Casey K. Fung, Yi-Liang Chen, Xinyu Wang, J. Lee, R. Tarquini, M. Anderson, R. Linger
{"title":"Survivability analysis of distributed systems using attack tree methodology","authors":"Casey K. Fung, Yi-Liang Chen, Xinyu Wang, J. Lee, R. Tarquini, M. Anderson, R. Linger","doi":"10.1109/MILCOM.2005.1605745","DOIUrl":null,"url":null,"abstract":"The survivability of system services is defined as the capability of system services to fulfil the mission objectives in the presence of malicious attacks, system failures, or accidents. Because of the severe consequences of system service failures, survivability analysis and mitigation solutions have been regarded as two of the most important aspects in distributed system development. In systems based on service-oriented architectures (SOA), the survivability analysis is fundamentally different from the traditional security-centric approaches that have been developed for traditional object-oriented, component-based systems. Under the new SOA paradigm, a system is regarded as a composition of services, each of which has well-defined goals and functionalities. For as long as a service is an independently developed component with well-defined goals and functionalities, the service can be treated as an independent system in the analysis of survivability. This paper presents an initial case study in adopting the attack tree analysis methodology for survivability study. We proposed a generic model for message-oriented systems based on SOA. This model depicts a messaging substrate composed of a group of messaging brokers with help from discover services and QoS managers to coordinate communication of a service overlay network on top of a mobile ad-hoc network (MANET). We first captured the basic service components in the system and the underlying mobile ad-hoc network. Next, we defined a mission objective in a case study and conducted attack tree analysis on the model system. From the attack tree analysis, we identified intrusion scenarios. Then we suggested a quantitative measure for system survivability. The survivability design task for a system is simply to make intrusion on the identified key components as difficult and costly as possible. From this case study, we identified the compromisable components that could be penetrated and damaged by intrusion and provided suggestions to enhance system survivability","PeriodicalId":223742,"journal":{"name":"MILCOM 2005 - 2005 IEEE Military Communications Conference","volume":"79 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"36","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"MILCOM 2005 - 2005 IEEE Military Communications Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MILCOM.2005.1605745","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 36
Abstract
The survivability of system services is defined as the capability of system services to fulfil the mission objectives in the presence of malicious attacks, system failures, or accidents. Because of the severe consequences of system service failures, survivability analysis and mitigation solutions have been regarded as two of the most important aspects in distributed system development. In systems based on service-oriented architectures (SOA), the survivability analysis is fundamentally different from the traditional security-centric approaches that have been developed for traditional object-oriented, component-based systems. Under the new SOA paradigm, a system is regarded as a composition of services, each of which has well-defined goals and functionalities. For as long as a service is an independently developed component with well-defined goals and functionalities, the service can be treated as an independent system in the analysis of survivability. This paper presents an initial case study in adopting the attack tree analysis methodology for survivability study. We proposed a generic model for message-oriented systems based on SOA. This model depicts a messaging substrate composed of a group of messaging brokers with help from discover services and QoS managers to coordinate communication of a service overlay network on top of a mobile ad-hoc network (MANET). We first captured the basic service components in the system and the underlying mobile ad-hoc network. Next, we defined a mission objective in a case study and conducted attack tree analysis on the model system. From the attack tree analysis, we identified intrusion scenarios. Then we suggested a quantitative measure for system survivability. The survivability design task for a system is simply to make intrusion on the identified key components as difficult and costly as possible. From this case study, we identified the compromisable components that could be penetrated and damaged by intrusion and provided suggestions to enhance system survivability
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
