CERT Coordination Center
HomeSite IndexSearchContactFrequently Asked Questions
Incidents, Quick fixes, and VulnerabilitiesSecurity Practices and EvaluationsSurvivability Research and AnalysisTraining and Education

The Information Survivability Workshops

Fourth Information Survivability Workshop (ISW-2001/2002)
"Impediments to Achieving Survivable Systems"
Sponsored by the Institute of Electrical and Electronics Engineers (IEEE) Computer Society, Technical Committee on Fault Tolerant Computing, with support from the US Department of State and the Canadian Office of Critical Infrastructure Protection and Emergency Preparedness

Organized by the CERT Coordination Center, Software Engineering Institute

Vancouver, BC Canada
The Delta Pinnacle Hotel

Assessing the Survivability of Developmental Information Systems

Bradley J. Wood
Cyber Defense Research Center
SRI International
6501 Americas Parkway NE, Suite 500
Albuquerque, New Mexico (USA) 87110-5375
Phone: 505-830-6802
Email: Bradley.Wood@SRI.Com

The need exists to apply information survivability principals to developmental information systems. However, most current information survivability definitions require an underlying application to evaluate. This becomes a problem with a system is not well defined or when designers seek to harden generic component technologies. This classical approach also relies on a rigorous documentation process which is falling out of favor in some industrial sectors.

This discussion describes an approach for evaluating or profiling the survivability characteristics of an information system independent of the underlying application. This approach requires (a) the development of various measures of performance, (b) application of classic experimentation theory, and (c) analysis using novel techniques for comparing multiple attributes. The desired result is an assessment that is somewhat independent of a given application, but still relevant to designers and decision makers.

The primary benefit of this approach is that it allows some measure of continuous assessment of a system, independent of the requirements development process. This approach can also be applied to generic technology building blocks that are destined for later integration into an arbitrary application.

This is a work in progress. However, the authors will share some lessons learned in developing this process and in conducting some early assessment experiments.

To ISW Home Page

Disclaimers and copyright information

Last updated 8 March 2002

Please send comments to survivable-systems@cert.org