A short note on reliability of security systems

• Autorzy: Jóźwiak I. J. , Laskowski W.
• Języki publikacji: EN

Abstrakty

EN

Telecommunication systems become a key component of critical infrastructure. One of the main elements of such systems is computer system. The organizations which can be involved in crisis management (e.g. government agencies, etc. ) need to know results of security drawbacks in their systems. Moreover, they should have a tool for analysing the results of decision made in security context. And often the following question is raised: why do security systems fail? To answer it in this paper the aspects of reliability are discussed. From this point of view the security systems are analysed. We hope that thanks to such approach we will be able to reach some characteristics of security incidents occurrence. Moreover, we hope to use our results to build security attributes metrics. In addition, we present thesis that predictions of occurrence of incidents is impossible, so we should focus on registration of incidents type. On such a foundation we can formulate conclusions about drawbacks in configurations or administration of information systems. In our research we have observed that in case of some class of information systems, the availability incidents are the most dangerous. And we conclude that only using technologies with good reliability characteristics can lead to solving this problem.

Słowa kluczowe

EN

computer security; reliability; computer incidents

• Wydawca: Polskie Towarzystwo Bezpieczeństwa i Niezawodności
• Czasopismo: Journal of Polish Safety and Reliability Association
• Rocznik: 2007
• Tom: Vol. 1
• Strony: 193--197
• Opis fizyczny: Bibliogr. 12 poz., rys., tab., wykr.

Twórcy

autor

Jóźwiak I. J.

• Wroclaw University of Technology, Wroclaw, Poland

autor

Laskowski W.

• Wroclaw University of Technology, Wroclaw, Poland

Bibliografia

• [1] Anderson, R. (1993). Why Cryptosystems Fail. 1st Conference on Computer and Communication Security. VA, USA.
• [2] Anderson, R. (2001). Security engineering. A Guide to Building Dependable Distributed Systems. John Wiley & Sons Inc.
• [3] Hazlewood, V. (2007). Defense-in-depth. An Information Assurance Strategy for the Enterprise, San Diego 2006, (http://security.sdsc.edu/DefenseInDepthWhitePaper.pdf, February 2007).
• [4] Jóźwiak, I.J. (1992). The reliability and functional model of computer network with branched structure. Microelectronics and Reliabilit. Vol. 32, nr 3, 345-349.
• [5] Jóźwiak, I.J. (1996). The failure time random variable modeling. Microelectronics and Reliability. vol. 36, 10, 1525-1529.
• [6] Jóźwiak, I. & Laskowski, W. (2003). Reconfigurable hardware and safety and reliability of computer systems. Risk Decision and Policy Journal. Philadelphia.
• [7] Kołowrocki, K. (2004). Reliability of Large Systems. Amsterdam-Boston-Heidelberg-London-New York-Oxford-Paris-San Diego-San Francisco-Singapore-Sydney-Tokyo, Elsevier.
• [8] Laskowski, W. (2001). Układy programowalne jako narzędzia wspomagające kryptograficzną ochronę danych. Przegląd Telekomunikacyjny 3, 178-183.
• [9] Liderman, K. (2003). A guide for security administrators. Warszawa (in Polish).
• [10] SANS Institute, Intrusion detection FAQ. (2007). (on line: http://www.sans.org/resources/idfaq).
• [11] Varian, H. (2002). System reliability and free riding. Workshops on Economics and Information Security. Berkeley, (on line: http://citeseer.ist.psu.edu/527418.html).
• [12] Virus Encyclopedia, CA. (2007). (http://www3.ca.com/securityadvisor/virusinfo/browse.aspx).