SRASA: a Generalized Theoretical Framework for Security and Reliability Analysis in Computing Systems

Although there is a pressing need for highly secure and reliable computing systems, there is a glaring lack of formalism under which the properties of reliability and security can be jointly designed into these systems. This gap can primarily be attributed to the evolution of the two subfields. In the work, we introduce a unified generalized theoretical framework, called security and reliability aware state automaton (SRASA), to formally describe the specifications of a computer system that cover both security and reliability. SRASA is a 22-tuple finite state machine model that encompasses both physical and abstract states of the system, which may suffer from passive and active attacks. Three case studies illustrate the interpretation and application of the proposed SRASA theoretical framework. Our analysis and experimental results show that a non-physical attack may exploit unspecified or untested states to implement the malicious purpose, rather than introducing a new state to the system. To the best of our knowledge, this is the first attempt to bridge the current design specification gap between secure and reliable computing systems using a unified automaton approach. A general yet complete methodology that will encompass all aspects of system design, from the functional level specification to the gate level design at any system granularity, may not be feasible or it may be beyond the scope of a single work. Therefore, we aim in this work to (1) give an overview of the current landscape of reliability and security in systems design, (2) introduce a generalized framework to specify and reason about both reliability and security in the system design process, and finally (3) be general enough in the framework specification that it can be adopted or customized to more specific or concrete design instances.