Software Engineering Institute Carnegie Mellon

Trustworthy Refinement Through Intrusion-Aware Design

[Abstract]   [Figures]   [Acknowledgements]   [Executive Summary]   [1 Introduction]   [2 Triad Overview]   [3 Survivability Strategy Documentation]    [4 Survivability Strategy Development]   [5 Example: TRIAD Application]   [6 Conclusion]   [Appendix A: Glossary]   [References]   [PDF File]

Appendix: Glossary

attack pattern - a generic representation of deliberate and malicious activity that commonly occurs in a specific architectural context

attack tree - a mission-critical compromise of a system and a hierarchical organization of intrusion scenarios, each of which accomplishes that compromise by different means

conceptual architecture (or conceptual survivability architecture) - a description of the system structure and function that addresses the need to ensure mission success despite penetrations and compromise at a level appropriate for the customer of the system

impact - the extent of harm to a system that results from a threat's exploitation of a system vulnerability [DoD 00]

information system - any combination of information technology and people's activities using that technology to support operations, management, and decision-making

intrusion scenario - a description of people interacting with systems in a malicious way, thereby intentionally causing harm to an organization

security risk - a combination of the likelihood that a threat will occur, the likelihood that a threat occurrence will result in an adverse impact, and the severity of the resulting impact [DITSCAP 99]

survivability - the capability of a system to fulfill its mission by preserving essential services, even when systems are penetrated and compromised

survivability architecture - the combination of a system's conceptual architecture and technical architecture

survivability strategy - an overall approach to resist, recognize, recover from, and adapt to mission-compromising attacks

survivability tactic - a generic representation of an architectural approach to resist, recognize, recover from, or adapt to some pattern of attack in a specific context

survivability traceability - a characteristic of a system in which the survivability requirements are clearly linked to their sources (mission) and to the artifacts created during the system development life cycle based on these requirements (survivability architecture) [Ramesh 97]

survivability tracing - the process of ensuring survivability traceability

system dynamics - a method to model and analyze the holistic behavior of complex, managed systems as they evolve over time

technical architecture (or technical survivability architecture) - a description of the system structure and function that addresses the need to ensure mission success despite penetrations and compromise at a level of technical detail sufficient to actually build the system

technical component - any existing architectural building block, such as commercial off-the-shelf software or hardware

threat - any circumstance or event with the potential to cause harm to a system [DoD 00]

threat dynamics - an application of system dynamics that explicitly addresses hostile, malicious actions by individuals and the system operational response to such actions

vulnerability - a system characteristic that could be exploited by a threat to harm a system [DoD 00]