Integration Problems in Fault-Tolerant, Secure Computer Design

  • Mark K. Joseph
Part of the Dependable Computing and Fault-Tolerant Systems book series (DEPENDABLECOMP, volume 4)


This chapter explores part of what has been termed “secure fault tolerance” [34]. Essentially, this involves ensuring that the fault-tolerance techniques used in a fault-tolerant, secure computer design do not accidentally nor deliberately violate its security policy. The impact that fault tolerance and computer security have on each other is discussed.


Fault Tolerance Integration Problem Timing Channel Covert Channel Concurrent Error Detection 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    P.E.Ammann, and J.C.Knight, “Data Diversity: An Approach to Software Fault Tolerance”, 17th Int’l Symp. on Fault-Tolerant Computing, July 1987, pp.122–126.Google Scholar
  2. [2]
    H.Ando, “Testing VLSI with Random Access Scan”, Proc. COMPCON 1980, pp.50–52.Google Scholar
  3. [3]
    A.Avizienis, “Fault-Tolerant Computing Systems”, UCLA Class Notes, Computer Science Department, Jan. 1985.Google Scholar
  4. [4]
    A.Avizienis, “The N-Version Approach to Fault-Tolerant Software”, IEEE Trans. on Soft. Eng., Vol. SE-11, No. 12, Dec. 1985, pp.1491–1501.CrossRefGoogle Scholar
  5. [5]
    K.J.Biba, “Integrity Considerations for Secure Computer Systems”, Mitre Technical Report TR-3153, Mitre Corp., Bedford, MA., April 1977.Google Scholar
  6. [6]
    D.D.Clark, and D.R.Wilson, “A Comparison of Commercial and Military Computer Security Policies”, IEEE Symp. on Security and Privacy, April 1987, pp.184–194.Google Scholar
  7. [7]
    D.E.Denning, “An Intrusion-Detection Model”, IEEE Symp. on Security and Privacy, April 1986, pp.118–131.Google Scholar
  8. [8]
    Y.Deswarte et al., “A Saturation Network to Tolerate Faults and Intrusions”, IEEE 5th Symp. on Reliability in Distributed Software and Database Systems, Jan. 1986, pp.74–81.Google Scholar
  9. [9]
    J.E.Dobson, and B.Randell, “Building Reliable Secure Computing Systems out of Unreliable Insecure Components”, IEEE Symp. on Security and Privacy, April 1986, pp.187–193.Google Scholar
  10. [10]
    Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD, Dec. 1985.Google Scholar
  11. [11]
    A Guide to Understanding Audit in Trusted Systems, NCSC-TG-001, Version-2, June 1988.Google Scholar
  12. [12]
    J.M.Fray, Y.Deswarte, and D.Powell, “Intrusion-Tolerance Using Fine-Grain Fragmentation-Scattering”, IEEE Symp. on Security and Privacy, April 1986, pp. 194–201.Google Scholar
  13. [13]
    S.Funatsu et al, “Designing Digital Circuits with Easily Testable Consideration”, Proc. Int’l Test Conf., 1978, pp.98–102.Google Scholar
  14. [14]
    M.Gasser, Building A Secure Computer System, Van Nostrand Reinhold, New York, 1988.Google Scholar
  15. [15]
    V.D.Gligor, “A Note on the Denial-of-Service Problem”, IEEE Symp. on Security and Privacy, April 1983, pp. 139–149.Google Scholar
  16. [16]
    V.D.Gligor, “Denial-of-Service Implications for Computer Networks”, Proc. DoD Computer Security Center Invitational Workshop on Network Security, March 1985, pp.9-33–9-48.Google Scholar
  17. [17]
    D.K.Hsiao, D.S.Kerr, and S.E.Madnick, Computer Security, Academic Press, New York, 1979.Google Scholar
  18. [18]
    Intel, iAPX 286 Programmer’s Reference Manual, Santa Clara, California, 1983.Google Scholar
