Survivability Requirements
A
survivability requirement is any
quality requirement that
specifies a required amount of
survivability.
The typical objectives of a survivability requirement are
to:
- Ensure that essential services continue during and after
an attack by:
- Resisting attacks, especially with regard to essential
services.
- Recognizing attacks and their associated damage.
- Recovering essential and full services after an
attack.
- Evolving to become more resistent to similar attacks in
the future.
- Ensure that failure under attack is graceful, resulting
in a degraded mode of operation that still provides essential
services.
The following are typical examples of survivability
requirements:
- “The application shall not have a single point of
failure.”
- “The application shall continue to function
(possibly in degraded mode) even if a data center is
destroyed.”
The following guidelines have been found to be useful when
producing survivability requirements:
- The scope of a servivability requirement can be:
- Survivability requirements are often critical for
military applications.
- Avoid confusing
robustness
requirements with survivability requirements. Survivabilty
requirements deal with safeguarding against damage or loss
due to
intentional malicious threats, whereas robustness
requirements deal with safeguarding against
unintentional hardware failures, human errors,
etc.
- Also avoid confusing
physical
protection requirements with survivability requirements.
Survivability requirements specify
continued functioning after an attack, whereas
physical protection requirements specify the
protection of components. Physical protection
requirements are often prerequisites for survivability
requirements.
- Survivability requirements should
not be confused with (nor specified in terms
of) the types of security architecture mechanisms that are
typically used to implement them:
- Hardware redundancy.
- Data center redundancy.
- Failover software.