论文信息 - Automatic security analysis using security metrics

Automatic security analysis using security metrics

Security metrics are valuable for measuring and comparing the amount of security provided by different systems and configurations. However, meaningful security metrics for networked systems are significantly difficult to define, evaluate, interpret, and visualize. We design a system that provides security metrics collection, security metrics management, and security metrics visualization for scalable and automatic security analysis. We first identify a set of new security metrics. Then, we show how to collect simple security metrics from the computers in a sample network. Next, we use Analytic Hierarchy Process (AHP) mechanism to compose two sophisticated security metrics, Criticality and Security Score, which are critical to measure the security risk. We also develop visualization tools to help administrators better understand and evaluate the system security using security metrics.

[1] Rayford B. Vaughn,et al. Information assurance measures and metrics - state of practice and proposed taxonomy , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[2] Andrew Jaquith. Security Metrics: Replacing Fear, Uncertainty, and Doubt , 2007 .

[3] Z. G. Ruthberg,et al. Technology Assessment: Methods for Measuring the Level of Computer Security , 1985 .

[4] T. Saaty. Analytic Hierarchy Process , 2005 .

[5] Anoop Singhal,et al. Techniques for enterprise network security metrics , 2009, CSIIRW '09.

[6] Marianne Swanson,et al. Security metrics guide for information technology systems , 2003 .

[7] R.A. Martin,et al. Making security measurable and manageable , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.

[8] Ioannis Lambadaris,et al. Current Trends and Advances in Information Assurance Metrics , 2004, Conference on Privacy, Security and Trust.