Failing badly

From Wikipedia, the free encyclopedia

Failing badly and failing well are concepts in systems security and network security (and engineering in general) describing how a system reacts to failure. The terms have been popularized by Bruce Schneier, a cryptographer and security consultant.[1][2]

Failing badly[edit]

A system that fails badly is one that has a catastrophic result when failure occurs. A single point of failure can thus bring down the whole system. Examples include:

Failing well[edit]

A system that fails well is one that compartmentalizes or contains its failure. Examples include:

  • Compartmentalized hulls in watercraft, ensuring that a hull breach in one compartment will not flood the entire vessel.
  • Databases that do not allow downloads of all data in one attempt, limiting the amount of compromised data.
  • Structurally redundant buildings conceived to resist loads beyond those expected under normal circumstances, or resist loads when the structure is damaged.
  • Computer systems that restart or proceed to a stopped state when an invalid operation occurs.[3]
  • Access control systems that are locked when power is cut to the unit.[3]
  • Concrete structures which show fractures long before breaking under load, thus giving early warning.
  • Armoured cockpit doors on airplanes, which confine a potential hijacker within the cabin even if they are able to bypass airport security checks.[1]
  • Internet connectivity provided by more than one vendor or discrete path, known as multihoming.
  • Star or mesh networks, which can continue to operate when a node or connection has failed (though for a star network, failure of the central hub will still cause the network to fail).
  • Ductile materials, such as "under-reinforced concrete", when overloaded, fail gradually – they yield and stretch, giving some warning before ultimate failure.
  • Making a backup copy of all important data and storing it in a separate place. That data can be recovered from the other location when either place is damaged.

Designing a system to 'fail well' has also been alleged to be a better use of limited security funds than the typical quest to eliminate all potential sources of errors and failure.[4]

See also[edit]

References[edit]

  1. ^ a b Homeland Insecurity Archived 2011-09-28 at the Wayback Machine, Atlantic Monthly, September 2002
  2. ^ David Hillson (29 March 2011). The Failure Files: Perspectives on Failure. Triarchy Press. p. 146. ISBN 9781908009302.
  3. ^ a b Eric Vanderburg (February 18, 2013). "Fail Secure – The right way to fail". PC Security World.
  4. ^ Failing Well with Information Security Archived 2008-10-14 at the Wayback Machine - Young, William; Apogee Ltd Consulting, 2003