Development of measurable security for a distributed messaging system

Reijo Savola, Habtamu Abie

    Research output: Contribution to journalArticleScientificpeer-review

    Abstract

    Systematically developed security metrics make it possible to gather sufficient and credible security evidence for runtime adaptive security management and off-line security engineering and management. This study introduces and analyzes security metrics and parameter dependencies for one particular distributed messaging system. The focus is on the effectiveness and correctness of security-enforcing mechanisms. The security metrics development approach that the study utilizes is risk-driven, requirement-centric, and integrated with the development of Quality-of-Service metrics. In this approach, the security requirements are expressed in terms of lower-level measurable components by applying a decomposition approach. Security metrics are then developed based on the leaf components of the decomposition. The paper also analyzes the benefits and shortcomings of the metrics development approach and introduces a trust, confidence and trustworthiness calculation model for basic measurable components of the decomposition.
    Original languageEnglish
    Pages (from-to)358-380
    Number of pages23
    JournalInternational Journal on Advances in Security
    Volume2
    Issue number4
    Publication statusPublished - 2010
    MoE publication typeA1 Journal article-refereed

    Fingerprint

    Decomposition
    Quality of service

    Cite this

    @article{f40f07bddb88481eabfca000dc8d5cee,
    title = "Development of measurable security for a distributed messaging system",
    abstract = "Systematically developed security metrics make it possible to gather sufficient and credible security evidence for runtime adaptive security management and off-line security engineering and management. This study introduces and analyzes security metrics and parameter dependencies for one particular distributed messaging system. The focus is on the effectiveness and correctness of security-enforcing mechanisms. The security metrics development approach that the study utilizes is risk-driven, requirement-centric, and integrated with the development of Quality-of-Service metrics. In this approach, the security requirements are expressed in terms of lower-level measurable components by applying a decomposition approach. Security metrics are then developed based on the leaf components of the decomposition. The paper also analyzes the benefits and shortcomings of the metrics development approach and introduces a trust, confidence and trustworthiness calculation model for basic measurable components of the decomposition.",
    author = "Reijo Savola and Habtamu Abie",
    year = "2010",
    language = "English",
    volume = "2",
    pages = "358--380",
    journal = "International Journal on Advances in Security",
    issn = "1942-2636",
    publisher = "International Academy, Research, and Industry Association IARIA",
    number = "4",

    }

    Development of measurable security for a distributed messaging system. / Savola, Reijo; Abie, Habtamu.

    In: International Journal on Advances in Security, Vol. 2, No. 4, 2010, p. 358-380.

    Research output: Contribution to journalArticleScientificpeer-review

    TY - JOUR

    T1 - Development of measurable security for a distributed messaging system

    AU - Savola, Reijo

    AU - Abie, Habtamu

    PY - 2010

    Y1 - 2010

    N2 - Systematically developed security metrics make it possible to gather sufficient and credible security evidence for runtime adaptive security management and off-line security engineering and management. This study introduces and analyzes security metrics and parameter dependencies for one particular distributed messaging system. The focus is on the effectiveness and correctness of security-enforcing mechanisms. The security metrics development approach that the study utilizes is risk-driven, requirement-centric, and integrated with the development of Quality-of-Service metrics. In this approach, the security requirements are expressed in terms of lower-level measurable components by applying a decomposition approach. Security metrics are then developed based on the leaf components of the decomposition. The paper also analyzes the benefits and shortcomings of the metrics development approach and introduces a trust, confidence and trustworthiness calculation model for basic measurable components of the decomposition.

    AB - Systematically developed security metrics make it possible to gather sufficient and credible security evidence for runtime adaptive security management and off-line security engineering and management. This study introduces and analyzes security metrics and parameter dependencies for one particular distributed messaging system. The focus is on the effectiveness and correctness of security-enforcing mechanisms. The security metrics development approach that the study utilizes is risk-driven, requirement-centric, and integrated with the development of Quality-of-Service metrics. In this approach, the security requirements are expressed in terms of lower-level measurable components by applying a decomposition approach. Security metrics are then developed based on the leaf components of the decomposition. The paper also analyzes the benefits and shortcomings of the metrics development approach and introduces a trust, confidence and trustworthiness calculation model for basic measurable components of the decomposition.

    M3 - Article

    VL - 2

    SP - 358

    EP - 380

    JO - International Journal on Advances in Security

    JF - International Journal on Advances in Security

    SN - 1942-2636

    IS - 4

    ER -