On the resilience of the dependability framework to the intrusion of new security threats

Abstract

B. Randell has been instrumental, with others, in the definition of the dependability framework. Initially thought of with a strong emphasis on accidental faults, it has paid more attention over the years to intentional ones and, thus, to classical security concepts as well. Recently, a couple of incidents have received a lot of attention: the Hydraq and Stuxnet worms outbreaks. They have been used to highlight what is being presented as a new and growing security concern, namely the so-called advanced persistent threats (a.k.a. apts). In this paper, we analyse how resilient the historical dependability framework can be with respect to these sudden changes in the threats landscape. We do this by offering a very brief summary of the concepts of interest for this discussion. Then we look into the Hydraq and Stuxnet incidents to identify their novel characteristics. We use these recent cases to figure out if the existing taxonomy is adequate to reason about these new threats. We eventually conclude this chapter by proposing some future avenues for research in that space. © 2011 Springer-Verlag Berlin Heidelberg.