A fault tolerance approach to survivability

Attacks on computer systems have received a great deal of press attention; however, most of the focus has been on how an attacker can disrupt an organization´s operations. Although attack prevention is clearly preferred, preventive measures do fail, and some attacks inevitably succeed in compromising some or all of particular systems, i.e., databases. We propose research into a fault-tolerance approach that addresses all phases of survivability: attack detection, damage confinement, damage assessment and repair, and attack avoidance. We focus attention on continued service and recovery issue. A promising area of research for continued service addresses relaxed notions of consistency. Expanding on the notion of self stabilization, the idea is to formalize the degree of damage under which useful services is still possible. A complementary research area for recovery is the engineering of suitable mechanisms into existing systems. We explain the underlying models for these research areas and illustrate them with examples from the database domain. We argue that these models form a natural part of a fault tolerance approach and propose research into adapting these models for larger systems