HOME

TheInfoList



OR:

Failing badly and failing well are concepts in systems security and network security (and engineering in general) describing how a system reacts to
failure Failure is the state or condition of not meeting a desirable or intended objective (goal), objective, and may be viewed as the opposite of Success (concept), success. The criteria for failure depends on context, and may be relative to a parti ...
. The terms have been popularized by Bruce Schneier, a cryptographer and security consultant.Homeland Insecurity
, ''
Atlantic Monthly ''The Atlantic'' is an American magazine and multi-platform publisher. It features articles in the fields of politics, foreign affairs, business and the economy, culture and the arts, technology, and science. It was founded in 1857 in Boston, ...
'', September 2002


Failing badly

A system that fails badly is one that has a catastrophic result when failure occurs. A single point of failure can thus bring down the whole system. Examples include: * Databases (such as credit card databases) protected only by a password. Once this security is breached, all data can be accessed. * Fracture critical structures, such as buildings or bridges, that depend on a single column or truss, whose removal would cause a chain reaction collapse under normal loads. * Security checks which concentrate on establishing identity, not intent (thus allowing, for example, suicide attackers to pass). * Internet access provided by a single service provider. If the provider's network fails, all Internet connectivity is lost. * Systems, including social ones, that rely on a single person, who, if absent or becomes permanently unavailable, halts the entire system. * Brittle materials, such as "over-
reinforced concrete Reinforced concrete (RC), also called reinforced cement concrete (RCC) and ferroconcrete, is a composite material in which concrete's relatively low tensile strength and ductility are compensated for by the inclusion of reinforcement having hig ...
", when overloaded, fail suddenly and catastrophically with no warning. * Keeping the only copy of data in one central place. That data is lost forever when that place is damaged, such as the
1836 U.S. Patent Office fire The 1836 U.S. Patent Office fire was the first of two major fires the U.S. Patent Office has had in its history. It occurred in Blodget's Hotel building, Washington on December 15, 1836. An initial investigation considered the possibility of a ...
, the American 1973 National Personnel Records Center fire, and the destruction of the Library of Alexandria.


Failing well

A system that fails well is one that compartmentalizes or contains its failure. Examples include: * Compartmentalized hulls in watercraft, ensuring that a hull breach in one compartment will not flood the entire vessel. * Databases that do not allow downloads of all data in one attempt, limiting the amount of compromised data. * Structurally redundant buildings conceived to resist loads beyond those expected under normal circumstances, or resist loads when the structure is damaged. * Computer systems that restart or proceed to a stopped state when an invalid operation occurs. * Access control systems that are locked when power is cut to the unit. * Concrete structures which show
fracture Fracture is the separation of an object or material into two or more pieces under the action of stress. The fracture of a solid usually occurs due to the development of certain displacement discontinuity surfaces within the solid. If a displa ...
s long before breaking under load, thus giving early warning. * Armoured
cockpit A cockpit or flight deck is the area, usually near the front of an aircraft or spacecraft, from which a Pilot in command, pilot controls the aircraft. The cockpit of an aircraft contains flight instruments on an instrument panel, and the ...
doors on airplanes, which confine a potential hijacker within the cabin even if they are able to bypass airport security checks. * Internet connectivity provided by more than one vendor or discrete path, known as multihoming. *
Star A star is an astronomical object comprising a luminous spheroid of plasma (physics), plasma held together by its gravity. The List of nearest stars and brown dwarfs, nearest star to Earth is the Sun. Many other stars are visible to the naked ...
or
mesh network A mesh network is a local area network topology in which the infrastructure nodes (i.e. bridges, switches, and other infrastructure devices) connect directly, dynamically and non-hierarchically to as many other nodes as possible and cooperate wit ...
s, which can continue to operate when a node or connection has failed (though for a star network, failure of the central hub will still cause the network to fail). * Ductile materials, such as "under-
reinforced concrete Reinforced concrete (RC), also called reinforced cement concrete (RCC) and ferroconcrete, is a composite material in which concrete's relatively low tensile strength and ductility are compensated for by the inclusion of reinforcement having hig ...
", when overloaded, fail gradually – they yield and stretch, giving some warning before ultimate failure. * Making a
backup In information technology, a backup, or data backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss event. The verb form, referring to the process of doing so, is "back up", w ...
copy of all important data and storing it in a separate place. That data can be recovered from the other location when either place is damaged. Designing a system to 'fail well' has also been alleged to be a better use of limited security funds than the typical quest to eliminate all potential sources of errors and failure.
Failing Well with Information Security
'' - Young, William; Apogee Ltd Consulting, 2003


See also

* * * * *


References

{{Reflist Engineering failures Systems theory Security engineering