Formal approach to security metrics.: what does "more secure" mean for you?

Authors:
Leanid Krautsevich;Fabio Martinelli;Artsiom Yautsiukhin
Affiliations:
University of Pisa, Pisa, Italy;Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy;Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy
Venue:
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Year:
2010

Citing 13
Cited 2

A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior

IEEE Transactions on Software Engineering
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security

IEEE Transactions on Software Engineering
Security attribute evaluation method: a cost-benefit approach

Proceedings of the 24th International Conference on Software Engineering
Analysis of security protocols as open systems

Theoretical Computer Science
A method for modeling and quantifying the security attributes of intrusion tolerant systems

Performance Evaluation - Dependable systems and networks-performance and dependability symposium (DSN-PDS) 2002: Selected papers
Information security models and metrics

Proceedings of the 43rd annual Southeast regional conference - Volume 2
A weakest-adversary security metric for network configuration security analysis

Proceedings of the 2nd ACM workshop on Quality of protection
Complete Guide to Security and Privacy Metrics

Complete Guide to Security and Privacy Metrics
Security Metrics: Replacing Fear, Uncertainty, and Doubt

Security Metrics: Replacing Fear, Uncertainty, and Doubt
Minimum-cost network hardening using attack graphs

Computer Communications
An Attack Graph-Based Probabilistic Security Metric

Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Quantifying the security of composed systems

PPAM'05 Proceedings of the 6th international conference on Parallel Processing and Applied Mathematics
SP 800-30. Risk Management Guide for Information Technology Systems

SP 800-30. Risk Management Guide for Information Technology Systems

Formal analysis of security metrics and risk

WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
A general method for assessment of security in complex services

ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security metrics are the tools for providing correct and up-to-date information about a state of security. This information is essential for managing security efficiently. Although a number of security metrics were proposed we still need reliable ways for assessment of security. First of all, we do not have a widely-accepted and unambiguous definition which defines what it means that one system is more secure than another one. Without this knowledge we cannot show that a metric really measures security. Second, there is no a universal formal model for all metrics which can be used for rigourous analysis. In this paper we investigate how we can define "more secure" relation and propose our basic formal model for a description and analysis of security metrics.