]> ReSIST Ontology ReSIST Ontology The ReSIST Ontology encompasses concepts within the fields of research in Resilient, Survivable and Dependable Systems 0.1 Hugh Glaser Afraz Jaffri Ian Millard Bene Rodriguez 2006-03-15 Faults which happen by mistake or through a bad decision that were the result of incompetence. Downgrading means that the developed system is delivered with less functionality, lower performance, or is predicted to have lower dependability or security than was required in the original system specification. Error detection identifies the presence of an error. A trojan horse is a program that masquerades as a useful service but exploits the rights of the program's user in a way the user does not intend. Includes all features and research areas of dependable systems technology. A malicious flaw is an intentional flaw where the objective is to cause harm or damage to a system. Augmentive maintenance means to make modifications that are an augmentation of the systems function. Program Fraud involves either the creation of a program with a view to defraud, or the alteration or amendment of a program to such ends. Natural Faults are physical (hardware) faults that are caused by natural phenomena without human participation. Static analysis consists of inspections or work-throughs, data flow analysis, complexity analysis, abstract interpretation, compiler checks, vulnerability search etc. Symbolic execution means that the inputs supplied to a system for verification are symbolic. Validation means checking the system specification. Includes bugs or back doors. Includes error of omission, incompetence, recklessness or malice, system administration errors. Fault forecasting is conducted by performing an evaluation of the system behaviour with respect to fault occurrence or activation. The attributes that make a system dependable. Software faults are faults that affect software, i.e, programs or data. A serialisation error permits the asynchronous behaviour of different system components to be exploited to cause a security violation. A hardware flaw is a flaw in which hardware exhibits security flaws that did not originate as errors in programs. Reconfiguration either switches in spare components or reassigns tasks among non-failed components. Operational faults occur during service delivery when the system is accepted for use and starts delivery of its service to users (use phase). The performance of wrong actions. Non-Deliberate faults are due to mistakes, that is, unintended actions of which the developer, operator, maintainer etc. is not aware. Fault tolerance, which is aimed at failure avoidance, is carried out via error detection and system recovery. Maintainability means the ability to undergo modifications and repairs. A major error causes a major fault. If a password is guessed, it may suggest a weak password approach. Recovery transforms a system state that contains one or more errors and (possibly) faults into a state without detected errors and without faults that can be activated again. Flaws that occur within the operating system program. hardware faults are faults that originate in, or affect, hardware. System initialisation flaws can occur either because the operating system fails to establish the initial protection domains as specified or because the system administrator has not specified a secure initial configuration for the system. Reinitialisation checks, updates and records the new configuration and updates system tables and records. Software flaws can occur in operating system programs, support software or application software. A boundary condition violation is caused by the omission of checks to assure constraints (e.g. in table size, file allocation or other resource consumption) are not exceeded. Development faults are all faults that occur during development. To read, copy, print, or disseminate - this must be done in close connection with the intent to further a fraud. Data fraud is a combination of input fraud, where the offender dishonestly enters improper data or data improperly, and output fraud where the offender dishonestly suppresses or amends data being output. Failures where the cost of harmful consequences is orders of magnitude, or even incommensurably, higher than the benefit provided by correct service delivery. A Consistent failure is where the incorrect service is perceived identically by all system users. Error Handling eliminates errors from the system state. A detected error is an error that is indicated by an error message or error signal. Privileged utilities provide functions that were not anticipated when the operating system was built. They can have flaws that, because they are also granted privileges, can compromise security. Model checking causes the verification of a model that is conducted on a model of the system behaviour, where the model is usually a state-transition model. A failure is an event that occurs when the delivered service deviates from correct service. This class represents the different types of failure that can occur in a system. Reliability means continuity of correct service. Any operating system security flaw that does not fit into one of the other classes. A timing error causes a timing fault. Modelling uses the data that was obtained by evaluation testing. Adaptive maintenance is to make adjustments to environmental changes. An inconsistent failure is where some or all system users perceive differently incorrect service. A logic or time bomb is a piece of code that remains dormant in the host system until a certain 'detonation' time or event occurs. If a password is cracked, it may suggest access to the password file. Masquerade is the unauthorised impersonation of an authorised user or of an entity. A late timing failure is when the time of arrival or the duration of the information delivered at the service interface is later than implementing the system function. A validation error occurs when a program fails to check that the parameters supplied or returned to it conform to its assumptions about them, or when these checks are misplaced , so they are ineffectual. Includes all methods that are used to attain dependable systems. Partial or complete development failures are caused by development faults. A signalled failure is when losses are detected and signalled by a warning signal. An inconsistent error causes an inconsistent fault. A trojan horse that does not replicate itself. A malicious flaw is an intentional flaw where the objective is not to cause harm or damage to a system. Non-Malicious faults are introduced without malicious objectives. Deliberate faults are due to bad decisions, that is, intended actions are wrong and cause faults. A covert channel is a path used to transfer information in a way not intended by the systems designers. Availability means readiness for correct service. A content error causes a content fault. Dynamic verification means to verify a system through exercising it. Vulnerability here means all threats that can cause a computer system to malfunction or stop. Preventive Maintenance means the discovery and removal of dormant faults. RollForward is when a state without detected errors is a new state. The opposite of a signalled failure. A content failure is when the content of information delivered at the service interface deviates from implementing the system function. Inadvertent flaws may occur in requirements or they may also find their way into software during specification and coding. Development failures that lead to project termination. Unprivileged utilities represent vulnerability through being widely shared and highly relied upon. This class is used to classify an instance of a fault that can be further described by the properties whose range are subclasses from the Elementary Fault class. Integrity means absence of improper system alterations. Includes