论文信息 - Quality of password management policy

Quality of password management policy

The use of passwords is the most common method to carry out the authentication of users in information systems. For this reason, quality in the password management is a need to reach reasonable levels in the typical objectives of security. In this paper, we propose a set of metrics of password policies based on the most outstanding factors in this authentication mechanism. Together with the metrics, we propose a quality indicator derived from these metrics that allows us to have a global vision of the quality of the password management policy used. Finally, we indicate the future works to be performed to check the validity and usefulness of the proposed metrics.

Mario Piattini | Eduardo Fernández-Medina | Carlos Villarrubia

[1] Brent Waters,et al. A convenient method for securely managing passwords , 2005, WWW '05.

[2] Mario Piattini,et al. Towards a Classification of Security Metrics , 2004, WOSIS.

[3] M. Angela Sasse,et al. Making Passwords Secure and Usable , 1997, BCS HCI.

[4] Marianne Swanson,et al. Security Self-Assessment Guide for Information Technology Systems , 2001 .

[5] Rebecca T. Mercuri. Analyzing security costs , 2003, CACM.

[6] Rayford B. Vaughn,et al. Information assurance measures and metrics - state of practice and proposed taxonomy , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[7] Mark Ciampa. Guide to Security , 2007 .

[8] Matt Bishop. Comparing Authentication Techniques , 1991 .

[9] Arturo Ribagorda Garnacho. Seguridad de las tecnologías de la información , 1996 .

[10] Rayford B. Vaughn,et al. Information Security System Rating and Ranking , 2002 .

[11] Marianne Swanson,et al. Security metrics guide for information technology systems , 2003 .

[12] Benny Pinkas,et al. Securing passwords against dictionary attacks , 2002, CCS '02.

[13] Gregg Schudel,et al. Adversary work factor as a metric for information assurance , 2001, NSPW '00.

[14] Shirley C. Payne,et al. A Guide to Security Metrics , 2007 .

[15] Ken Thompson,et al. Password security: a case history , 1979, CACM.