Life-Cycle Models for Survivable Systems

Abstract : Today's large-scale, highly distributed, networked systems improve the efficiency and effectiveness of organizations by permitting whole new levels of organizational integration. However, such integration is accompanied by elevated risks of intrusion and compromise. Incorporating survivability capabilities into an organization's systems can mitigate these risks. Current software development life-cycle models are not focused on creating survivable systems, and exhibit shortcomings when the goal is to develop systems with a high degree of assurance of survivability. If addressed at all, survivability issues are often relegated to a separate thread of project activity, with the result that survivability is treated as an add-on property. For each life-cycle activity, survivability goals should be addressed, and methods to ensure survivability incorporated. This report explains survivability concepts, describes a software development life-cycle model for survivability, and illustrates techniques that can be applied during new development activities to support survivability goals. It also describes a software life-cycle model and associated activities to support survivability goals for systems based on commercial off-the-shelf products.

[1]  John McHugh,et al.  Coding for a Believable Specification to Implementation Mapping , 1987, 1987 IEEE Symposium on Security and Privacy.

[2]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[3]  David A. Fisher,et al.  Survivability—a new technical and business perspective on security , 1999, NSPW '99.

[4]  John McHugh,et al.  Managing Software Development for Survivable Systems , 2001, Ann. Softw. Eng..

[5]  Nancy R. Mead,et al.  Survivable Network System Analysis: A Case Study , 1999, IEEE Softw..

[6]  Stacy J. Prowell,et al.  Cleanroom software engineering: technology and process , 1999 .

[7]  Nancy R. Mead,et al.  Toward Survivable COTS - Based Systems , 2001 .

[8]  Carmen J. Trammell,et al.  Cleanroom Software Engineering: Theory and Practice , 1999 .

[9]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[10]  Alan R. Hevner,et al.  Principles of Information Systems Analysis and Design , 1986 .

[11]  John Mchugh,et al.  Towards the Generation of Efficient Code from Verified Programs , 1983 .

[12]  Richard C. Linger Systematic generation of stochastic diversity as an intrusion barrier in survivable systems software , 1999, Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers.

[13]  John McHugh,et al.  Survivable Network Analysis Method , 2000 .

[14]  Lisa Brownsword,et al.  An Activity Framework for COTS-Based Systems , 2000 .

[15]  Nancy R. Mead,et al.  Requirements definition for survivable network systems , 1998, Proceedings of IEEE International Symposium on Requirements Engineering: RE '98.

[16]  Lisa Brownsword,et al.  Developing New Processes for COTS-Based Systems , 2000, IEEE Softw..

[17]  John M. Carroll,et al.  Five reasons for scenario-based design , 2000, Interact. Comput..

[18]  Harlan D. Mills Certifying the correctness of software , 1992, Proceedings of the Twenty-Fifth Hawaii International Conference on System Sciences.

[19]  W. W. Royce,et al.  Managing the development of large software systems , 1970 .

[20]  Richard A. Kemmerer,et al.  Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels , 1991, IEEE Trans. Software Eng..

[21]  Allan M. Stavely Toward Zero Defect Programming , 1998 .

[22]  John McHugh,et al.  A risk driven process model for the development of trusted systems , 1989, [1989 Proceedings] Fifth Annual Computer Security Applications Conference.

[23]  Christof Ebert,et al.  Dealing with nonfunctional requirements in large software systems , 1997, Ann. Softw. Eng..

[24]  Clark Weissman Handbook for the Computer Security Certification of Trusted Systems , 1995 .

[25]  David Lorge Parnas,et al.  A rational design process: How and why to fake it , 1986, IEEE Transactions on Software Engineering.

[26]  Rick Kazman,et al.  The architecture tradeoff analysis method , 1998, Proceedings. Fourth IEEE International Conference on Engineering of Complex Computer Systems (Cat. No.98EX193).