Quantitative security assurance metrics

Katt, Basel; Prasher, Nishu

doi:10.1145/3241403.3241464

Cited by 11 publications

(10 citation statements)

References 22 publications

(24 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security assurance is a complex and time-consuming process that goes throughout the development lifecycle of a (software) system begins from the protection profile initiation to the TOE certification. The security assurance process of a system requires a set of inputs such as TOE, the operational environment, assessment criteria and requirements (assurance profile), assurance methods, and assurance level [49]. This process goes through multiple stages and involves various activities such as defining security goals, security requirement analysis, threat analysis, vulnerability analysis, penetration testing, security audit, scoring, and analysis, etc.…”

Section: Security Assurancementioning

confidence: 99%

“…Requirements Elicitation [36,49], Specification [43,49], Identification [14,49], Aggregation [49,85], Measurement [47,49], Prioritization [43], Modelling [49,52,100,109], Correctness [80], Tracing [36], Security Requirements Engineering Process [69],…”

Section: Constructionmentioning

confidence: 99%

“…NIST defined security assurance as a "measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy" [86]. Katt and Prasher [49] defined security assurance as "the confidence that a system meets its security requirements and is resilient against security vulnerabilities and failures. "…”

mentioning

confidence: 99%

See 2 more Smart Citations

System Security Assurance: A Systematic Literature Review

Shukla¹,

Katt²,

Nweke³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We systematically review the requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We shed light on the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.CCS Concepts: • General and reference → Surveys and overviews; • Security and privacy → Systems security.

show abstract

Section: Security Assurancementioning

confidence: 99%

Section: Constructionmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

System Security Assurance: A Systematic Literature Review

Shukla¹,

Katt²,

Nweke³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…This analysis for different possible software configurations results in a discrete Trust Assurance Level (TAL value, eg, 1 to 10). 34 It is important to differentiate that the TAL value is assigned to a particular software stack as opposed to the Trust_Token which is issued to a particular cloud platform-though it also includes a TAL value.…”

Section: Platform Trust Assurance Authoritymentioning

confidence: 99%

“…In defining the possible roles of the PTAA, we envisage numerous use case scenarios based upon the types of cloud users. For example, in addition to TAL value evaluation for a software stack, 34 the PTAA can also suggest a mapping of a certain type of user security requirements to appropriate trust levels. This can be done by getting security requirements from the user using a questionnaire and suggest an appropriate TAL value for such user.…”

Section: Platform Trust Assurance Authoritymentioning

confidence: 99%

Security and trust preserving inter‐ and intra‐cloud VM migrations

2020

View full text Add to dashboard Cite

This paper focus on providing a secure and trustworthy solution for virtual machine (VM) migration within an existing cloud provider domain, and/or to the other federating cloud providers. The infrastructure-as-a-service (IaaS) cloud service model is mainly addressed to extend and complement the previous Trusted Computing techniques for secure VM launch and VM migration case. The VM migration solution proposed in this paper uses a Trust_Token based to guarantee that the user VMs can only be migrated and hosted on a trustworthy and/or compliant cloud platforms. The possibility to also check the compliance of the cloud platforms with the pre-defined baseline configurations makes our solution compatible with an existing widely accepted standards-based, security-focused cloud frameworks like FedRAMP. Our proposed solution can be used for both inter-and intra-cloud VM migrations. Different from previous schemes, our solution is not dependent on an active (on-line) trusted third party; that is, the trusted third party only performs the platform certification and is not involved in the actual VM migration process. We use the Tamarin solver to realize a formal security analysis of the proposed migration protocol and show that our protocol is safe under the Dolev-Yao intruder model. Finally, we show how our proposed mechanisms fulfill major security and trust requirements for secure VM migration in cloud environments.

show abstract

The Nature of the Beast

Rosen¹

2020

Guide to Software Systems Development

View full text Add to dashboard Cite

Quantitative security assurance metrics

Cited by 11 publications

References 22 publications

System Security Assurance: A Systematic Literature Review

System Security Assurance: A Systematic Literature Review

Security and trust preserving inter‐ and intra‐cloud VM migrations

The Nature of the Beast

Contact Info

Product

Resources

About