Resilience Flashcards
What is meant by resilience (defined)
Meaning: The resilience of a system is a judgement of how well that system can maintain the continuity of its critical services in the presence of disruptive events, such as equipment failure and cyberattacks.
Looks at whether:
* The overall system (people,
equipment and processes) was
resilient.
* It adapted to cope with and
recover from failure.
Note: Resilience is seen as a new attribute of dependability
Notes on the Ideas behind resilience?
- Some offered services are critical, and their failure can have serious human, social or economic effects
- Some events are disruptive and can affect the ability of a system to deliver its critical services
- It is a judgement - there is no metric and it cannot be measured.
- Initially within safety-critical systems, resilience was focused around understanding factors that lead to accidents being avoided and survived.
- With an increasing number of cyberattacks on networks it is now also a security issue…
How are faults managed in relation to resilience?
Resilience engineering is concerned with limiting the costs of these failures and recovering from them.
Note: Resilience engineering assumes good reliability engineering practices have been
used to minimise the number of technical faults in the system.
Key Note: More emphasis on failures that arise from external events (operator errors or
cyberattacks)
Idea behind thesis:
* Faults will always be present in large, complex systems, and may lead to system failure.
- Delivery schedules, testing budgets, pressure…
- Impossible to detect all of the faults and security vulnerabilities in a software system
What is meant by ‘Design Guidelines’ for security Engineering
Meaning: A set of guidelines that aid the developer/designer to make design decisions in developing secure systems.
Design guidelines generally involve:
- Raise awareness of security
issues in a software engineering
team. Security is considered
when design decisions are
made. - Can be used as the basis of a
review checklist that is applied
during the system validation
process.
Name and Describe each Design Guideline for Security Engineering?
Base decisions on an explicit security policy:
- Define a security policy for the
organisation that sets out the
fundamental security
requirements that should apply
to all organisational systems.
Avoid a single point of failure:
- Ensure that a security failure
can only result when there is
more than one failure in
security procedures. For
example, have password and
question- based authentication.
Fail securely:
- When systems fail, for whatever
reason, ensure that sensitive
information cannot be
accessed by unauthorised users
even though normal security
procedures are unavailable.
Balance security and usability:
- Try to avoid security procedures
that make the system difficult to
use. Sometimes you have to
accept weaker security to make
the system more usable.
Log user actions:
- Maintain a log of user actions
that can be analysed to discover
who did what. If users know
about such a log, they are less
likely to behave in an
irresponsible way.
Use redundancy and diversity to reduce risk:
- Keep multiple copies of data
and use diverse infrastructure
so that an infrastructure
vulnerability cannot be the
single point of failure.
Validate all inputs:
- Check that all inputs are within
range so that unexpected inputs
cannot cause problems.
Compartmentalise your assets:
- Organise the system so that
assets are in separate areas and
users only have access to the
information that they need
rather than all system
information.
Design for deployment
- Design the system to avoid
deployment problems
Design for recoverability
- Design the system to simplify
recoverability after a successful
attack
What is meant by Deployment in relation to software?
Meaning: Involves configuring software to operate in its working environment, installing the system and configuring it for the operational platform.
Note: Vulnerabilities may be introduced at this stage as a result of configuration mistakes.
Note: Designing deployment support into the system can reduce the probability that
vulnerabilities will be introduced.
Name all parts of the Software Deployment process?
- Understand and define the system’s operational environment
- Configure software with environment details.
- Install software on computers where it will operate.
- Configure software with computer details.
Name and describe the configuration vulnerabilities?
Vulnerable default Settings:
* Attackers can find out the
default settings for software. If
these are weak (often to
increase usability) then they can
be exploited by users when
attacking a system.
Development rather than deployment
* Some configuration settings in systems are designed to support development and debugging. If these are not turned off, they can be a vulnerability that can be exploited by attackers.
Access permissions
* Access permissions to system
assets may be set incorrectly
Name and describe the different ways we can aid deployment support? (4 ways)
Include support for viewing and analysing congurations
* Make sure that a system
administrator responsible for
deployment can easily view the
entire configuration. This makes
it easier to spot omissions and
errors that have been made.
Localise configuration settings
* When setting up a system, all information that is relevant to the same part or component of a system should be localised so that it is all set up at once.
* Otherwise, it is easy to forget to set up related security features.
Minimise default privileges and thus limit the damage that might be caused
* Design the system so that the default privileges for an administrator are
minimised. This means that if someone gains admin access, they do not have immediate access to the features of the system.
Provide easy ways to x security vulnerabilities
* When problems are detected, provide easy ways, such as auto-updating, to repair security vulnerabilities in the deployed systems.
What is meant by system resilience in relation to emergent property?
Meaning: Resilience (or survivability) is an emergent system property that reflects the
systems ability to deliver essential services whilst it is under attack or after
part of the system has been damaged.
Note: Resilience analysis and design should be part of the security engineering process.
Why is Resilience an important property to critical systems?
Our economic and social lives are dependent on computer systems
- Critical infrastructure –electricity, gas, telecommunications, transport
- Healthcare
- Government
Loss of business systems for even a short time can have very severe economic effects:
* Airline reservation systems,
E-commerce systems,
Payment systems
Things worth thinking about:
* Which system services are the most critical for a business?
* How might these services be compromised?
* What is the minimal quality of service that must be maintained?
* How can these services be protected?
* If a service becomes unavailable, how quickly can it be recovered?
Name and Describe three key resilience strategies to ensure resilience of a system?
Resistance
* Avoiding problems by building capabilities into the system to resist attacks.
Recognition
* Detecting problems by building capabilities into the system to detect attacks and failures and assess the resultant damage.
Recovery
* Tolerating problems by building capabilities into the system to deliver services whilst under attack.
Name all stages of resilience analysis?
- Review System Requirements and Architecture.
- Identify critical services and components.
- Identify attacks and compromisable components.
- Identify soft-spots and survivability strategies.
What are the key activities involved in security engineering?
- System understanding
- Review goals, requirements
and architecture
- Review goals, requirements
- Critical service identification
- Identify services that must be
maintained
- Identify services that must be
- Attack simulation
- Devise attack scenarios and
identify components affected
- Devise attack scenarios and
- Resilience analysis
- Identify resilience strategies to
be applied
- Identify resilience strategies to
What is meant by software doping?
Meaning: A hidden functionality in the software that the resulting behaviour servers another hidden (third party) interest, or against the interest of the user.
Note: Characterising software doping is important as more and more software is embedded in various devices
Note: Software runs on hardware. Software is licensed to the hardware owner. No physical nor logical control over the software - and sometimes software does not even run locally but in the cloud.
Note: The promised functionality may differ from what it should be . sometimes accidentally but sometimes intentionally to favour a third party.
