This Article 
 Bibliographic References 
 Add to: 
Basic Concepts and Taxonomy of Dependable and Secure Computing
January-March 2004 (vol. 1 no. 1)
pp. 11-33
This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures.

[1] T.F. Arnold, The Concept of Coverage and Its Effect on the Reliability Model of Repairable Systems IEEE Trans. Computers, vol. 22, no. 6, pp. 251-254, June 1973.
[2] D. Avresky, J. Arlat, J.C. Laprie, and Y. Crouzet, Fault Injection for Formal Testing of Fault Tolerance IEEE Trans. Reliability, vol. 45, no. 3, pp. 443-455, Sept. 1996.
[3] A. Avi ienis, Design of Fault-Tolerant Computers Proc. 1967 Fall Joint Computer Conf., AFIPS Conf. Proc., vol. 31, pp. 733-743, 1967.
[4] A. Avi ienis and L. Chen, On the Implementation of N-Version Programming for Software Fault Tolerance During Execution Proc. IEEE COMPSAC 77 Conf., pp. 149-155, Nov. 1977.
[5] A. Avi ienis and Y. He, Microprocessor Entomology: A Taxonomy of Design Faults in COTS Microprocessors Dependable Computing for Critical Applications 7, C.B. Weinstock and J. Rushby, eds., pp. 3-23, 1999.
[6] A. Avi ienis and J.P.J. Kelly, Fault Tolerance by Design Diversity: Concepts and Experiments Computer, vol. 17, no. 8, pp. 67-80, Aug. 1984.
[7] B.W. Boehm, Guidelines for Verifying and Validating Software Requirements and Design Specifications Proc. European Conf. Applied Information Technology (IFIP '79), pp. 711-719, Sept. 1979.
[8] W.G. Bouricius, W.C. Carter, and P.R. Schneider, Reliability Modeling Techniques for Self-Repairing Computer Systems Proc. 24th Nat'l Conf. ACM, pp. 295-309, 1969.
[9] C. Cachin, J. Camenisch, M. Dacier, Y. Deswarte, J. Dobson, D. Horne, K. Kursawe, J.C. Laprie, J.C. Lebraud, D. Long, T. McCutcheon, J. Muller, F. Petzold, B. Pfitzmann, D. Powell, B. Randell, M. Schunter, V. Shoup, P. Verissimo, G. Trouessin, R.J. Stroud, M. Waidner, and I. Welch, Malicious- and Accidental-Fault Tolerance in Internet Applications: Reference Model and Use Cases LAAS report no. 00280, MAFTIA, Project IST-1999-11583, p. 113, Aug. 2000.
[10] V. Castelli, R.E. Harper, P. Heidelberger, S.W. Hunter, K.S. Trivedi, K. Vaidyanathan, and W.P. Zeggert, Proactive Management of Software Aging IBM J. Research and Development, vol. 45, no. 2, pp. 311-332, Mar. 2001.
[11] Termes et Définitions Concernant la Qualitéde Service, la Disponibilitéet la fiabilité Recommandation G 106, CCITT, 1984.
[12] Information Technology Security Evaluation Criteria, Harmonized criteria of France, Germany, the Netherlands, the United Kingdom, Commission of the European Communities, 1991.
[13] R. Chillarege et al., "Orthogonal Defect Classification: A Concept for In-Process Measurements," IEEE Trans. Software Eng., Vol. 18, No. 11, Nov. 1992, pp. 943-956.
[14] F. Cristian, Understanding Fault-Tolerant Distributed Systems Comm. ACM, vol. 34, no. 2, pp. 56-78, 1991.
[15] H. Debar, M. Dacier, M. Nassehi, and A. Wespi, Fixed vs. Variable-Length Patterns for Detecting Suspicious Process Behavior Proc. Fifth European Symp. Research in Computer Security, Sept. 1998.
[16] R.J. Ellison, D.A. Fischer, R.C. Linger, H.F. Lipson, T. Longstaff, and N.R. Mead, Survivable Network Systems: An Emerging Discipline Technical Report CMU/SEI-97-TR-013, Carnegie Mellon Univ., May 1999.
[17] J.C. Fabre, V. Nicomette, T. Perennou, R.J. Stroud, and Z. Wu, Implementing Fault Tolerant Applications Using Reflective Object-Oriented Programming Proc 25th IEEE Int'l Symp. Fault-Tolerant Computing (FTCS-25), pp. 489-498, 1995.
[18] S. Forrest, S.A. Hofmeyr, A. Somayaji, and T.A. Longstaff, A Sense of Self for Unix Processes Proc. 1996 IEEE Symp. Security and Privacy, pp. 120-128, May 1996.
[19] A. Fox and D. Patterson, Self-Repairing Computers Scientific Am., vol. 288, no. 6, pp. 54-61, 2003.
[20] J.M. Fray, Y. Deswarte, and D. Powell, Intrusion Tolerance Using Fine-Grain Fragmentation-Scattering Proc. 1986 IEEE Symp. Security and Privacy, pp. 194-201, Apr. 1986.
