An integrated framework for security and dependability

Proceedings New Security Paradigms Workshop

Volumn Part F129230, Issue , 1998, Pages 22-29

  Jonsson, Erland ^a  

^a CHALMERS UNIVERSITY OF TECHNOLOGY   (Sweden)

Author keywords

Computer security; Concepts; Confidentiality; Dependability; Measure; Modelling

Indexed keywords

MODELS; SYSTEMS ENGINEERING;

CONCEPTS; CONFIDENTIALITY; DEPENDABILITY; INTEGRATED FRAMEWORKS; MEASURE; OUTPUT CHARACTERISTICS; PREVENTIVE MEASURES; RELIABILITY METHODS;

SECURITY OF DATA;

EID: 84884727787     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/310889.310903     Document Type: Conference Paper

References (46)

1. J. Alves-Foss, S. Barbosa, "Assessing Computer Security Vulnerability", Operating Systems Review, Vol. 29, No. 3, July 1995. pp. 3-13.
2. J. Arlat, K. Kanoun, J-C. Laprie, "Dependability Modeling and Evaluation of Software Fault-tolerant Systems" in IEEE Transactions on Computers, Vol. 39, No. 4, April 1990. pp. 504-513.
3. D. Bell, L. LaPadula, "Secure Computer Systems: Mathematical Foundations and Model", MITRE Report MTR 2547, Vol. 2, Nov. 1973.
4. K. J. Biba, "Integrity Considerations for Secure Computer Systems", Technical Report No. ESD-TR-76-372, Electronic Systems Division, US Air Force, Hanscom Field, Bedford, MA, 1977.
5. S. Brocklehurst, B. Littlewood, T. Olovsson, E. Jonsson: "On Measurement of Operational Security", in Proceedings of the Ninth Annual IEEE Conference on Computer Assurance, COMPASS'94, Gaithersburg, Maryland, USA, June 29-July 1, pp. 257-266. 1994.
6. A. Burns, J. McDermid, J. Dobson, On the Meaning of Safety and Security, The Computer Journal, Vol. 35, No. 1, 1992. pp. 3-15.
7. S. Castano, M. G. Fugini, G. Martella, P. Samarati, "Database Security", Addison-Wesley, 1995. ISBN0-201-59375-0.
8. Canadian Trusted Computer Product Evaluation Criteria, Version 3.0e, Canadian System Security center, Communications Security Establishment Government of Canada, 1993.
9. M. Dacier: Vers une evaluation quantitative de la securite informatique, Doctoral thesis, LAAS Report No 94488, LAAS/CNRS, Toulouse, December 1994. (In French).
10. J. da Silva Fraga, D. Powell, "A Fault- and Intrusion-Tolerant File System", Proc. of the 3rd International Conference on Computer Security, IFIP/SEC '85, Dublin, Ireland, Aug. 1985. pp. 203-218.
11. C. J. Date, "An Introduction to Database Systems", Vol. 1, 5th edition, pp. 429ff, Addison-Wesley 1990, ISBN 0-201-51381-1.
12. D. E. Denning: "Secure Databases and Safety: Some unexpected conflicts," pp. 101-111 in T. Anderson (editor): Safe & Secure Computing Systems, Blackwell Scientific Publications, ISBN 0-632-01819-4, 1989.
13. D. E. Denning, "A New Paradigm for Trusted Systems", Proceedings of the IEEE New Paradigms Workshop, pp. 36-41. 1993.
14. Y. Deswarte, L. Blain, J-C. Fabre, "Intrusion Tolerance in Distributed Computer Systems", IEEE Symposium on Security and Privacy, IEEE Computer Society Press, 1991. pp. 110-121.
15. J. Dobson, J. McDermid, B. Randell: "On the Trustworthiness of Computer Systems", ESPRIT/BRA Project 3092 Technical Report Series No. 14, 1990.
16. Federal Criteria for Information Security Technology, Draft, National Institute of Standards and technology (NIST) and National Security Agency (NSA), 1992.
17. G. Graham, P. Denning, "Protection - Principles and Practice", Proc. 1972 AFIPS Spring Joint Computer Conference, AFIPS Press, pp. 417-429.
18. U. Gustafson, E. Jonsson, T. Olovsson: "On the Modelling of Preventive Security Based on a PC Network Intrusion Experiment". Proceedings of the Australasian Conference on Information Security and Privacy, ACISP'96, Wollongong, Australia, June 24-26, 1996.
19. D. Heimann, N. Mittal, K. Trivedi, "Dependability Modeling for Computer Systems" in Proc. of the Annual Reliability and Maintainability Symposium, 1991. pp. 120-127.
20. International Standards Organization: Information Processing Systems - Open Systems Interconnection - Basic Reference Model, part 2: Security Architecture 7498/2.
21. Information Technology Security Evaluation Criteria (1TSEC), Provisional Harmonized Criteria, December 1993. ISBN 92-826-7024-4.
22. Japanese Computer Security Evaluation Criteria - Functionality Requirements, Draft version 1.0, Ministry of International Trade and Industry (MITI), 1992.
23. E. Jonsson, T. Olovsson, "On the Integration of Security and Dependability in Computer Systems", IASTED International Conference on Reliability, Quality Control and Risk Assessment, Washington, Nov. 4-6, 1992. ISBN 0-88986-171-4, pp. 93-97.
