Issue No. 03 - May/June (2008 vol. 6)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2008.76
Carl E. Landwehr , University of Maryland
With this issue of IEEE Security & Privacy, I'm pleased to announce that both our scope and readership are expanding to include some of the interests and members of the IEEE Reliability Society. To reflect this change, the subtitle on our cover now reads "Building Dependability, Reliability, and Trust." How do these concepts relate to each other?
Consider security and reliability. Computer security is about maintaining proper system operation (including confidentiality, integrity, and availability of protected information) in the face of attacks. Reliability is about maintaining continuity of service in the face of natural events. We can design a system to provide highly reliable service in the face of random, naturally occurring faults, yet the system can be highly vulnerable to a malicious attack, an unfortunately common occurrence in today's world. And we can design a system to enforce security requirements, but if it can't sustain operation in the real world, in which power failure, mechanical shock, temperature variation, and operator error are routine events, it simply won't be used.
Can we successfully apply the notion of "separation of concerns" to these fields? If so, we could design security and reliability into a system independently. But in reality, the techniques these disciplines use are sometimes at odds with each other. Fault tolerance is a technique originally developed to permit a reliable system to be fabricated from less reliable components. Replication, a fundamental fault-tolerance method, can lead to additional copies of confidential information that open new avenues for attackers. Further, fault tolerance typically assumes that separated replicas will fail independently, an assumption that attackers regularly violate. On the other hand, architectural approaches to securing systems, such as reference monitors, can lead to single points of failure that limit reliability. Encryption methods can be constructed to provide an error extension property, so that if an attacker attempts to introduce even a single spurious bit, the attempt will be detected. But unless this technique is carefully applied, naturally occurring errors could then defeat communication. Going beyond reliability to safety, a system designed only to fail safe could incorporate redundancy that prevents it from failing secure.
Applying techniques cooperatively offers opportunities for synergy. For example, diverse redundancy, applied appropriately, can raise the bar significantly for an attacker to penetrate a system. Formal techniques for proving that an algorithm is free of security flaws can also be applied to help assure that a system will be free of failures that could reduce its reliability. Security and reliability testing will differ somewhat in approach, but "fuzz" testing—throwing random inputs at a system to see if it will crash—is now a commonly used tool to discover system security weaknesses and can also provide a basis for statistical estimation of system reliability.
The linkage among desirable system properties such as security, safety, availability, and reliability has been a focus in some technical circles for many years. An international group of researchers in IFIP Working Group 10.4 originally focused on fault tolerance techniques but long ago expanded its interests to include many other properties desired of systems, such as availability, maintainability, integrity, safety, and security. They chose "dependability" as an umbrella word to encompass these properties under a single term, defining it as the ability to deliver service that can justifiably be trusted. 1 Others (including Microsoft and the US National Research Council) have used "trustworthiness" in a very similar sense. 2 Members of IFIP WG 10.4 have devoted considerable effort to carefully defining concepts and terms underlying this field. Today's IEEE Transactions on Dependable and Secure Computing can trace its roots to this group and its continuing interest in unifying studies addressing these different but related system properties.
When, about a year ago, I heard that the IEEE Reliability Society was considering starting a magazine addressing reliability from the standpoint of establishing dependability and trust in systems, it seemed to me an excellent opportunity for us to join forces for mutual benefit. The opportunity is to provide a magazine with a scope somewhat parallel to that of the IEEE Transactions on Dependable and Security Computing.
What does this mean for our readers? First, let me reassure you that we don't intend to reduce our coverage of security and privacy topics that have been our focus since the first issue. We will, however, begin to include topics relating dependability, reliability, and trust as well. We are expanding our editorial board to include a new associate editor-in-chief, Bret Michael of the Naval Postgraduate School, from the Reliability Society, and we will be adding some new associate editors with appropriate expertise as well.
The expansion in our scope will take a little time to develop. Submissions addressing the expanded scope, particularly those addressing security and reliability together, are invited now; by the first issue of 2009 we plan to have a regular department focusing on reliability in the context of security and privacy, as well as regular refereed articles in that area. Please help us grow by encouraging such submissions and by letting us know what kind of material you would like to see.