More Web Proxy on the site http://driver.im/

research-article

Basic Concepts and Taxonomy of Dependable and Secure Computing

Authors:

Algirdas Avizienis,

Jean-Claude Laprie,

Carl LandwehrAuthors Info & Claims

IEEE Transactions on Dependable and Secure Computing, Volume 1, Issue 1

Pages 11 - 33

https://doi.org/10.1109/TDSC.2004.2

Published: 01 January 2004 Publication History

Abstract

This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures.

References

[1]

T.F. Arnold, “The Concept of Coverage and Its Effect on the Reliability Model of Repairable Systems,” IEEE Trans. Computers, vol. 22, no. 6, pp. 251-254, June 1973.

Digital Library

[2]

D. Avresky J. Arlat J.C. Laprie and Y. Crouzet, “Fault Injection for Formal Testing of Fault Tolerance,” IEEE Trans. Reliability, vol. 45,no. 3, pp. 443-455, Sept. 1996.

[3]

A. Avizcaronienis, “Design of Fault-Tolerant Computers,” Proc. 1967 Fall Joint Computer Conf., AFIPS Conf. Proc., vol. 31, pp. 733-743, 1967.

[4]

A. Avizcaronienis and L. Chen, “On the Implementation of N-Version Programming for Software Fault Tolerance During Execution,” Proc. IEEE COMPSAC 77 Conf., pp. 149-155, Nov. 1977.

[5]

A. Avizcaronienis and Y. He, “Microprocessor Entomology: A Taxonomy of Design Faults in COTS Microprocessors,” Dependable Computing for Critical Applications 7, C.B. Weinstock and J. Rushby, eds., pp. 3-23, 1999.

Digital Library

[6]

A. Avizcaronienis and J.P.J. Kelly, “Fault Tolerance by Design Diversity: Concepts and Experiments,” Computer, vol. 17, no. 8, pp. 67-80, Aug. 1984.

Digital Library

[7]

B.W. Boehm, “Guidelines for Verifying and Validating Software Requirements and Design Specifications,” Proc. European Conf. Applied Information Technology (IFIP '79), pp. 711-719, Sept. 1979.

[8]

W.G. Bouricius W.C. Carter and P.R. Schneider, “Reliability Modeling Techniques for Self-Repairing Computer Systems,” Proc. 24th Nat'l Conf. ACM, pp. 295-309, 1969.

Digital Library

[9]

C. Cachin J. Camenisch M. Dacier Y. Deswarte J. Dobson D. Horne K. Kursawe J.C. Laprie J.C. Lebraud D. Long T. McCutcheon J. Muller F. Petzold B. Pfitzmann D. Powell B. Randell M. Schunter V. Shoup P. Verissimo G. Trouessin R.J. Stroud M. Waidner and I. Welch, “Malicious- and Accidental-Fault Tolerance in Internet Applications: Reference Model and Use Cases,” LAAS report no. 00280, MAFTIA, Project IST-1999-11583, p.nbsp113, Aug. 2000.

[10]

V. Castelli R.E. Harper P. Heidelberger S.W. Hunter K.S. Trivedi K. Vaidyanathan and W.P. Zeggert, “Proactive Management of Software Aging,” IBM J. Research and Development, vol. 45, no. 2, pp. 311-332, Mar. 2001.

Digital Library

[11]

“Termes et Définitions Concernant la Qualité de Service, la Disponibilité et la fiabilité,” Recommandation G 106, CCITT, 1984.

[12]

Information Technology Security Evaluation Criteria, Harmonized criteria of France, Germany, the Netherlands, the United Kingdom, Commission of the European Communities, 1991.

[13]

R. Chillarege I.S. Bhandari J.K. Chaar J. Halliday D.S. Moebus B.K. Ray and M.-Y. Wong, “Orthogonal Defect Classification-A Concept for In-Process Measurements,” IEEE Trans. Software Eng., vol. 18, no. 11, pp. 943-956, Nov. 1992.

