Security metrics, secure elements and operational measurement trust in cloud environments

Teemu Kanstrén; Antti Evesti

doi:10.1007/978-3-319-24858-5_3

Security metrics, secure elements and operational measurement trust in cloud environments

Teemu Kanstrén, Antti Evesti

BA1508 Cyber security

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

3 Citations (Scopus)

Abstract

Operational security assurance evaluation requires building security metrics models to express the expected security status of the system, and collecting data from the operational system to express the current state against these models. Many factors impact the confidence we can have in these metrics and their reported status. One major factor is the trust we can put in the provided measurement data. This paper describes the properties of a trusted measurement base, use of secure element functions and different probe form factors, and their impact on defining confidence levels for the measurement data. A way of quantifying this confidence level and using it as part of security metrics models is defined. Cloud computing is used as a domain to illustrate these concepts and the process of their application. The cloud environment is especially challenging for this type of assurance due to mixed ownership and potentially limited visibility into the infrastructure.

Original language	English
Title of host publication	Security and Trust Management
Publisher	Springer
Pages	37 -51
ISBN (Electronic)	978-3-319-24858-5
ISBN (Print)	978-3-319-24857-8
DOIs	https://doi.org/10.1007/978-3-319-24858-5_3
Publication status	Published - 9 Dec 2015
MoE publication type	A4 Article in a conference publication
Event	11th International Workshop on Security and Trust Management, STM 2015 - Vienna, Austria Duration: 21 Sep 2015 → 22 Sep 2015 Conference number: 11

Publication series

Name	Lecture Notes in Computer Science LNCS
Publisher	Springer
Volume	9331

Conference

Conference	11th International Workshop on Security and Trust Management, STM 2015
Abbreviated title	STM 2015
Country	Austria
City	Vienna
Period	21/09/15 → 22/09/15

Fingerprint

Cloud computing

Visibility

Keywords

security assurance
security metrics
secure element
measurement trust
confidence

Cite this

Kanstrén, T., & Evesti, A. (2015). Security metrics, secure elements and operational measurement trust in cloud environments. In Security and Trust Management (pp. 37 -51). Springer. Lecture Notes in Computer Science, Vol.. 9331 https://doi.org/10.1007/978-3-319-24858-5_3

Kanstrén, Teemu ; Evesti, Antti. / Security metrics, secure elements and operational measurement trust in cloud environments. Security and Trust Management. Springer, 2015. pp. 37 -51 (Lecture Notes in Computer Science, Vol. 9331).

@inproceedings{4f47eb9d7a144a4180ea67a96dfd3cfb,

title = "Security metrics, secure elements and operational measurement trust in cloud environments",

abstract = "Operational security assurance evaluation requires building security metrics models to express the expected security status of the system, and collecting data from the operational system to express the current state against these models. Many factors impact the confidence we can have in these metrics and their reported status. One major factor is the trust we can put in the provided measurement data. This paper describes the properties of a trusted measurement base, use of secure element functions and different probe form factors, and their impact on defining confidence levels for the measurement data. A way of quantifying this confidence level and using it as part of security metrics models is defined. Cloud computing is used as a domain to illustrate these concepts and the process of their application. The cloud environment is especially challenging for this type of assurance due to mixed ownership and potentially limited visibility into the infrastructure.",

keywords = "security assurance, security metrics, secure element, measurement trust, confidence",

author = "Teemu Kanstr{\'e}n and Antti Evesti",

year = "2015",

month = "12",

day = "9",

doi = "10.1007/978-3-319-24858-5_3",

language = "English",

isbn = "978-3-319-24857-8",

series = "Lecture Notes in Computer Science LNCS",

publisher = "Springer",

pages = "37 --51",

booktitle = "Security and Trust Management",

address = "Germany",

}

Kanstrén, T & Evesti, A 2015, Security metrics, secure elements and operational measurement trust in cloud environments. in Security and Trust Management. Springer, Lecture Notes in Computer Science, vol. 9331, pp. 37 -51, 11th International Workshop on Security and Trust Management, STM 2015, Vienna, Austria, 21/09/15. https://doi.org/10.1007/978-3-319-24858-5_3

Security metrics, secure elements and operational measurement trust in cloud environments. / Kanstrén, Teemu; Evesti, Antti.

Security and Trust Management. Springer, 2015. p. 37 -51 (Lecture Notes in Computer Science, Vol. 9331).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Security metrics, secure elements and operational measurement trust in cloud environments

AU - Kanstrén, Teemu

AU - Evesti, Antti

PY - 2015/12/9

Y1 - 2015/12/9

N2 - Operational security assurance evaluation requires building security metrics models to express the expected security status of the system, and collecting data from the operational system to express the current state against these models. Many factors impact the confidence we can have in these metrics and their reported status. One major factor is the trust we can put in the provided measurement data. This paper describes the properties of a trusted measurement base, use of secure element functions and different probe form factors, and their impact on defining confidence levels for the measurement data. A way of quantifying this confidence level and using it as part of security metrics models is defined. Cloud computing is used as a domain to illustrate these concepts and the process of their application. The cloud environment is especially challenging for this type of assurance due to mixed ownership and potentially limited visibility into the infrastructure.

AB - Operational security assurance evaluation requires building security metrics models to express the expected security status of the system, and collecting data from the operational system to express the current state against these models. Many factors impact the confidence we can have in these metrics and their reported status. One major factor is the trust we can put in the provided measurement data. This paper describes the properties of a trusted measurement base, use of secure element functions and different probe form factors, and their impact on defining confidence levels for the measurement data. A way of quantifying this confidence level and using it as part of security metrics models is defined. Cloud computing is used as a domain to illustrate these concepts and the process of their application. The cloud environment is especially challenging for this type of assurance due to mixed ownership and potentially limited visibility into the infrastructure.

KW - security assurance

KW - security metrics

KW - secure element

KW - measurement trust

KW - confidence

U2 - 10.1007/978-3-319-24858-5_3

DO - 10.1007/978-3-319-24858-5_3

M3 - Conference article in proceedings

SN - 978-3-319-24857-8

T3 - Lecture Notes in Computer Science LNCS

SP - 37

EP - 51

BT - Security and Trust Management

PB - Springer

ER -

Kanstrén T, Evesti A. Security metrics, secure elements and operational measurement trust in cloud environments. In Security and Trust Management. Springer. 2015. p. 37 -51. (Lecture Notes in Computer Science, Vol. 9331). https://doi.org/10.1007/978-3-319-24858-5_3

Access to Document

10.1007/978-3-319-24858-5_3