Title :
Appraisals Based on Security Best Practices for Software Configurations
Author :
Neto, Afonso Araújo ; Vieira, Marco
Author_Institution :
Dept. of Inf. Eng., Univ. of Coimbra, Coimbra, Portugal
Abstract :
Protecting systems and data from malicious access and corruption requires the existence of effective security mechanisms and the correct configuration of those mechanisms. Configuring large software systems for security is a complex task, entailing a lot of expertise that many administrators do not have. This paper proposes a generic methodology to condense widespread information about security best practices into easy-to-use appraisals for three scenarios: 1) to assess how effective software configurations are in terms of fulfilling best practices; 2) to understand the set of best practices that can be implemented when using a given software product; and 3) to evaluate how well a system administrator knows existing security best practices. Following this methodology we defined an appraisal for database systems configurations, which was used to evaluate four real installations. Experimental results show the usefulness of this kind of security appraisals.
Keywords :
security of data; database system configuration appraisal; malicious access; security appraisal; security best practices; security mechanism; software configuration; system administrator; Appraisal; Best practices; Data engineering; Data security; Database systems; Informatics; Information security; Protection; Scholarships; Software systems;
Conference_Titel :
Dependable Computing, 2009. LADC '09. Fourth Latin-American Symposium on
Conference_Location :
Joao Pessoa
Print_ISBN :
978-1-4244-4678-0
Electronic_ISBN :
978-0-7695-3760-3
DOI :
10.1109/LADC.2009.18
