XueGang Lin,Rongsheng Xu,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICACT.2005.245839

2005-01-01

Abstract:Information system plays an important role in modern society, and its performance of survivability is a vital attribute for people. Based on the relation between system and environment, survivability analysis model is divided into three models: environment, system and analysis model. Then, survivability is computed through resistance, recognition and recovery under each environment that system should stand by a hierarchical analysis process. Finally, the general analysis method is given to describe the entire process of analyzing information system survivability. The three models and quantitative analysis method is practicable for parameters involved are measurable and the method is modularized.

Xuegang Lin,Rongsheng Xu,Miaoliang Zhu

DOI: https://doi.org/10.1007/11596981_59

2005-01-01

Abstract:Survivability should be considered beyond security for networked information systems, which emphasizes the ability of continuing providing services timely in malicious environment. As an open complex system, networked information system is presented by a service-oriented hierarchical structure, and fault scenarios are thought of as stimulations that environment impact on systems while changes of system services’ performance as system reaction. Survivability test is done according to a test scheme which is composed of events, atomic missions, fault scenarios and services. Survivability is computed layer by layer based on the result of survivability test through three specifications (resistance, recognition and recovery). This computation method is more practicable than traditional state-based method for it converts direct defining system states and computing state transition into a layered computation process.

Xue-gang Lin,Rong-sheng Xu,Hua Xiong,Miao-liang Zhu

2006-01-01

Abstract:Survivability should be considered beyond security for information system, and quantitative analysis can assess system survivability accurately for improvement. Information system is presented by finite state machine and its state transition map is used to describe analysis process, where the hierarchical structure of system state avoids the problem of enumerating states in Markov chain model. Based on SNA method, a framework of quantitative analysis is introduced: defining system, testing system’s survivability, computing survivability, and giving analysis report finally, which is easily implemented by computer. In the framework, the event database which is based on event classification and grade makes creating test project automatically and objectively, and survivability is computed through resistance, recognition and recovery in a hierarchical process.

Rongyao Cai,Xiao Xv,Zhengming Lu,Kexin Zhang,Yong Liu

DOI: https://doi.org/10.1109/isas61044.2024.10552597

2024-01-01

Abstract:Fault tree analysis is the most commonly used methodology in industrial safety analysis to predict the probability or frequency of system failure. Although fault tree analysis has been proposed for more than six decades, the assumptions used in most commercial fault tree analysis codes have not changed significantly, which limits the ability of the method to represent design, operation, and maintenance characteristics in the context of the increasing complexity and specialization of modern industrial systems. The basic setup of traditional fault trees is unable to include dependencies between events, time-varying failures, and repair rate realities to explain complex maintenance strategies. To address the above shortcomings, we propose a fusion tree model combining fault tree and attack tree, and simplify the causal structure of the fusion tree by modularization, and utilize the dynamic Markov model to represent the complex coupling relationship between components or nodes. Finally, we demonstrate the calculation process of fusion tree in pressure vessel systems with temporal control.

Xuegang Lin,Miaoliang Zhu,Rongsheng Xu

DOI: https://doi.org/10.1109/ICITA.2005.17

2005-01-01

Abstract:Information system survivability should be analyzed quantitatively for evaluating and grading accurately. A finite state machine whose state is described by a hierarchical structure presents quantification model. To quantify more objectively, a test-based framework is introduced by five key steps based on SNA method, which is achieved by computer's aid mostly for reducing man factor. Survivability is computed through resistance, recognition and recovery in detail by a hierarchical process. This framework is more practicable for system's hierarchical state, which avoids dividing the state space.

LIN Xue-gang,ZHU Miao-liang,XU Rong-sheng

DOI: https://doi.org/10.3785/j.issn.1008-973x.2006.11.026

2006-01-01

Abstract:An analysis model based on finite state machine and hierarchical system state was presented to quantitatively compute information system's survivability.The survivability was computed through system definition and system survivability test.The system was defined by a service-centered hierarchical structure,and the survivability test was carried out based on event classification and gradation.Then the survivability was obtained through computing resistibility,recognizability and recoverability layer by layer.Demonstration shows that this layered state-based computation is more practicable and programmable than the traditional system state based models for avoiding defining and analyzing system state directly.

