Applicability of security metrics for adaptive security management in a universal banking hub system

Banking applications require a high standard of security, resilience and adaptation. The results presented here were obtained from a case study of the deployment of the security metrics-driven adaptive security solutions of a distributed middleware in the context of monetary transfers. The focus of this study is on the analysis of the applicability of security metrics for adaptive authentication, authorization, and end-to-end confidentiality, and the applicability of trust metrics.

[1]  Djamel Khadraoui,et al.  Multi-agent based security assurance monitoring system for telecommunication infrastructures , 2007 .

[2]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[3]  Vilhelm Verendel,et al.  Quantified security is a weak hypothesis: a critical survey of results and assumptions , 2009, NSPW '09.

[4]  Philippe Massonet,et al.  A Secure Environment for Grid-based Supply Chains , 2008 .

[5]  Elaine B. Barker,et al.  SP 800-57. Recommendation for Key Management, Part 1: General (revised) , 2007 .

[6]  X Itu,et al.  Information technology-open systems interconnection-the directory: Public-key and attribute certific , 2000 .

[7]  William A. Wulf,et al.  TOWARDS A FRAMEWORK FOR SECURITY MEASUREMENT , 1997 .

[8]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[9]  Wayne A. Jansen,et al.  Directions in Security Metrics Research , 2009 .

[10]  Simone Polillo,et al.  Society for Worldwide Interbank Financial Telecommunication , 2012 .

[11]  Andrew Jaquith Security Metrics: Replacing Fear, Uncertainty, and Doubt , 2007 .

[12]  Reijo Savola,et al.  Development of Measurable Security for a Distributed Messaging System , 2010 .

[13]  Reijo Savola On the Feasibility of Utilizing Security Metrics in Software-Intensive Systems , 2010 .

[14]  Habtamu Abie,et al.  Development of security metrics for a distributed messaging system , 2009, 2009 International Conference on Application of Information and Communication Technologies.

[15]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[16]  Habtamu Abie Adaptive security and trust management for autonomic message-oriented middleware , 2009, 2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems.

[17]  A. Zuccato,et al.  Methodology for Service-Oriented Management of Security Assurance in Communication Infrastructures , 2008, 2008 11th IEEE High Assurance Systems Engineering Symposium.

[18]  Reijo Savola A Security Metrics Taxonomization Model for Software-Intensive Systems , 2009, J. Inf. Process. Syst..

[19]  R. A. Khan,et al.  Object Oriented Software Security Estimation Life Cycle-Design Phase Perspective , 2008 .

[20]  Reijo Savola,et al.  Security-Measurability-Enhancing Mechanisms for a Distributed Adaptive Security Monitoring System , 2010, 2010 Fourth International Conference on Emerging Security Information, Systems and Technologies.

[21]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI , 2007 .

[22]  William E. Burr,et al.  Recommendation for Key Management, Part 1: General (Revision 3) , 2006 .

[23]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics , 2007 .

[24]  John Bigham,et al.  Innovations and Advances in Adaptive Secure Message Oriented Middleware , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops.

[25]  Michael Howard,et al.  Measuring Relative Attack Surfaces , 2005 .

[26]  Ning Zhang,et al.  An Authentication Strength Linked Access Control Middleware for the Grid , 2005 .

[27]  John Bigham,et al.  GEMOM - Significant and Measurable Progress beyond the State of the Art , 2008, 2008 Third International Conference on Systems and Networks Communications.