incidence and the likely consequences of faults. Reliable Software Design Course 11 Spring 2007 - IUST System Lifecycle 1. Development phase � System interact with development environment and related faults � Development environment � Physical world � Human developer � Development tools � Production and test facilities Reliable Software Design Course 12 Spring 2007 - IUST 6

  7. System Lifecycle (cont’d) 2. Use phase • Begins when the system is accepted for use and starts the service delivery • Three periods: � Service delivery � Service outage: service failure � Service shutdown: intentional halt of service by an authorized entity • System interacts with its use environment: � Physical world, administrators, users, providers, infrastructure, intruders Maintenance may take place during all three periods of the use phase Reliable Software Design Course 13 Spring 2007 - IUST Maintenance Reliable Software Design Course 14 Spring 2007 - IUST 7

  8. Maintenance vs. fault tolerance • Distinction between fault tolerance and maintenance: maintenance involves the participation of an external agent, e.g., a repairman, test equipment, remote reloading of software • Repair is part of fault removal (during the use phase) Reliable Software Design Course 15 Spring 2007 - IUST Taxonomy of Faults • All faults that may affect a system during its life are classified according to eight basic viewpoints • If all combinations of the eight elementary fault classes were possible, there would be 256 different combined fault classes • 31 faults have been identified Reliable Software Design Course 16 Spring 2007 - IUST 8

  9. Reliable Software Design Course 17 Spring 2007 - IUST Taxonomy of Faults (cont’d) • All 31 combined faults are categorized to three major overlapping groups: – Development faults : occurring during development – Physical faults: affect hardware – Interaction faults: external faults Reliable Software Design Course 18 Spring 2007 - IUST 9

  10. Reliable Software Design Course 19 Spring 2007 - IUST Reliable Software Design Course 20 Spring 2007 - IUST 10

  11. Human made faults • Two basic classes 1. Nonmalicious faults :introduced without malicious objectives • nondeliberate faults that are due to mistakes • deliberate faults that are due to bad decisions � It is usually considered that both mistakes and bad decisions are accidental. � Some very harmful mistakes and very bad decisions are made by persons who lack professional competence to do the job (incompetence) Reliable Software Design Course 21 Spring 2007 - IUST Human made faults (cont’d) 2. Malicious faults: introduced during either system development with the objective to cause harm to the system during its use Goals: – To disrupt or halt service (DoS) – Access confidential information – Improperly modify the system Classes: – Malicious logic faults: Trojan horses, logic or timing bombs, viruses, worms,… – Intrusion attempts: power fluctuation, radiation,… Reliable Software Design Course 22 Spring 2007 - IUST 11

  12. Malicious logic faults Reliable Software Design Course 23 Spring 2007 - IUST Interaction faults • Occur during the use phase – Operational faults – External faults – Human made faults A broad class of human-made operational faults are configuration faults, i.e., wrong setting of parameters that can affect security, networking, storage, middleware • Reconfiguration faults: occur during configuration changes concurrently with system operation Reliable Software Design Course 24 Spring 2007 - IUST 12

  13. Failures 1. Service failure • An event that occurs when the delivered service deviates from correct service. 2. Development failure • Be introduced into the system being developed by its environment, especially by human developers, development tools and production facilities. 3. Dependability and security failures • occurs when the given system suffers service failures more frequently or more severely than acceptable Reliable Software Design Course 25 Spring 2007 - IUST Service Failures • The service failures modes characterize according to four viewpoints: 1. Failure domain 2. Detectability of failures 3. Consistency of failures 4. Consequence of failures on the environment Reliable Software Design Course 26 Spring 2007 - IUST 13

  14. Failure domain viewpoint failure modes • content failures: service content deviates from implementing the system function • timing failures: timing of service delivery deviates from implementing the system function • halt failures: when the service is halted (silent failure) • erratic failures: a service delivered but is erratic Reliable Software Design Course 27 Spring 2007 - IUST Detectability viewpoint failure modes • The detectability viewpoint addresses the signaling of service failures to the users • Signaling at the service interface originates from detecting mechanisms in the system that check the correctness of the delivered service. – signaled failures: when the losses are detected and signaled by a warning signal – unsignaled failures: otherwise • The detecting mechanisms themselves have two failure modes : – signaled failures :signaling a loss of function when no failure has actually occurred (false alarm) – unsignaled failures: not signaling a function loss Reliable Software Design Course 28 Spring 2007 - IUST 14

Recommend


More recommend