Cart (Loading....) | Create Account
Close category search window
 

Quantifiable Security Metrics for Large Scale Heterogeneous Systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)

The exponential growth of information technology and the prospect of increased public access to the computing, communications, and storage resources have made these systems more vulnerable to attacks. Use of heterogeneous devices and communication links has become a common practice which further exacerbates the management of security services of these systems. A widely accepted management principle is that an activity cannot be managed if it cannot be measured. Security also falls in this rubric. However, the complexity of today's large scale heterogeneous systems makes it impossible to measure its security by simple examination. Moreover, for most users it is hardly possible to conduct more detailed checks, which are necessary for a qualified evaluation, as they can not afford the expenditure this would entail. The need to protect these systems is fueling the need of quantifying security metrics to determine the exact level of security assurances. In this article, we have identified those entities of a large scale heterogeneous system that enforce the security services and also those which are relevant to the security services. We have filtered out the measurable entities to simplify the metrics tree with optimal granularity. These entities serve as probes for the evaluation of the overall security assurance of the system. Based on these probes, topological and dependency graphs of the overall system are evaluated and federated for the system security cockpit that represents the interface for the administrator to perform necessary operations in order to obtain and maintain a particular security assurance level for a specified service. In order to provide a comprehensive and evaluative description of the various functions of our model, we have given a use case example of a telecommunication service $voice over the Internet protocol (VoIP)

Published in:

Carnahan Conferences Security Technology, Proceedings 2006 40th Annual IEEE International

Date of Conference:

Oct. 2006

Need Help?


IEEE Advancing Technology for Humanity About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2014 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.