A Framework for Security Metrics Based on Operational System Attributes
Paper in proceeding, 2011
There exists a large number of suggestions for how to measure security, and in many cases the goal is to find a single overall metric of security. Given that security is a complex and multi-faceted property, we believe that there are fundamental problems to find such an overall metric. Thus, we suggest a framework for security metrics that is based on a number of system attributes taken from the security and the dependability disciplines. We then regroup those attributes according to an existing conceptual system model and propose a metrication framework in accordance. We suggest that there should be metrics related to protective attributes, to behavioural attributes and possibly to system correctness. Thus, the main idea is that security metrication should be split up and related to a number of specific attributes, and that a composite security metric is hard to define.
modelling
operational security
protective metrics
behavioural metrics
security metrics
Author
Erland Jonsson
Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
Laleh Pirzadeh Irannezhad
Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
International workshop on Security Measurements and Metrics - MetriSec2011, Banff, Alberta, Canada, 2011-09-21.
58-65
Areas of Advance
Information and Communication Technology
Transport
Subject Categories
Computer Science
DOI
10.1109/Metrisec.2011.19