106 IEEE COMMUNICATIONS SURVEYS & TUTORIALS, VOL. 11, NO. 2, SECOND QUARTER 2009 A Comparative Analysis of Network Dependability, Fault-tolerance, Reliability, Security, and Survivability M. Al-Kuwaiti, Member, IEEE, N. Kyriakopoulos, Senior Member, IEEE, and S. Hussein, Member, IEEE Abstract—A number of qualitative and quantitative terms are In the evolution of engineering design approaches, the initial used to describe the performance of what has come to be known concern was whether a particular system would operate within as information systems, networks or infrastructures. However, a set of specifications; little consideration was given to how some of these terms either have overlapping meanings or contain ambiguities in their definitions presenting problems to those who long the system would operate within those specifications. attempt a rigorous evaluation of the performance of such systems. Military and subsequently space applications placed great The phenomenon arises because the wide range of disciplines emphasis on reliability, namely, the need for a given system covered by the term information technology have developed their to meet design requirements for specified periods of time. own distinct terminologies. This paper presents a systematic ap- Similar needs arose as simple computer programs evolved into proach for determining common and complementary character- istics of five widely-used concepts, dependability, fault-tolerance, complex software leading to the requirement for fault-tolerant reliability, security, and survivability. The approach consists of design. It did not take long to realize that although these comparing definitions, attributes, and evaluation measures for two concepts originated in separate fields, namely, engineering each of the five concepts and developing corresponding relations. and computer science, respectively, their end objectives were Removing redundancies and clarifying ambiguities will help the similar, that is to ensure the performance of a system, hardware mapping of broad user-specified requirements into objective performance parameters for analyzing and designing information in the first case, software in the second, for some specified infrastructures. time intervals. This realization led to the development of the concept of dependability as an all-encompassing concept Index Terms—Dependability, fault-tolerance, reliability, secu- rity, survivability. subsuming reliability and fault-tolerance [1]-[6]. As computers combined with communications formed global information networks, information security and network survivability have I. INTRODUCTION also been introduced as significant design objectives. In addition, many other concepts such as trustworthiness [2], HE DISRUPTIONS of the operation of various major high assurance or high confidence [3], ultra-reliability [5] T infrastructures have highlighted the need to develop and robustness [2] are also being used to characterize the mechanisms for minimizing the effects of disruptions and im- performance of complex systems. In [3] the observation is proving the performance of each infrastructure. The problems made, without any detailed analysis, that dependability, high start with the composition of infrastructures. They comprise confidence, survivability, and trustworthiness are all “essen- systems that have been developed via different disciplines. tially equivalent in their goals and address similar threats”. The hardware component of the information infrastructure includes devices from all fields of electrical engineering, as the These terms have entered into use via different disciplines software component includes development from all disciplines and at different times. For example, robustness has a long in computer science to mention just two examples. history of use in statistics and process control, survivability was introduced as a performance characteristic for military The integration of the products of diverse fields, including communications networks, and security has long been associ- the human component, into complex systems has created ma- ated with law enforcement and military operations. The last jor difficulties in the development of efficient mechanisms for two examples illustrate the specification of performance mea- analyzing and improving the performance of infrastructures. sures with discrete physical entities, while the first one relates One of the problems can be traced to variety of terminologies performance to measurements. As information networks have for describing performance across different fields. A designer become more complex, involving hardware, software and hu- or user is faced with terms that may be complementary, mans, and have assumed a prominent role, it became inevitable synonymous or somewhere in between. Thus, there is a need to that performance requirements for the services provided by the develop a common understanding of the meaning of the most entire system needed to be established. widely used terms without reference to a specific discipline. The concepts for measuring performance evolved along Manuscript received 30 September 2006; revised 23 April 2008. with technology. For example, the reliability of electronic The authors are with the Department of Electrical and Computer Engineer- devices led to the reliability of circuits and, eventually, to ing, The George Washington university, Washington, DC 20052 USA (emails: [email protected], [email protected], and [email protected]). the reliability of the entire launch operation, or, in another Digital Object Identifier 10.1109/SURV.2009.090208. application, an entire nuclear power plant. Other concepts 1553-877X/09/$25.00 c 2009 IEEE Authorized licensed use limited to: University of Pittsburgh. Downloaded on January 6, 2010 at 16:01 from IEEE Xplore. Restrictions apply. AL-KUWAITI et al.: A COMPARATIVE ANALYSIS OF NETWORK DEPENDABILITY, FAULT-TOLERANCE, RELIABILITY, SECURITY, AND SURVIVABILITY 107 have been “borrowed” from one technology and used in included in the definition of quality of service could be the another. Survivability started as a performance characteristic same attributes as those of dependability. Furthermore, in of physical communications networks and has been adopted contrast to the evolution of engineering design from the device to characterize performance of information infrastructures [7]- to the system, namely, a “bottom up” approach, dependability [12]. has a “top down” perspective. The result is an elaborate Another concept that has evolved with technology is the multi layer tree structure encompassing both quantitative and quality of service (QoS) which is defined in the ITU-T Rec. qualitative attributes. As one goes beyond a few levels in X.902 as “a set of quality requirements on the collective the tree structure, the multiplicity of possible paths from behavior of one or more objects” [13]. At the dawn of the root of the tree and the mixture of quantitative and digital communications, channel performance was expressed qualitative attributes present major challenges in translating in terms of bit error rate to be followed by quality of the top level dependability concepts into implementable design service in describing the performance of packet-switched specifications for a complex system. networks [14][15][16]. With the advent of the Internet and The work described in this paper aims toward the devel- data streaming, the quality of service concept is also used to opment of a framework for identifying a set of performance characterize the performance of an application [17]-[21]. indicators for complex systems such as an information infras- The different origins and development paths of these con- tructure. The objective is not to propose yet another concept, cepts in combination with lexicological similarities raise the but, rather, to identify from the existing concepts the proper question whether there is some degree of overlap among subset of their intersection and to develop a common and the various terms, and to what extend, if any, there are consistent understanding of the meaning of them. Depend- redundancies in using these concepts simultaneously. ability, fault-tolerance, reliability, security and survivability are This question assumes added significance, because of the used as representative examples for describing the proposed effort to develop dependability as an integrating concept that analytical framework. encompasses such attributes as availability, reliability, safety, The rapid development and wide applications of Informa- integrity, and maintainability [3]. Although, theoretically, this tion Technology (IT) in every aspect of human’s life have is a highly desirable goal, some practical problems arise made these performance indicators important challenges to primarily due to multiplicity of perspectives and definitions. system users and designers. Various critical infrastructures For example, there are more than one definitions of depend- aim towards possessing such concepts either by embedding ability [2][3][4][22][23]. Concepts that have been in use for a them in the first development design stages or as add-on long time and in different disciplines are well entrenched in features. Examples of these systems include defense sys- their respective fields and are viewed as end objectives rather tems, flight systems, communication systems, financial sys- than attributes of some other concept. One such widely used tems, energy systems, and transportation systems as presented concept is reliability. Applications range from