Abstract
Operational security assurance evaluation requires building security metrics models to express the expected security status of the system, and collecting data from the operational system to express the current state against these models. Many factors impact the confidence we can have in these metrics and their reported status. One major factor is the trust we can put in the provided measurement data. This paper describes the properties of a trusted measurement base, use of secure element functions and different probe form factors, and their impact on defining confidence levels for the measurement data. A way of quantifying this confidence level and using it as part of security metrics models is defined. Cloud computing is used as a domain to illustrate these concepts and the process of their application. The cloud environment is especially challenging for this type of assurance due to mixed ownership and potentially limited visibility into the infrastructure.
| Original language | English |
|---|---|
| Title of host publication | Security and Trust Management |
| Publisher | Springer |
| Pages | 37 -51 |
| ISBN (Electronic) | 978-3-319-24858-5 |
| ISBN (Print) | 978-3-319-24857-8 |
| DOIs | |
| Publication status | Published - 9 Dec 2015 |
| MoE publication type | A4 Article in a conference publication |
| Event | 11th International Workshop on Security and Trust Management, STM 2015 - Vienna, Austria Duration: 21 Sep 2015 → 22 Sep 2015 Conference number: 11 |
Publication series
| Series | Lecture Notes in Computer Science |
|---|---|
| Volume | 9331 |
Conference
| Conference | 11th International Workshop on Security and Trust Management, STM 2015 |
|---|---|
| Abbreviated title | STM 2015 |
| Country | Austria |
| City | Vienna |
| Period | 21/09/15 → 22/09/15 |
Keywords
- security assurance
- security metrics
- secure element
- measurement trust
- confidence