A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Security attribute evaluation method: a cost-benefit approach
Proceedings of the 24th International Conference on Software Engineering
Analysis of security protocols as open systems
Theoretical Computer Science
A method for modeling and quantifying the security attributes of intrusion tolerant systems
Performance Evaluation - Dependable systems and networks-performance and dependability symposium (DSN-PDS) 2002: Selected papers
Information security models and metrics
Proceedings of the 43rd annual Southeast regional conference - Volume 2
A weakest-adversary security metric for network configuration security analysis
Proceedings of the 2nd ACM workshop on Quality of protection
Complete Guide to Security and Privacy Metrics
Complete Guide to Security and Privacy Metrics
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Minimum-cost network hardening using attack graphs
Computer Communications
An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Quantifying the security of composed systems
PPAM'05 Proceedings of the 6th international conference on Parallel Processing and Applied Mathematics
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
Formal analysis of security metrics and risk
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
A general method for assessment of security in complex services
ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet
Hi-index | 0.00 |
Security metrics are the tools for providing correct and up-to-date information about a state of security. This information is essential for managing security efficiently. Although a number of security metrics were proposed we still need reliable ways for assessment of security. First of all, we do not have a widely-accepted and unambiguous definition which defines what it means that one system is more secure than another one. Without this knowledge we cannot show that a metric really measures security. Second, there is no a universal formal model for all metrics which can be used for rigourous analysis. In this paper we investigate how we can define "more secure" relation and propose our basic formal model for a description and analysis of security metrics.