Xuegang Lin,Miaoliang Zhu,Rongsheng Xu

DOI: https://doi.org/10.1109/ICITA.2005.17

2005-01-01

Abstract:Information system survivability should be analyzed quantitatively for evaluating and grading accurately. A finite state machine whose state is described by a hierarchical structure presents quantification model. To quantify more objectively, a test-based framework is introduced by five key steps based on SNA method, which is achieved by computer's aid mostly for reducing man factor. Survivability is computed through resistance, recognition and recovery in detail by a hierarchical process. This framework is more practicable for system's hierarchical state, which avoids dividing the state space.

XueGang Lin,Rongsheng Xu,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICACT.2005.245839

2005-01-01

Abstract:Information system plays an important role in modern society, and its performance of survivability is a vital attribute for people. Based on the relation between system and environment, survivability analysis model is divided into three models: environment, system and analysis model. Then, survivability is computed through resistance, recognition and recovery under each environment that system should stand by a hierarchical analysis process. Finally, the general analysis method is given to describe the entire process of analyzing information system survivability. The three models and quantitative analysis method is practicable for parameters involved are measurable and the method is modularized.

LIN Xue-gang,ZHU Miao-liang,XU Rong-sheng

DOI: https://doi.org/10.3785/j.issn.1008-973x.2006.11.026

2006-01-01

Abstract:An analysis model based on finite state machine and hierarchical system state was presented to quantitatively compute information system's survivability.The survivability was computed through system definition and system survivability test.The system was defined by a service-centered hierarchical structure,and the survivability test was carried out based on event classification and gradation.Then the survivability was obtained through computing resistibility,recognizability and recoverability layer by layer.Demonstration shows that this layered state-based computation is more practicable and programmable than the traditional system state based models for avoiding defining and analyzing system state directly.

Xuegang Lin,Rongsheng Xu,Miaoliang Zhu

DOI: https://doi.org/10.1007/11596981_59

2005-01-01

Abstract:Survivability should be considered beyond security for networked information systems, which emphasizes the ability of continuing providing services timely in malicious environment. As an open complex system, networked information system is presented by a service-oriented hierarchical structure, and fault scenarios are thought of as stimulations that environment impact on systems while changes of system services’ performance as system reaction. Survivability test is done according to a test scheme which is composed of events, atomic missions, fault scenarios and services. Survivability is computed layer by layer based on the result of survivability test through three specifications (resistance, recognition and recovery). This computation method is more practicable than traditional state-based method for it converts direct defining system states and computing state transition into a layered computation process.

He Ming,Qiu Hang-ping,Hu Ai-qun,Quan Ji-Chuan

DOI: https://doi.org/10.1109/ICCET.2009.246

2009-01-01

Abstract:We propose a general survivability quantification framework which is applicable to a wide range of information system architectures and applications. We show how this framework can be used to derive survivability measures based on different definitions and extend it to other measures not covered by current definitions which can provide helpful information for better understanding of system steady state and transient behaviors under failures/attacks. Markov models Also, this paper puts forward a survivability evaluation model, SQEM (survivability quantitative evaluation model), which is developed and solved to depict various aspects of information system survivability. Then it defines the measurement factors and parses the survivability mathematically, introduces state change probability and the idea of setting the weights of survivability factors dynamically into the evaluating process of SQEM, which improved the accuracy of evaluation. An example is presented to illustrate the way SQEM works, which demonstrated the validity and feasibility of the method.

Yi REN,Zhi-ting XIAO,Jun-ping CAI

DOI: https://doi.org/10.3969/j.issn.1006-9348.2005.05.020

2005-01-01

Abstract:AbstrcatSurvivability based on related fields of study , such as security , reliability , reusability etc. , is one of the important characteristics of information system . In this paper , first the properties of survivability have been analysed , and simulation model reflecting the elements of survivability is studied. Second , network attack incident and restore procedure must simultaneously be taken into consideration because the two kinds of actions mentioned effect the survivability. Third , the method used to calculate system state transition matrix is proposed in the research. The state transition is brought by network attack incident and restore procedure. The next , the main flow of the simulation of survivability is illustrated. Finally , it is believed that the analysis deriving from the result of the simulation of information system survivability should be the fundation used to adjust and enhance information system survivability.

包秀国,胡铭曾,张宏莉,张绍瑞

DOI: https://doi.org/10.3321/j.issn:1000-436x.2004.09.006

2004-01-01

Abstract:Although telecommunication network survivability analysis techniques have developed for years, the effective techniques to quantitatively evaluate survivability of various distributed application systems, like network security management systems(NSMS), which are built over telecommunication networks are urgently demanded. In this paper, two methods for performing NSMS survivability analysis are presented. In the first method, a graph-based model is built through analyzing system dataflow, and the survivability is computed with the graph connectivity. In the second, a process-based model is built through analyzing system dataflow, and the survivability is assessed by statistics of the Monte Carlo experiment data. Our experiences show that the second method is practical for survivability quantitative analysis of complex systems with the development of grids technology.

