Survivable information storage systems

Dept. of Electr. & Comput. Eng., Carnegie Mellon Univ., Pittsburgh, PA
Computer (Impact Factor: 1.68). 09/2000; DOI: 10.1109/2.863969
Source: DBLP

ABSTRACT As society increasingly relies on digitally stored and accessed
information, supporting the availability, integrity and confidentiality
of this information is crucial. We need systems in which users can
securely store critical information, ensuring that it persists, is
continuously accessible, cannot be destroyed and is kept confidential. A
survivable storage system would provide these guarantees over time and
despite malicious compromises of storage node subsets. The PASIS
architecture flexibly and efficiently combines proven technologies
(decentralized storage system technologies, data redundancy and
encoding, and dynamic self-maintenance) for constructing information
storage systems whose availability, confidentiality and integrity
policies can survive component failures and malicious attacks

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The threats faced by data storage infrastructures can be broadly categorized into two classes - break-ins and data loss. Unfortunately, defenses against break-ins tend to increase the risk of data loss, and vice versa. We introduce configurations as a model for quantifying and managing the break-in and data loss risks faced by a secure data storage system. Configurations can also be used in making technology investment decisions within the Gordon-Loeb framework.
  • [Show abstract] [Hide abstract]
    ABSTRACT: Users often need to acquire external software systems or link other software components to their existing systems. It is crucial that those software objects are trustworthy and will not compromise the survivability of the existing systems, particularly for those systems used to support mission-critical services in national defense, healthcare, and financial services. This paper presents a logical framework for proof-carrying survivability: (1) a system user publishes their survivability requirement policy for the system in which they are interested, (2) a system provider collects verification evidence from third-party evaluators, formulates survivability compliance, and compiles a proof to show that their system satisfies the user's requirements, and finally, (3) the system user verifies that the proof is valid. If so, the system can be safely acquired or linked without sacrificing the survivability of the existing system. We specify an application specific logic to facilitate proof compliance and verification. We implemented the framework to show that the proof can be generated automatically by a prover program and verified mechanically in real time by a trustworthy checker program.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Worms cause correlated failure of many systems in a short span of time. Therefore, automated defensive approaches have been proposed to counter growth of worms. However, in addition to worms, many other kinds of cyber-attacks also exhibit significant correlation, albeit with slightly dierent properties. We argue that those specific correlation properties manifest because of the interaction between the attacker and the defender strategies. We survey the design space of defensive approaches and observe the extent of clustering (correlation) in attacks that these approaches are likely to induce. We highlight the implications of attack clustering on individual firms deploying these various approaches and also on global actors like government and cyber-insurance providers. We use 19 months of honeynet attack data to estimate clustering for some non-worm type attacks.

Full-text (4 Sources)

Available from
May 27, 2014