1 / 23

MAFTIA’s Interpretation of the IFIP 10.4 Terminology

MAFTIA’s Interpretation of the IFIP 10.4 Terminology. Yves Deswarte LAAS-CNRS Toulouse, France deswarte@laas.fr. David Powell. Dependability. Trustworthiness of a computer system such that reliance can justifiably be placed on the service it delivers.

juan
Download Presentation

MAFTIA’s Interpretation of the IFIP 10.4 Terminology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. MAFTIA’s Interpretationof the IFIP 10.4 Terminology Yves Deswarte LAAS-CNRS Toulouse, France deswarte@laas.fr David Powell

  2. Dependability • Trustworthiness of a computer system such that reliance can justifiably be placed on the service it delivers J.-C. Laprie (Ed.), Dependability: Basic Concepts and Terminologyin English, French, German, Italian and Japanese, 265p., ISBN 3-211-82296-8, Springer-Verlag, 1992.

  3. Security The Dependability Tree Availability Reliability Safety Confidentiality Integrity Maintainability Attributes Fault Error Failure Dependability Impairments Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Methods

  4. w.r.t. author- ized actions Availability Reliability Safety Confidentiality Integrity Maintainability The Dependability Tree Availability Reliability Safety Confidentiality Integrity Maintainability Attributes Fault Error Failure Security Dependability Impairments Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Methods

  5. Are these attributes sufficient? Availability Reliability Safety Confidentiality Integrity Maintainability Attributes Fault Error Failure Dependability Impairments Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Methods

  6. Security Properties Availability Privacy Anonymity Integrity Secrecy Authenticity Non-repudiability Accountability Confidentiality Irrefutability Auditability Imputability Traceability Opposability

  7. Privacy Anonymity Secrecy Authenticity Non-repudiability Accountability Irrefutability Auditability Imputability Tracability Opposability Security Properties Availability Privacy Anonymity Integrity Secrecy Authenticity Non-repudiability Accountability Confidentiality Irrefutability Auditability Imputability Tracability Opposability

  8. Information Meta-information • existence of operation • identity of person • personal data • message content • message origin • sender, receiver identity Accountability A+I Anonymity C Privacy C Authenticity I Non-repudiation A+I Security Properties • Confidentiality • Integrity of • Availability

  9. Security The Dependability Tree Availability Reliability Safety Confidentiality Integrity Maintainability Attributes Fault Error Failure Dependability Impairments Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Methods

  10. Fault adjuged or hypothesized cause of an error Error that part of system state which may lead to a failure Failure occurs when delivered service deviates from implementing the system function Fault, Error & Failure H/W fault Bug Fault Attack Intrusion

  11. SEL CosmicRay Internal,active fault Externalfault Internal,externally-inducedfault Example: Single Event Latchup SELs (reversible stuck-at faults)may occur because of radiation (e.g., cosmic ray, high energy ions) Lack ofshielding Vulnerability Internal,dormant fault Satellite on-board computer

  12. Intrusion Attack Externalfault Internal,active fault Internal,externally-inducedfault Intrusions Intrusions result from(at least partially) successful attacks: account withdefault password Vulnerability Internal,dormant fault Computing System

  13. 1: Outsider 2: User 3: Privileged User Who are the intruders?  Authentication  Authorization  Authentication Authorization  Authentication  Authorization

  14. Outsiders vs Insiders • Outsider: not authorized to perform any of specified object-operations Outsider: not authorized to perform any of specified object-operations • Insider: authorized to perform some of specified object-operations outsider intrusion (unauthorized increase in privilege) D: an object-operation domain B: privilege of user b A: privilege of user a insider intrusion (abuse of privilege)

  15. Security The Dependability Tree Availability Reliability Safety Confidentiality Integrity Maintainability Attributes Fault Error Failure Dependability Impairments Fault Prevention Fault Tolerance Fault Removal Fault Forecasting Methods

  16. Fault Treatment Diagnosis Isolation Reconfiguration Error Processing Damage assessment Detection & Recovery Fault Tolerance Fault Error Failure

  17. 1 2 3 4 5 6 7 3 1 2 3 12 13 11 1 2 3 4 5 6 7 4 5 6 7 1 2 3 Error Processing Backward recovery Forward recovery Compensation-based recovery (fault masking)

  18. Error Processing (wrt intrusions) • Error (security policy violation) detection • + Backward recovery (availability, integrity) • + Forward recovery (availability, confidentiality) • Intrusion masking • Fragmentation (confidentiality) • Redundancy (availability, integrity) • Scattering

  19. Fault Treatment Diagnosis Isolation Reconfiguration Error Processing Damage assessment Detection & Recovery Fault Tolerance Fault Error Failure

  20. Fault Treatment • Diagnosis • determine cause of error, i.e., the fault(s) • localization • nature • Isolation • prevent new activation • Reconfiguration • so that fault-free components can provide an adequate, although degraded, service

  21. Fault Treatment (wrt intrusions) • Diagnosis • Non-malicious or malicious (intrusion) • Attack (to allow retaliation) • Vulnerability (to allow removal) • Isolation • Intrusion (to prevent further penetration) • Vulnerability (to prevent further intrusion) • Reconfiguration • Contingency plan to degrade/restore service • inc. attack retaliation, vulnerability removal

  22. FTI http://www.research.ec.org/maftia/

  23. References • Avizienis, A., Laprie, J.-C., Randell, B. (2001). Fundamental Concepts of Dependability, LAAS Report N°01145, April 2001, 19 p. • Deswarte, Y., Blain, L. and Fabre, J.-C. (1991). Intrusion Tolerance in Distributed Systems, in IEEESymp. on Research in Security and Privacy, Oakland, CA, USA, pp.110-121. • Dobson, J. E. and Randell, B. (1986). Building Reliable Secure Systems out of Unreliable Insecure Components, in IEEESymp. on Security and Privacy, Oakland, CA, USA, pp.187-193. • Laprie, J.-C. (1985). Dependable Computing and Fault Tolerance: Concepts and Terminology, in 15th Int. Symp. on Fault Tolerant Computing (FTCS-15), Ann Arbor, MI, USA, IEEE, pp.2-11. • J.-C. Laprie (Ed.), Dependability: Basic Concepts and Terminology in English, French, German, Italian and Japanese, 265p., ISBN 3-211-82296-8, Springer-Verlag, 1992. • D. Powell, A. Adelsbasch, C. Cachin, S. Creese, M. Dacier, Y. Deswarte, T. McCutcheon, N. Neves, B. Pfitzmann, B. Randell, R. Stroud, P. Veríssimo, M. Waidner. MAFTIA (Malicious- and Accidental-Fault Tolerance for Internet Applications), Sup. of the 2001 International Conference on Dependable Systems and Networks (DSN2001), Göteborg (Suède), 1-4 juillet 2001, IEEE, pp. D-32-D-35.

More Related