INFORMATION INSURANCE /JNL
A reflection on how to deal with complex information systems.
1) Assuming the impossibility of demonstration that a system is
completely error free.
Even for a single pocket calculator, a error-free-proof that should
show me that for any input values the calculatations are correct,
can lead to combinational explosions if an exhaustive attack is tried,
or complicated circuit analysis and modeling in case of formal proof.
2) Considering errors as unpredictable incidents on the system.
Errors would be any system behavior not foreseen or expected.
Errors could be catastrophes, if besides unpredictable,
they bring damages.
Perhaps we can compare real life catastrophes with
information system error.
As in real life, none is free from a catastrophe.
Even for a single pocket calculator, a possible hidden little error
on a multiplication of two particular values can lead to big losses,
if it's just a calculation of millions quantities.
3) Transferring the technological problem of error-free-proof to
catastrophe-detection-registration associated with risk evaluation.
The purchasers of information systems need protection against
catastrophes.
When somebody buy a car, he or she knows the dangers on the streets,
and do an insurance to be protected. Perhaps less people would buy
cars if it was not possible to insure it.
If I have to put a precious data-base in the hands of an information
system that does not give to me an error-free proof, I would like to
have the chance of insure them against accidents, against errors.
A risk evaluation would be according to the level of confidence
in the system, gained by quality tests and reputation.
But, as the risk is inevitable, insurance is a necessity.
The Information Insurance is the way that the three business partners:
purchaser, supplier and insurer, can agree and realize in the
information world, the typical insurance transaction of real life.
In annex, is the translation of the description report presented to
Istituto Nacional da Propriedade Industrial - Brasil
Deposito PI 8905696, by Jose Negreira Lopez, Sao Paulo 1-NOV-89
Just for thinking.
Suppose a future with a real world in so bad conditions that
every body prefer and have the possibility to live connected to
a much more pleasure and perfect world created by virtual reality.
An error in the emulation for a person could kill him virtually, and
this person would need to come back to the "problems" of real life.
This software error, perhaps very difficult to catch and solve,
could be detected by the emulation stopping, and a virtual life
insurance could protect this person. As in real life.
I am trying to start a line of investigation, foreseeing the extremely
complexity of the future information systems, that besides of the
continuous improvements in software quality and security,
I think will need to present, not the definitive proof of error free,
but just a humble acknowledgement of self mistakes.
Jose Negreira.
Madrid, April 15th of 1996.
PS. Comments are welcome.
-------------------------real- ---------------------------virtual-
Jose Negreira Lopez [email protected]
------------------------------ -----------------------------------
ANNEX --------------------------------------------------------------
"INFORMATION INSURANCE"
The objective.
An Information Insurance system, belonging to the field of
Information Technology, developed to register conditions of
catastrophes or bad behaviors of information systems,
so that a user can characterize damages to be compensated.
The situation.
Any information system, in general, involves three parts:
- input information;
- information processing;
- output information.
The information processing is determined by the output expected
from the input. With good input, the quality of the output is
determined by the quality of the information processing.
The value (some kind of value) of this output information is,
or should be, higher then the input.
That is the reason to develop Information Technology.
The input information has a value (or cost, price, etc) too.
In spite of this, a user of an information system, the owner of
the input information to be processed, normally has few guarantees
against eventual errors or bad faith from the supplier of the
system, that can damage the value of the input or compromise the
output.
As more complex a system is, more difficult is to foresee all the
possible situations, including the ones that can bring catastrophes
or bad behaviors of the system, carrying on losses to the customer.
The problem.
How can purchasers of information systems be sure of no catastrophes ?
Unless a complete error-free proof be presented, what is impractical,
they can't.
Information system errors could be viewed as like natural catastrophes.
We know they can happen imposing losses.
The purchasers are in a vulnerable position.
The solution.
To purchase a system with Information Insurance.
The Information Insurance is a device that allows the register of
one or more catastrophic conditions on an information system,
characterizing damages to be compensated to the user.
By this way, information system errors can be covered by insurance
policies.
The device. +--------------+
Composed of three elements: ! +-----+ !
- Catastrophe detector, block 1; ! ! (1) !<----
- Catastrophe register, block 2; ! +-----+ !
- Shelter, block 3; ! ! /! !
! ! / ! !
! ! (2) ! !
! ! / ! !
! !/ ! !
! +-----+ (3)!
+--------------+
The detector (1), fed with the required information, monitors the
information system and activates the register (2) when a catastrophic
condition happens,
The register (2) has two states: normal or activated. At normal state
waits an activation from the detector (1), when then goes to the
activated state.
The shelter (3) is the element that guarantees the reliability
of the information fed to the detector and that seals both,
detector (1) and register (2), to guarantee their integrity.
This three elements can be realized in any technologic field more
suitable to the system in question.
The operation.
The purchaser receives the system with an Information Insurance,
where the catastrophe register is in normal state. As the informations
are being processed, the catastrophe detector verifies if the error
condition happens. If it happened, the detector activates the
catastrophe register, that passes to the activated state, keeping up
this state.
By this way, the user having the Information Insurance with the
catastrophe register activated and the shelter intact,
can claim the correspondent loss.
Once solved the incident, the shelter can be violated by
authorized personal to turn back the register to the normal state,
put back the shelter again and go on with the operation.
Several Information Insurances can be put on a same system, to
register different catastrophic condition.
The information system suppliers that admit the use of the device
are given to their clients a proof of trust on their systems and
means to guarantee a compensation by possible losses.
The claim.
"INFORMATION INSURANCE" being a device realized in a suitable
technology to a information system, characterized to be composed
by three elements: catastrophe detector (block 1), catastrophe
register (block 2) and shelter (block 3); the detector
being fed with adequate information from the system, detects
one or more catastrophic condition and activates the register,
that has two states: normal or activated. On the first state
waits the activation from the detector, and the second state
is consequence of this activation and indicates the occurrence
of a catastrophe. The shelter guarantees that the information
fed to the detector is reliable and seals the other two elements.
The resume.
"INFORMATION INSURANCE", comprising a device, compatible
with the information system to be insured, that guarantees the
register of catastrophic incidents on the informations, allowing
the user of the system to prove damages to be compensated.
END ANNEX ----------------------------------------------------------