  19. [19]
    M.K.Joseph, “Towards the Elimination of the Effects of Malicious Logic: Fault Tolerance Approaches”, 10th National Computer Security Conf., Sept. 1987, pp.238–244.Google Scholar
  20. [20]
    M.K.Joseph, and A.Avizienis, “A Fault Tolerance Approach to Computer Viruses”, IEEE Symp. on Security and Privacy, April 1988, pp.52–58.Google Scholar
  21. [21]
    M.K.Joseph, “Architectural Issues in Fault-Tolerant, Secure Computing Systems”, Ph.D. dissertation, University of California, Los Angeles, CA., Technical Report CSD-880047, June 1988.Google Scholar
  22. [22]
    R.A.Kemmerer, “Shared Resource Matrix Methodology: An Approach to Identifying Storage and Timing Channels”, ACM Trans. on Computer Systems, Vol. 1, No. 3, August 1983, pp.256–277.CrossRefGoogle Scholar
  23. [23]
    R.E.Kuehn, “Computer Redundancy: Design, Performance, and Future”, IEEE Trans. on Reliability, Vol. R-18, No. 1, Feb. 1969, pp.3–11.CrossRefGoogle Scholar
  24. [24]
    B.W.Lampson, “A Note on the Confinement Problem”, Comm. of the ACM, Vol. 16, No. 10, Oct. 1973, pp.613–615.CrossRefGoogle Scholar
  25. [25]
    J.C.Laprie, “Dependability: A Unifying Concept for Reliable Computing and Fault Tolerance”, Chapter 1, Dependability of Resilient Computers, T.Anderson editor, BSP Professional Books, Boston, Mass., 1989, pp.1–28.Google Scholar
  26. [26]
    A.Mahmood, and E.J.McCluskey, “Concurrent Error Detection Using Watchdog Processors-A Survey”, IEEE Trans. on Computers, Vol. C-37, No. 2, Feb. 1988, pp. 160–174.CrossRefGoogle Scholar
  27. [27]
    P.G.Neumann, “On Hierarchical Design of Computer Systems for Critical Applications”, IEEE Trans. on Soft. Eng., Vol. SE-12, No. 9, Sept. 1986, pp.905–920.Google Scholar
  28. [28]
    B.M.Ozaki, E.B.Fernandez, and E.Gudes, “Software Fault Tolerance in Architectures with Hierarchical Protection Levels”, IEEE MICRO, Vol. 8, No. 4, August 1988, pp.30–43.CrossRefGoogle Scholar
  29. [29]
    B.Randell, “System Structure for Software Fault Tolerance”, IEEE Trans. on Soft. Eng., Vol. SE-1, No. 2, March 1975, pp.220–232.Google Scholar
  30. [30]
    M.Schaefer et al., “Program Confinement in KVM/370”, Proc. ACM National Conf., Oct. 1977, pp.404–410.Google Scholar
  31. [31]
    E.H.Spafford, “The Internet Worm Program: An Analysis”, Purdue Univ., Dept. of Computer Science Technical Report CSD-TR-823, Nov. 1988.Google Scholar
  32. [32]
    L.A.Stolte, and N.C.Berglund, “Design for Testability of the IBM System/38”, Proc. Int’l Test Conf., 1979, pp.29–36.Google Scholar
  33. [33]
    D.J.Taylor, D.E.Morgan, and J.P.Black, “Redundancy in Data Structures: Improving Software Fault Tolerance”, IEEE Trans. on Soft. Eng., Vol. SE-6, No. 6, Nov. 1980, pp.585–594.MathSciNetCrossRefGoogle Scholar
  34. [34]
    R.Turn, and J.Habibi, “On the Interactions of Security and Fault Tolerance”, 9th National Computer Security Conf., Sept. 1986, pp.138–142.Google Scholar
  35. [35]
    M.J.Y.Williams, and J.B.Angell, “Enhancing Testability of Large-Scale Integrated Circuits via Test Points and Additional Logic”, IEEE Trans. on Computers, Vol. C-22, No. 1, Jan. 1973, pp.46–60.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag/Wien 1991

Authors and Affiliations

  • Mark K. Joseph
    • 1
  1. 1.Los AngelesUSA

Personalised recommendations