A uniform approach to security and fault-tolerance specification and analysis

The availability of techniques for dependability specification and analysis is essential for the design and the implementation of trustworthy software architectures. Today's software architectures are usually designed following the principle of component-based software engineering, they are open and networked, and dependable software architectures are required to be both secure and fault-tolerant. Traditional methods of dependability analysis of software architectures must evolve as well to keep on supporting the software engineering practice. This step is not straightforward. Methods and tools for the specification and analysis of fault-tolerance are usually independent from those available in security, while a unified approach would reinforce proving the overall systems' trustworthiness. This paper demonstrates that, in certain cases, a uniform approach between fault-tolerance and security is possible. We propose to check dependability properties against an unspecified environment that plays the same role as a malicious intruder in security. Then, we show how two security analysis techniques, related to partial model checking and to generalized non-interference, can be applied to verify a family of fault-tolerance properties. A running example illustrates the applicability of the proposed approaches.