DEVELOPMENT OF SECURITY METRICS - Based on Decomposition of Security Requirements and Ontologies

Reijo M. Savola

Abstract

Systematically and carefully designed information security metrics can be used to provide evidence of the security solutions of the system under development. The lack of appropriate security solutions in software-intensive systems might have serious consequences for businesses and the stakeholders. We investigate holistic development of security metrics based on security requirement decomposition and ontologies. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Security requirement analysis of a distributed messaging system is used as an example.

References

  1. Abie, H., Dattani, I., Novkovic, M., Bigham, J., Topham, S. and Savola, R. GEMOM - Significant and Measurable Progress Beyond the State of the Art. In ICSNC 2008. Malta, Oct. 26-31, 2008, pp. 191-196.
  2. Bellovin, S. M. On the Brittleness of Software and the Infeasibility of Security Metrics. In IEEE Security & Privacy, Jul/Aug. 2006, p. 96.
  3. Black, P. E. SAMATE's Contribution to Information Assurance. In IAnewsletter, Vol. 9, No. 2, 2006.
  4. Burris, P. and King, C. A Few Good Security Metrics. METAGroup, Inc. Oct. 2000.
  5. Howard, M. and LeBlanc, D. Writing Secure Code, Second Edition, Microsoft Press, 2003.
  6. Jelen, G. SSE-CMM Security Metrics. In NIST and CSSPAB Workshop, Washington, D.C., 2000.
  7. McHugh, J. Quantitative Measures of Assurance: Prophecy, Process or Pipedream? In Workshop on Information Security System Scoring and Ranking, ACSA and MITRE, Williamsburg, Virginia, May 2001 (2002).
  8. Niemelä, E., Evesti, A. and Savolainen, P. Modeling Quality Attribute Variability. In 3rd Int. Conf. on Evaluation of Novel Approaches to Software Engineering. Funchal, Portugal, May 4-7, 2008, pp. 169-176.
  9. OWASP. Open Web Application Security Project. http://www.owasp.org./, 2009
  10. Payne S. C. A Guide to Security Metrics. SANS Institute Information Security Reading Room, 2006.
  11. Savola, R. Requirement Centric Security Evaluation of Software Intensive Systems. In 2nd Int. Conf. on Dependability of Computer Systems DepCOSRELCOMEX 7807, Szklarska Poreba, Poland, June 14- 16, 2007, pp. 135-142.
  12. Savola, R. A Novel Security Metrics Taxonomy for R&D Organisations. In 7th Annual Information Security South Africa (ISSA) Conference, Johannesburg, South Africa, July 7-9, 2008, pp. 379-390.
  13. Savola, R. and Abie, H. Identification of Basic Measurable Components for a Distributed Messaging System. In 3rd Int. Conf. on Emerging Security Information, Systems and Technologies (SECURWARE) 2009, Athens, Greece, June 18-23, 2009.
  14. Schiffman, M., Eschelbeck, G., Ahmad, D., Wright, A. and Romanosky, S. CVSS: A Common Vulnerability Scoring System, National Infrastructure Advisory Council (NIAC), 2004.
  15. Wang, C. and Wulf, W. A. Towards a Framework for Security Measurement, 20th National Information Systems Security Conference, Baltimore, MD, Oct. 1997, pp. 522-533.
Download


Paper Citation


in Harvard Style

M. Savola R. (2009). DEVELOPMENT OF SECURITY METRICS - Based on Decomposition of Security Requirements and Ontologies . In Proceedings of the 4th International Conference on Software and Data Technologies - Volume 2: ICSOFT, ISBN 978-989-674-010-8, pages 171-174. DOI: 10.5220/0002243501710174


in Bibtex Style

@conference{icsoft09,
author={Reijo M. Savola},
title={DEVELOPMENT OF SECURITY METRICS - Based on Decomposition of Security Requirements and Ontologies},
booktitle={Proceedings of the 4th International Conference on Software and Data Technologies - Volume 2: ICSOFT,},
year={2009},
pages={171-174},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002243501710174},
isbn={978-989-674-010-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 4th International Conference on Software and Data Technologies - Volume 2: ICSOFT,
TI - DEVELOPMENT OF SECURITY METRICS - Based on Decomposition of Security Requirements and Ontologies
SN - 978-989-674-010-8
AU - M. Savola R.
PY - 2009
SP - 171
EP - 174
DO - 10.5220/0002243501710174