Abstract
This chapter introduces the survivability evaluation, especially on the corresponding evaluation criteria and modeling techniques. The content of this chapter includes an overview of the literature of computer system dependability or security evaluation techniques and their limitation. The concept of survivability and the techniques for modeling and evaluating survivability are introduced. In addition, the whole process of modeling and evaluating the survivability of an intrusion tolerant database system (ITDB) is shown as a case study. The discussion included in this chapter would facilitate the readers to understand the fundamental difference among reliability, availability, survivability, and related concepts. This chapter would also help information security professionals to learn the methods of measuring information security and survivability.
TopBackground
The development of techniques for quantitative evaluation of computer system security has a long and rich history.
The Orange Book (1985): First published in 1983, the Trusted Computer System Evaluation Criteria, or TCSEC, (DOD-5200.28-STD) known as the Orange Book is a set of basic requirements and evaluation classes for assessing the effectiveness of security controls built into a computer system. These criteria are intended for use in the evaluation and selection of computer systems being considered for the processing and/or storage and retrieval of sensitive or classified information by the United States Department of Defense (DoD). The Orange Book, and others in the Rainbow Series, is still the benchmark for systems produced almost two decades later. It was eventually replaced with development of the Common Criteria international standard.
Common Criteria (2000): The Common Criteria (CC) is an international standard (ISO/IEC 15408) for computer security. It describes a framework in which computer system users can specify their security requirements, developers can make claims about the security attributes of their products, and evaluators can determine if a Target of Evaluation (TOE) meets its claimed security functionality and assurance requirements. In other words, Common Criteria provides assurance that the process of specifying, developing, and evaluating a computer security product has been conducted in a rigorous manner.
However, CC allows a vendor to make certain assumptions about the operating environment and the strength of threats faced by the product in that environment. Based on these assumptions, the claimed security functions of the product are evaluated. So, if a product is ISO 15408 certified, it should only be considered secure in the assumed, specified circumstances.
Some engineers also use reliability/availability models to evaluate system survivability. The reason is because of the similarity between system failures due to intentional attacks and system failures due to accidental component failures.
Key Terms in this Chapter
The Orange Book: First published in 1983, the Trusted Computer System Evaluation Criteria, or TCSEC, (DOD-5200.28-STD) known as the Orange Book is a set of basic requirements and evaluation classes for assessing the effectiveness of security controls built into a computer system.
Survivability: The capability of a system to complete its mission, in a timely manner, even if significant portions are compromised by attacks or accidents.
Availability: Closely related to reliability, and is defined in ITU-T Recommendation E.800 as follows: “the ability of an item to be in a state to perform a required function at a given instant of time or at any instant of time within a given time interval, assuming that the external resources, if required, are provided.”
Integrity: A fraction of time that all accessible data items in the database are clean.
Common Criteria: The Common Criteria (CC) is an international standard (ISO/IEC 15408) for computer security. It describes a framework in which computer system users can specify their security requirements, developers can make claims about the security attributes of their products, and evaluators can determine if a Target of Evaluation (TOE) meets its claimed security functionality and assurance requirements.
Rewarding-Availability: A fraction of time that the all clean data items are accessible.
Reliability: Recommendations E.800 of the International Telecommunications Union (ITU-T) defines reliability as follows: “the ability of an item to perform a required function under given conditions for a given time interval.” In computer science, reliability is defined as the probability that the system continues to function throughout the interval (0,t).