CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

On measurement of operational security

Sarah Brocklehurst ; Bev Littlewood ; Tomas Olovsson (Institutionen för datorteknik) ; Erland Jonsson (Institutionen för datorteknik)
IEEE Aerospace and Electronic Systems Magazine (0885-8985). Vol. 9 (1994), 10, p. 7-16.
[Artikel, refereegranskad vetenskaplig]

Ideally, a measure of the security of a system should capture quantitatively the intuitive notion of "the ability of the system to resist attack." That is, it should be operational, reflecting the degree to which the system can be expected to remain free of security breaches under particular conditions of operation (including attack). Instead, current security levels at best merely reflect the extensiveness of safeguards introduced during the design and development of a system. Whilst we might expect a system developed to a higher level than another to exhibit "more secure behavior" in operation, this cannot be guaranteed; more particularly, we cannot infer what the actual security behavior will be from knowledge of such a level. In the paper we discuss similarities between reliability and security with the intention of working toward measures of "operational security" similar to those that we have for reliability of systems. Very informally, these measures could involve expressions such as the rate of occurrence of security breaches, or the probability that a specified "mission" can be accomplished without a security breach. This new approach is based on the analogy between system failure and security breach, but it raises several issues which invite empirical investigation. We briefly describe a pilot experiment that we have conducted to judge the feasibility of collecting data to examine these issues.



Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2012-12-13.
CPL Pubid: 167751

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)


Institutioner (Chalmers)

Institutionen för datorteknik (1985-2001)

Ämnesområden

Informations- och kommunikationsteknik
Informationsteknologi
Datorteknik