Abstract
B. Randell has been instrumental, with others, in the definition of the dependability framework. Initially thought of with a strong emphasis on accidental faults, it has paid more attention over the years to intentional ones and, thus, to classical security concepts as well. Recently, a couple of incidents have received a lot of attention: the Hydraq and Stuxnet worms outbreaks. They have been used to highlight what is being presented as a new and growing security concern, namely the so-called advanced persistent threats (a.k.a. apts). In this paper, we analyse how resilient the historical dependability framework can be with respect to these sudden changes in the threats landscape. We do this by offering a very brief summary of the concepts of interest for this discussion. Then we look into the Hydraq and Stuxnet incidents to identify their novel characteristics. We use these recent cases to figure out if the existing taxonomy is adequate to reason about these new threats. We eventually conclude this chapter by proposing some future avenues for research in that space.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical report (1980)
Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transactions on Dependable and Secure Computing 1(1) (January-March 2004)
Dacier, M. (ed.): Design of an Intrusion-Tolerant Intrusion Detection System. Deliverable D21 of the European funded project maftia (ist-1999-11583), 111 pages (January 31, 2003)
Daly, M.K.: Advanced Persistent Threat (or Informationized Force Operations). In: 23rd Large Installation System Administration Conference (lisa), Usenix, Baltimore, MD, USA (November 4, 2009)
Debar, H., Dacier, M., Wespi, A.: A revised taxonomy for intrusion-detection systems. Annals of Telecommunications 55(7-8), 361–378 (2000), doi:10.1007/BF02994844
Falliere, N., O Murchu, L., Chien, E.: W32.Stuxnet Dossier. Symantec White paper, v.1.4, 68 pages (February 2011), http://www.symantec.com/connect/blogs/w32stuxnet-dossier
Ferrer, Z., Ferrer, M.C.: In-depth Analysis of Hydraq, The face of cyberwar enemies unfolds. ca isbu-isi white paper, 37 pages (March 12, 2010)
Laprie, J.-C. (ed.): Dependability: Basic Concepts and Terminology. Springer, Heidelberg (1992)
Laprie, J.-C.: From Dependability to Resilience. The 38th Annual ieee/ifip International Conference on Dependable Systems and Networks, dsn 2008, Fast Abstract session, Anchorage, Alaska, USA (June 24-27, 2008)
Powell, D., Stroud, R. (eds.): Conceptual Model and Architecture of maftia. Deliverable D21 of the European funded project maftia (ist-1999-11583), 111 pages (January 31, 2003)
Somaini, J.: How to Combat the Cyber Espionage Threat. Industry Perspectives News article, Symantec, http://eval.symantec.com/mktginfo/enterprise/articles/b-article_how_to_combat_espionage_threat.en-us.pdf
Treadstone: The mythical Beast That Hides in Your Closet, white paper http://www.treadstone71.com/whitepapers/TheMythicalBeastThatHidesinYourCloset.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Dacier, M. (2011). On the Resilience of the Dependability Framework to the Intrusion of New Security Threats. In: Jones, C.B., Lloyd, J.L. (eds) Dependable and Historic Computing. Lecture Notes in Computer Science, vol 6875. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24541-1_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-24541-1_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24540-4
Online ISBN: 978-3-642-24541-1
eBook Packages: Computer ScienceComputer Science (R0)