Digital Library

[14]

F. Cristian, “Understanding Fault-Tolerant Distributed Systems,” Comm. ACM, vol. 34, no. 2, pp. 56-78, 1991.

Digital Library

[15]

H. Debar M. Dacier M. Nassehi and A. Wespi, “Fixed vs. Variable-Length Patterns for Detecting Suspicious Process Behavior,” Proc. Fifth European Symp. Research in Computer Security, Sept. 1998.

Digital Library

[16]

R.J. Ellison D.A. Fischer R.C. Linger H.F. Lipson T. Longstaff and N.R. Mead, “Survivable Network Systems: An Emerging Discipline,” Technical Report CMU/SEI-97-TR-013, Carnegie Mellon Univ., May 1999.

[17]

J.C. Fabre V. Nicomette T. Perennou R.J. Stroud and Z. Wu, “Implementing Fault Tolerant Applications Using Reflective Object-Oriented Programming,” Proc 25th IEEE Int'l Symp. Fault-Tolerant Computing (FTCS-25), pp. 489-498, 1995.

Digital Library

[18]

S. Forrest S.A. Hofmeyr A. Somayaji and T.A. Longstaff, “A Sense of Self for Unix Processes,” Proc. 1996 IEEE Symp. Security and Privacy, pp. 120-128, May 1996.

Digital Library

[19]

A. Fox and D. Patterson, “Self-Repairing Computers,” Scientific Am., vol. 288, no. 6, pp. 54-61, 2003.

[20]

J.M. Fray Y. Deswarte and D. Powell, “Intrusion Tolerance Using Fine-Grain Fragmentation-Scattering,” Proc. 1986 IEEE Symp. Security and Privacy, pp. 194-201, Apr. 1986.

[21]

“Fundamental Concepts of Fault Tolerance,” Proc. 12th IEEE Int'l Symp. Fault-Tolerant Computing (FTCS-12), pp. 3-38, June 1982.

[22]

A.G. Ganek and T.A. Korbi, “The Dawning of the Autonomic Computing Era,” IBM Systems J., vol. 42, no. 1, pp. 5-18, 2003.

Digital Library

[23]

J.N. Gray, “Why do Computers Stop and What Can Be Done About It?” Proc. Fifth Symp. Reliability in Distributed Software and Database Systems, pp. 3-12, Jan. 1986.

[24]

J. Gray, “Functionality, Availability, Agility, Manageability, Scalability-the New Priorities of Application Design,” Proc. Int'l Workshop High Performance Trans. Systems, Apr. 2001.

[25]

R. Grigonis, “Fault-Resilience for Communications Convergence,” Special Supplement to CMP Media's Converging Comm. Group, Spring 2001.

[26]

J.E. Hosford, “Measures of Dependability,” Operations Research, vol. 8, no. 1, pp. 204-206, 1960.

Digital Library

[27]

Y. Huang C. Kintala N. Kolettis and N.D. Fulton, “Software Rejuvenation: Analysis, Module and Applications,” Proc. 25th IEEE Int'l Symp. Fault-Tolerant Computing, pp. 381-390, June 1995.

Digital Library

[28]

Y. Huang and C. Kintala, “Software Fault Tolerance in the Application Layer,” Software Fault Tolerance, M. Lyu, ed., pp. 231-248, 1995.

[29]

Industrial-Process Measurement and Control-Evaluation of System Properties for the Purpose of System Assessment, Part 5: Assessment of System Dependability, Draft, Publication 1069-5, Int’l Electrotechnical Commission (IEC) Secretariat, Feb. 1992.

[30]

“Functional Safety of Electical/Electronic/Programmable Electronic Safety-Related Systems,” IEC Standard 61505, 1998.

[31]

“Quality Concepts and Terminology,” part 1: Generic Terms and Definitions, Document ISO/TC 176/SC 1 N 93, Feb. 1992.

[32]

“Common Criteria for Information Technology Security Evaluation,” ISO/IEC Standard 15408, Aug. 1999.

[33]

J. Jacob, “The Basic Integrity Theorem,” Proc. Int'l Symp. Security and Privacy, pp. 89-97, 1991.

[34]

J. Johnson, “Chaos: The Dollar Drain of IT Project Failures,” Application Development Trends, pp. 41-47, Jan. 1995.

[35]

M.K. Joseph and A. Avizcaronienis, “A Fault Tolerance Approach to Computer Viruses,” Proc. Symp. Security and Privacy, pp. 52-58, Apr. 1988.

