Comparing reliability and security: Concepts, requirements, and techniques

Abstract

Design of highly secure systems is increasingly important. This paper explores the relationship between reliability engineering and security engineering for software products. Our work has indicated that designing for reliability and designing for security share many common ideas and, more importantly, techniques that can be leveraged in product development. Security failures are one aspect of product dependability, and while security failures are qualitatively different from other reliability failures in some ways, the two classes of failures have a great deal in common. International Telecommunication Union, Telecommunications Standardization Sector (ITU-T) Recommendation X.805 suggests that availability has a specific meaning for security, namely, that it “ensures that there is no denial of authorized access to network elements, stored information, information flows, services and applications due to events impacting the network.” This definition is very similar to the definition of availability that reliability engineers use in describing functionality. This paper explores the similarities and differences in approaches taken within the communications domain for reliability and security. The three areas that are discussed are terminology, requirements, and common techniques. © 2007 Alcatel-Lucent.