Abstract
As distributed, networked computing systems become the dominant computing platform in a growing range of applications, they increase opportunities for security violations by opening hitherto unknown vulnerabilities. Also, as systems take on more critical functions, they increase the stakes of security by acting as custodians of assets that have great economic or social value. Finally, as perpetrators grow increasingly sophisticated, they increase the threats on system security. Combined, these premises place system security at the forefront of engineering concerns. In this paper, we introduce and discuss a refinement-based model for one dimension of system security, namely survivability.
Similar content being viewed by others
References
Adams EN (1984) Optimizing preventive service of software products. IBM J Res Dev 28(1):2–14
Back RJ, von Wright J (1998) Refinement calculus: a systematic introduction. Graduate texts in computer science. Springer, Berlin Heidelberg New York
Becker SA, Whittaker JA (1997) Cleanroom software engineering practice. IDEA, Romania
Ben Ayed R, Mili A, Cukic B, Xia T (2000) Combining fault avoidance, fault removal and fault tolerance: an integrated model. In: Proceedings, design for safety workshop, NASA Ames Research Center, Moffett Field, CA, October 2000.
Ben Ayed R, Mili A, Sheldon F, Shereshevsky M (2005) An integrated approach to dependability management. In: Foundations of empirical software engineering: the legacy of Victor R. Basili, St. Louis, MO, Invited talk
Boudriga N, Elloumi F, Mili A (1992) The lattice of specifications: applications to a specification methodology. Formal Asp Comput 4:544–571
Boudriga N, Zalila R, Mili A (1992) A relational model for the specification of data types. Comput Lang 17(2):101–131
Boudriga N, Zalila R, Mili A (1993) Didon: a system for executable specifications. Inf Softw Technol 33(7):489–498
Desharnais J, Mili A, Nguyen TT (1997) Refinement and demonic semantics. In: Brink Ch, Kahl W, Schmidt G (eds.) Relational methods in computer science, Chap. 11, pp. 166–183. Springer, Berlin Heidelberg New York
Dyer M (1992) The cleanroom approach to quality software development. Wiley, New York
Ellison RJ, Fisher DA, Linger RC, Lipson HF, Longstaff T, Mead NR (1997) Survivable network systems: an emerging discipline. Technical Report CMU/SEI-97-TR-013, CMU Software Engineering Institute, November 1997
Gardiner P, Morgan CC (1991) Data refinement of predicate transformers. Theor Comput Sci 87:143–162
Hehner ECR (1993) A practical theory of programming. Springer, Berlin Heidelberg New York
Josephs MB (1987) An introduction to the theory of specification and refinement. Technical Report RC 12993, IBM Corporation
Linger RC (1993) Cleanroom software engineering for zero-defect software. In: Proceedings of the 15th Hawaii international conference on software engineering, Baltimore, MD, May 1993
Linger RC (1994) Cleanroom process model. IEEE Softw 11(2):50–58
Linger RC, Hausler PA (1992) Cleanroom software engineering. In: Proceedings of the 25th Hawaii international conference on system sciences, Kauai, Hawaii, January 1992
McCune W (1994) Otter3.0 reference manual and guide. Mathematics and Computer Science Division, ARGONE National Laboratory, January 1994.
McCune W (2003) Otter 3.3 reference manual. Technical Report Technical Memorandum No. 263, Argonne National Laboratory, Chicago, August 2003
Mili A, Cukic B, Xia T, Ben Ayed R (1999) Combining fault avoidance, fault removal and fault tolerance: An integrated model. In: Proceedings of the 14th IEEE international conference on automated software engineering, pp. 137–146, Cocoa Beach, FL, October 1999. IEEE Computer Society, Washington
Mili A, Sheldon F, Mili F, Desharnais J (2005) Recoverability preservation: a measure of last resort. Innov Syst Softw Eng A NASA J
Mills HD, Dyer M et al (1987) Cleanroom software engineering. IEEE Softw 4(5):19–25
Mills HD, Linger RC, Hevner, AR (1985) Principles of information systems analysis and design. Academic, New York
Nicol DM, Sanders WH, Trivedi KS (2004) Model based evaluation: from dependability to security. IEEE Trans Dependable Comput 1(1):48–65
Prowell SJ, Trammell CJ, Linger RC, Poore JH (1999) Cleanroom software engineering: technology and process. SEI series in software engineering. Addison Wesley, Reading
Shereshevsky M, Ayed RB, Mili A (2005) An integrated approach to security management. In: Cyber security and information infrastructure research group and information operations center, First Annual Workshop, Oak Ridge
Sommerville I (2004) Software engineering. 7th edn. Addison Wesley, Reading
Stevens F, Courtney T, Singh S, Agbaria A, Meyer JF, Sanders WH, Pal P (2004) Model based validation of an intrusion tolerant information system. In: Proceedings SRDS, pp. 184–194
Von Wright J (1990) A lattice theoretical basis for program refinement. Technical report, Department of Computer Science, Abo Akademi, Finland,
Wos L (1996) The automation of reasoning: an experimenter's notebook with otter tutorial. Academic, Englewood Cliffs
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mili, A., Sheldon, F., Jilani, L. et al. Modeling security as a dependability attribute: a refinement-based approach. Innovations Syst Softw Eng 2, 39–48 (2006). https://doi.org/10.1007/s11334-006-0023-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11334-006-0023-7