PoDSy 2003

Workshop on Principles of Dependable Systems

Final Program

Tuesday, June 24, 2003

8:30 to 10:00 Invited Talks: Dependability and Cryptography

Paulo Verissimo (Univ. of Lisboa, Portugal)
Dependability, Security, two faces of a same coin?

Ran Canetti (IBM Research)
On the Composability, Modularity, and Security of Cryptographic Protocols

10:00 to 10:30 Break
10:30 to 12:00 Invited Talks: Safety, Security and Survivability

Catherine Meadows (Naval Research Lab)
Applying the Dependability Paradigm to Computer Security

John Knight (Univ. of Virginia)
Survivability: What Is It And What Can It Be Used For?

12:00 to 13:30 Lunch
13:30 to 15:00 Research Papers

V. Naik, A. Arora, S. Bapat (The Ohio State University, USA), M. Gouda (The University of Texas at Austin, USA)
Whisper: A Local Secret Maintenance Protocol

S.S. Kulkarni, K.N. Biyani, U. Arumugam (Michigan State University)
Composing Distributed Fault-Tolerance Components

T. Chothia, D. Duggan (Stevens Institute of Technology, USA)
An Architecture for Secure Fault-Tolerant Global Applications

15:00 to 15:30 Break
15:30 to 17:00 Panel

What can fault-tolerance people learn from security people and vice versa?

Yves Deswarte (LAAS, France)
Leslie Lamport (Microsoft Research, USA)
Roy Maxion (Carnegie Mellon University, USA)
Jonathan Millen (SRI, USA)
Neeraj Suri (TU Darmstadt, Germany)

Talk Abstracts

Dependability, Security, two faces of a same coin?

Paulo E. Verissimo (Univ. Lisboa, Portugal)

There is a significant body of research on distributed computing architectures, methodologies and algorithms, both in the fields of dependability and of security. Whilst they have taken separate paths until recently, the problems to be solved are of similar nature. In classical dependability, fault tolerance has been the workhorse of many solutions.  Classical security-related work has on the other hand privileged, with few exceptions, intrusion prevention.  Intrusion tolerance is a new approach that has slowly emerged during the past decade, and gained impressive momentum recently. Instead of trying to prevent every single intrusion, these are allowed, but tolerated: the system triggers mechanisms that prevent the intrusion from generating a system security failure.

A fascinating aspect of intrusion tolerance is its unifying role between dependability and security.  Understanding the key fundamental aspects of malicious fault tolerance has advanced the frontier of the principles of dependable systems. This talk discusses a few of them, in the scope of: the conflict between uncertainty with predictability; the difficulty of modelling malicious faults; synchrony in the presence of malice; hybrid faults and hybrid architectures.  Several approaches are comparatively reviewed.

On the Composability, Modularity, and Security of Cryptographic Protocols

Ran Canetti (IBM Research, USA)

Cryptographic protocols and mechanisms are at the core of many systems that provide dependability, survivability, and security. However, analyzing the behavior of such protocols, or even finding a set of requirements that are both realizable and sufficient for the systems using them has proven to be a tricky task. Some of the challenges involve dealing with the computational hardness assumptions that underlie most cryptographic systems, and guaranteeing security properties when protocols operate in
complexexecution environments.
We survey a new analytical framework that addresses these issues. The framework allows writing abstract specifications of cryptographic mechanisms, while guaranteeding that the abstractions are realizable in a computationally sound way. Furthermore, the abstract properties are guaranteed in any execution environment. This allows decomposing a system into ``cryptographic parts'' and ``non-cryptographic parts'', analyzing each part separately, and then deducing overall properties of the system.

Applying the Dependability Paradigm to Computer Security

Catherine Meadows (Naval Research Laboratory, USA)

In 1995 we took a look at computer security through the lens of dependability.  This pointed out, not only ways in which security already addressed dependable issues, but some important areas in which research had been neglected, and pointed out some promising new areas for research.  In this talk we revisit this approach.  We describe how security research has evolved since then, and areas in which we think it could grow further.


Survivability: What Is It And What Can It Be Used For?

John C Knight (Department of Computer Science, University of Virginia, USA)

Survivability  is a term that is used in a variety of contexts related to distributed information systems.  Complete systems  in  some  cases and  components  in  others  are  described  as  "survivable", but the meaning of the term is usually either assumed  or  stated  informally. In  order  to be able to have clear engineering goals and to know when these goals  have  been  met,  it  is  important  to  have  a  precise definition  of  the  term.   In  this  presentation,  I  will review a rigorous definition of the term and discuss  the  application  of  the basic  concept  in  an  entirely  new  area,  safety-critical embedded systems.  I will show how survivability can be used to help  meet  the goals  of  ultra-dependability in applications such as commercial air-transport avionics systems.

last modified:  Jun 30, 2003 (fg)