[36]

M.K. Joseph and A. Avizcaronienis, “Software Fault Tolerance and Computer Security: A Shared Problem,” Proc. Ann. Joint Conf. Software Quality and Reliability, pp. 428-432, Mar. 1988.

[37]

“DBench Dependability Benchmarks,” DBench, Project IST-2000-25425, K. Kanoun et al., eds., pp. 233, May 2004.

[38]

L. Lamport R. Shostak and M. Pease, “The Byzantine Generals Problem,” ACM Trans. Programming Languages and Systems, vol. 4, no. 3, pp. 382-401, July 1982.

Digital Library

[39]

C.E. Landwher A.R. Bull J.P. McDermott and W.S. Choi, “A Taxonomy of Computer Program Security Flaws,” ACM Computing Survey, vol. 26, no. 3, pp. 211-254, 1994.

Digital Library

[40]

J.C. Laprie, “Dependable Computing and Fault Tolerance: Concepts and Terminology,” Proc. 15th IEEE Int'l Symp. Fault-Tolerant Computing (FTCS-15), pp. 2-11, June 1985.

[41]

Dependability: Basic Concepts and Terminology, J.C. Laprie, ed., Springer-Verlag, 1992.

[42]

J.C. Laprie, “Dependability-Its Attributes, Impairments and Means,” Predictably Dependable Computing Systems, B. Randell etnbspal., eds., pp. 3-24, 1995.

[43]

N.A. Lynch, Distributed Algorithms. Morgan Kaufmann, 1996.

Digital Library

[44]

J. McLean, “A Comment on the ‘Basic Security Theorem’ of Bell and LaPadula,” Information Processing Letters, vol. 20, no. 2, pp. 67-70, 1985.

Digital Library

[45]

J.F. Meyer, “On Evaluating the Performability of Degradable Computing Systems,” Proc. Eighth IEEE Int'l Symp. Fault-Tolerant Computing (FTCS-8), pp. 44-49, June 1978.

[46]

J. Musa, “The Operational Profile in Software Reliability Engineering: An Overview,” Proc. Third IEEE Int'l Symp. Software Reliability Eng. (ISSRE '92), pp. 140-154, 1992.

[47]

An Introduction to Computer Security: The NIST Handbook, Special Publication 800-12, Nat'l Inst. of Standards and Technology, 1995.

[48]

National Science and Technology Council, “Information Technology Frontiers for a New Millennium,” Supplement to the Prsident's FY 2000 Budget, 2000.

[49]

R. Ortalo Y. Deswarte and M. Kaaniche, “Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security,” IEEE Trans. Software Eng., vol. 25, no. 5, pp. 633-650, Sept./Oct. 1999.

Digital Library

[50]

D. Parnas, “On the Criteria to be Used in Decomposing Systems into Modules,” Comm. ACM, vol. 15, no. 12, pp. 1053-1058, Dec. 1972.

Digital Library

[51]

M.C. Paulk B. Curtis M.B. Chrissis and C.V. Weber, “Capability Maturity Model for Software,” Technical Reports CMU/SEI-93-TR-24, ESC-TR-93-177, Software Eng. Inst., Carnegie Mellon Univ., Feb. 1993.

[52]

C.P. Pfleeger, “Data Security,” Encyclopedia of Computer Science, A.nbspRalston et al., eds., Nature Publishing Group, pp. 504-507, 2000.

[53]

D. Powell G. Bonn D. Seaton P. Verissimo and F. Waeselynck, “The Delta-4 Approach to Dependability in Open Distributed Computing Systems,” Proc. 18th IEEE Int'l Symp. Fault-Tolerant Computing (FTCS-18), pp. 246-251, June 1988.

[54]

D. Powell, “Failure Mode Assumptions and Assumption Coverage,” Proc. 22nd IEEE Int'l Symp. Fault-Tolerant Computing (FTCS-22), pp. 386-395, June 1992.

