Proceedings of the 12th European Conference on Software Architecture: Companion Proceedings 2018
DOI: 10.1145/3241403.3241464
|View full text |Cite
|
Sign up to set email alerts
|

Quantitative security assurance metrics

Abstract: Security assurance is the confidence that a system meets its security requirements based on specific evidences that an assurance technique provide. The notion of measuring security is complex and tricky. Existing approaches do not conisder the relevance of the different security requirements to the evaluated application context. Furthermore, they are mostly qualitative in nature and are heavily based on manual processing, which make them costly and time consuming. Therefore, they are not widely used and applie… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
12
0

Year Published

2020
2020
2023
2023

Publication Types

Select...
3
2
1

Relationship

1
5

Authors

Journals

citations
Cited by 13 publications
(12 citation statements)
references
References 22 publications
0
12
0
Order By: Relevance
“…Security assurance is a complex and time-consuming process that goes throughout the development lifecycle of a (software) system begins from the protection profile initiation to the TOE certification. The security assurance process of a system requires a set of inputs such as TOE, the operational environment, assessment criteria and requirements (assurance profile), assurance methods, and assurance level [49]. This process goes through multiple stages and involves various activities such as defining security goals, security requirement analysis, threat analysis, vulnerability analysis, penetration testing, security audit, scoring, and analysis, etc.…”
Section: Security Assurancementioning
confidence: 99%
See 2 more Smart Citations
“…Security assurance is a complex and time-consuming process that goes throughout the development lifecycle of a (software) system begins from the protection profile initiation to the TOE certification. The security assurance process of a system requires a set of inputs such as TOE, the operational environment, assessment criteria and requirements (assurance profile), assurance methods, and assurance level [49]. This process goes through multiple stages and involves various activities such as defining security goals, security requirement analysis, threat analysis, vulnerability analysis, penetration testing, security audit, scoring, and analysis, etc.…”
Section: Security Assurancementioning
confidence: 99%
“…Requirements Elicitation [36,49], Specification [43,49], Identification [14,49], Aggregation [49,85], Measurement [47,49], Prioritization [43], Modelling [49,52,100,109], Correctness [80], Tracing [36], Security Requirements Engineering Process [69],…”
Section: Constructionmentioning
confidence: 99%
See 1 more Smart Citation
“…This analysis for different possible software configurations results in a discrete Trust Assurance Level (TAL value, eg, 1 to 10). 34 It is important to differentiate that the TAL value is assigned to a particular software stack as opposed to the Trust_Token which is issued to a particular cloud platform-though it also includes a TAL value.…”
Section: Platform Trust Assurance Authoritymentioning
confidence: 99%
“…In defining the possible roles of the PTAA, we envisage numerous use case scenarios based upon the types of cloud users. For example, in addition to TAL value evaluation for a software stack, 34 the PTAA can also suggest a mapping of a certain type of user security requirements to appropriate trust levels. This can be done by getting security requirements from the user using a questionnaire and suggest an appropriate TAL value for such user.…”
Section: Platform Trust Assurance Authoritymentioning
confidence: 99%