Tun Lu,Ning Gu

DOI: https://doi.org/10.1109/gcc.2007.69

2007-01-01

Abstract:From the perspective of service-oriented computing, a grid system is built by composing autonomous, loosely coupled and platform-independent services, whose dynamics and complexity bring great challenges to system survivability analysis. In the present of different kinds of malicious attacks, system failures or accidents, the system will provide a predefined survivability specification which consists of corresponding degraded services called service cores according to the application logic. How to formally describe the process and reason the properties of the recovery from one service core to another play an important role in analyzing system survivability. The main contributions of this paper are (1) presenting the method to represent service core based on component families and installation orders; (2) studying the success (the newly started services in the resulting service core function properly) and safety (the formerly started services in the starting service core are not damaged) properties of the recovery from one service core to another based on component compatibility and installation execution; (3) proposing the approach to simplify the component installation execution based on projection; (4) proposing a formal analysis approach for service-based system survivability based on survivability specification. The approach is applied in a simple service-based system called mobile video conference (MVC) to demonstrate its practicability and efficiency.

张恺伦,江全元

2013-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in power system, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the concept of vulnerability sensitivity, which can quantitatively evaluate the effect of changes in the leaf vulnerability on the system, so as to find out the critical port.

Leilei Chen,Qing Wang,Wei Xu,Liang Zhang

DOI: https://doi.org/10.1109/icws.2010.53

2010-01-01

Abstract:Survivability is crucial for computer systems that support critical infrastructures of our society. For those in paradigm of SOA where the computing settings are intrinsically open, traditional survivability model and safeguard mechanisms are no longer applicable. To rise to the challenge, we propose a formal definition and a corresponding framework to evaluate the survivability of SOA systems. We treat survivability as a multidimensional QoS property, and then give a holistic evaluation method based on the Hidden Markov Model.

GENG Ji,SONG Xu,CHEN Wei,QIN Zhi-guang

DOI: https://doi.org/10.3969/j.issn.1001-0548.2014.01.017

2014-01-01

Abstract:The security problems of software become more and more serious,and software survivability is an extension of software security researches. However, the survivability models can rarely bring out a practical method by now. In this paper, we consider the effect of different system structures and runtime environments on system survivability. Firstly, we construct a service survivability model by considering the effect of environment;secondly, we consider the relationship between the system structure and services and construct a model based on service survivability to reflect the system survivability. Finally, based on this model, a recovery approach is illustrated when parts of or all the system’s services are failed.

Tun Lu,Ning Gu

DOI: https://doi.org/10.1109/TASE.2007.48

2007-01-01

Abstract:Service-oriented computing (SOC) emerging as a new computing diagram that supports the rapid and low-cost development of distributed applications by composing platform-independent, coarse-grained and loosely coupled services. With the prevalence of service-oriented system, how to build survivable applications in the immature research field of service-oriented system engineering (SOSE) has become a big challenge. An approach of configuration management based on service dependency is presented in this paper to analyze and optimize the survivability of applications. Three dimensions, i.e. distance, strength and criticality, are defined to describe the survivability of service dependency. A directed acyclic graph called weighted system configuration graph (WSCG) is proposed to model the survivability of an application, where each direct dependency between two services is assigned a weight which is calculated based on the three dimensions. Then we give an algorithm in WSCG to obtain the maximal survivability system configuration from redundant service configurations. The mobile video conference (MVC) scenario is illustrated to show the effectiveness and the soundness of our approach and algorithms. At last, the conclusion is drawn with future work given.

Lu Tun,Gu Ning

DOI: https://doi.org/10.1109/ICPCA.2007.4365478

2007-01-01

Abstract:This paper proposes an analysis approach for service-based system survivability, in which the properties of service core transitions, i.e. success (the newly started services in the resulting service core function properly) and safety (the formerly started services in the starting service core are not damaged) can be reasoned. The presented concepts and theoretic results lay a generic theoretic foundation for survivability analysis. An example called mobile video conference (MVC) is illustrated how to use the approach to reason the properties of service core transitions in practice.

Bo Zhou,Keting Yin,Shuai Zhang,Honghong Jiang,Aleksander J. Kavs

DOI: https://doi.org/10.1007/978-3-642-13067-0_44

2010-01-01

Abstract:Reliability is one of the most important quality dimensions for web services Current reliability models for composite web service assume the statistical independence of its component web services, which is often not the case In this paper, we research on the reliability correlation of component web services by identifying common-cause failures (CCF) and propose a tree-based reliability model for composite web service We also present the method to estimate overall reliability of composite web service based on our reliability model Evaluation shows that our method can improve the accuracy of reliability estimation for composite web service and is particularly valuable when designing fault-tolerant service-based system.

