Abstract
Information security evaluation of software intensive systems typically
relies heavily on the experience of the security professionals. Obviously,
automated approaches are needed in this field. Unfortunately, there is no
practical approach to carrying out security evaluation in a systematic way. We
introduce a general-level framework for security evaluation based on security
behavior modeling and security evidence collection, and discuss its
applicability to the design of security evaluation experimentation set-ups in
real-world systems.
Original language | English |
---|---|
Title of host publication | Supplemental Proceedings of the International Conference on Dependable Systems and Networks, DSN 2006 |
Place of Publication | Los Alamitos, CA |
Pages | 113-118 |
ISBN (Electronic) | 0769526071, 9780769526072 |
Publication status | Published - 2006 |
MoE publication type | A4 Article in a conference publication |