Abstract
Using commercial off-the-shelf (COTS) components to build large, complex systems has become the standard way that systems are designed and implemented by government and industry. Much of the literature on COTS-based systems concedes that such systems are not suitable for mission-critical applications. However, there is considerable evidence that COTS-based systems are being used in domains where significant economic damage and even loss-of-life are possible in the event of a major system failure or compromise. Can we ever build such systems so that the risks are commensurate with those typically taken in other areas of life and commerce?
This paper describes a risk-mitigation framework for deciding when and how COTS components can be used to build survivable systems. Successful application of the framework will require working with vendors to reduce the risks associated with using the vendors’ products, and improving and making the best use of your own organization’s risk-management skills.
® “CERT” and “CERT Coordination Center” are registered in the U.S. Patent and Trademark Office.
Chapter PDF
References
R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems, pages 527–529. John Wiley & Sons, 2001.
V. R. Basili and B. Boehm. COTS-based systems top 10 list. IEEE Software, 34(5):91–93, May 2001.
L. Brownsword, P. Oberndorf, and C. Sledge. An activity framework for COTS-based systems. Crosstalk: The Journal of Defense Software Engineering, 13(9), September 2000.
Common Criteria Implementation Board. Common Criteria for Information Technology Security Evaluation, Version 2.1. Number CCIMB-99-031. August 1999. See: http://csrc.ncsl.nist.gov/cc/.
C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: Attacks and defenses for the vulnerability of the decade. In DARPA Information Survivability Conference and Expo (DISCEX), Hilton Head, SC, January 2000. IEEE Computer Society.
R. J. Ellison, D. A. Fisher, R. C. Linger, H. F. Lipson, T. A. Longstaff, and N. R. Mead. Survivable systems: An emerging discipline. In Proceedings of the 11th Canadian Information Technology Security Symposium (CITSS’99), Ottawa, Ontario, May 1999. Communications Security Establishment, Government of Canada. See: http://www.cert.org/research/ for additional papers on this topic.
J. Froscher and M. Kang. A client-server architecture supporting MLS interoperability with COTS components. In Proc. MILCOM 97, Monterey, CA, November 1997.
S. A. Hissam, D. Carney, and D. Plakosh. DoD Security Needs and COTS-Based Systems. SEI Monographs on the Use of Commercial Software in Government Systems. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, September 1998. See: http://www.sei.cmu.edu/cbs/papers/monographs/dod-security-needs.htm.
R. Kazman, M. Klein, M. Barbacci, T. Longstaff, H. F. Lipson, and S. J. Carriere. The architecture tradeoff analysis method. In Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems, Monterey, CA, August 1998. IEEE Computer Society. See: http://www.sei.cmu.edu/ata/ for additional papers on this topic.
U. Lindqvist and E. Johnson. A map of security risks associated with using COTS. IEEE Computer, pages 60–66, June 1998.
H. Lipson and D. Fisher. Survivability-A new technical and business perspective on security. In Proceedings of the New Security Paradigms Workshop. ACM, September 1999.
N. R. Mead, H. F. Lipson, and C. A. Sledge. Towards survivable COTS-based systems. Cutter IT Journal, 14(2):4–11, February 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lipson, H.F., Mead, N.R., Moore, A.P. (2002). Can We Ever Build Survivable Systems from COTS Components?. In: Pidduck, A.B., Ozsu, M.T., Mylopoulos, J., Woo, C.C. (eds) Advanced Information Systems Engineering. CAiSE 2002. Lecture Notes in Computer Science, vol 2348. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-47961-9_17
Download citation
DOI: https://doi.org/10.1007/3-540-47961-9_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43738-3
Online ISBN: 978-3-540-47961-1
eBook Packages: Springer Book Archive