Professional Documents
Culture Documents
Vickie R. Westmark
University of Central Florida
Department of Electrical and Computer Engineering, Adjunct Professor
vwestmark@cfl.rr.com
conflict to continue research and development in the research on computational survivability within a
areas that are most needed to improve and/or develop distributed network environment.
taxonomy of system survivability. 3. Review the abstract, introduction, paragraph
headings, and conclusion/summary for content
2. Methodology related to definitions, metrics, and computations of
survivability for each paper selected by title as
Specifically, the current literature used to support potential support to the research.
this research came from the results of thorough on-line 4. Analyze and summarize the current literature that
searches in the database archives of the major journal passed the first and second selection criterion, step
libraries of Association for Computing Machinery 2 and step 3 respectively, and which also provided
(ACM), Institute of Electrical and Electronics definition, metrics, or computation of survivability.
Engineering (IEEE), and Software Engineering 5. Review the reference section of any article
Institute (SEI). The literature contained information supporting the research to determine if there were
used to determine the current standard practice or lack any other authors that contributed to the field of
of standard practice for computing survivability in a survivability or more specifically, computational
distributed network environment. Each of these major survivability. Perform new a new search using
publishers has an on-line search engine that allows these authors’ names as a keyword in the search
users to construct a query based on keywords and a and follow the selection criterion from steps 1
combination of search operators (where available) to through 4.
allow a search within the respective publisher’s
archives. 3. Findings
Searches performed on the obvious keyword
combinations: “computational survivability” and At the time of this research the ACM, IEEE, and
“computing survivability” were unfruitful, so a new list SEI libraries each approximately contained 360,000,
of keywords was developed for the searches. Since 749,000 and 1500 publications respectively. The
over a million papers are available within these initial search results based on keywords by subject,
publishers’ archives, a subjective selection criterion phrase, or author used in each of the publisher’s on-
was created for choosing and analyzing literature to line search utilities matched 3760 publications that
support this research. In order to reasonably support could potentially be used for review and analysis as
this research without reading each and every paper, an shown in Table 1. The remainder of Table 1 shows the
initial pass review on the title was performed to select 3760 publications reduced to 270, which is the count of
potential applicable literature. publications selected for review based on the
Titles of journal, conference, proceeding, or other methodology for selection in section 2. Of the 270
similar type papers were neither standard nor uniform articles selected for review by title, only 107 were
and presented a challenge to select literature that might categorized as discussed in section 3.1 and only 63
contribute to the research. To address this challenge, a actually referenced within this research, which means
subjective assessment based solely on title was 163 papers were not considered as contributors to the
performed to select articles to support the research. research upon a second review of the title.
The following five step process was developed for Eliminating articles from the secondary review of
searching and selecting the articles that supported the title was based on comparison other similar titles of
research for this paper. papers that were actually reviewed for content and
1. Perform separate on-line searches using the search found that they were not related to the subject of
utility provided by the major publishers: ACM, survivability or computational survivability. Most of
IEEE, SEI and on six specific keywords or keyword the component-based software engineering papers were
combination: survivability, survivable, component- eliminated because the information provided by the
based software engineering, component-based paper was too specific to software development. The
distributed systems, distributed network systems, distributed network papers were eliminated because
and distributed network environment. The they were more concerned with network routing and
publishers’ search utility websites were: a) ACM: data encryption schemes. Other articles that were
http://portal.acm.org/, b) IEEE: skipped for review specifically discussed topics such as
http://ieeexplore.ieee.org/, and c) SEI: system specification, other quality attributes not related
http://www.sei.cmu.edu/. to survivability, or computer network architecture at a
2. Perform a subjective first pass review of the titles client/server level.
yielded by the on-line searches to support the
Table 1. Findings: papers found by keyword and publisher then selected by initial review
First Pass - papers found by keywords: Second Pass - papers selected for review:
Keywords by Keyword used in on-line search
ACM IEEE SEI Totals ACM IEEE SEI Totals
subject or phrase Survivability 227 903 84 1214 7 140 11 158
subject or phrase Survivable 972 790 65 1827 2 36 0 38
subject or phrase component-based software engineering 111 58 41 210 7 21 0 28
subject or phrase component-based distributed systems 12 4 1 17 2 2 0 4
subject or phrase distributed network systems 25 19 9 53 2 4 0 6
subject or phrase distributed network environment 23 25 3 51 1 7 0 8
author Knight 27 61 13 101 3 8 0 11
author Sullivan 25 24 13 62 1 5 0 6
author Yacoub 9 9 0 18 0 3 0 3
author Weiss 6 44 23 73 0 2 0 2
author Hoffman 12 67 1 80 0 1 0 1
author Ellison 4 3 47 54 2 1 2 5
Totals by publisher 1453 2007 300 3760 27 230 13 270
Percent to total by publisher 39% 53% 8% 10% 85% 5%
3.3. Elements of survivability in current description of the characteristic was provided, based on
literature the collective reference to these attributes within the
literature.