[55]

“Conceptual Model and Architecture of MAFTIA,” MAFTIA, Project IST-1999-11583, D. Powell and R. Stroud, eds., p. 123, Jan. 2003.

[56]

M.O. Rabin, “Efficient Dispersal of Information for Security, Load Balancing and Fault Tolerance,” J. ACM, vol. 36, no. 2, pp. 335-348, Apr. 1989.

Digital Library

[57]

B. Randell, “System Structure for Software Fault Tolerance,” IEEE Trans. Software Eng., vol. 1, no. 2, pp. 220-232, June 1975.

Digital Library

[58]

“Software Considerations in Airborne Systems and Equipment Certification,” DO-178-B/ED-12-B, Requirements and Technical Concepts for Aviation/European Organization for Civil Aviation Equipement, 1992.

[59]

J. Rushby, “Formal Specification and Verification of a Fault-Masking and Transient-Recovery Model for Digital Flight Control Systems,” Proc. Second Int'l Symp. Formal Techniques in Real Time and Fault-Tolerant Systems, 1992.

Digital Library

[60]

J. Rushby, “Formal Methods and Their Role in the Certification of Critical Systems,” Technical Report CSL-95-1, SRI Int'l, 1995.

[61]

W.H. Sanders M. Cukier F. Webber P. Pal and R. Watro, “Probabilistic Validation of Intrusion Tolerance,” Supplemental Volume Int'l Conf. Dependable Systems and Networks (DSN-2002), pp.nbsp78-79, June 2002.

[62]

Trust in Cyberspace. F. Schneider, ed., Nat’l Academy Press, 1999.

[63]

D.P. Siewiorek and R.S. Swarz, Reliable Computer Systems, Design and Evaluation. Digital Press, 1992.

Digital Library

[64]

R.M. Smith K.S. Trivedi and A.V. Ramesh, “Performability Analysis: Measures, an Algorithm, and a Case Study,” IEEE Trans. Computers, vol. 37, no. 4, pp. 406-417, Apr. 1988.

Digital Library

[65]

“Dependability Assessment Criteria,” SQUALE project (ACTS95/AC097), LAAS Reportno. 98456, Jan. 1999.

[66]

P. Thevenod-Fosse H. Waeselynck and Y. Crouzet, “An Experimental Study on Softawre Structural Testing: Deterministic Testing Versus Random Input Generation,” Proc. 21st IEEE Int'l Symp. Fault-Tolerant Computing, pp. 410-417, June 1981.

[67]

USA Department of Transportation, Office of Inspector General, “Audit Report: Advance Automation System,” Report AV-1998-113, Apr. 1998.

[68]

A. Valdes M. Almgren S. Cheung Y. Deswarte B. Dutertre J. Levy H. Saïdi V. Stavridou and T. Uribe, “An Adaptative Intrusion-Tolerant Server Architecture,” Proc. 10th Int'l Workshop Security Protocols, Apr. 2002.

[69]

E.J. Weyuker, “On Testing Nontestable Programs,” The Computer J., vol. 25, no. 4, pp. 465-470, 1982.

[70]

A. Wood, “NonStop Availability in a Client/Server Environment,” Tandem Technical Report 94.1, Mar. 1994.

Cited By

AlBlwi SMarsit IKhaireddine BAyad ALoh JMili A(2025)Subsumption, correctness and relative correctnessScience of Computer Programming10.1016/j.scico.2024.103177239:COnline publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1016/j.scico.2024.103177
Ferreira Ados Santos Cda Silva F(2024)Reincarnation Daemon: improving dependability on LinuxProceedings of the 13th Latin-American Symposium on Dependable and Secure Computing10.1145/3697090.3699801(114-115)Online publication date: 26-Nov-2024
https://dl.acm.org/doi/10.1145/3697090.3699801
Liu BLi GZhang HJin YWang ZShao D(2024)The Gap Between Trustworthy AI Research and Trustworthy Software Research: A Tertiary StudyACM Computing Surveys10.1145/369496457:3(1-40)Online publication date: 11-Nov-2024
https://dl.acm.org/doi/10.1145/3694964
Show More Cited By

