Using the trees to find the forest trustworthy computing as a systems-level issue

There is a need to provide information system managers with better tools to estimate the trustworthiness of an information system. We believe it is necessary to consider trustworthiness of an enterprise information system as being more than an estimate of the reliability of the individual components. Some approach for analyzing component-level attacks to evaluate the impact on enterprise-level goals is needed as well as some approach for analyzing a series of information system attacks as part of a possible attack plan against the enterprise. Lower-level sensing of malicious activities and reaction to these activities is necessary to maintain reliability of individual information system components. However, toomuch of the current research effort is directed at component-level activity detection and reaction and too little of the current effort is directed at enterprise-level detection and reaction. We provide some thoughts on what is needed to be able to accumulate estimates of reliabilities of information system components into estimates of trustworthiness of information systems.

[1]  Richard G. Little,et al.  Toward more robust infrastructure: observations on improving the resilience and reliability of critical systems , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[2]  M. Englehart Computer aided control system design (cacsd) , 1999, Gateway to the New Millennium. 18th Digital Avionics Systems Conference. Proceedings (Cat. No.99CH37033).

[3]  Jeffrey M. Voas,et al.  Trusted Software's Holy Grail , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[4]  S. Vestal Integrating control and software views in a CACE/CASE toolset , 1994, Proceedings of IEEE Symposium on Computer-Aided Control Systems Design (CACSD).

[5]  John L. Cole,et al.  Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03), March 24, 2003, Darmstadt, Germany , 2003, IWIA.

[6]  J. Lygeros,et al.  AN INTRODUCTION TO HYBRID SYSTEM MODELING ANALYSIS AND CONTROL JOHN LYGEROS GEORGE PAPPAS AND SHANKAR SASTRY , 1999 .

[7]  W. Tracz,et al.  DSSA case study: navigation, guidance, and flight director design and development , 1992, IEEE Symposium on Computer-Aided Control System Design.