Why to adopt a security metric? A brief survey

Atzeni, Andrea; Lioy, Antonio

doi:10.1007/978-0-387-36584-8_1

Cited by 29 publications

(19 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Various kinds of network security metrics have been talked about in [6] [7]. Qualitative security evaluations are mostly based on subjective methods, and reach boolean results, such as whether a network or resource is secure.…”

Section: Related Workmentioning

confidence: 99%

Applying Attack Graphs to Network Security Metric

Xie

Wen

Zhang

et al. 2009

2009 International Conference on Multimedia Information Networking and Security

View full text Add to dashboard Cite

Since attack graphs provide practical attack context and relationships among vulnerabilities, researchers have been trying to evaluate network security based on attack graphs. However, previous works focus their attention on specific evaluations they concerned, and each does things in his own way. There is no explicit way telling network administrators how to measure network security in a general way. In this paper, we propose a new metric framework, whose main goal is to guide people to perform evaluations based on attack graphs. The main components of proposed metric framework include Security Index, Target of Evaluation, Elementary Attribute, Composition Algorithm, and Arithmetic operators. Relative definitions and analysis of these five components are also given. The following examples show the applications of our metric framework, and validate it.

show abstract

Section: Related Workmentioning

confidence: 99%

Applying Attack Graphs to Network Security Metric

Xie

Wen

Zhang

et al. 2009

2009 International Conference on Multimedia Information Networking and Security

View full text Add to dashboard Cite

show abstract

“…A set of measures for reliability and performance are proposed. Atzeni and Lioy [8] overview security system assessment methods and metrics. WS-Policy [9] defines a framework and model for expressing capabilities, requirements, and general characteristics of individual services.…”

Section: A Qos Metrics and Modelsmentioning

confidence: 99%

Semantics and Extensions of WS-Agreement

Frankova

Malfatti

Aiello

2006

JSW

View full text Add to dashboard Cite

Abstract-When having repeated interactions with a service provider, a service consumer might desire guarantees on the delivery of the service. These guarantees involve both functional and non-functional properties of the offered service over a number of invocations. When the guarantee terms are explicitly defined in a document, we talk about a service level agreement. WS-Agreement is an industry driven emerging protocol for the specification of agreements in the context of Web Services. If, on the one hand, WS-Agreement defines the XML syntax for the language and protocol, on the other hand, it gives only a vague textual overview of the intended meaning. We fill this gap by providing a formal definition of an agreement and analyzing the possible evolutions of agreements and their terms over an execution. As a result we identify a number of extensions which involve the initial negotiation, the monitoring of running agreements, and the possibility of renegotiating agreements in executions. We evaluate the proposed approach through experimentation.

show abstract

“…It is observed that with the development of the Internet, security threats have sprouted in abundance [1]. Wi-Fi networks, third-party patches and BYOD devices have added to the magnitude and frequency of threats.…”

Section: Introductionmentioning

confidence: 99%

A Proactive Procedure to Mitigate the BYOD Risks on the Security of an Information System

Kumar

Singh

2015

SIGSOFT Softw. Eng. Notes

View full text Add to dashboard Cite

During the last ten years, security attacks on information systems have led to a huge number of data breaches all over the globe. Information security risks are causing massive damage to organizations. The security risk could be costlier to handle if not given due attention. We need to build a security culture in which everyone can recognize and evaluate the risks. In the current scenario the risks due to BYOD have emerged as a new challenge to information-security practitioners. The present study focuses on evaluating BYOD risks and their causes well before they become a threat to an organization. A new procedure is proposed to tackle the threats from BYOD and an empirical analysis is provided for validation of the proposed procedure.

show abstract

Why to adopt a security metric? A brief survey

Cited by 29 publications

References 10 publications

Applying Attack Graphs to Network Security Metric

Applying Attack Graphs to Network Security Metric

Semantics and Extensions of WS-Agreement

A Proactive Procedure to Mitigate the BYOD Risks on the Security of an Information System

Contact Info

Product

Resources

About