Ideally, a measure of the security of a system should capture quantitatively the intuitive notion of "the ability of the system to resist attack." That is, it should be operational, reflecting the degree to which the system can be expected to remain free of security breaches under particular conditions of operation (including attack). Instead, current security levels at best merely reflect the extensiveness of safeguards introduced during the design and development of a system. Whilst we might expect a system developed to a higher level than another to exhibit "more secure behavior" in operation, this cannot be guaranteed; more particularly, we cannot infer what the actual security behavior will be from knowledge of such a level. In the pap...
This paper is based on a conceptual framework in which security can be split into two generic types ...
Measurement is one of the foundations of sound engineering practices, be-cause-as Tom DeMarco put it...
The management of information security becomes easier if suitable metrics can be developed to offer ...
Ideally, a measure of the security of a system should capture quantitatively the intuitive notion of...
The two experiments described here were intended to investigate the empirical issues that arise from...
In this paper, basic issues of measuring security as a system property are discussed. While traditi...
This paper suggests a quantitative approach to security, and specifically to a security-concept, whi...
In most contexts, it is not feasible to guarantee that a system is 100 % secure. Measures and predic...
This paper addresses the challenge of measuring security, understood as a system property, of cyberp...
In most contexts, it is not feasible to guarantee that a system is 100% secure. Measures and predict...
It is a widely accepted management principle that an activity cannot be managed well if it cannot be...
This paper critically surveys previous work on quantitative representation and analysis of security....
The first part of this thesis describes the results of applying dependability methods to the securit...
Evaluating the software assurance of a product as it functions within a specific system context invo...
Security Assurance is commonly defined as the ground for confidence on the security mechanisms to me...
This paper is based on a conceptual framework in which security can be split into two generic types ...
Measurement is one of the foundations of sound engineering practices, be-cause-as Tom DeMarco put it...
The management of information security becomes easier if suitable metrics can be developed to offer ...
Ideally, a measure of the security of a system should capture quantitatively the intuitive notion of...
The two experiments described here were intended to investigate the empirical issues that arise from...
In this paper, basic issues of measuring security as a system property are discussed. While traditi...
This paper suggests a quantitative approach to security, and specifically to a security-concept, whi...
In most contexts, it is not feasible to guarantee that a system is 100 % secure. Measures and predic...
This paper addresses the challenge of measuring security, understood as a system property, of cyberp...
In most contexts, it is not feasible to guarantee that a system is 100% secure. Measures and predict...
It is a widely accepted management principle that an activity cannot be managed well if it cannot be...
This paper critically surveys previous work on quantitative representation and analysis of security....
The first part of this thesis describes the results of applying dependability methods to the securit...
Evaluating the software assurance of a product as it functions within a specific system context invo...
Security Assurance is commonly defined as the ground for confidence on the security mechanisms to me...
This paper is based on a conceptual framework in which security can be split into two generic types ...
Measurement is one of the foundations of sound engineering practices, be-cause-as Tom DeMarco put it...
The management of information security becomes easier if suitable metrics can be developed to offer ...