A Case Study in Requirements for Survivable Systems

Increasing societal dependency on critical infrastructure systems is driving emergence of a new category of requirements engineering that addresses survivability objectives. This paper presents a case study in survivability requirements analysis. Survivability is the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents. The Survivable Network Analysis (SNA) method permits assessment of survivability strategies at the requirements and architecture levels. Steps in the SNA method include mission requirements and architecture definition, essential capability definition, compromisable capability definition, and survivability analysis. Essential service scenarios and intrusion scenarios play key roles in the method. Survivability requirements must be defined for intrusion resistance, recognition, and recovery. This case study summarizes the application and results of applying the SNA method to a subsystem of a large-scale, distributed healthcare system. The study recommended specific modifications to requirements to support survivability objectives. 1 System Survivability Concepts As part of its Survivable Network Systems Initiative, the CERT* Coordination Center of the Software Engineering Institute (SEI) is developing technology and methods for analyzing and designing survivable network systems [1], [2]. Survivability is defined as the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents. Unlike traditional security measures that require central control and administration, survivability addresses highly distributed, unbounded network environments with no central control or unified security policy. Survivability focuses on delivery of essential services and preservation of essential assets, even when systems are penetrated and compromised. As an emerging discipline, survivability builds on existing disciplines, including security, fault tolerance, and reliability, and introduces new concepts and principles. 2 The Survivable Network Analysis Method A primary focus of the SEI effort has been development of the Survivable Network Analysis (SNA) method for assessing and improving the survivability of network architectures, as depicted in Figure 1. ● About the SEI