A Framework for Security Metrics Based on Operational System Attributes
Paper in proceedings, 2011

There exists a large number of suggestions for how to measure security, and in many cases the goal is to find a single overall metric of security. Given that security is a complex and multi-faceted property, we believe that there are fundamental problems to find such an overall metric. Thus, we suggest a framework for security metrics that is based on a number of system attributes taken from the security and the dependability disciplines. We then regroup those attributes according to an existing conceptual system model and propose a metrication framework in accordance. We suggest that there should be metrics related to protective attributes, to behavioural attributes and possibly to system correctness. Thus, the main idea is that security metrication should be split up and related to a number of specific attributes, and that a composite security metric is hard to define.


operational security

protective metrics

behavioural metrics

security metrics


Erland Jonsson

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Laleh Pirzadeh Irannezhad

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

International workshop on Security Measurements and Metrics - MetriSec2011, Banff, Alberta, Canada, 2011-09-21.


Areas of Advance

Information and Communication Technology


Subject Categories

Computer Science



More information

Latest update