Modeling security as a dependability attribute: a refinement-based approach

As distributed, networked computing systems become the dominant computing platform in a growing range of applications, they increase opportunities for security violations by opening hitherto unknown vulnerabilities. Also, as systems take on more critical functions, they increase the stakes of security by acting as custodians of assets that have great economic or social value. Finally, as perpetrators grow increasingly sophisticated, they increase the threats on system security. Combined, these premises place system security at the forefront of engineering concerns. In this paper, we introduce and discuss a refinement-based model for one dimension of system security, namely survivability.

[1]  Nancy R. Mead,et al.  Survivable Network Systems: An Emerging Discipline , 1997 .

[2]  Edward N. Adams,et al.  Optimizing Preventive Service of Software Products , 1984, IBM J. Res. Dev..

[3]  Harlan D. Mills,et al.  Cleanroom Software Engineering , 1987, IEEE Software.

[4]  Alan R. Hevner,et al.  Principles of Information Systems Analysis and Design , 1986 .

[5]  Jules Desharnais,et al.  Recoverability preservation: a measure of last resort , 2005, Innovations in Systems and Software Engineering.

[6]  Ralph-Johan Back,et al.  Refinement Calculus: A Systematic Introduction , 1998 .

[7]  이상준,et al.  [서평]Cleanroom Software Engineering-Technology and Process , 2000 .

[8]  William McCune,et al.  OTTER 3.0 Reference Manual and Guide , 1994 .

[9]  Michael Dyer The Cleanroom Approach to Quality Software Development , 1992, Int. CMG Conference.

[10]  R.C. Linger,et al.  Cleanroom process model , 1994, IEEE Software.

[11]  James A. Whittaker,et al.  Cleanroom Software Engineering Practices , 1996 .

[12]  Ali Mili,et al.  On the lattice of specifications: Applications to a specification methodology , 2005, Formal Aspects of Computing.

[13]  William H. Sanders,et al.  Model-based validation of an intrusion-tolerant information system , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[14]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[15]  Eric C. R. Hehner A Practical Theory of Programming , 1993, Texts and Monographs in Computer Science.

[16]  Richard C. Linger,et al.  Cleanroom software engineering for zero-defect software , 1993, Proceedings of 1993 15th International Conference on Software Engineering.

[17]  Ali Mili,et al.  A Relational Model for the Specification of Data Types , 1992, Comput. Lang..

[18]  William McCune,et al.  OTTER 3.3 Reference Manual , 2003, ArXiv.

[19]  Jules Desharnais,et al.  Refinement and Demonic Semantics , 1997, Relational Methods in Computer Science.

[20]  Carroll Morgan,et al.  Data Refinement of Predicate Transformers , 1991, Theor. Comput. Sci..

[21]  Ali Mili,et al.  Combining fault avoidance, fault removal and fault tolerance: an integrated model , 1999, 14th IEEE International Conference on Automated Software Engineering.

[22]  Larry Wos,et al.  The Automation of Reasoning: An Experimenter's Notebook with Otter Tutorial , 1996 .