Towards an abstraction layer for security assurance measurements: (invited paper)

Authors:
Teemu Kanstrén;Reijo Savola;Antti Evesti;Heimo Pentikäinen;Artur Hecker;Moussa Ouedraogo;Kimmo Hätönen;Perttu Halonen;Christophe Blad;Oscar López;Saioa Ros
Affiliations:
VTT Technical Research Centre of Finland, Oulu, Finland;VTT Technical Research Centre of Finland, Oulu, Finland;VTT Technical Research Centre of Finland, Oulu, Finland;VTT Technical Research Centre of Finland, Oulu, Finland;Telecom Paris Tech, Paris, France;Research Center Henri Tudor, Kirchberg, Luxembourg;Nokia Siemens Networks, Espoo, Finland;Nokia Siemens Networks, Espoo, Finland;Oppida, Montigny le Bretonneux, France;Nextel S.A. Zamudio, Spain;Nextel S.A. Zamudio, Spain
Venue:
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Year:
2010

Citing 8
Cited 1

Information Assurance Measures and Metrics " State of Practice and Proposed Taxonomy

HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
A Taxonomy of Information Security for Service-Centric Systems

EUROMICRO '07 Proceedings of the 33rd EUROMICRO Conference on Software Engineering and Advanced Applications
A Systematic Review and Comparison of Security Ontologies

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
GEMOM - Significant and Measurable Progress beyond the State of the Art

ICSNC '08 Proceedings of the 2008 Third International Conference on Systems and Networks Communications
Applicability of security metrics for adaptive security management in a universal banking hub system

Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Innovations and Advances in Adaptive Secure Message Oriented Middleware

ICDCSW '10 Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops
Security-Measurability-Enhancing Mechanisms for a Distributed Adaptive Security Monitoring System

SECURWARE '10 Proceedings of the 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies
Security ontology for annotating resources

OTM'05 Proceedings of the 2005 OTM Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, COA, and ODBASE - Volume Part II

Can we measure security and how?

Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research

Quantified Score

Hi-index	0.00

Visualization

Abstract

Measurement of any complex, operational system is challenging due to the continuous independent evolution of the components. Security risks introduce another dimension of dynamicity, reflected to risk management and security assurance activities. The availability of different measurements and their properties will vary during the overall system lifecycle. To be useful, a measurement framework in this context needs to be able to adapt to both the changes in the target of measurement and in the available measurement infrastructure. In this study, we introduce a taxonomy-based approach for relating the available and attainable measurements to the measurement requirements of security assurance plans by providing an Abstraction Layer that makes it easier to manage these dynamic features. The introduced approach is investigated in terms of a security assurance case example of firewall functionality in a Push E-mail service system.