Advanced Search

Content Type

Topics

Publication Date

Trustworthy Refinement Through Intrusion-Aware Design (TRIAD)

  • Author(s): ,
  • Publish Date:
  • Publisher: Software Engineering Institute
  • SEI Identifier: CMU/SEI-2003-TR-002
  • Type: Technical Report
  • Topics: Security and Survivability
  • Description: In this report, the authors demonstrate the application of TRIAD to refining a survivability strategy for a business that sells products on the internet.

Abstract

High confidence in a system's survivability requires an accurate understanding of the system's threat environment and the impact of that environment on system operations. Unfortunately, existing development methods for secure and survivable information systems often employ a patchwork approach in which the focus is on deciding which popular security components to integrate rather than making a rational assessment of how to address the attacks that are likely to compromise the overall mission. This report proposes an intrusion-aware design model called trustworthy refinement through intrusion-aware design (TRIAD). TRIAD helps information system decision makers formulate and maintain a coherent, justifiable, and affordable survivability strategy that addresses mission-compromising threats for their organization. TRIAD also helps in evaluating and maintaining an information system design in terms of its ability to implement a survivability strategy. This report demonstrates the application of TRIAD to the refinement of a survivability strategy for a business that sells products over the Internet.

TRIAD provides a solid foundation for the further refinement, experimentation, and validation of an approach to exploit knowledge of intruder behavior to improve system architecture design and operations. Ultimately, with effective tool support and evidence of its efficacy, TRIAD will be integrated with more comprehensive life-cycle models for the development and maintenance of high-confidence systems.

Cite This Report

Show Citation Formats

SEI

Ellison, Robert; & Moore, Andrew. Trustworthy Refinement Through Intrusion-Aware Design (TRIAD) (CMU/SEI-2003-TR-002). Software Engineering Institute, Carnegie Mellon University, 2002. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6581

IEEE

Ellison. Robert, and Moore. Andrew, "Trustworthy Refinement Through Intrusion-Aware Design (TRIAD)," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2003-TR-002, 2002. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6581

APA

Ellison, Robert., & Moore, Andrew. (2002). Trustworthy Refinement Through Intrusion-Aware Design (TRIAD) (CMU/SEI-2003-TR-002). Retrieved August 21, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6581

CHI

Robert Ellison, & Andrew Moore. Trustworthy Refinement Through Intrusion-Aware Design (TRIAD) (CMU/SEI-2003-TR-002). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2002. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6581

MLA

Ellison, Robert., & Moore, Andrew. 2002. Trustworthy Refinement Through Intrusion-Aware Design (TRIAD) (Technical Report CMU/SEI-2003-TR-002). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=6581