Istituto di Informatica e Telematica     
Krautsevich L., Martinelli F., Yautsiukhin A. Formal Analysis of Security Metrics with Defensive Actions. In: The 10th IEEE International Conference on Autonomic and Trusted Computing (Naples, 2013). Proceedings, pp. 458 - 465. TBA, 2013.
Security management requires quantitative securitymetrics in order to effectively distribute limited resources andjustify investments into security. The problem is not only to selectthe right security metrics but also to be sure that the selectedmetrics correctly represent security strength. In this paper, we tackle the problem of formal analysis ofdifferent quantitative security metrics. We consider a formalmodel which is based on interactions between an attacker and asystem. We use this model in order to define security metrics anddefensive actions which supposed to improve security strength ofa system. We exploit these definitions to analyse whether securitymetrics are able to indicate security improvements correctly.
Subject risk-bene t analysis.
policy engineering
Access Control
K.6.5 Security and protection

Icona documento 1) Download Document PDF

Icona documento Open access Icona documento Restricted Icona documento Private


Per ulteriori informazioni, contattare: Librarian http://puma.isti.cnr.it

Valid HTML 4.0 Transitional