The current literature indicates that the survivability 1. Availability: “The degree to which software
model is a combination of at least twenty recognized remains operable in the presence of system
quality models, their sub-characteristics, their sub- failures.” [53]
factors and other non-recognized quality specific 2. Architectural design Hardware (HW) Dependence:
models. Often these items overlapped. Current “The degree to which software does not depend on
literature used an a la carte approach for describing the specific hardware environments.” [53] Software
survivability model and mixed and matched other (SW) Dependence: “The degree to which hardware
quality attributes, sub-characteristics and sub-factors. does not depend on specific software
Definitions from ISO/IEC 9126 and IEEE Standard environments.” [53]
1061-1992 of standardized quality models with their 3. Connectivity: the degree to which a system will
sub-characteristics and sub-factors were used to build perform when all nodes and links are available.
the list below for the survivability model. Where no 4. Correctness: “The degree to which all software
formal quality definition could be cited, a general functions are specified.” [53]
5. Dependability: the degree to which the system can attributes, and no two articles were consistent in the
provide services, even in the event of a threat. definition of the survivability model.
6. Endurability: the degree to which a system can The comparison indicates that the survivability
tolerate a threat and still provide service. model is a combination of the main quality model:
7. Fairness: the ability of a network system to reliability, and various sub-traits of other main quality
organize and route information without failure. models: functionality, reliability, maintainability, and
8. Fault Tolerance: “The degree to which the software portability. It would appear that survivability could not
will continue to work without a system failure that be classified as a main quality model, since it uses
would cause damage to the users. Also, the degree various sub-categories of four specific main quality
to which software includes degraded operation and models. None of the quality models listed survivability
recovery functions.” [53] as a sub-trait. When developing a survivable network
9. Interoperability: “The degree to which software can system, the current literature referenced the following
be connected easily with other systems and methods that could be used for achieving survivability:
operated.” [53] Access control, Adaptive reconfiguration, Distribution,
10.Modifiability (Similar to Expandability): “The Diversity, Intrusion monitoring and detection,
degree of effort required to improve or modify the Replication, Redundancy, and Separation
efficiency or functions of the software.” [53]
11.Performance: “This acquisition concern is 3.4. Computation of survivability in current
composed of the quality factors: Efficiency, literature
Integrity, Reliability, Survivability, and Usability.
Sub-factors include: Speed, Efficiency, Resource For the literature reviewed in Table 3,
Needs, Throughput, and Response Time.” [53] computational survivability was present, but
12.Predictability: the degree of providing calculations were made very informally and rarely used
countermeasures to system failures in the event of a in fielded applications. Many papers agreed that a
threat. distributed network system could be represented as a
13.Recoverability: “The ability to restore services in a state machine with services being the node and arcs are
timely manner.” [8] links to the services. The assignments of the
14.Reliability: “A set of attributes that bear on the probabilities to the arcs differed and where the articles
capability of software to maintain its level of diverged is the assessment and computation of
performance under stated conditions for a stated survivability once a state machine was graphed.
period of time.” [54]
15.Restorability: the ability of a system to recover 4. Conclusions
from threat and provide services in a timely
manner.
4.1. Analysis of findings
16.Reusability: “The degree to which software can be
reused in applications other that the original
Less than 1% of the articles originally selected for
application.” [53]
potential support to the research area of computational
17.Safety: the ability of the system to not cause harm
system survivability actually computed survivability.
to the network or personnel.
Most of the articles agreed that system survivability is
18.Security: “The degree to which software can detect
very important to our social and economic
and prevent information leak, information loss,
infrastructures since it provides many essential services
illegal use, and system resource destruction.” [53]
to support our existence. Most of the articles also
19.Testability: “The effort required to test software.”
agreed that if these systems are threatened and fail to
[53]
provide the required services, the consequences might
20.Verifiability: “Relative efforts to verify the
be catastrophic and even fatal. Only a very few current
specified software operation and performance.”
literature references could be used to support this area
[53]
of research. Of the current literature that did support
A comparison of the ISO/IEC 9126 and IEEE
computational survivability, informal calculations were
Standard 1061-1992 quality models and their
used, and the calculations were not currently used in
respective sub-characteristics and sub-factors to the
practice. In addition, there was no one single
collection of survivability quality attributes that were
definition that was embraced by the survivability
mentioned from various papers reviewed for this
community. Even the definition of survivability from
research showed that no one article listed all of these
an IEEE quality standard was not used explicitly.
