Handling Obstacles in Goal-Oriented Requirements Engineering
IEEE Transactions on Software Engineering - special section on current trends in exception handling—part II
Hack I.T.: security through penetration testing
Hack I.T.: security through penetration testing
Introduction to Multiagent Systems
Introduction to Multiagent Systems
Valuation of Trust in Open Networks
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
A Practical Approach to Measuring Assurance
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
A CC-based Security Engineering Process Evaluation Model
COMPSAC '03 Proceedings of the 27th Annual International Conference on Computer Software and Applications
Developing Secure Networked Web-Based Systems Using Model-based Risk Assessment and UMLsec
APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
Scenario graphs and attack graphs
Scenario graphs and attack graphs
Cost-Benefit Trade-Off Analysis Using BBN for Aspect-Oriented Risk-Driven Development
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
The essential synthesis of problem frames and assurance cases
Proceedings of the 2006 international workshop on Advances and applications of problem frames
A New Evaluation Strategy Based on Combining CC and SSE-CMM for Security Systems and Products
GCC '06 Proceedings of the Fifth International Conference on Grid and Cooperative Computing
Early quality prediction of component-based systems - A generic framework
Journal of Systems and Software
A Near Real-Time System for Security Assurance Assessment
ICIMP '08 Proceedings of the 2008 The Third International Conference on Internet Monitoring and Protection
Journal of Systems and Software
On System Security Metrics and the Definition Approaches
SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
A Systems Dynamics View of Security Assurance Issues: "The Curse of Complexity and Avoiding Chaos"
HICSS '09 Proceedings of the 42nd Hawaii International Conference on System Sciences
Security compliance: the next frontier in security research
Proceedings of the 2008 workshop on New security paradigms
On the Operational Security Assurance Evaluation of Networked IT Systems
NEW2AN '09 and ruSMART '09 Proceedings of the 9th International Conference on Smart Spaces and Next Generation Wired/Wireless Networking and Second Conference on Smart Spaces
Multi-agent based security assurance monitoring system for telecommunication infrastructures
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Structured Assurance Case Methodology for Assessing Software Trustworthiness
SSIRI-C '10 Proceedings of the 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement Companion
The irreversible march of technology
Information Security Tech. Report
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-33. Underlying Technical Models for Information Technology Security
SP 800-33. Underlying Technical Models for Information Technology Security
IEEE Transactions on Fuzzy Systems
Taxonomy of quality metrics for assessing assurance of security correctness
Software Quality Control
Hi-index | 0.00 |
In this paper we discuss the issues relating the evaluation and reporting of security assurance of runtime systems. We first highlight the shortcomings of current initiatives in analyzing, evaluating and reporting security assurance information. Then, the paper proposes a set of metrics to help capture and foster a better understanding of the security posture of a system. Our security assurance metric and its reporting depend on whether or not the user of the system has a security background. The evaluation of such metrics is described through the use of theoretical criteria, a tool implementation and an application to a case study based on an insurance company network.