Modern society is increasingly dependent upon large-scale, highly distributed systems that operate in unbounded network environments. Such systems improve efficiency by permitting entire new levels of organizational integration, but they also introduce elevated risks of intrusion and compromise. These risks can be mitigated within the organization's system by incorporating survivability capabilities. Unbounded networks such as the Internet have no central administrative control and no unified security policy. Furthermore , the number and nature of nodes connected to such networks cannot be fully known. Despite the best efforts of security practitioners, no amount of hardening can assure that a system connected to an unbounded network will be invulnerable to attack. The discipline of survivability can help ensure that systems can deliver essential services and maintain essential properties including integrity, confidentiality, and performance despite the presence of intrusions. Unlike traditional security measures, which often depend on central control and administration, sur-vivability is intended to address network environments where such capabilities may not exist. Survivability is defined as the capability of a system to fulfill its mission in a timely manner, even in the presence of attacks, failures, or accidents. As an emerging discipline, sur-vivability builds on related fields of study, including security, essential services in unbounded environments, even when systems are penetrated and compromised. In defining survivability, the term mission refers to high-level organizational objectives. Missions are not limited to military settings; any successful organization or project must have a vision of its objectives, whether expressed implicitly or as a formal mission statement. Judging mission fulfillment is typically made in the context of external conditions that affect achievement of mission objectives. For example, a financial system may shut down for 12 hours during a period of widespread power outages caused by a hurricane. If the system preserves integrity and confidentiality of data and resumes essential services following the period of downtime, it can reasonably be judged to have fulfilled its mission. However, if the system shuts down unexpectedly for 12 hours under normal conditions or minor environmental stress and deprives users of essential financial services, it can be judged to have failed its mission, even if integrity and confidentiality are preserved. Timeliness is typically a critical factor in mission objectives, and is explicitly included in the definition of survivability. The terms attack, failure, and accident include all potentially damaging events; however, these terms do not partition events into mutually exclusive or even …
[1]
David A. Fisher,et al.
Survivability—a new technical and business perspective on security
,
1999,
NSPW '99.
[2]
Nancy R. Mead,et al.
Survivable Network System Analysis: A Case Study
,
1999,
IEEE Softw..
[3]
Nancy R. Mead,et al.
Survivability: Protecting Your Critical Systems
,
1999,
IEEE Internet Comput..
[4]
David A. Fisher,et al.
Emergent algorithms-a new method for enhancing survivability in unbounded systems
,
1999,
Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers.
[5]
Nancy R. Mead,et al.
Requirements definition for survivable network systems
,
1998,
Proceedings of IEEE International Symposium on Requirements Engineering: RE '98.