Skip to main content
SpringerLink
Log in

Modeling security as a dependability attribute: a refinement-based approach

  • Published:
Innovations in Systems and Software Engineering Aims and scope Submit manuscript

Abstract

As distributed, networked computing systems become the dominant computing platform in a growing range of applications, they increase opportunities for security violations by opening hitherto unknown vulnerabilities. Also, as systems take on more critical functions, they increase the stakes of security by acting as custodians of assets that have great economic or social value. Finally, as perpetrators grow increasingly sophisticated, they increase the threats on system security. Combined, these premises place system security at the forefront of engineering concerns. In this paper, we introduce and discuss a refinement-based model for one dimension of system security, namely survivability.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Adams EN (1984) Optimizing preventive service of software products. IBM J Res Dev 28(1):2–14

    Google Scholar 

  2. Back RJ, von Wright J (1998) Refinement calculus: a systematic introduction. Graduate texts in computer science. Springer, Berlin Heidelberg New York

  3. Becker SA, Whittaker JA (1997) Cleanroom software engineering practice. IDEA, Romania

  4. Ben Ayed R, Mili A, Cukic B, Xia T (2000) Combining fault avoidance, fault removal and fault tolerance: an integrated model. In: Proceedings, design for safety workshop, NASA Ames Research Center, Moffett Field, CA, October 2000.

  5. Ben Ayed R, Mili A, Sheldon F, Shereshevsky M (2005) An integrated approach to dependability management. In: Foundations of empirical software engineering: the legacy of Victor R. Basili, St. Louis, MO, Invited talk

  6. Boudriga N, Elloumi F, Mili A (1992) The lattice of specifications: applications to a specification methodology. Formal Asp Comput 4:544–571

    Google Scholar 

  7. Boudriga N, Zalila R, Mili A (1992) A relational model for the specification of data types. Comput Lang 17(2):101–131

    Google Scholar 

  8. Boudriga N, Zalila R, Mili A (1993) Didon: a system for executable specifications. Inf Softw Technol 33(7):489–498

    Google Scholar 

  9. Desharnais J, Mili A, Nguyen TT (1997) Refinement and demonic semantics. In: Brink Ch, Kahl W, Schmidt G (eds.) Relational methods in computer science, Chap. 11, pp. 166–183. Springer, Berlin Heidelberg New York

  10. Dyer M (1992) The cleanroom approach to quality software development. Wiley, New York

  11. Ellison RJ, Fisher DA, Linger RC, Lipson HF, Longstaff T, Mead NR (1997) Survivable network systems: an emerging discipline. Technical Report CMU/SEI-97-TR-013, CMU Software Engineering Institute, November 1997

  12. Gardiner P, Morgan CC (1991) Data refinement of predicate transformers. Theor Comput Sci 87:143–162

    Google Scholar 

  13. Hehner ECR (1993) A practical theory of programming. Springer, Berlin Heidelberg New York

  14. Josephs MB (1987) An introduction to the theory of specification and refinement. Technical Report RC 12993, IBM Corporation

  15. Linger RC (1993) Cleanroom software engineering for zero-defect software. In: Proceedings of the 15th Hawaii international conference on software engineering, Baltimore, MD, May 1993

  16. Linger RC (1994) Cleanroom process model. IEEE Softw 11(2):50–58

    Google Scholar 

  17. Linger RC, Hausler PA (1992) Cleanroom software engineering. In: Proceedings of the 25th Hawaii international conference on system sciences, Kauai, Hawaii, January 1992

  18. McCune W (1994) Otter3.0 reference manual and guide. Mathematics and Computer Science Division, ARGONE National Laboratory, January 1994.

  19. McCune W (2003) Otter 3.3 reference manual. Technical Report Technical Memorandum No. 263, Argonne National Laboratory, Chicago, August 2003

  20. Mili A, Cukic B, Xia T, Ben Ayed R (1999) Combining fault avoidance, fault removal and fault tolerance: An integrated model. In: Proceedings of the 14th IEEE international conference on automated software engineering, pp. 137–146, Cocoa Beach, FL, October 1999. IEEE Computer Society, Washington

  21. Mili A, Sheldon F, Mili F, Desharnais J (2005) Recoverability preservation: a measure of last resort. Innov Syst Softw Eng A NASA J

  22. Mills HD, Dyer M et al (1987) Cleanroom software engineering. IEEE Softw 4(5):19–25

    Google Scholar 

  23. Mills HD, Linger RC, Hevner, AR (1985) Principles of information systems analysis and design. Academic, New York

  24. Nicol DM, Sanders WH, Trivedi KS (2004) Model based evaluation: from dependability to security. IEEE Trans Dependable Comput 1(1):48–65

    Google Scholar 

  25. Prowell SJ, Trammell CJ, Linger RC, Poore JH (1999) Cleanroom software engineering: technology and process. SEI series in software engineering. Addison Wesley, Reading

  26. Shereshevsky M, Ayed RB, Mili A (2005) An integrated approach to security management. In: Cyber security and information infrastructure research group and information operations center, First Annual Workshop, Oak Ridge

  27. Sommerville I (2004) Software engineering. 7th edn. Addison Wesley, Reading

  28. Stevens F, Courtney T, Singh S, Agbaria A, Meyer JF, Sanders WH, Pal P (2004) Model based validation of an intrusion tolerant information system. In: Proceedings SRDS, pp. 184–194

  29. Von Wright J (1990) A lattice theoretical basis for program refinement. Technical report, Department of Computer Science, Abo Akademi, Finland,

  30. Wos L (1996) The automation of reasoning: an experimenter's notebook with otter tutorial. Academic, Englewood Cliffs

Download references

Author information

Authors and Affiliations

  1. College of Computing Science, New Jersey Institute of Technology, Newark, NJ, 07102-1982, USA

    Ali Mili, Alex Vinokurov & Alex Thomasian

  2. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, 15213, USA

    Ali Mili

  3. U.S. DOE Oak Ridge National Lab, PO Box 2008, MS 6085, 1 Bethel valley Road, Oak Ridge, TN, 37831-6085, USA

    Frederick Sheldon

  4. Institute of Management, University of Tunis, Bardo, 2000, Tunisia

    Lamia Labed Jilani

  5. School of Engineering, University of Tunis, Belvedere, 1002, Tunisia

    Rahma Ben Ayed

Authors
  1. Ali Mili
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frederick Sheldon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lamia Labed Jilani
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alex Vinokurov
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Alex Thomasian
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Rahma Ben Ayed
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ali Mili.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Mili, A., Sheldon, F., Jilani, L. et al. Modeling security as a dependability attribute: a refinement-based approach. Innovations Syst Softw Eng 2, 39–48 (2006). https://doi.org/10.1007/s11334-006-0023-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11334-006-0023-7

Keywords

Search

Navigation