Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models

摘要

Survivability is a new branch of dependability. It addresses explicit requirements for restricted modes of operation that preserve mission-critical essential services in adverse operational environments.A survivable system is one that satisfies its survivability specification of essential services and adverse environments. On the system side, survivability specifications can be defined by essential-service traces that map essential-service workflows, derived from user requirements, into system component dependencies and required survivability attributes. On the environment side, survivability specifications can be defined by intrusion traces that map intruder workflows, derived from attack patterns, into compromisable system components. Survivability design applies resistance, recognition, and recovery strategies to maintain essential-service workflows where possible despite compromised components. Test environments for survivable system implementations can be defined by survivability evaluation models that merge essential-service and intruder workflows into usage-based, statistically valid test suites. This paper describes the initial results of research in these areas.