[21] Fundamental Concepts of Fault Tolerance Proc. 12th IEEE Int'l Symp. Fault-Tolerant Computing (FTCS-12), pp. 3-38, June 1982.
[22] A.G. Ganek and T.A. Korbi, The Dawning of the Autonomic Computing Era IBM Systems J., vol. 42, no. 1, pp. 5-18, 2003.
[23] J.N. Gray, Why do Computers Stop and What Can Be Done About It? Proc. Fifth Symp. Reliability in Distributed Software and Database Systems, pp. 3-12, Jan. 1986.
[24] J. Gray, Functionality, Availability, Agility, Manageability, Scalability the New Priorities of Application Design Proc. Int'l Workshop High Performance Trans. Systems, Apr. 2001.
[25] R. Grigonis, Fault-Resilience for Communications Convergence Special Supplement to CMP Media's Converging Comm. Group, Spring 2001.
[26] J.E. Hosford, Measures of Dependability Operations Research, vol. 8, no. 1, pp. 204-206, 1960.
[27] Y. Huang, C. Kintala, N. Kolettis, and N.D. Fulton, Software Rejuvenation: Analysis, Module and Applications Proc. 25th IEEE Int'l Symp. Fault-Tolerant Computing, pp. 381-390, June 1995.
[28] Y. Huang and C. Kintala, Software Fault Tolerance in the Application Layer Software Fault Tolerance, M. Lyu, ed., pp. 231-248, 1995.
[29] Industrial-Process Measurement and Control Evaluation of System Properties for the Purpose of System Assessment, Part 5: Assessment of System Dependability, Draft, Publication 1069-5, Int’l Electrotechnical Commission (IEC) Secretariat, Feb. 1992.
[30] Functional Safety of Electical/Electronic/Programmable Electronic Safety-Related Systems IEC Standard 61505, 1998.
[31] Quality Concepts and Terminology part 1: Generic Terms and Definitions, Document ISO/TC 176/SC 1 N 93, Feb. 1992.
[32] Common Criteria for Information Technology Security Evaluation ISO/IEC Standard 15408, Aug. 1999.
[33] E.W. Chionh and R.N. Goldman, “Using Multivariate Resultants to Find the Implicit Equation of a Rational Surface,” The Visual Computer, Vol. 8, No. 3, Mar. 1992, pp. 171‐180.
[34] J. Johnson, Chaos: The Dollar Drain of IT Project Failures Application Development Trends, pp. 41-47, Jan. 1995.
[35] M.K. Joseph and A. Avi ienis, A Fault Tolerance Approach to Computer Viruses Proc. Symp. Security and Privacy, pp. 52-58, Apr. 1988.
[36] M.K. Joseph and A. Avi ienis, Software Fault Tolerance and Computer Security: A Shared Problem Proc. Ann. Joint Conf. Software Quality and Reliability, pp. 428-432, Mar. 1988.
[37] DBench Dependability Benchmarks DBench, Project IST-2000-25425, K. Kanoun et al., eds., pp. 233, May 2004.
[38] L. Lamport, R. Shostak, and M. Pease, The Byzantine Generals Problem ACM Trans. Programming Languages and Systems, vol. 4, no. 3, pp. 382-401, July 1982.
[39] C.E. Landwher, A.R. Bull, J.P. McDermott, and W.S. Choi, A Taxonomy of Computer Program Security Flaws ACM Computing Survey, vol. 26, no. 3, pp. 211-254, 1994.
[40] J.C. Laprie, Dependable Computing and Fault Tolerance: Concepts and Terminology Proc. 15th IEEE Int'l Symp. Fault-Tolerant Computing (FTCS-15), pp. 2-11, June 1985.
[41] Dependability: Basic Concepts and Terminology, J.C. Laprie, ed., Springer-Verlag, 1992.
[42] J.C. Laprie, Dependability Its Attributes, Impairments and Means Predictably Dependable Computing Systems, B. Randell et al., eds., pp. 3-24, 1995.
[43] N.A. Lynch, Distributed Algorithms. Morgan Kaufmann, 1996.
[44] J. McLean, A Comment on the‘Basic Security Theorem’of Bell and LaPadula Information Processing Letters, vol. 20, no. 2, pp. 67-70, 1985.
[45] J.F. Meyer, On Evaluating the Performability of Degradable Computing Systems Proc. Eighth IEEE Int'l Symp. Fault-Tolerant Computing (FTCS-8), pp. 44-49, June 1978.
[46] J. Musa, The Operational Profile in Software Reliability Engineering: An Overview Proc. Third IEEE Int'l Symp. Software Reliability Eng. (ISSRE '92), pp. 140-154, 1992.
[47] An Introduction to Computer Security: The NIST Handbook, Special Publication 800-12, Nat'l Inst. of Standards and Tech nology, 1995.
