Open Access Open Access  Restricted Access Subscription Access


Sankalp Singh, Adnan Agbaria, Fabrice Stevens, Tod Courtney, John F. Meyer, William H. Sanders, Partha Pal


We describe, with respect to high-level survivability requirements, the validation of a survivable publish subscribe system that is under development. We use a top-down approach that methodically breaks the task of validation into manageable tasks, and for each task, applies techniques best suited to its accomplishment. These efforts can be largely independent and use a variety of validation techniques, and the results, which complement and supplement each other, are seamlessly integrated to provide a convincing assurance argument. We also demonstrate the use of model-based validation techniques, as a part of the overall validation procedure, to guide the system’s design by exploring different configurations and evaluating trade-offs.


Quantitative Validation; Security Verification; Information Assurance; Probabilistic Modeling; Intrusion Tolerance; Security

Full Text:



R. J. Ellison, D. A. Fisher, R. C. Linger, H. F. Lipson, T. Longstaff, and N. R. Mead. Survivable Network Systems: An Emerging Discipline. Technical Report CMU/SEI-97-TR-013, CMU Software Engineering Institute, November 1997.

M. Cukier, J. Lyons, P. Pandey, H. V. Ramasamy, W. H. Sanders, P. Pal, F. Webber, R. Schantz, J. Loyall, R. Watro, M. Atighetchi, and J. Gossett. Intrusion Tolerance Approaches in ITUA. In Supplement of the 2001 International Conference on Dependable Systems and Networks, pages B-64-B-65, Goteborg, Sweden, July 2001.

Y. Deswarte, L. Blain, and J. C. Fabre. Intrusion Tolerance in Distributed Computing Systems. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 110-121, May 1991.

B. Dutertre, V. Crettaz, and V. Stavridou. Intrusion-Tolerant Enclaves. In Proceedings of the IEEE International Symposium on Security and Privacy, pages 216-224, Oakland, CA, May 2002.

US Department of Defense Trusted Computer System Evaluation Criteria (“Orange Book”). rainbow/5200.28-STD.html, December 1985. DoD 5200.28-STD.

C. Landwehr. Formal Models for Computer Security. Computer Surveys, 13(3):247-278, September 1981.

J. Lowry. An Initial Foray into Understanding Adversary Planning and Courses of Action. In Proceedings of the DARPA Information Survivability Conference and Exposition II (DISCEX’01), pages 123-133, 2001.

B. Littlewood, S. Brocklehurst, N. Fenton, P. Mellor, S. Page, D. Wright, J. Doboson, J. McDermid, and D. Gollmann. Towards Operational Measures of Computer Security. Journal of Computer Security, 2(2-3):211-229, 1993.

E. Jonsson and T. Olovsson. A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior. IEEE Transactions on Software Engineering, 23(4):235-245, April 1997.

B. B. Madan, K. Goseva-Popstojanova, K. Vaidyanathan, and K. S. Trivedi. Modeling and Quantification of Security Attributes of Software Systems. In Proceedings of the 2002 International Conference on Dependable Systems and Networks (DSN 2002), pages 505-514, June 2002.

O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. Wing. Automated Generation and Analysis of Attack Graphs. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 273-284, May 2002.

R. Ortalo, Y. Deswarte, and M. Kaaniche. Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security. IEEE Transactions on Software Engineering, 25(5):633-650, 1999.

S. Singh, M. Cukier, and W. H. Sanders. Probabilistic Validation of an Intrusion-Tolerant Replication System. In Proceedings of the 2003 International Conference on Dependable Systems and Networking (DSN-2003), pages 615-624, San Francisco, CA, 2003.

V. Gupta, V. Lam, H. V. Ramasamy, W. H. Sanders, and S. Singh. Dependability and Performance Evaluation of Intrusion-Tolerant Server Architectures. In Proceedings of LADC 2003: The 1st Latin American Symposium on Dependable Computing, Lecture Notes in Computer Science, volume 2847, pages 81-101, Sao Paulo, Brazil, October 2003.

P. G. Bishop and R. E. Bloomfield. The SHIP Safety Case Approach. In Proceedings of the 1995 IFAC Conference on Computer Safety, Reliability and Security (SafeComp95), pages 437-451, Belgirate, Italy, October 1995.

M. Abadi and L. Lamport. Conjoining Specifications. Technical Report 118, Digital Equipment Corporation Systems Research Center, December 1993.

L. Lamport. Temporal Logic of Actions. ACM Transactions on Programming Languages and Systems, 16(3):872-923, May 1994.

N. Shankar. A Lazy Approach to Compositional Verification. Technical Report TSL-93-08, SRI International, 1993.

J. F. Meyer, A. Movaghar, and W. H. Sanders. Stochastic Activity Networks: Structure, Behavior, and Application. In Proceedings of the International Conference on Timed Petri Nets, pages 106-115, Torino, Italy, July 1985.

W. H. Sanders. CDR validation report. Technical Report CDRL A007-R2, BBN Tehnologies, 2003.

D. D. Deavours, G. Clark, T. Courtney, D. Daly, S. Derisavi, J. M. Doyle, W. H. Sanders, and P. G. Webster. The Mobius Framework and Its Implementation. IEEE Transactions on Software Engineering, 28(10):956-969, October 2002.

Fabrice Stevens. Validation of an Intrusion-Tolerant Information System Using Probabilistic Modeling. Master’s thesis, University of Illinois at Urbana-Champaign, 2004.


  • There are currently no refbacks.
hgs yükleme