Trustworthy Refinement Through Intrusion-Aware Design

High confidence in a system's survivability requires an accurate understanding of the system's threat environment and the impact of that environment on system operations. Unfortunately, existing development methods for secure and survivable information systems often employ a patchwork approach in which the focus is on deciding which popular security components to integrate rather than making a rational assessment of how to address the attacks that are likely to compromise the overall mission. This report proposes an intrusion-aware design model called trustworthy refinement through intrusion-aware design (TRIAD). TRIAD helps information system decision makers formulate and maintain a coherent, justifiable, and affordable survivability strategy that addresses mission-compromising threats for their organization. TRIAD also helps in evaluating and maintaining an information system design in terms of its ability to implement a survivability strategy. This report demonstrates the application of TRIAD to the refinement of a survivability strategy for a business that sells products over the Internet.

TRIAD provides a solid foundation for the further refinement, experimentation, and validation of an approach to exploit knowledge of intruder behavior to improve system architecture design and operations. Ultimately, with effective tool support and evidence of its efficacy, TRIAD will be integrated with more comprehensive life-cycle models for the development and maintenance of high-confidence systems.

PDF [1363 KB]

Authors

Robert J. Ellison

Andrew P. Moore

This report is related to the following area(s) of work:

Security and Survivability

Technical Report
CMU/SEI-2003-TR-002
October 2002

Cite This Report

SEI:

Ellison, Robert; & Moore, Andrew. Trustworthy Refinement Through Intrusion-Aware Design (CMU/SEI-2003-TR-002). Software Engineering Institute, Carnegie Mellon University, 2002. http://www.sei.cmu.edu/library/abstracts/reports/03tr002.cfm

IEEE:

R. Ellison, and A. Moore, "Trustworthy Refinement Through Intrusion-Aware Design," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2003-TR-002, 2002. http://www.sei.cmu.edu/library/abstracts/reports/03tr002.cfm

APA:

Ellison, R., & Moore, A. (2002). Trustworthy Refinement Through Intrusion-Aware Design (CMU/SEI-2003-TR-002). Retrieved June 19, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/03tr002.cfm

CHI:

Ellison, Robert, and Andrew Moore. Trustworthy Refinement Through Intrusion-Aware Design (CMU/SEI-2003-TR-002). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2002. http://www.sei.cmu.edu/library/abstracts/reports/03tr002.cfm

MLA:

Ellison, R., & Moore, A. 2002. Trustworthy Refinement Through Intrusion-Aware Design (Technical Report CMU/SEI-2003-TR-002). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/03tr002.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.