Trustworthy Refinement Through Intrusion-Aware Design (TRIAD)
• Technical Report
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2003-TR-002DOI (Digital Object Identifier)
10.1184/R1/6585422.v1Abstract
High confidence in a system's survivability requires an accurate understanding of the system's threat environment and the impact of that environment on system operations. Unfortunately, existing development methods for secure and survivable information systems often employ a patchwork approach in which the focus is on deciding which popular security components to integrate rather than making a rational assessment of how to address the attacks that are likely to compromise the overall mission. This report proposes an intrusion-aware design model called trustworthy refinement through intrusion-aware design (TRIAD). TRIAD helps information system decision makers formulate and maintain a coherent, justifiable, and affordable survivability strategy that addresses mission-compromising threats for their organization. TRIAD also helps in evaluating and maintaining an information system design in terms of its ability to implement a survivability strategy. This report demonstrates the application of TRIAD to the refinement of a survivability strategy for a business that sells products over the Internet.
TRIAD provides a solid foundation for the further refinement, experimentation, and validation of an approach to exploit knowledge of intruder behavior to improve system architecture design and operations. Ultimately, with effective tool support and evidence of its efficacy, TRIAD will be integrated with more comprehensive life-cycle models for the development and maintenance of high-confidence systems.
Cite This Technical Report
Ellison, R., & Moore, A. (2002, October 1). Trustworthy Refinement Through Intrusion-Aware Design (TRIAD). (Technical Report CMU/SEI-2003-TR-002). Retrieved December 22, 2024, from https://doi.org/10.1184/R1/6585422.v1.
@techreport{ellison_2002,
author={Ellison, Robert and Moore, Andrew},
title={Trustworthy Refinement Through Intrusion-Aware Design (TRIAD)},
month={{Oct},
year={{2002},
number={{CMU/SEI-2003-TR-002},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6585422.v1},
note={Accessed: 2024-Dec-22}
}
Ellison, Robert, and Andrew Moore. "Trustworthy Refinement Through Intrusion-Aware Design (TRIAD)." (CMU/SEI-2003-TR-002). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, October 1, 2002. https://doi.org/10.1184/R1/6585422.v1.
R. Ellison, and A. Moore, "Trustworthy Refinement Through Intrusion-Aware Design (TRIAD)," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2003-TR-002, 1-Oct-2002 [Online]. Available: https://doi.org/10.1184/R1/6585422.v1. [Accessed: 22-Dec-2024].
Ellison, Robert, and Andrew Moore. "Trustworthy Refinement Through Intrusion-Aware Design (TRIAD)." (Technical Report CMU/SEI-2003-TR-002). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Oct. 2002. https://doi.org/10.1184/R1/6585422.v1. Accessed 22 Dec. 2024.
Ellison, Robert; & Moore, Andrew. Trustworthy Refinement Through Intrusion-Aware Design (TRIAD). CMU/SEI-2003-TR-002. Software Engineering Institute. 2002. https://doi.org/10.1184/R1/6585422.v1