An integrated framework for security and dependability

Abstract

This paper deals with the problem of interpreting security and dependability in such a way that they can be incorporated into the same framework. This calls for a modified understanding of some of the traditional concepts. Thus, a system-related conceptual model is suggested in which the various aspects of security and dependability are analyzed and regrouped into a new "input-output"-related system model. The input characteristics of this new model are interpreted in preventive terms, whereas the output characteristics are interpreted in behavioural terms with respect to the user of the system. One of the benefits of the model is that it can form a basis for composite measures of security and dependability. Thus, it is possible to define preventive measures and behavioural measures. The behavioural measures are measures that relate to the behaviour of the system, or, put informally, relate to the "output" of the system. Behavioural measures deal with system failures, e.g., the probability for and magnitude of such failures. Well-known reliability methods, such as Markov modelling, can be used for deriving behavioural measures of security. A preventive measure, on the other hand, would describe the system's ability to avoid detrimental influence from the environment, in particular influence originating from security breaches into the system.