Comparison of adaptive information security approaches

Antti Evesti, Eila Ovaska

Research output: Contribution to journalReview ArticleScientificpeer-review

Abstract

Dynamically changing environments and threat landscapes require adaptive information security. Adaptive information security makes it possible to change and modify security mechanisms at runtime. Hence, all security decisions are not enforced at design-time. This paper builds a framework to compare security adaptation approaches. The framework contains three viewpoints, that is, adaptation, security, and lifecycle. Furthermore, the paper describes five security adaptation approaches and compares them by means of the framework. The comparison reveals that the existing security adaptation approaches widely cover the information gathering. However, the compared approaches do not describe how to decide a method to perform a security adaptation. Similarly, means how to provide input knowledge for the security adaptation is not covered. Hence, these research areas have to be covered in the future. The achieved results are applicable for software developers when selecting a security adaptation approach and for researchers when considering future research items.
Original languageEnglish
Article number482949
Number of pages18
JournalISRN Artificial Intelligence
Volume3
Issue number1
DOIs
Publication statusPublished - 2013
MoE publication typeA2 Review article in a scientific journal

Fingerprint

Security of data

Cite this

Evesti, Antti ; Ovaska, Eila. / Comparison of adaptive information security approaches. In: ISRN Artificial Intelligence. 2013 ; Vol. 3, No. 1.
@article{99be93f9aab44f189d314f08a0b0c2f3,
title = "Comparison of adaptive information security approaches",
abstract = "Dynamically changing environments and threat landscapes require adaptive information security. Adaptive information security makes it possible to change and modify security mechanisms at runtime. Hence, all security decisions are not enforced at design-time. This paper builds a framework to compare security adaptation approaches. The framework contains three viewpoints, that is, adaptation, security, and lifecycle. Furthermore, the paper describes five security adaptation approaches and compares them by means of the framework. The comparison reveals that the existing security adaptation approaches widely cover the information gathering. However, the compared approaches do not describe how to decide a method to perform a security adaptation. Similarly, means how to provide input knowledge for the security adaptation is not covered. Hence, these research areas have to be covered in the future. The achieved results are applicable for software developers when selecting a security adaptation approach and for researchers when considering future research items.",
author = "Antti Evesti and Eila Ovaska",
note = "Project code: 79314: 31576",
year = "2013",
doi = "10.1155/2013/482949",
language = "English",
volume = "3",
journal = "ISRN Artificial Intelligence",
issn = "2090-7443",
number = "1",

}

Comparison of adaptive information security approaches. / Evesti, Antti; Ovaska, Eila.

In: ISRN Artificial Intelligence, Vol. 3, No. 1, 482949, 2013.

Research output: Contribution to journalReview ArticleScientificpeer-review

TY - JOUR

T1 - Comparison of adaptive information security approaches

AU - Evesti, Antti

AU - Ovaska, Eila

N1 - Project code: 79314: 31576

PY - 2013

Y1 - 2013

N2 - Dynamically changing environments and threat landscapes require adaptive information security. Adaptive information security makes it possible to change and modify security mechanisms at runtime. Hence, all security decisions are not enforced at design-time. This paper builds a framework to compare security adaptation approaches. The framework contains three viewpoints, that is, adaptation, security, and lifecycle. Furthermore, the paper describes five security adaptation approaches and compares them by means of the framework. The comparison reveals that the existing security adaptation approaches widely cover the information gathering. However, the compared approaches do not describe how to decide a method to perform a security adaptation. Similarly, means how to provide input knowledge for the security adaptation is not covered. Hence, these research areas have to be covered in the future. The achieved results are applicable for software developers when selecting a security adaptation approach and for researchers when considering future research items.

AB - Dynamically changing environments and threat landscapes require adaptive information security. Adaptive information security makes it possible to change and modify security mechanisms at runtime. Hence, all security decisions are not enforced at design-time. This paper builds a framework to compare security adaptation approaches. The framework contains three viewpoints, that is, adaptation, security, and lifecycle. Furthermore, the paper describes five security adaptation approaches and compares them by means of the framework. The comparison reveals that the existing security adaptation approaches widely cover the information gathering. However, the compared approaches do not describe how to decide a method to perform a security adaptation. Similarly, means how to provide input knowledge for the security adaptation is not covered. Hence, these research areas have to be covered in the future. The achieved results are applicable for software developers when selecting a security adaptation approach and for researchers when considering future research items.

U2 - 10.1155/2013/482949

DO - 10.1155/2013/482949

M3 - Review Article

VL - 3

JO - ISRN Artificial Intelligence

JF - ISRN Artificial Intelligence

SN - 2090-7443

IS - 1

M1 - 482949

ER -