Abstract
Purchase PDF (587 K)
E-mail Article
Add to my Quick Links
Cited By in Scopus (25)
Purchase PDF (328 K)
doi:10.1016/j.peva.2003.07.008 
Copyright © 2003 Published by Elsevier Science B.V.
A method for modeling and quantifying the security attributes of intrusion tolerant systems*1
References and further reading may be available for this article. To view references and further reading you must purchase this article.
Bharat B. Madan
, 
, a, Katerina Go
eva-Popstojanova
, b, Kalyanaraman Vaidyanathan, c and Kishor S. Trivedi, a
Available online 20 October 2003.
Abstract
Complex software and network based information server systems may exhibit failures. Quite often, such failures may not be accidental. Instead some failures may be caused by deliberate security intrusions with the intent ranging from simple mischief, theft of confidential information to loss of crucial and possibly life saving services. Not only it is important to prevent and/or tolerate security intrusions, it is equally important to treat security as a QoS attribute at par with other QoS attributes such as availability and performance. This paper deals with various issues related to quantifying the security attributes of an intrusion tolerant system, such as the SITAR system. A security intrusion and the response of an intrusion tolerant system to an attack is modeled as a random process. This facilitates the use of stochastic modeling techniques to capture the attacker behavior as well as the system’s response to a security intrusion. This model is used to analyze and quantify the security attributes of the system. The security quantification analysis is first carried out for steady-state behavior leading to measures like steady-state availability. By transforming this model to a model with absorbing states, we compute a security measure called the “mean time (or effort) to security failure” (MTTSF) and also compute probabilities of security failure due to violations of different security attributes.
Author Keywords: Intrusion tolerance; Security attributes; QoS; MTTSF; Semi Markov model
Article Outline
- 1. Introduction
- 2. SMP model for security quantification
- 2.1. Generic state transition model
- 2.2. Attacker’s behavior and system’s response
- 2.3. Security attributes
- 3. Irreducible SMP—availability analysis
- 4. SMP with absorbing states—MTTSF analysis
- 5. Numerical results
- 6. Conclusions and future work
- References
*1 This work is sponsored by the US Department of Defense Advanced Research Projects Agency (DARPA) under contract No. 66001-00-C-8057 from the Space and Naval Warfare Systems Center, San Diego (SPAWARSYSCEN). Katerina Go
eva-Popstojanova is funded in part by a grant from the NASA Office of Safety and Mission Assurance (OSMA), Software Assurance Research Program (SARP) managed through the NASA Independent Verification and Validation (IV and V) Facility, Fairmont, West Virginia. The views, opinions and findings contained in this paper are those of the authors and should not be construed as official DARPA or SPAWARSYSCENs positions, policy or decision.
