Towards an abstraction layer for security assurance measurements: Invited paper

Teemu Kanstrén, Reijo Savola, Antti Evesti, Heimo Pentikäinen, Artur Hecker, Moussa Ouedraogo, Kimmo Hätönen, Perttu Halonen, Christophe Blad, Oscar López, Saioa Ros

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    8 Citations (Scopus)


    Measurement of any complex, operational system is challenging due to the continuous independent evolution of the components. Security risks introduce another dimension of dynamicity, reflected to risk management and security assurance activities. The availability of different measurements and their properties will vary during the overall system lifecycle. To be useful, a measurement framework in this context needs to be able to adapt to both the changes in the target of measurement and in the available measurement infrastructure. In this study, we introduce a taxonomy-based approach for relating the available and attainable measurements to the measurement requirements of security assurance plans by providing an Abstraction Layer that makes it easier to manage these dynamic features. The introduced approach is investigated in terms of a security assurance case example of firewall functionality in a Push E-mail service system.
    Original languageEnglish
    Title of host publicationECSA '10 Proceedings of the Fourth European Conference on Software Architecture
    Subtitle of host publicationCompanion Volume
    PublisherAssociation for Computing Machinery ACM
    ISBN (Print)978-1-4503-0179-4
    Publication statusPublished - 2010
    MoE publication typeA4 Article in a conference publication


    Dive into the research topics of 'Towards an abstraction layer for security assurance measurements: Invited paper'. Together they form a unique fingerprint.

    Cite this