Case Study in Survivable Network System Analysis
• Technical Report
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-98-TR-014Topic or Tag
Abstract
This paper presents a method for analyzing the survivability of distributed network systems and an example of its application. Survivability is the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents. Survivability requires capabilities for intrusion resistance, recognition, and recovery.
The Survivable Network Analysis (SNA) method builds on the Information Security Evaluation previously developed by permitting the assessment of survivability strategies at the architecture level. Steps in the SNA method include system mission and architecture definition, essential capability definition, compromisable capability definition, and survivability analysis of architectural soft spots that are both essential and compromisable. Intrusion scenarios play a key role in the method. SNA results are summarized in a Survivability Map that links recommended survivability strategies for resistance, recognition, and recovery to the system architecture and requirements.
This case study summarizes the application and results of applying the SNA method to a subsystem of a large-scale, distributed healthcare system. The study recommended specific modifications to the subsystem architecture to support survivability objectives. Positive client response to study recommendations suggests that the method can provide significant added value for ensuring the survivability of system operations. As a result of this case study, the SNA method, artifacts, and lessons learned will be available to apply architectural analysis for survivability to proposed and legacy DoD distributed systems.
Cite This Technical Report
Ellison, R., Linger, R., Longstaff, T., & Mead, N. (1998, September 1). Case Study in Survivable Network System Analysis. (Technical Report CMU/SEI-98-TR-014). Retrieved December 22, 2024, from https://insights.sei.cmu.edu/library/case-study-in-survivable-network-system-analysis/.
@techreport{ellison_1998,
author={Ellison, Robert and Linger, Richard and Longstaff, Thomas and Mead, Nancy},
title={Case Study in Survivable Network System Analysis},
month={{Sep},
year={{1998},
number={{CMU/SEI-98-TR-014},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://insights.sei.cmu.edu/library/case-study-in-survivable-network-system-analysis/},
note={Accessed: 2024-Dec-22}
}
Ellison, Robert, Richard Linger, Thomas Longstaff, and Nancy Mead. "Case Study in Survivable Network System Analysis." (CMU/SEI-98-TR-014). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, September 1, 1998. https://insights.sei.cmu.edu/library/case-study-in-survivable-network-system-analysis/.
R. Ellison, R. Linger, T. Longstaff, and N. Mead, "Case Study in Survivable Network System Analysis," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-98-TR-014, 1-Sep-1998 [Online]. Available: https://insights.sei.cmu.edu/library/case-study-in-survivable-network-system-analysis/. [Accessed: 22-Dec-2024].
Ellison, Robert, Richard Linger, Thomas Longstaff, and Nancy Mead. "Case Study in Survivable Network System Analysis." (Technical Report CMU/SEI-98-TR-014). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Sep. 1998. https://insights.sei.cmu.edu/library/case-study-in-survivable-network-system-analysis/. Accessed 22 Dec. 2024.
Ellison, Robert; Linger, Richard; Longstaff, Thomas; & Mead, Nancy. Case Study in Survivable Network System Analysis. CMU/SEI-98-TR-014. Software Engineering Institute. 1998. https://insights.sei.cmu.edu/library/case-study-in-survivable-network-system-analysis/