Improving the Derivation of Sound Security Metrics
Author
Abstract

Measurement and Metrics Testing - We continue to tackle the problem of poorly defined security metrics by building on and improving our previous work on designing sound security metrics. We reformulate the previous method into a set of conditions that are clearer and more widely applicable for deriving sound security metrics. We also modify and enhance some concepts that led to an unforeseen weakness in the previous method that was subsequently found by users, thereby eliminating this weakness from the conditions. We present examples showing how the conditions can be used to obtain sound security metrics. To demonstrate the conditions’ versatility, we apply them to show that an aggregate security metric made up of sound security metrics is also sound. This is useful where the use of an aggregate measure may be preferred, to more easily understand the security of a system.

Year of Publication
2022
Date Published
jun
Publisher
IEEE
Conference Location
Los Alamitos, CA, USA
ISBN Number
978-1-66548-810-5
URL
https://ieeexplore.ieee.org/document/9842489/
DOI
10.1109/COMPSAC54236.2022.00287
Google Scholar | BibTeX | DOI