VALIDATION OF A SURVIVABLE PUBLISH-SUBSCRIBE SYSTEM

Sankalp Singh,William H Sanders,Tod Courtney,Adnan Agbaria,Fabrice Stevens,Partha Pal,John F Meyer

doi:10.47839/ijc.4.2.340

Abstract

We describe, with respect to high-level survivability requirements, the validation of a survivable publish subscribe system that is under development. We use a top-down approach that methodically breaks the task of validation into manageable tasks, and for each task, applies techniques best suited to its accomplishment. These efforts can be largely independent and use a variety of validation techniques, and the results, which complement and supplement each other, are seamlessly integrated to provide a convincing assurance argument. We also demonstrate the use of model-based validation techniques, as a part of the overall validation procedure, to guide the system’s design by exploring different configurations and evaluating trade-offs.

Highlights

The emergence of large distributed information systems to support nation-critical needs has spurred research into new system protection strategies that can produce a system whose critical function will survive in spite of hostile attacks, complex failures, or accidents [1]
In addition to validating the system against the high-level survivability requirements, we used the probabilistic model developed as a part of the integrated validation procedure (IVP) application to study design trade-offs and explore the behavior of the system in different operating configurations and attack environments
For the results presented here, we assumed that the data-level vulnerabilities could be considerably reduced by the effort put into the implementation of, for example, the PSQ, and by the semantic checks done on the access proxy for any incoming traffic to the core

Summary

INTRODUCTION

The emergence of large distributed information systems to support nation-critical needs (e.g., electrical power distribution, telecommunications, military command and control, and health care) has spurred research into new system protection strategies that can produce a system whose critical function will survive in spite of hostile attacks, complex failures, or accidents [1]. Ortalo et al [12] have proposed modeling of known system vulnerabilities using “privilege graphs,” followed by a combination of the privilege graphs with simple assumptions about attacker behavior to obtain “attack-state graphs.” The latter can be analyzed using Markov techniques to obtain probabilistic measures of security. The attacker model has a sophisticated and detailed representation of various kinds of effects of intrusions on the behavior of system components (such as a variety of failure modes) It includes a representation of the process of discovery of vulnerabilities (both in the operating system(s) and in the specific applications being used by the system) and their subsequent exploitation, and considers an aggressive spread of attacks through the system by taking into account the connectivity of the components of the system, at both the infrastructure and the logical levels.

OVERVIEW OF THE IT PUB-SUB DESIGN

VALIDATION APPROACH

VALIDATION DETAILS

OS 900

CONCLUSION