In my Wish List, an Automated Tool for Fail-Secure Design Analysis: an Alloy-Based Feasibility Draft
This addresses a gap in security validation for certification schemes like Common Criteria or NATO, but it is incremental as it presents only a preliminary draft.
The paper tackled the overlooked problem of fail-secure design analysis by providing a definition and a feasibility draft of an automated tool based on the Alloy model checker.
A system is said to be fail-secure, sometimes confused with fail-safe, if it maintains its security requirements even in the event of some faults. Fail-secure analyses are required by some validation schemes, such as some Common Criteria or NATO certifications. However, it is an aspect of security which as been overlooked by the community. This paper attempts to shed some light on the fail-secure field of study by: giving a definition of fail-secure as used in those certification schemes, and emphasizing the differences with fail-safe; and exhibiting a first feasibility draft of a fail-secure design analysis tool based on the Alloy model checker.