[48] National Science and Technology Council, Information Technology Frontiers for a New Millennium Supplement to the Prsident's FY 2000 Budget, 2000.
[49] R. Ortalo, Y. Deswarte, and M. Kaâniche, Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security IEEE Trans. Software Eng., vol. 25, pp. 633-650, Oct. 1999.
[50] D. Parnas, On the Criteria to be Used in Decomposing Systems into Modules Comm. ACM, vol. 15, no. 12, pp. 1053-1058, Dec. 1972.
[51] M.C. Paulk, B. Curtis, M.B. Chrissis, and C.V. Weber, Capability Maturity Model for Software Technical Reports CMU/SEI-93-TR-24, ESC-TR-93-177, Software Eng. Inst., Carnegie Mellon Univ., Feb. 1993.
[52] C.P. Pfleeger, Data Security Encyclopedia of Computer Science, A. Ralston et al., eds., Nature Publishing Group, pp. 504-507, 2000.
[53] D. Powell, G. Bonn, D. Seaton, P. Verissimo, and F. Waeselynck, The Delta-4 Approach to Dependability in Open Distributed Computing Systems Proc. 18th IEEE Int'l Symp. Fault-Tolerant Computing (FTCS-18), pp. 246-251, June 1988.
[54] D. Powell, Failure Mode Assumptions and Assumption Coverage Proc. 22nd Int'l Symp. Fault-Tolerant Computing (FTCS-22), pp. 386-395, 1992.
[55] Conceptual Model and Architecture of MAFTIA MAFTIA, Project IST-1999-11583, D. Powell and R. Stroud, eds., p. 123, Jan. 2003.
[56] M.O. Rabin, Efficient Dispersal of Information for Security, Load Balancing and Fault Tolerance J. ACM, vol. 36, no. 2, pp. 335-348, Apr. 1989.
[57] B. Randell, System Structure for Software Fault Tolerance IEEE Trans. Software Eng., vol. 1, no. 2, pp. 220-232, June 1975.
[58] Software Considerations in Airborne Systems and Equipment Certification DO-178-B/ED-12-B, Requirements and Technical Concepts for Aviation/European Organization for Civil Aviation Equipement, 1992.
[59] J. Rushby, Formal Specification and Verification of a Fault-Masking and Transient-Recovery Model for Digital Flight Control Systems Proc. Second Int'l Symp. Formal Techniques in Real Time and Fault-Tolerant Systems, 1992.
[60] J. Rushby, Formal Methods and Their Role in the Certification of Critical Systems Technical Report CSL-95-1, SRI Int'l, 1995.
[61] W.H. Sanders, M. Cukier, F. Webber, P. Pal, and R. Watro, Probabilistic Validation of Intrusion Tolerance Supplemental Volume Int'l Conf. Dependable Systems and Networks (DSN-2002), pp. 78-79, June 2002.
[62] Trust in Cyberspace. F. Schneider, ed., Nat’l Academy Press, 1999.
[63] D.P. Siewiorek and R.S. Swarz, Reliable Computer Systems, Design and Evaluation. Digital Press, 1992.
[64] R.M. Smith, K.S. Trivedi, and A.V. Ramesh, “Performability Analysis: Measures, an Algorithm, and a Case Study,” IEEE Trans. Computers, vol. 37, no. 4, pp. 406-417, Apr. 1988.
[65] Dependability Assessment Criteria SQUALE project (ACTS95/AC097), LAAS Report no. 98456, Jan. 1999.
[66] P. Thevenod-Fosse, H. Waeselynck, and Y. Crouzet, An Experimental Study on Softawre Structural Testing: Deterministic Testing Versus Random Input Generation Proc. 21st IEEE Int'l Symp. Fault-Tolerant Computing, pp. 410-417, June 1981.
[67] USA Department of Transportation, Office of Inspector General, Audit Report: Advance Automation System Report AV-1998-113, Apr. 1998.
[68] A. Valdes, M. Almgren, S. Cheung, Y. Deswarte, B. Dutertre, J. Levy, H. Saïdi, V. Stavridou, and T. Uribe, An Adaptative Intrusion-Tolerant Server Architecture Proc. 10th Int'l Workshop Security Protocols, Apr. 2002.
[69] E.J. Weyuker, On Testing Nontestable Programs The Computer J., vol. 25, no. 4, pp. 465-470, 1982.
[70] A. Wood, NonStop Availability in a Client/Server Environment Tandem Technical Report 94.1, Mar. 1994.

Index Terms:
Dependability, security, trust, faults, errors, failures, vulnerabilities, attacks, fault tolerance, fault removal, fault forecasting.
Algirdas Avižienis, Jean-Claude Laprie, Brian Randell, Carl Landwehr, "Basic Concepts and Taxonomy of Dependable and Secure Computing," IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 1, pp. 11-33, Jan.-March 2004, doi:10.1109/TDSC.2004.2
Usage of this product signifies your acceptance of the Terms of Use.