search menu icon-carat-right cmu-wordmark

Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models

October 2001 Technical Report
Richard C. Linger (Oak Ridge National Laboratory), Andrew P. Moore

This 2001 paper describes initial work in the foundations stage for survivability specification and intrusion specification, as well as survivability evaluationmodels that draw upon both of these areas.


Software Engineering Institute

CMU/SEI Report Number


DOI (Digital Object Identifier):


Survivability is a new branch of dependability. It addresses explicit requirements for restricted modes of operation that preserve mission-critical essential services in adverse operational environments.

A survivable system is one that satisfies its survivability specification of essential services and adverse environments. On the system side, survivability specifications can be defined by essential-service traces that map essential-service workflows, derived from user requirements, into system component dependencies and required survivability attributes. On the environment side, survivability specifications can be defined by intrusion traces that map intruder workflows, derived from attack patterns, into compromisable system components. Survivability design applies resistance, recognition, and recovery strategies to maintain essential-service workflows where possible despite compromised components. Test environments for survivable system implementations can be defined by survivability evaluation models that merge essential-service and intruder workflows into usage-based, statistically valid test suites. This paper describes the initial results of research in these areas.