MAFTIA’s Interpretationof the IFIP 10.4 Terminology

Yves DeswarteLAAS-CNRS

Toulouse, Francedeswarte@laas.fr

David Powell

Dependability

Trustworthiness of a computer system such that reliance can justifiably be placed on the service it delivers

J.-C. Laprie (Ed.), Dependability: Basic Concepts and Terminologyin English, French, German, Italian and Japanese, 265p., ISBN 3-211-82296-8, Springer-Verlag, 1992.

The Dependability Tree

Dependability

Fault PreventionFault ToleranceFault RemovalFault Forecasting

Impairments

Attributes

Methods

AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability

FaultErrorFailure

Security

The Dependability Tree

Dependability

Fault PreventionFault ToleranceFault RemovalFault Forecasting

Impairments

Attributes

Methods

AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability

FaultErrorFailure

Security

AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability

w.r.t.author-

ized actions

Are these attributes sufficient?

Dependability

Fault PreventionFault ToleranceFault RemovalFault Forecasting

Impairments

Attributes

AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability

FaultErrorFailure

Methods

Security Properties

Confidentiality

Integrity

Auditability

Accountability

Authenticity

Availability Anonymity

Secrecy

Privacy

Non-repudiability

Traceability

Imputability

Opposability

Irrefutability

Auditability

Accountability

Authenticity

Anonymity

Secrecy

Privacy

Non-repudiability

Tracability

Imputability

Opposability

Irrefutability

Security Properties

Confidentiality

Integrity

Availability

Auditability

Accountability

Authenticity

Anonymity

Secrecy

Privacy

Non-repudiability

Tracability

Imputability

Opposability

Irrefutability

Security Properties

ConfidentialityIntegrity

ofAvailability

InformationMeta-information

•existence of operation•identity of person•personal data•message content•message origin•sender, receiver

identity

Accountability

A+IAnonymity

CPrivacy

CAuthenticity

INon-repudiation

A+I

The Dependability Tree

Dependability

Fault PreventionFault ToleranceFault RemovalFault Forecasting

Impairments

Attributes

Methods

AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability

FaultErrorFailure

Security

Fault, Error & Failure

ErrorError

FailureFailure

adjuged or hypothesized cause of an error

that part of system state which may lead to a failure

Fault

occurs when delivered service deviates from implementing the system function

H/W faultBugAttackIntrusionFault

Internal,dormant fault

Example: Single Event Latchup

SELs (reversible stuck-at faults)may occur because of radiation

(e.g., cosmic ray, high energy ions)

Satellite on-board computer

Internal,active fault

SEL

Internal,externally-induced

fault

VulnerabilityCosmicRay

Externalfault

Lack ofshielding

Internal,dormant fault

Intrusions

Intrusions result from(at least partially) successful attacks:

Computing System

Internal,active fault

Intrusion

Internal,externally-induced

fault

Attack

Externalfault

Vulnerability

account withdefault password

Who are the intruders?

1: Outsider

2: User

3: Privileged User

Authentication Authorization

Authentication Authorization

Authentication Authorization

Outsiders vs Insiders

Outsider: not authorized to perform any of specified object-operations

Insider: authorized to perform some of specified object-operations

D: an object-operation domain

A: privilegeof user a

B: privilegeof user b

outsider intrusion(unauthorized increase in privilege)

insider intrusion(abuse of privilege)

Outsider: not authorized to perform any of specified object-operations

The Dependability Tree

Dependability

Fault PreventionFault ToleranceFault RemovalFault Forecasting

Impairments

Attributes

Methods

AvailabilityReliabilitySafetyConfidentialityIntegrityMaintainability

FaultErrorFailure

Security

Fault Tolerance

ErrorError

FailureFailure

Fault

Fault TreatmentFault Treatment

DiagnosisDiagnosisIsolationIsolation

ReconfigurationReconfiguration

Fault TreatmentFault Treatment

DiagnosisDiagnosisIsolationIsolation

ReconfigurationReconfigurationError ProcessingError Processing

Damage assessmentDamage assessmentDetection & RecoveryDetection & Recovery

Backward recovery

Forward recovery

Compensation-based recovery (fault masking)

4 5 6 7

1 2 3

3

12 13111 2 3

1 2 3

1 2 3

4 5 6 7

4 5 6 7

Error Processing

Error Processing (wrt intrusions)

Error (security policy violation) detectiono + Backward recovery (availability, integrity)o + Forward recovery (availability,

confidentiality)

Intrusion maskingo Fragmentation (confidentiality)o Redundancy (availability, integrity)o Scattering

Fault Tolerance

ErrorError

FailureFailure

Fault

Fault TreatmentFault Treatment

DiagnosisDiagnosisIsolationIsolation

ReconfigurationReconfiguration

Fault TreatmentFault Treatment

DiagnosisDiagnosisIsolationIsolation

ReconfigurationReconfigurationError ProcessingError Processing

Damage assessmentDamage assessmentDetection & RecoveryDetection & Recovery

Fault Treatment

Diagnosiso determine cause of error, i.e., the fault(s)

localization nature

Isolationo prevent new activation

Reconfigurationo so that fault-free components can provide an

adequate, although degraded, service

Fault Treatment (wrt intrusions)

Diagnosiso Non-malicious or malicious (intrusion)o Attack (to allow retaliation)o Vulnerability (to allow removal)

Isolationo Intrusion (to prevent further penetration)o Vulnerability (to prevent further intrusion)

Reconfigurationo Contingency plan to degrade/restore service

inc. attack retaliation, vulnerability removal

FTI

http://www.research.ec.org/maftia/

References Avizienis, A., Laprie, J.-C., Randell, B. (2001). Fundamental Concepts of Dependability, LAAS

Report N°01145, April 2001, 19 p.

Deswarte, Y., Blain, L. and Fabre, J.-C. (1991). Intrusion Tolerance in Distributed Systems, in IEEE Symp. on Research in Security and Privacy, Oakland, CA, USA, pp.110-121.

Dobson, J. E. and Randell, B. (1986). Building Reliable Secure Systems out of Unreliable Insecure Components, in IEEE Symp. on Security and Privacy, Oakland, CA, USA, pp.187-193.

Laprie, J.-C. (1985). Dependable Computing and Fault Tolerance: Concepts and Terminology, in 15th Int. Symp. on Fault Tolerant Computing (FTCS-15), Ann Arbor, MI, USA, IEEE, pp.2-11.

J.-C. Laprie (Ed.), Dependability: Basic Concepts and Terminology in English, French, German, Italian and Japanese, 265p., ISBN 3-211-82296-8, Springer-Verlag, 1992.

D. Powell, A. Adelsbasch, C. Cachin, S. Creese, M. Dacier, Y. Deswarte, T. McCutcheon, N. Neves, B. Pfitzmann, B. Randell, R. Stroud, P. Veríssimo, M. Waidner. MAFTIA (Malicious- and Accidental-Fault Tolerance for Internet Applications), Sup. of the 2001 International Conference on Dependable Systems and Networks (DSN2001), Göteborg (Suède), 1-4 juillet 2001, IEEE, pp. D-32-D-35.