Model-Based Diagnosis for Information Survivability

Abstract

The Infrastructure of modern society is controlled by software systems that are vulnerable to attack. Successful attacks on these systems can lead to catastrophic results; the survivability of such information systems in the face of attacks is therefore an area of extreme importance to society. This paper presents model-based techniques for the diagnosis of potentially compromised software systems; these techniques can be used to aid the self-diagnosis and recovery from failure of critical software systems. It introduces Information Survivability as a new domain of application for model-based diagnosis and it presents new modeling and reasoning techniques relevant to the domain. In particular: (1) We develop techniques for the diagnosis of compromised software systems (previous work on model-base diagnosis has been primarily concerned with physical components); (2) We develop methods for dealing with model-based diagnosis as a mixture of symbolic and Bayesian inference; (3) We develop techniques for dealing with common-mode failures; (4) We develop unified representational techniques for reasoning about information attacks, the vulnerabilities and compromises of computational resources, and the observed behavior of computations; (5) We highlight additional information that should be part of the goal of model-based diagnosis.

Document Details

Document Type

Technical Report

Publication Date

May 04, 2002

Accession Number

ADP012698

Entities

Tags