Since a non-exhaustive search was performed in the Survivability = the ability of a given system with a
ACM, IEEE, and SEI publisher’s library archives, it is given intended usage to provide a pre-specified
possible that a relevant paper that supports the research minimum level of service in the event of one or
area of computational survivability could have been more pre-specified threats
overlooked. However, the overwhelming evidence Thus, to precisely define survivability requires a
from this study supports a conclusion that current state precise definition of: the system, the usage, the
and understanding of survivability by researchers and minimum level of service, and the threats.
industry professionals is inconsistent and non-standard. System: The system is typically a large-scale
Other sources that could have been used is a network system that includes many components
consolidated source of system survivability found (nodes) that are required to deliver services to the end
within The Information Society Workshops which user. The system environment and the essential
provides “a forum for researchers, practitioners, and services that the system provides are defined for this
sponsors to discuss the area of survivability, the nature survivable network system. State whether the system
of the unique (and sometimes not-so-unique) problems is bounded or unbounded. The system is unbounded if
associated with survivability, and promising all nodes that provide the essential services are not
approaches to finding solutions to these problems.” known.
[64]. Since the time this research began, the Usage: Since the end-user typically invokes the
International Conference on COTS-based Software service request, the definition of survivability should
Systems (ICCBSS) held its first conference in early consider the expectations of the user (including any
2002. ICCBSS is the first conference series to focus preconditions that will tell us the applicability of this
on exchanging ideas about current best practices and definition of survivability).
promising research directions in creating and Minimum level of service: The minimum level of
maintaining systems that incorporate COTS software service is a set of functional specifications for each
products [65]. Mention of these additional resources is required service, each associated with a set of quality
to highlight that industry and scholars are continuing in attributes and their associated values. For example:
area of research of system survivability and to note that For a networked distributed system, a required service
there are many other available sources. may be a specified response time to the end user. For a
In general, the reported measurement of time-critical system, the description of a required
survivability falls into one of three major categories: 1) service may include the maximum time allowable
connectivity, 2) network performance, or 3) a function between user request and system response.
of other quality or cost measures. Unless there is a Threats: Include the type of threat to the system
reason to support a bounded system, the research that may prevent the system from providing services to
should focus on unbounded systems, since most the user in the prescribed amount of time or may
distributed network systems are much like the Internet prevent the system from providing the services at all.
where all nodes that provide essential services may not Threat categories include: 1) Accidental threats:
always be known. The specific models that should be software errors, hardware errors, and human errors, 2)
expanded are: 1) “reliability, latency, and cost benefit Intentional or malicious threats: sabotage, intrusion, or
model” [13] 2) “survivability function” model [32], 3) terrorist attacks, and 3) Catastrophic threats typically
node and link connectivity models [61] and 4) do not allow delivery of required service to the user,
“simulation model for managing survivability of which includes acts of nature (thunderstorms,
network information systems.” [42] These models hurricanes, lightning, flood, earthquake, etc.), acts of
were chosen because they were 1) over simplistic and war, and power failures.
understandable, 2) the mathematics was thorough and A business case: A business case is required for
good, 3) the calculations made it easy to talk about each survivability definition. The rationale provides
components. the business case for the definition of survivability.
There is an extra cost associated with the design,
4.2. Survivability definition template development, and operation of a survivable system.
The business case is developed based on the
Survivability must be a context-specific definition. cost/benefit analysis from which the threat is identified
A standard template is provided here for defining and required responses are specified. Note: A separate
survivability to support research and practice in the cost/benefit analysis is required for each level of threat.
composition and calculation of survivability, enhance A non-malicious virus may degrade system
survivability-related communication across the system performance but not shut the system down. If the
life cycle, and support improvements in survivability degraded performance is within the defined minimum
analyses and subsequent risk assessments.
level of service, no action may be required with respect [3] Lipson, Howard F., David A. Fisher, “Survivability—a
to survivability. new technical and business perspective on security,” New
Security Paradigms Workshop, Proceedings of the 1999
workshop on New security paradigms, ACM, Sep 1999.
