Vitenskapelig Kapittel/Artikkel/Konferanseartikkel   2009

Savola, Reijo M.; Abie, Habtamu

Publikasjonsdetaljer

Sider:

1–6

År:

2009

Lenker:

FULLTEKST: http://dx.doi.org/10.1109/ICAICT.2009.5372566

Del av: 2009 International Conference on Application of Information and Communication Technologies (AICT 2009) (IEEE conference proceedings, 2009)

Carefully designed security metrics of practical relevance can be used to provide evidence of the security behavior of the system under development or operation. This study investigates a practical development of security metrics for a distributed messaging system based on threat and vulnerability analysis and security requirements. Our approach is thus requirement-centric. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Both non-attack strategy oriented and attacker behaviour oriented metrics are investigated. The available on-line evidence information of the security performance of the system is integrated with off-line metrics to enable holistic decision-making for security management of the system