Visible to the public Improving the Derivation of Sound Security Metrics

TitleImproving the Derivation of Sound Security Metrics
Publication TypeConference Paper
Year of Publication2022
AuthorsYee, George O. M.
Conference Name2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC)
KeywordsAggregates, Buildings, conditions, Conferences, deriving, designing, Measurement, Metrics, problems, pubcrawl, security, security metrics, Software, sound security metrics, Testing
AbstractWe continue to tackle the problem of poorly defined security metrics by building on and improving our previous work on designing sound security metrics. We reformulate the previous method into a set of conditions that are clearer and more widely applicable for deriving sound security metrics. We also modify and enhance some concepts that led to an unforeseen weakness in the previous method that was subsequently found by users, thereby eliminating this weakness from the conditions. We present examples showing how the conditions can be used to obtain sound security metrics. To demonstrate the conditions' versatility, we apply them to show that an aggregate security metric made up of sound security metrics is also sound. This is useful where the use of an aggregate measure may be preferred, to more easily understand the security of a system.
DOI10.1109/COMPSAC54236.2022.00287
Citation Keyyee_improving_2022