Skip to main content
SpringerLink
Log in

Towards Security Evaluation Based on Evidence Collection

  • Conference paper
Fuzzy Systems and Knowledge Discovery (FSKD 2006)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 4223))

Included in the following conference series:

Abstract

Information security evaluation of software-intensive systems typically relies heavily on the experience of the security professionals. Obviously, automated approaches are needed in this field. Unfortunately, there is no practical approach to carrying out security evaluation in a systematic way. We introduce a general-level holistic framework for security evaluation based on security behavior modeling and security evidence collection, and discuss its applicability to the design of security evaluation experimentation set-ups in real-world systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transactions on Dependable and Secure Computing 1(1), 11–33 (2004)

    Article  Google Scholar 

  2. Brocklehurst, S., Littlewood, B., Olovsson, T., Jonsson, E.: On Measurement on Opera-tional Security. IEEE AES Systems Magazine, 7–15 (October 1994)

    Google Scholar 

  3. Greenwald, M., Gunter, C., Knutsson, B., Seedrov, A., Smith, J., Zdancewic, S.: Computer Security is not a Science (but it should be). In: Large-Scale Network Security Workshop, Landsdowne, VA, March 13-14 (2003)

    Google Scholar 

  4. ISO/IEC 15408: Common Criteria for Information Technology Security Evaluation, Version 2.2 (2004)

    Google Scholar 

  5. ISO/IEC 21827: Information Technology – Systems Security Engineering – Capability Maturity Model (SSE-CMM) (2002)

    Google Scholar 

  6. McDermid, J.A., Shi, Q.: A Formal Approach for Security Evaluation, pp. 47–55 (1992)

    Google Scholar 

  7. Nicol, D., Sanders, W.H., Trivedi, K.S.: Model-Based Evaluation: From Dependability to Security. IEEE Transactions on Dependable and Secure Computing 1(1), 48–65 (2004)

    Article  Google Scholar 

  8. Trusted Computer System Evaluation Criteria, “Orange Book”, U.S. Department of Defense Standard, DoD 5200.28-std (1985)

    Google Scholar 

  9. Voas, J., Ghosh, A., McGraw, G., Charron, F., Miller, K.: Defining an Adaptive Software Security Metric from a Dynamic Software Failure Tolerance Measure. In: Proceedings of the 11th Annual Conference on Computer Assurance, Systems Integrity, Soft-ware Safety, Process Security (COMPASS) (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. VTT Technical Research Centre of Finland, P.O. Box 1100, FIN-90571, Oulu, Finland

    Reijo Savola

Authors
  1. Reijo Savola
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Electrical and Electronic Engineering, Nanyang Technological University,, Block S1, Nanyang Avenue, 639798, Singapore

    Lipo Wang

  2. Life Science Research Center, School of Electronic Engineering, Xidian University,, 710071, Xi’an, Shaanxi, China

    Licheng Jiao

  3. School of Electrical and Electronic Engineering, Xidian University, 710071, Xi’an, China

    Guanming Shi

  4. School of Information Technology and Electrical Engineering, The University of Queensland, 4072, Brisbane, Queensland, Australia

    Xue Li

  5. College of Mathematics and Information Science, Hebei Normal University, 050016, Shijiazhuang, Hebei, P.R. China

    Jing Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Savola, R. (2006). Towards Security Evaluation Based on Evidence Collection. In: Wang, L., Jiao, L., Shi, G., Li, X., Liu, J. (eds) Fuzzy Systems and Knowledge Discovery. FSKD 2006. Lecture Notes in Computer Science(), vol 4223. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11881599_146

Download citation

  • DOI: https://doi.org/10.1007/11881599_146

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-45916-3

  • Online ISBN: 978-3-540-45917-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation