MAFTIA’s Interpretationof the IFIP 10.4 Terminology
Yves DeswarteLAAS-CNRS
Toulouse, [email protected]
David Powell
Dependability
Trustworthiness of a computer system such that reliance can justifiably be placed on the service it delivers
J.-C. Laprie (Ed.), Dependability: Basic Concepts and Terminologyin English, French, German, Italian and Japanese, 265p., ISBN 3-211-82296-8, Springer-Verlag, 1992.
The Dependability Tree
Dependability
Fault PreventionFault ToleranceFault RemovalFault Forecasting
Impairments
Attributes
Methods
AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability
FaultErrorFailure
Security
The Dependability Tree
Dependability
Fault PreventionFault ToleranceFault RemovalFault Forecasting
Impairments
Attributes
Methods
AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability
FaultErrorFailure
Security
AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability
w.r.t.author-
ized actions
Are these attributes sufficient?
Dependability
Fault PreventionFault ToleranceFault RemovalFault Forecasting
Impairments
Attributes
AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability
FaultErrorFailure
Methods
Security Properties
Confidentiality
Integrity
Auditability
Accountability
Authenticity
Availability Anonymity
Secrecy
Privacy
Non-repudiability
Traceability
Imputability
Opposability
Irrefutability
Auditability
Accountability
Authenticity
Anonymity
Secrecy
Privacy
Non-repudiability
Tracability
Imputability
Opposability
Irrefutability
Security Properties
Confidentiality
Integrity
Availability
Auditability
Accountability
Authenticity
Anonymity
Secrecy
Privacy
Non-repudiability
Tracability
Imputability
Opposability
Irrefutability
Security Properties
ConfidentialityIntegrity
ofAvailability
InformationMeta-information
•existence of operation•identity of person•personal data•message content•message origin•sender, receiver
identity
Accountability
A+IAnonymity
CPrivacy
CAuthenticity
INon-repudiation
A+I
The Dependability Tree
Dependability
Fault PreventionFault ToleranceFault RemovalFault Forecasting
Impairments
Attributes
Methods
AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability
FaultErrorFailure
Security
Fault, Error & Failure
ErrorError
FailureFailure
adjuged or hypothesized cause of an error
that part of system state which may lead to a failure
Fault
occurs when delivered service deviates from implementing the system function
H/W faultBugAttackIntrusionFault
Internal,dormant fault
Example: Single Event Latchup
SELs (reversible stuck-at faults)may occur because of radiation
(e.g., cosmic ray, high energy ions)
Satellite on-board computer
Internal,active fault
SEL
Internal,externally-induced
fault
VulnerabilityCosmicRay
Externalfault
Lack ofshielding
Internal,dormant fault
Intrusions
Intrusions result from(at least partially) successful attacks:
Computing System
Internal,active fault
Intrusion
Internal,externally-induced
fault
Attack
Externalfault
Vulnerability
account withdefault password
Who are the intruders?
1: Outsider
2: User
3: Privileged User
Authentication Authorization
Authentication Authorization
Authentication Authorization
Outsiders vs Insiders
Outsider: not authorized to perform any of specified object-operations
Insider: authorized to perform some of specified object-operations
D: an object-operation domain
A: privilegeof user a
B: privilegeof user b
outsider intrusion(unauthorized increase in privilege)
insider intrusion(abuse of privilege)
Outsider: not authorized to perform any of specified object-operations
The Dependability Tree
Dependability
Fault PreventionFault ToleranceFault RemovalFault Forecasting
Impairments
Attributes
Methods
AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability
FaultErrorFailure
Security
Fault Tolerance
ErrorError
FailureFailure
Fault
Fault TreatmentFault Treatment
DiagnosisDiagnosisIsolationIsolation
ReconfigurationReconfiguration
Fault TreatmentFault Treatment
DiagnosisDiagnosisIsolationIsolation
ReconfigurationReconfigurationError ProcessingError Processing
Damage assessmentDamage assessmentDetection & RecoveryDetection & Recovery
Backward recovery
Forward recovery
Compensation-based recovery (fault masking)
4 5 6 7
1 2 3
3
12 13111 2 3
1 2 3
1 2 3
4 5 6 7
4 5 6 7
Error Processing
Error Processing (wrt intrusions)
Error (security policy violation) detectiono + Backward recovery (availability, integrity)o + Forward recovery (availability,
confidentiality)
Intrusion maskingo Fragmentation (confidentiality)o Redundancy (availability, integrity)o Scattering
Fault Tolerance
ErrorError
FailureFailure
Fault
Fault TreatmentFault Treatment
DiagnosisDiagnosisIsolationIsolation
ReconfigurationReconfiguration
Fault TreatmentFault Treatment
DiagnosisDiagnosisIsolationIsolation
ReconfigurationReconfigurationError ProcessingError Processing
Damage assessmentDamage assessmentDetection & RecoveryDetection & Recovery
Fault Treatment
Diagnosiso determine cause of error, i.e., the fault(s)
localization nature
Isolationo prevent new activation
Reconfigurationo so that fault-free components can provide an
adequate, although degraded, service
Fault Treatment (wrt intrusions)
Diagnosiso Non-malicious or malicious (intrusion)o Attack (to allow retaliation)o Vulnerability (to allow removal)
Isolationo Intrusion (to prevent further penetration)o Vulnerability (to prevent further intrusion)
Reconfigurationo Contingency plan to degrade/restore service
inc. attack retaliation, vulnerability removal
FTI
http://www.research.ec.org/maftia/
References Avizienis, A., Laprie, J.-C., Randell, B. (2001). Fundamental Concepts of Dependability, LAAS
Report N°01145, April 2001, 19 p.
Deswarte, Y., Blain, L. and Fabre, J.-C. (1991). Intrusion Tolerance in Distributed Systems, in IEEE Symp. on Research in Security and Privacy, Oakland, CA, USA, pp.110-121.
Dobson, J. E. and Randell, B. (1986). Building Reliable Secure Systems out of Unreliable Insecure Components, in IEEE Symp. on Security and Privacy, Oakland, CA, USA, pp.187-193.
Laprie, J.-C. (1985). Dependable Computing and Fault Tolerance: Concepts and Terminology, in 15th Int. Symp. on Fault Tolerant Computing (FTCS-15), Ann Arbor, MI, USA, IEEE, pp.2-11.
J.-C. Laprie (Ed.), Dependability: Basic Concepts and Terminology in English, French, German, Italian and Japanese, 265p., ISBN 3-211-82296-8, Springer-Verlag, 1992.
D. Powell, A. Adelsbasch, C. Cachin, S. Creese, M. Dacier, Y. Deswarte, T. McCutcheon, N. Neves, B. Pfitzmann, B. Randell, R. Stroud, P. Veríssimo, M. Waidner. MAFTIA (Malicious- and Accidental-Fault Tolerance for Internet Applications), Sup. of the 2001 International Conference on Dependable Systems and Networks (DSN2001), Göteborg (Suède), 1-4 juillet 2001, IEEE, pp. D-32-D-35.