On the Integration of Security and Dependability in Computer Systems

Paper in proceeding, 1992

Historically the trustworthiness of a computer system was characterized by its reliability and availability. Later on safety was integrated into what is now termed dependability. System security was originally a concept that described the protection of information from intentional and hostile interaction. It has now been suggested that security should be treated as a dependability attribute, parallel to reliability, availability and safety, but the implications of this integration has not yet been fully realized. This paper presents a novel approach to security, intended to facilitate and improve this integration. This is accomplished by taking a dependability viewpoint on traditional security and interpreting it in terms of system behaviour and fault prevention. A modified security concept, comprising only fault prevention characteristics and a new behaviouristic concept, privacy, are defined. The outcome of this interpretation will influence the integration of the other three dependability attributes.