4.3. Contributions and future research
[4] Wedde, H.F., Bohm, S.; Freund, W., “Adaptive protocols
The survivability analysis of information systems for survivability of transactions operating on replicated
and the new survivability definition template provided objects,” Sixth International Workshop on Object-Oriented
by this research is useful to several groups of people Real-Time Dependable Systems, 2001, IEEE, 2001, pp. 61-
such as researchers, managers, and ultimately end- 66.
users. For researchers, current literature has been
thoroughly reviewed and base-lined for current [5] Chenxi Wang, Davidson, J.; Hill, J.; Knight, J.,
practices of computational survivability. Researchers “Protection of software-based survivability mechanisms,”
The International Conference on Dependable Systems and
can use the results of this paper as a baseline from Networks, IEEE, 2001, pp. 1413-1420.
which to build subsequent efforts while recognizing the
need to move the study of computation of survivability [6] Ellison, R.J., Linger, R.C.; Longstaff, T.; Mead, N.R.,
from theory to practice. In particular, field-testing of “Survivable network system analysis: a case study,” IEEE
survivability issues is needed to obtain empirical Software, Volume 16, Issue 4, IEEE, Jul-Aug 1999, pp. 58-
results for actual applications. The findings of this 62.
paper also support the need for a standardization of the
definition of survivability that may facilitate [7] Ellison, R.J., Fisher, D.A.; Linger, R.C.; Lipson, H.F.;
subsequent research into computational quality Longstaff, T.A.; Mead, N.R., “Survivability: protecting your
critical systems,” IEEE Internet Computing, Volume 3, Issue
attributes. 6, IEEE, Nov-Dec 1999, pp. 9.B.3-1-9.B.3-8.
Managers can use the findings of this research to
support improved risk assessment of distributed [8] Fisher, D.A., Lipson, H.F., “Emergent algorithms-a new
network systems. With the knowledge that there are method for enhancing survivability in unbounded systems,”
inconsistent and non-standard definitions of Proceedings of the 32nd Annual Hawaii International
survivability and that computing survivability may be Conference on Systems Sciences, IEEE, 1999, pp. 351-357.
system specific, a manager can better understand the
risks associated with making business decisions [9] Perraju, T.S., “An agent framework for survivable
regarding survivable systems. Managers may not need network systems,” International Performance, Computing
and Communications Conference, IEEE, 1999, pp. 235-243.
to know exactly how to compute survivability, but they
should be able to ask questions about survivability (and [10] Byon, Imju, “Survivability of the U.S. Electric Power
to understand the answers to those questions) of Industry,” SEI, May 2002.
vendors providing services and of designers proposing
the development or enhancement of a distributed [11] Ellison, Robert J., Richard C. Linger, Thomas Longstaff,
network system. Nancy R. Mead, “A Case Study in Requirements for
As researchers and managers recognize the need for Survivable Systems,” SEI, Dec 2002.
computational survivability and move forward to
develop this area of study, ultimately the end-users will [12] Ellison, R. J., R. C. Linger, T. Longstaff, N. R. Mead,
“A Case Study in Survivable Network System Analysis,”
benefit from this research if improved communication SEI, Sep 1998.
about survivability results in users receiving the
services that they need without interruption and in a [13] Jha, S., Wing, J.M., “Survivability analysis of
timely manner. networked systems,” Proceedings of the 23rd International
Conference on Software Engineering, IEEE, 2001, pp. 872-
5. References 874.
[16] Jha, S., Wing, J.; Linger, R.; Longstaff, T., [27] Nikolopoulos, S.D., Pitsillides, A.; Tipper, D.,
“Survivability analysis of network specifications,” “Addressing network survivability issues by finding the K-
International Conference on Dependable Systems and best paths through a trellis graph,” Sixteenth Annual Joint
Networks, IEEE, 2000, pp. 53-58. Conference of the IEEE Computer and Communications
Societies, Volume 1, IEEE, 1997, pp. 370-377.
[17] Eegleston, J.E., Jamin, S.; Kelly, T.P.; Mackie-Mason,
J.K.; Walsh, W.E.; Wellman, P.P., “Survivability through [28] Jianxu Shi, Fonseka, J.P., “Traffic-based survivability
market based adaptivity: the MARX project,” DARPA analysis of telecommunications networks,” Global
Information Survivability Conference and Exposition, Telecommunications Conference, Volume 2, IEEE, 1995, pp.