Index Terms

Basic Concepts and Taxonomy of Dependable and Secure Computing

Recommendations

Error injection aimed at fault removal in fault tolerance mechanisms-criteria for error selection using field data on software faults
ISSRE '96: Proceedings of the The Seventh International Symposium on Software Reliability Engineering

Fault injection allows a detailed study of complex interactions between faults and fault handling mechanisms. It can be a useful complement to analytical modeling and formal verification techniques in the testing of fault tolerant systems. However, work ...
Applying the dependability paradigm to computer security
NSPW '95: Proceedings of the 1995 workshop on New security paradigms

Dependability is that property of a computer system such that reliance can justifiably be place on the service it delivers [Lap94]. In this paper we contrast the way different ways faults are handled in the dependability paradigm with the way they are ...
Runtime Diversity against Quasirandom Faults
ICONS '09: Proceedings of the 2009 Fourth International Conference on Systems

Complex software based systems that have to be highly reliable, are increasingly confronted with fault types whose corresponding failures appear to be random, although they have a systematic cause. This paper introduces and defines these "quasirandom" ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Dependable and Secure Computing

IEEE Transactions on Dependable and Secure Computing Volume 1, Issue 1

January 2004

96 pages

ISSN:1545-5971

Issue’s Table of Contents

Copyright © 2004.

Publisher

IEEE Computer Society Press

Washington, DC, United States

Publication History

Published: 01 January 2004

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

972
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

AlBlwi SMarsit IKhaireddine BAyad ALoh JMili A(2025)Subsumption, correctness and relative correctnessScience of Computer Programming10.1016/j.scico.2024.103177239:COnline publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1016/j.scico.2024.103177
Ferreira Ados Santos Cda Silva F(2024)Reincarnation Daemon: improving dependability on LinuxProceedings of the 13th Latin-American Symposium on Dependable and Secure Computing10.1145/3697090.3699801(114-115)Online publication date: 26-Nov-2024
https://dl.acm.org/doi/10.1145/3697090.3699801
Liu BLi GZhang HJin YWang ZShao D(2024)The Gap Between Trustworthy AI Research and Trustworthy Software Research: A Tertiary StudyACM Computing Surveys10.1145/369496457:3(1-40)Online publication date: 11-Nov-2024
https://dl.acm.org/doi/10.1145/3694964
Han YDu QHuang YWu JTian FHe CFilkov VRay BZhou M(2024)The Potential of One-Shot Failure Root Cause Analysis: Collaboration of the Large Language Model and Small ClassifierProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695475(931-943)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695475
Pham LHa HZhang HFilkov VRay BZhou M(2024)Root Cause Analysis for Microservice System based on Causal Inference: How Far Are We?Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695065(706-715)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695065
Alhanahnah MJhumka ACraven RMickelson M(2024)Software Debloating from Exception-Handler LensesProceedings of the 2024 Workshop on Forming an Ecosystem Around Software Transformation10.1145/3689937.3695793(19-24)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1145/3689937.3695793
Pham LHa HZhang H(2024)BARO: Robust Root Cause Analysis for Microservices via Multivariate Bayesian Online Change Point DetectionProceedings of the ACM on Software Engineering10.1145/36608051:FSE(2214-2237)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660805
Denaro GEl Moussa NHeydarov RLomio FPezzè MQiu K(2024)Predicting Failures of Autoscaling Distributed ApplicationsProceedings of the ACM on Software Engineering10.1145/36607941:FSE(1960-1981)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660794
Batista ADos Santos A(2024)A Survey on Resilience in Information Sharing on Networks: Taxonomy and Applied TechniquesACM Computing Surveys10.1145/365994456:12(1-36)Online publication date: 20-Apr-2024
https://dl.acm.org/doi/10.1145/3659944
Nissim RSchwartz OSpiizer YAgrawal KPetrank E(2024)Fault-Tolerant Parallel Integer MultiplicationProceedings of the 36th ACM Symposium on Parallelism in Algorithms and Architectures10.1145/3626183.3659961(207-218)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.1145/3626183.3659961
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents