Security in a Dependability Perspective
Paper in proceedings, 1994
Historically security has developed as a discipline, separate from the original dependability framework, which included reliability, availability and safety attributes. Therefore, the integration of security in this framework has not yet been fully accomplished. This paper presents a novel approach to security, intended to facilitate and improve this integration. This is achieved by taking a dependability viewpoint on traditional security and interpreting it in behavioural and preventive terms. A modified security concept, comprising only preventive characteristics is defined where confidentiality is suggested to be a behavioural dependability attribute. The outcome of this interpretation influences the integration of the other three dependability attributes. The overall objective of this approach is to arrive at a more general and clear-cut dependability framework that would describe how (un)dependable a system is, irrespective of the reason for the (un)dependability. For example, it should be possible to treat a system failure due to an intentional intrusion of due to a hardware fault using the same methods and in parallel. Finally, the problem of interpreting concepts and terminology for security impairments in dependability terms is addressed, based on a few examples from real security breaches. It is realized that this is an area where future work is necessary.