24. E. Jonsson, "A Unified Approach to Dependability Impairments in Computer Systems", IASTED International Conference on Reliability, Quality Control and Risk Assessment, Cambridge, MA, Oct. 18-20 1993, ISBN 0-88986-181-1, pp. 173-178.
25. E. Jonsson, M. Andersson, S. Asmussen, "A Practical Dependability Measure for Degradable Computer Systems with Non-exponential Degradation", Proceedings of the IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes, SAFEPRO-CESS'94, Espoo, Finland, vol. 2, June 13-15, 1994. pp. 227-233.
26. E. Jonsson, M. Andersson, "On the Quantitative Assessment of Behavioural Security". Proc. of the First Australasian Conference on Information Security and Privacy, ACISP'96, 24-26 June 1996, Wollongong, Australia. In Lecture Notes in Computer Science 1172, Springer-Verlag 1996. ISBN 3-540-61991-7. pp. 228-241.
27. E. Jonsson, T. Olovsson, "A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior", IEEE Transactions on Software Engineering, Vol. 23, No. 4, April 1997.
28. M.K. Joseph: "Integration Problems in Fault-Tolerant, Secure Computer Design," pp. 347-364 in A. Avizienis. J.C. Laprie (editors): Dependable Computing for Critical Applications, Springer-Verlag, N.Y., ISBN 3-211-82249-6, 1991.
29. J. M. Juran, "Juran's Quality Control Handbook" 4th ed., McGraw-Hill, N.Y, 1988. ISBN 0-07-033176-6. pp. 2.8ff.
30. B. Lampson, "Protection", Proc. 5th Princeton Symposium in Operating Systems Review, Vol. 8, No. 1, Nov. 1974. pp. 18.24.
31. C. E. Landwehr, "Formal Models for Computer Security", ACM Computing Surveys, Vol. 13, No. 3, 1981. pp. 247-278.
32. J. C. Laprie, A. Costes: "Dependability: A unifying concept for reliable computing", in Proc. 12th IEEE International Symposium on Fault-Tolerant Computing (FTCS-12), June 1982, pp 18-21.
33. J. C. Laprie et al.: Dependability: Basic Concepts and Terminology, Springer-Verlag, ISBN 3-211-82296-8, 1992.
34. B. Littlewood, S. Brocklehurst, N.E. Fenton, P. Mellor, S. Page, D. Wright, J.E. Dobson, J.A. McDermid and D. Gollmann, "Towards Operational Measures of Computer Security", Journal of Computer Security, vol. 2, no. 3. 1994.
35. J. McDermid, "On Dependability, Its Measurement and Its Management", in High Integrity Systems, Vol. 1, No. 1, 1994, Oxford University Press, pp. 17-26.
36. S. Muftic: Security Mechanisms for Computer Networks, Ellis Horwood Ltd, England, ISBN 0-7458-0613-9, 1989.
37. Peter G Neumann: "Computer system security evaluation", in 1978 National Computer Conference, AFIPS Conf. Proceedings 47, Arlington, VA, pp 1087-1095.
38. National Institute of Standards and Technology; Glossary of Computer Security Terms, NSC-TG-004 version. 1, ("Aqua Book"), Oct. 21, 1988.
39. G. J. Myers: The Art of Software Testing, John Wiley & Sons, Inc, ISBN 0-471-04328-1, 1979.
40. T. Olovsson, E. Jonsson, S. Brocklehurst, B. Little-wood: "Data Collection for Security Fault Forecasting: Pilot Experiment", Technical Report No 167, Department of Computer Engineering, Chalmers University of Technology, 1992 and ESPRIT/BRA Project No 6362 (PDCS2) First Year Report, Toulouse Sept. 1993, pp 515-540.
41. T. Olovsson, E. Jonsson, S. Brocklehurst, B. Little-wood: "Towards Operational Measures of Computer Security: Experimentation and Modelling", Technical Report No 236, Department of Computer Engineering, Chalmers University of Technology, 1995 and in B. Randell et al. (editors.): Predictably Dependable Computing Systems, ESPRIT Basic Research Series, Springer Verlag, 1995, ISBN 3-540-59334-9, pp 555-572.
42. G. Rubino, B. Sericola, "Successive Operational Periods as Measures of Dependability" in Dependable Computing for Critical Applications (editors A. Avizieniz et al.), Springer Verlag, ISBN 3-211-82249-6, 1991, pp. 239-254.
43. R. S. Sandhu: "The Typed Access Matrix Model", IEEE Symposium on Security & Privacy, 1992, pp. 122-136.
44. B. C. Soh, T. S. Dillon," System Intrusion Detection: Model, Design and Analysis", Pacific Rim International Symposium on Fault-Tolerant Computing, Dec. 16-17, 1993, (PRFTS'93), Melbourne, Australia, CRT Publishing Ltd, London, pp. 85-90.
45. D.F. Sterne, "On the Buzzword Security Policy", IEEE Symposium on Security & Privacy, 1991, pp. 219-230,
46. Trusted Computer System Evaluation Criteria ("orange book"), National Computer Security Center, Department of Defense, No DOD 5200.28.STD, 1985.