------------------------------------------------------------------------------
TITLE: 
Security and Fault Tolerance in Survivable Systems

ABOUT THE SPEAKER
--------------------------------

Dr. McDermott's Bio:
Dr. McDermott began his research career in information assurance at the US Naval 
Research Laboratory in 1987. Dr. McDermott has researched compiler Trojan horses, 
security evaluation and certification, security engineering, multilevel secure database 
systems, data tampering, and abuse-case-based security engineering. His present 
research interests include survivable systems, software tampering, covert channels, 
process support systems, and high-confidence software engineering. Dr. McDeromott
earned his PhD from George Mason University in the area of Database Security.


Abstract:
---------------------------------------------------------------------------------
Survivable systems are those systems that are expected to provide some
level of service in the face of attacks, accidents, and failures.
When thinking of survivable systems, we expect them to perform in the
face of faults (or at least fail in the expected manner). Therefore,
understanding, modeling, and correcting these faults are very
important steps in the survivability arena. While system faults are
examined by both the security and fault tolerance communities, those
communities have strikingly different views of the types of faults
that exist, the way they are modeled, and how they are addressed.  The
different communities can look at the same system and identify
different sets of faults, thus also devising different survivability
approaches.  One community can pronounce a system survivable but the
other community would not find this to be so.  This leaves us with two
approaches that both fail to be comprehensive, depending on which
community is looking at the system.

Security researchers and fault-tolerance researchers look at
survivability from opposing viewpoints.  Security people view it in
terms of trust relationships while the fault tolerance literature
focuses on redundancy and reconfiguration In summary, one community
models faults as worst-case behavior of hypothetical intruders while
the other considers faults to be stochastic.  This results in
solutions from both paradigms that cannot handle faults from the other
paradigm.

In this talk, we will consider some definitions and concepts that are
important in understanding the conceptual differences between the two
opposing literatures, describe the different types of fault classes
and intruders that the two literatures focus on, and here about a new
paradigm shift is required in this area if a system is to be truly
survivable.