• DocumentCode
    79026
  • Title

    Quantitative Security Metrics: Unattainable Holy Grail or a Vital Breakthrough within Our Reach?

  • Author

    Sanders, William H.

  • Author_Institution
    Univ. of Illinois at Urbana-Champaign, Urbana, IL, USA
  • Volume
    12
  • Issue
    2
  • fYear
    2014
  • fDate
    Mar.-Apr. 2014
  • Firstpage
    67
  • Lastpage
    69
  • Abstract
    It´s long been well understood that you can calculate useful estimations of systems´ reliability against accidental failure. It´s also well understood that trying to calculate systems´ level of security against possibly intelligent, determined, well-funded, and creative adversaries is a far greater challenge. Nevertheless, even a less-than-perfect predictive capacity, if its limitations are respected, is clearly better than none at all. Without promising perfection, such a capacity would offer crucial support to decision making that impacts system security.
  • Keywords
    decision making; security of data; accidental failure; decision making; predictive capacity; quantitative security metrics; system reliability estimation; system security; unattainable holy grail; Benchmark testing; Computer security; Estimation; Failure analysis; Prediction models; Risk management; computer security; quantitative security metrics; risk management; security metrics; trustworthy computing;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2014.31
  • Filename
    6798561
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=79026