alphabets, graphics, colours, sounds. Pre-emptive detection takes place while normal service delivery is suspended; checks the system for latent errors and dormant faults. This class is used to classify an instance of an error that can be further described by the elementary-error-type property whose range is the Elementary error class. Application software is software that has no special system privileges and are not widely shared. Rollback brings the system back to a saved state that existed prior to error occurrence. Any other inadvertent flaw that does not fit in the other categories. Concurrent Detection takes place during normal service delivery. Safety means the absence of catastrophic consequences on the user(s) and the environment. Verification is the process of checking whether the system adheres to given properties. Confidentiality is the absence of unauthorised disclosure of information. An early timing failure is when the time of arrival or the duration of the information delivered at the service interface is earlier than implementing the system function. Diagnosis identifies and records the cause(s) of error(s) in terms of both location and type. Accidental faults are mistakes and bad decisions, as long as they are not made with malicious objectives and were not caused by incompetence. Without authorisation means to access a protected computer without authorisation. Attacks that try to discover a password. An error is the part of a systems state that may lead to a failure. This class represents all the different types of errors that can be found in a system. Static verification means verifying a system without actual execution. A timing failure is when the time of arrival or the duration of the information delivered at the service interface deviates from implementing the system function. A schedule failure is when the project delivery schedule slips to a point in the future where the system would be technologically obsolete or functionally inadequate for the user's needs. Testing means that the inputs supplied to a system for verification are actual. A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism. A halt failure is when the system is halted (the external state becomes constant, i.e., system activity, if there is any, is no longer perceptible to the users). The identification and authentication flaws occur in functions of the operating system that maintain special files for user ID's and passwords and provide functions to check and update those files as appropriate. A consistent error causes a consistent fault. Support software comprises compilers, editors, debuggers, subroutine or macro libraries, database management systems and any other programs not properly within the operating system boundary that many users share. Fault Handling prevents faults from being activated again. An inadequate authentication flaw is one that permits a protected operation to be invoked without sufficiently checking the identity and authority of the invoking agent. A trojan horse that replicates itself by copying its code into other program files. Commonly called a virus. This class is used to classify an instance of a failure that can be further described by the properties whose range are subclasses from the Elementary Failure class. A catastrophic error causes a catastrophic fault. Development failures of lesser severity than project termination This class represents all the different types of security risks that a system has from the viewpoints of genesis, time and location. Memory management are functions the operating system provides to control storage space. A storage covert channel transfers information through the setting of bits by one program and the reading of those bits by another. Malicious faults are human-made faults that have a malicious objective. They are introduced during either system development to cause harm to the system during its use, or directly during use. Device management includes complex programs that operate in parallel with the CPU. Can occur when the I/O routines fail to respect parameters provided for them or they validate parameters provided in storage locations that can be altered, directly or indirectly, by user programs after checks are made. A medium failure is where the harmful consequences are slightly greater in cost than the benefits provided by correct service delivery. Compensation is when the erroneous state contains enough redundancy to enable an error to be masked. A budget failure is when the allocated funds are exhausted before the system passes acceptance testing. A minor error causes a minor fault. Isolation performs physical or logical exclusion of the faulty components from further participation in service delivery, i.e. makes the fault dormant. File management systems typically use the process, memory and device management functions to create long-term storage structures. The operating system boundary includes the file system, which often implements access controls to permit users to share and protect their files. Errors in these controls, or in the management of underlying files, can easily result in security flaws. Overruns occur when the development is completed, but the funds or time needed to complete the effort exceed the original estimates. A timing covert channel conveys information by modulating some aspect of system behaviour over time, so that the program receiving information can observe system behaviour and infer protected information. A latent error is an error that is present but not detected. Process management are functions the operating system provides to control CPU time. If a password was harvested (through visual spying, social engineering, sniffing or key logging attacks, it may suggest low awareness in the password protection area. Ordinal, or qualitative, evaluation aims to identify, classify and rank the failure modes, or the event combinations (component failures or environmental conditions) that would lead to system failures. A medium error causes a medium fault. This class is used to classify an instance of a security flaw that can be further described by the properties whose range are subclasses from the Elementary Security Flaw class. Corrective Maintenance means the removal of reported faults. A minor failure is where the harmful consequences are of similar cost to the benefits provided by correct service delivery. The class of all types of computer fraud that is defined as 'knowingly and with intent to defraud, access a protected computer without authorisation, or exceeds authorised access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5000 in any 1 year period. (US Computer fraud and Abuse Act). Fault removal during the development phase of a system lifecycle consists of verification, diagnosis and correction. Maintenance tasks include not only repairs, but also all modifications of the system that take place during the use phase of system life. Probabilistic, or quantitative, evaluation aims to evaluate in terms of probabilities the extent to which some of the attributes are satisfied; those attributes are then viewed as measures. The absence of actions when actions should have been performed. Human-made faults includes absence of actions when actions should be performed or performing wrong actions. A major failure is where the harmful consequences are much greater in cost than the benefits provided by correct service delivery. Impersonation is the use of another person's password or authentication ticket reuse. An erratic failure is when a service is delivered (not halted) but is erratic. A fault is the cause of an error and this class includes all faults that may affect a system during its life, classified according to 8 basic viewpoints. These viewpoints are the slots of the Fault Class. The range of the slots corresponds to the 2 Elementary Faults that can be associated with each viewpoint.