Volume 2, IEEE, 1999, pp. 380-390. 79-87.
[18] Medhi, D., Tipper, D., “Multi-layered network [29] Zolfaghari, A., Kaudel, F.J., “Framework for network
survivability-models, analysis, architecture, framework and survivability performance,” Journal on Selected Areas in
implementation: an overview,” DARPA Information Communications, Volume 12, Issue 1, IEEE, 1994, pp. 1615-
Survivability Conference and Exposition, Volume 1, IEEE, 1616.
1999, pp. 421-423.
[30] Laretto, K.G., “Sprint network survivability,” Military
[19] Hiltunen, M.A., Schlichting, R.D.; Ugarte, C.A.; Wong, Communications Conference, IEEE, 1994, pp. 587-597.
G.T., “Survivability through customization and adaptability:
the Cactus approach,” DARPA Information Survivability [31] Kalyoncu, H., Sankur, B., “Estimation of survivability
Conference and Exposition, Volume 1, IEEE, 1999, pp. 207- of communication networks,” Electronics Letters, Volume
221. 28, Issue 19, IEEE, Sep 1992, pp. 473-480.
[20] Voas, J.M., Ghosh, A.K., “Software fault injection for [32] Liew, S.C., Lu, K.W., “A framework for network
survivability,” DARPA Information Survivability survivability characterization,” IEEE International
Conference and Exposition, Volume 2, IEEE, 1999, pp. 256- Conference on Communications, IEEE, 1992, pp. 441-451.
270.
[33] Jiang, T.Z., “A new definition of survivability of
[21] Knight, J.C., Sullivan, K.J.; Elder, M.C.; Chenxi Wang, communication networks,” Military Communications
“Survivability architectures: issues and approaches,” DARPA Conference: Military Communications in a Changing World,
Information Survivability Conference and Exposition, IEEE, 1991, pp. 2007-2012.
Volume 2, IEEE, 1999, pp. 36-45.
[34] Brush, G., Marlow, N., “Assuring the dependability of
[22] Bowen, T., Chee, D.; Segal, M.; Sekar, R.; Shanbhag, telecommunications networks and services,” IEEE Network,
T.; Uppuluri, P., “Building survivable systems: an integrated Volume 4, Issue 1, IEEE, Jan 1990, pp. 827-828.
approach based on intrusion detection and damage
containment,” DARPA Information Survivability Conference [35] Wu, L., Varshney, P.K., “On survivability measures for
and Exposition, Volume 2, military networks,” Military Communications Conference, A
New Era, IEEE, 1990, pp. 125-129.
[23] Wilson, M.R., “The quantitative impact of survivable
network architectures on service availability,” IEEE [36] Huffman, S., Altes, T.; Chahine, K., “Issues for
Communications Magazine, Volume 36, Issue 5, IEEE, May proliferated survivable network design,” Global
1998, pp. 71-77. Telecommunications Conference, IEEE, 1988, pp. 489-492.
[24] Ammann, P., Jajodia, S.; Peng Liu, “A fault tolerance [37] Jones, A., “The challenge of building survivable
approach to survivability,” Computer Security, Dependability information-intensive systems,” Computer, Volume 33, Issue
and Assurance: From Needs to Solutions, IEEE, 1998, pp. 8, IEEE, Aug 2000, pp. 39-43.
1017-1021.
[38] Bowers, S., Delcambre, L.; Maier, D.; Cowan, C.;
[25] Linger, R.C., Mead, N.R.; Lipson, H.F., “Requirements Wagle, P.; McNamee, D.; Le Meur, A.-F.; Hinton, H.,
definition for survivable network systems,” Third “Applying adaptation spaces to support quality of service and
International Conference on Requirements Engineering, survivability,” DARPA Information Survivability
IEEE, 1998, pp. 1603-1606. Conference and Exposition, Volume 2, IEEE, 1999, pp. 271-
283.
[26] Struyve, K., Van Caenegem, B.; Van Doorselare, K.;
Gryseels, M.; Demeester, P., “Design and evaluation of [39] Shrobe, H., “Model-based troubleshooting for
multi-layer survivability for SDH-based ATM networks,” information survivability,” DARPA Information
Global Telecommunications Conference, Volume 3, IEEE, Survivability Conference and Exposition, Volume 2, IEEE,
1997, pp. 1466-1470. 1999, pp. 231-240.
