Abstract
The authors recommend to quantify the security of a complex system by first quantifying the security of its components, and, in a second step, by calculating the overall security according to a given method. This paper summarizes the state of the art of security measures for components and presents a new method for combining these measures into the system’s security. The proposed method starts with an intuitive graphical representation of the system. This representation is converted into an algebraic expression using abstract AND, OR, and MEAN operators. Applying application-dependent semantics to these operators will allow for an evaluation of the model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Schuedel, G., Wood, B.: Adversary Work Factor as a Metric for Information Assurance. In: Proc. of the New Security Paradigm Workshop (2000)
Schneier, B.: Attack trees. Dr. Dobb’s Journal (1999)
Schneier, B.: Secrets and Lies – Digital Security in a Networked World. Wiley and Sons, Chichester (2000)
Jonsson, E., Olovsson, T.: A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering 23, 235–245 (1997)
Wang, C., Wulf, W.: Towards a Framework for Security Measurement. In: Proc. of the National Information Systems Security Conference (NISSC 1997) (1997)
Kotenko, I., Mankov, E.: Experiments with Simulation of Attacks against Computer Networks. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 187–198. Springer, Heidelberg (2003)
Nicol, D.M., Sanders, W.H., Trivedi, K.S.: From Dependability to Security. IEEE Transactions on Dependable and Secure Computing 1, 48–65 (2004)
Tidwell, T., Larson, R., Fitch, K., Hale, J.: Modeling internet attacks. In: Proc. of the 2001 IEEE Workshop on Information Assurance and Security, pp. 54–59 (2001)
Steffan, J., Schumacher, M.: Collaborative attack modeling. In: Proc. of the 17th ACM Symposium on Applied Computing (SAC 2002), pp. 253–259 (2002)
Hunstad, A., Hallberg, J.: Design for securability - Applying engineering principles to the design of security architectures. In: Proc. of the Workshop of Application of Engineering Principles to System Security Design (WAEPSSD) (2002)
Voas, J., Ghosh, A., McGraw, G., Charron, F.: Defining an Adaptive Software Security Metric from a Dynamic Software Failure Tolerance Measure. In: Proc. of the 11th Annual Conference on Computer Assurance (COMPASS 1996) (1996)
Levi, D.: Lessons learned in using live red teams in IA experiments. In: Proc. of the DARPA Information Survivability Conference and Exposition, vol. 1, pp. 110–119. IEEE, Los Alamitos (2003)
Vaughn, R.B., Henning, R., Sira, A.: Information Assurance Measures and Metrics - State of Practice and Proposed Taxonomy. In: Proc. of the 36th Annual Hawaii International Conference on System Sciences (HICSS 2003), vol. 9 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Walter, M., Trinitis, C. (2006). Quantifying the Security of Composed Systems. In: Wyrzykowski, R., Dongarra, J., Meyer, N., Waśniewski, J. (eds) Parallel Processing and Applied Mathematics. PPAM 2005. Lecture Notes in Computer Science, vol 3911. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11752578_124
Download citation
DOI: https://doi.org/10.1007/11752578_124
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34141-3
Online ISBN: 978-3-540-34142-0
eBook Packages: Computer ScienceComputer Science (R0)