Methods for Dependability and Security Analysis of Large Networks

Abstract

Dependability and security are rigorously related concepts that, however, differ for the specific proprieties they mainly concentrate on. In particular, in most commonly applied cases found in practical design techniques (Piedad & Hawkins, 2000), the dependability concept usually includes the security one, being a superset of it. In typical cases, security mainly comprises the following fundamental characteristics: confidentiality, integrity, and availability. Indeed, dependability mainly encompasses the following attributes (Avizienis, Laprie, Randell, & Landwehr, 2004): (1) availability: readiness for correct service; (2) reliability: continuity of correct service; (3) safety: absence of catastrophic consequences on the user(s) and the environment; (4) confidentiality: absence of unauthorized disclosure of information; (5) integrity: absence of improper system alterations; and (6) maintainability: ability to undergo modifications and repairs. The present work primarily intends to deal with formal methods, appropriate to perform both security and dependability analysis in modern networks. In general, security analysis of great networks takes the form of determining the exploitable vulnerabilities of a network, and intends to provide results or appropriate informative (or occasionally experimental) data about which network nodes can be compromised by exploiting chains of vulnerabilities, as well as specifying which fundamental security properties are altered (e.g., Confidentiality, Integrity, Availability). Therefore, such type of analysis is also referred as “network vulnerability analysis.” On the other hand, dependability analysis of networks typically intends to determine specific dependencies within the nodes (or the services offered) of the (appropriate) underlying network, so as to provide results about the consequences of (potential) faults (on services or hosts) and to find out which among these faults are able to cause unacceptable consequences, in terms of the basic dependability attributes. At this specific evaluation, it should be noted that it is possible to consider attacks (as well as attack consequences) as faults.