A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
Adversary work factor as a metric for information assurance
Proceedings of the 2000 workshop on New security paradigms
Proceedings of the 2002 ACM symposium on Applied computing
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Information Assurance Measures and Metrics " State of Practice and Proposed Taxonomy
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Model-Based Evaluation: From Dependability to Security
IEEE Transactions on Dependable and Secure Computing
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Dependability metrics
Formal approach to security metrics.: what does "more secure" mean for you?
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
| Hi-index | 0.01 |
The authors recommend to quantify the security of a complex system by first quantifying the security of its components, and, in a second step, by calculating the overall security according to a given method. This paper summarizes the state of the art of security measures for components and presents a new method for combining these measures into the system's security. The proposed method starts with an intuitive graphical representation of the system. This representation is converted into an algebraic expression using abstract AND, OR, and MEAN operators. Applying application-dependent semantics to these operators will allow for an evaluation of the model.