Yongxin Zhao,Yanhong Huang,Qin Li,Huibiao Zhu,Jifeng He,Jianwen Li,Xi Wu

DOI: https://doi.org/10.1587/transinf.2013edp7339

2014-01-01

IEICE Transactions on Information and Systems

Abstract:Survivability is an essential requirement of the networked information systems analogous to the dependability. The definition of survivability proposed by Knight in [16] provides a rigorous way to define the concept. However, the Knight's specification does not provide a behavior model of the system as well as a verification framework for determining the survivability of a system satisfying a given specification. This paper proposes a complete formal framework for specifying and verifying the concept of system survivability on the basis of Knight's research. A computable probabilistic model is proposed to specify the functions and services of a networked information system. A quantified survivability specification is proposed to indicate the requirement of the survivability. A probabilistic refinement relation is defined to determine the survivability of the system. The framework is then demonstrated with three case studies: the restaurant system (RES), the Warship Command and Control system (LWC) and the Command-and-Control (C2) system.

Jipeng Huang,Jianhui Jiang,Liyuan Zhang

DOI: https://doi.org/10.1109/ICCEA.2010.163

2010-01-01

Abstract:A novel survivability quantitative evaluation model is presented here. Survivability is viewed as the capability of the system to deliver certain degree of services in the advent of failure. In the model, survivability is computed as the probability that the system can stay in some states where if the system are confronted with failure, it still has outage smaller than outage threshold, which is somewhat like specification. Different from previous work done by others, in this model, more consideration is put to transient analysis which can capture the system dynamic behavior that can make providers learn more about their own systems. And moreover, we perceive survivability quantitative value as the probability that the system is in states when the related expected service loss is below certain threshold. In our work, we still give an illustrative model that is related with the telephone network and there we also gives a general service loss computation method about telephone network. And then we conduct our experiments and obtain two groups of experimental results.

Ling Xiao,Zhitang Li,Yunhe Zhang,Meizhen Wang

DOI: https://doi.org/10.1109/etcs.2009.471

2009-01-01

Abstract:Society has become so dependent on information systems that provide the information underpinnings for critical infrastructure applications. With the development of network technology, these systems continue to emerge and grow, and have become unbounded networked systems that are highly distributed. But traditional security technology is not sufficient to deal with the protection and survivability of highly distributed information systems operating in unbounded networks 。Survivability research is the key to resolve the problem. This paper organizes and summarizes the current literatures and presents an overview of survivability research by discussing the definition, the various techniques and the estimate models of survivability, and finally, presents a conclusion and future work.

Qingtao Wu,Jie Chen,Ruijuan Zheng

2012-01-01

Abstract:A quantitative method for evaluating survivability of an autonomic intrusion tolerance system is proposed based on the features of the aforementioned system that are different from those of a common network security system. Four survivability evaluation criteria, namely, data confidentiality, data completion, service availability, and system autonomy, are built with quantization methods for their respective features after considering the effects of intrusion on the system as well as automatic intrusion tolerance functions. The survivability of an autonomic intrusion tolerance system is quantitatively calculated using the four criteria.

Leilei Chen,Qing Wang,Wei Xu,Liang Zhang

DOI: https://doi.org/10.1109/icws.2010.53

2010-01-01

Abstract:Survivability is crucial for computer systems that support critical infrastructures of our society. For those in paradigm of SOA where the computing settings are intrinsically open, traditional survivability model and safeguard mechanisms are no longer applicable. To rise to the challenge, we propose a formal definition and a corresponding framework to evaluate the survivability of SOA systems. We treat survivability as a multidimensional QoS property, and then give a holistic evaluation method based on the Hidden Markov Model.

DU Jun,JIANG Weihua,LI Weihua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.03.060

2007-01-01

Abstract:The paper presents a new kind of analysis method for computer system survivability which considers both exterior environment and interior components and their correlations.The method can describe the survivability more precisely and exactly.The priority using this method to security evaluation is also put forward.

夏秦,王志文,邹华峰,冯博琴

2010-01-01

Abstract:A recovery mechanism of survivability with components being basic fixed units is presented for information systems to overcome the deficiencies appeared in existing approaches on survivability recovery,such as undiversified method,solidified executing sequence and delayed recovery process. Services provided by a information system are classified into complete services,acceptable services and interrupted services according to the disabled extent of critical components,and the survivability models of services and the information system are built separately with availability of components. According to the affecting degree of disabled components on services,the recovery procedure is divided into two phases,recovering interrupted services by repairing critical components and improving acceptable services by repairing non-critical components. A survivability recovery experiment in a network teaching system shows that the proposed mechanism can determine the recovering actions and executing sequences depending on the survivability state of information systems. A comparison with the mechanism using serial recovery actions shows that the number of actions performed by the proposed mechanism is reduced from 9 to 3.

