• DocumentCode
    3115692
  • Title

    Formal Analysis of Security Metrics with Defensive Actions

  • Author

    Krautsevich, Leanid ; Martinelli, F. ; Yautsiukhin, Artsiom

  • Author_Institution
    Ist. di Inf. e Telematica, Consiglio Naz. delle Ric., Pisa, Italy
  • fYear
    2013
  • fDate
    18-21 Dec. 2013
  • Firstpage
    458
  • Lastpage
    465
  • Abstract
    Security management requires quantitative security metrics in order to effectively distribute limited resources and justify investments into security. The problem is not only to select the right security metrics but also to be sure that the selected metrics correctly represent security strength. In this paper, we tackle the problem of formal analysis of different quantitative security metrics. We consider a formal model which is based on interactions between an attacker and a system. We use this model in order to define security metrics and defensive actions which supposed to improve security strength of a system. We exploit these definitions to analyse whether security metrics are able to indicate security improvements correctly.
  • Keywords
    formal verification; investment; security of data; defensive actions; formal analysis; formal model; investments; quantitative security metrics; security management; security strength; Analytical models; Conferences; Electronic mail; Equations; Investment; Measurement; Security; attacker; countermeasures; defensive actions; security metrics;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Ubiquitous Intelligence and Computing, 2013 IEEE 10th International Conference on and 10th International Conference on Autonomic and Trusted Computing (UIC/ATC)
  • Conference_Location
    Vietri sul Mere
  • Print_ISBN
    978-1-4799-2481-3
  • Type

    conf

  • DOI
    10.1109/UIC-ATC.2013.59
  • Filename
    6726244