IIT Home Page CNR Home Page

Formal Analysis of Security Metrics with Defensive Actions

Security management requires quantitative security metrics in order to effectively distribute limited resources and justify investments into security. The problem is not only to select the right security metrics but also to be sure that the selected metrics correctly represent security strength.
In this paper, we tackle the problem of formal analysis of different quantitative security metrics. We consider a formal model which is based on interactions between an attacker and a system. We use this model in order to define security metrics and
defensive actions which supposed to improve security strength of a system. We exploit these definitions to analyse whether security metrics are able to indicate security improvements correctly.


The 10th IEEE International Conference on Autonomic and Trusted Computing, Naples, 2013

Autori IIT:

Leanid Krautsevich

Foto di Leanid Krautsevich

Tipo: Articolo in Atti di convegno internazionale con referee
Area di disciplina: Computer Science & Engineering