Secure and survivable software systems

Abstract

With malicious computer and network attacks reaching epidemic proportions, issues of security and survivability of software systems have surfaced in a variety of application domains. Of real concern is the increasing reliance of critical applications on networked computer systems. Failure or compromises of such systems could cause threats to national infrastructures or lead to catastrophe ( e.g., loss of life, damage to the environment, or unacceptable financial losses). Driven by market speed and feature demand, commercial software developers have high pressures to deliver products rapidly, usually at the expense of quality and security. Given these market pressures and the increasing complexity of today’s software, it is unrealistic to assume total security and robustness. Hence, the research area of secure and survivable systems has addressed the ability of systems to fulfill their missions even in the presence of failures, accidents or malicious attacks. Whereas resilience to failures and accidents has been the focus of research in fault-tolerant systems design, resilience to malicious attacks has become a challenge in the field of system survivability. Principally, essential services must be designed to withstand attacks. This requirement goes beyond the scope of computer and network security, which has been traditionally addressing detection and resistance to attacks.