System Design
...he presence of intrusions. Ellison defines survivability as the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents. He uses the term system in the broadest possible sense, to include networks and large-scale systems of systems. The focus is on what is termed “unbounded networked systems where traditional security precautions are inadequate.” All computers connected to the Internet are considered unbounded. There is no central authority and limited visibility beyond the boundaries of local administration and lack of complete information about the entire network. Ellison shows that an unbounded environment exhibits the following properties: Multiple administrative domains with no central authority An absence of global visibility Inter-operability between administrative domains is determined by convention Widely distributed and inter-operable systems Users and attackers can be peers in the environment Cannot be partitioned into a finite number of bounded environments The characteristics of survivable systems are that the “functions of the system that must be maintained wh...