蔡均平,肖治庭,李雪冬

DOI: https://doi.org/10.3963/j.issn.1671-4431.2010.20.003

2010-01-01

Wuhan Ligong Daxue Xuebao/Journal of Wuhan University of Technology

Abstract:Quantitative evaluation of system survivability is an important basis for studying the survivability of Military Information Networks. Indexes system of survivability of Military Information Networks is analyzed. Theory of cloud model is introduced; the algorithm based on cloud model is presented. At last, evaluation results are obtained through an example, and the result shows this method is feasible to solve the transform between qualitative concepts and their quantitative expression.

SUN Xian-jun,ZHU Liang,GAO Zhi-min,LIN Chuang,LIU Wei-dong

2008-01-01

Abstract:Our society is heavily dependent on a wide variety of distributed information system.The essential service of distributed information system must be available even when undesirable events such as attack,network failures,or natural disasters happen.In this paper we assess the survivability of distributed information with essential service exposed to failures.We have developed analytic models using stochastic Petri net.In order to avoid state space explosion while addressing large networks we reduce our models firstly,then give a composite model by combining performance and recovery models.The modeling approaches are applied to an information system example.Finally,the simulation by Matlab shows us the measures of survivability varying with repair rate and failure rate clearly.

Wang Zhi-wen,Zou Hua-feng,Ke Lu,Qin Xia

DOI: https://doi.org/10.1109/ICCASM.2010.5620308

2010-01-01

Abstract:Survivability of information system is different with various techniques in dynamic work conditions, and which can be classified into multiple grades according to corresponding capability. In an information system, customer needs to pay different service fee at different survivability grade and provider must invest considerable money so as to keep a particular survivability grade. A game-theory based model is constructed by analyzing the action and profits of customer and provider who act as the two players. The mixed strategy Nash equilibrium are derived from the model and a control strategy for promoting survivability grade is devised, with which profits of provider can be maximized. An experiment was carried out in an information system simulated by 5 survivability grades and the results shows that the game-theoretic control strategy is reasonable to determine whether the survivability grade should be promoted by provider. © 2010 IEEE.

Zhiguo Zeng,Shijia Du,Yi Ding

DOI: https://doi.org/10.1016/j.apm.2020.08.066

IF: 5.336

2021-01-01

Applied Mathematical Modelling

Abstract:Most of existing resilience models assume that system performances are continuous. In this paper, we consider resilience modeling and analysis for multi-state systems, whose performances are characterized by discrete, rather than continuous variables. A non-homogeneous Semi-Markov reward process model is developed for resilience analysis of multi-state systems. In the developed model, system performance changes, caused by either disruptive events or system recoveries, are modeled as state transitions, and rewards are used to model financial losses incurred during and after the disruptions. Four resilience metrics are defined to quantify different aspects of resilience. As the developed model is non-homogeneous, it can capture time-dependent system behaviors and their impact on system resilience. An efficient resilience analysis algorithm is also designed based on linear interpolation and implemented using vectorization. The computational benefits of the developed algorithm are demonstrated through two numerical experiments. We apply the developed method on two practical case studies, an oil tank farm and a re-configurable computing system. The results show that the developed methods can quantify resilience of multi-state systems accurately and efficiently. (c) 2020 Elsevier Inc. All rights reserved.

Zhiwen Wang,Ke Lu,Huafeng Zou,Qin Xia

DOI: https://doi.org/10.1109/fcst.2010.49

2011-01-01

Abstract:A mechanism of survivability recovery, whereby component is the basic unit of being fixed, is presented for information system in this paper in order to overcome the deficiencies existed in approach on survivability recovery. Services provided in information system are classified into complete service, acceptable service and interrupted service by the degree of dependence on disable failed critical component. The survivability of information system is measured by availability of component. Procedure of survivability recovery can be divided into two phases in time domain. The first phase is to restore interrupted service by fixing the disabled critical components. Acceptable service can be perfected by fixing the disabled non-critical components in the second phase. The experiment is carried out by applying the mechanism mentioned above in a networked teaching system. The whole process of survivability recovery is demonstrated in detail. The results shows that it is effective to determine recovery actions and activating sequence, increase the capability of recovering rapidly and diversify methods of recovering survivability in information system. The work done by author has a major guiding significance in analyzing and recovering survivability for actual information systems.

GENG Ji,SONG Xu,CHEN Wei,QIN Zhi-guang

DOI: https://doi.org/10.3969/j.issn.1001-0548.2014.01.017

2014-01-01

Abstract:The security problems of software become more and more serious,and software survivability is an extension of software security researches. However, the survivability models can rarely bring out a practical method by now. In this paper, we consider the effect of different system structures and runtime environments on system survivability. Firstly, we construct a service survivability model by considering the effect of environment;secondly, we consider the relationship between the system structure and services and construct a model based on service survivability to reflect the system survivability. Finally, based on this model, a recovery approach is illustrated when parts of or all the system’s services are failed.