[40] Linger, R.C., “Panel: Issues in Requirements Definition [54] Robert, P., “Quality requirements for software
for Survivable Systems,” Third International Conference on acquisition,” Software Engineering Standards Symposium
Requirements Engineering, IEEE, 1998, pp. 198-199. and Forum, IEEE, 1997 pp. 136-143.
[41] Medhi, D., “A unified framework for survivable [55] Haizhuang Kang, Butler, C.; Qingping Yang; Jiamo
telecommunications network design,” International Chen, “A new survivability measure for military
Conference on Communications, Volume 1, IEEE, 1992, pp. communication networks,” Military Communications
411-415. Conference, Volume 1, IEEE, 1998, pp. 3-4.
[42] Moitra, Soumyo D., Suresh L. Konda, “A Simulation [56] Hagin, A.A., “Performability, reliability, and
Model for Managing Survivability of Networked Information survivability of communication networks: system of methods
Systems,” SEI, Dec 2002. and models for evaluation,” Proceedings of the 14th
International Conference on Distributed Computing Systems,
[43] Ellison, B., Fisher, D.A. Linger, R.C. Lipson, H.F. IEEE, 1994, pp. 912-916.
Longstaff, T. Mead, N.R., “Survivable Network Systems: An
Emerging Discipline,” SEI, May 1999. [57] Zolfaghari, A., “Study And Analysis Of High Capacity
Survivability Performance,” Region 10 International
[44] Caldera, Jose, “Survivability Requirements for the U.S. Conference on EC3-Energy, Computer, Communication and
Health Care Industry,” SEI, May 2000. Control Systems, Volume 4, IEEE, 1991, pp. 727-730.
[45] Linger, Richard C., Andrew P. Moore, “Foundations for [58] Rai, U., Soh, S., “Survivability analysis of complex
Survivable System Development: Service Traces, Intrusion computer-networks with heterogeneous link-capacities,”
Traces, and ...,” SEI, Oct 2001. Annual Reliability and Maintainability Symposium, IEEE,
1991, pp. 440-445.
[46] Mead, Nancy R., Robert J. Ellison, Richard C. Linger,
Thomas Longstaff, John McHugh, “Survivable Network [59] Whittaker, G.M., Schroeder, M.A.; Newport, K.T., “A
Analysis Method,” SEI, Sep 2000. knowledge-based approach to the computation of network
nodal survivability,” Military Communications Conference,
[47] Ellison, Robert J., Andrew P. Moore, “Architectural A New Era, IEEE, 1990, pp. 424-429.
Refinement for the Design of Survivable Systems,” SEI, Oct
2001. [60] Newport, K.T., Schroeder, M.A.; Whittaker, G.M.,
“Techniques for evaluating the nodal survivability of large
[48] Sullivan, Kevin, John C. Knight; Xing Du; Steve Geist, networks,” Military Communications Conference, A New
“Information survivability control systems,” Proceedings of Era, IEEE, 1990, pp. 293-297.
the 1999 international conference on Software engineering,
ACM, May 1999. [61] Newport, K.T., “Incorporating survivability
considerations directly into the network design process,”
[49] Sullivan, Kevin J., Steve Geist; Paul Shaw, “Mediators Ninth Annual Joint Conference of the IEEE Computer and
in infrastructure survivability enhancement,” Proceedings of Communication Societies, IEEE, 1990, pp. 1963-1970.
the third international workshop on Software architecture,
ACM, Nov 1998. [62] Moitra, Soumyo D., Suresh L. Konda, “Survivability of
Network Systems: An Empirical Analysis, The,” SEI, Dec
[50] Mihail, Milena, David Shallcross; Nate Dean; Marco 2000.
Mostrel, “A commercial application of survivable network
design,” Proceedings of the seventh annual ACM-SIAM [63] Dahlberg, T. A., K. R. Subramanian, “Visualization of
symposium on Discrete algorithms, ACM, Jan 1996. real-time survivability metrics for mobile networks,”
Proceedings of the 3rd ACM international workshop on
[51] Neumann, Peter G., “Survivable systems,” Modeling, analysis and simulation of wireless and mobile
Communications of the ACM, Volume 35, Issue 5, ACM, systems, ACM, Aug 2000.
May 1992.
[64] The Information Survivability Workshops, SEI and
[52] Mead, Nancy R., “Issues in software engineering for IEEE, http://www.cert.org/research/isw.html.
survivable systems (panel),” Proceedings of the 1999
international conference on Software engineering, ACM, [65] International Conference on COTS-Based Software
May 1999. Systems. http://www.iccbss.org/.