QIN Zhiguang,SONG Xu,GENG Ji,CHEN Wei

DOI: https://doi.org/10.3724/sp.j.1087.2013.00400

2013-01-01

Journal of Computer Applications

Abstract:Current survivability models can hardly bring up a practical solution,nor reflect the properties of Web applications.Firstly,the properties of Web applications were analyzed,especially the differences between atomic Web applications and composite Web applications.Secondly,the mathematical model reflecting the invoking relationship of the atomic Web applications for the development of composite Web application was constructed.Lastly,a survivability model for atomic Web applications and a Markov-based survivability model for composite Web applications with regard to runtime environment were proposed.And on the basis of these models,a recovery approach for Web applications was given,when part or all of the functions failed in adverse environment.Besides,a case was analyzed using these models,and its recovery procedures were given,in which the high survivability was guaranteed.

WANG Shu-peng,YUN Xiao-chun,YU Xiang-zhan

DOI: https://doi.org/10.3321/j.issn:0367-6234.2007.03.030

2007-01-01

Abstract:System survivability is a new security theory,which has become an important issue in the area of network security.Survivability enhancement is a significant issue in the research field of system survivability. In this paper methods and principal underlying techniques to enhance system survivability are analyzed,the current research situation and open problems of them are discussed,two typical survivable systems are given,and finally research trends in this area are addressed.

Yanjun Shu,Decheng Zuo,Hongwei Liu,Quan Z. Sheng,Wei Emma Zhang,Jian Yang

DOI: https://doi.org/10.1007/978-3-319-69035-3_35

2017-01-01

Abstract:Reliability is critical for choosing, ranking and composing Web services. However, some common situations, such as fault-tolerant strategies and the dynamic operational profile, are not considered in existing reliability analysis. To solve these problems, a tree-based composition structure model is proposed, which is called the Fault-tolerant Composite Web Services Tree (FCWS-T). We separate the nodes in FCWS-T into two types, namely the control nodes and the service nodes, leading to the representation of various composition structures can be explicitly performed. Then, a reliability simulation method is proposed based on FCWS-T and it can effectively analyze the reliability of a complex Web service. Experiments on a financial management service show the effectiveness of our approach for fault-tolerant Web service compositions.

甘早斌,吴平,路松峰,李瑞轩

DOI: https://doi.org/10.3969/j.issn.1671-0428.2006.11.013

2007-01-01

Abstract:This paper extended the attack tree model,and proposed a new quantitative risk evaluation method.While the risk value of the leaf node(atomic attack) was quantified,the multi-attribute utility theory was adopted,which could make the result more reasonable.Presented all algorithms for each steps of this new evaluation method that offered a good foundation for the implementation of the automatic evaluation tool.

Suguo Du,Haojin Zhu

DOI: https://doi.org/10.1007/978-1-4614-9357-0_3

2013-01-01

Abstract:In this Chapter, we present an attack-defense tree model for VANETs security and privacy problems, which considered both attacker's and defender's strategies. We also introduce two concepts of Return on Attack and Return on Investment to represent the potential gain from launching an attack or adopting a countermeasure. Both the attack-defense tree and the introduced concepts are preparation work for the attack-defense game analysis of later work in Chap. 4.

Xueqin Gao,Tao Shang,Da Li,Jianwei Liu

DOI: https://doi.org/10.1109/pst55820.2022.9851965

2022-01-01

Abstract:SCADA systems are one of the critical infrastructures and face many security threats. Attackers can control SCADA systems through network attacks, destroying the normal operation of the power system. It is important to conduct a risk assessment of security threats on SCADA systems. However, existing models for risk assessment using attack trees mainly focus on describing possible intrusions rather than the interaction between threats and defenses. In this paper, we comprehensively consider intrusion likelihood and defense capability and propose a quantitative risk assessment model of security threats based on attack countermeasure tree (ACT). Each leaf node in ACT contains two attributes: exploitable vulnerabilities and defense countermeasures. An attack scenario can be constructed by means of traversing the leaf nodes. We set up six indicators to evaluate the impact of security threats in attack scenarios according to NISTIR 7628 standard. Experimental results show the attack probability of security threats and high-risk attack scenarios in SCADA systems. We can improve defense countermeasures to protect against security threats corresponding to high-risk scenarios. In addition, the model can continually update risk assessments based on the implementation of the system’s defensive countermeasures.

Zhang Kai-lun,Tang Quan,Zhang Hong-gang

DOI: https://doi.org/10.1109/ispec50848.2020.9351155

2020-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in the Energy Internet, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the definition of vulnerability sensitivity, which can quantitatively evaluate the effects of changes in the leaf vulnerability on the system, so as to find out the critical port.