Towards Operational Measures of Computer Security
作者: Bev Littlewood , Sarah Brocklehurst , Norman Fenton , Peter Mellor , Stella Page
关键词:
摘要: Ideally, a measure of the security system should capture quantitatively intuitive notion 'the ability to resist attack'. That is, it be operational, reflecting degree which can expected remain free breaches under particular conditions operation (including attack). Instead, current levels at best merely reflect extensiveness safeguards introduced during design and development system. Whilst we might expect developed higher level than another exhibit 'more secure behaviour' in operation, this cannot guaranteed; more particularly, infer what actual behaviour will from knowledge such level. In paper discuss similarities between reliability with intention working towards measures 'operational security' similar those that have for systems. Very informally, these could involve expressions as rate occurrence (cf failures reliability), or probability specified 'mission' accomplished without breach function). This new approach is based on analogy failure breach. A number other analogies support view are introduced. We examine duality critically, identified important open questions need answered before quantitative taken further. The work described here therefore somewhat tentative, one our major intentions invite discussion about plausibility feasibility approach.
city.ac.uk
researchgate.net 参考文章(14)
Z. Jelinski, P. Moranda, SOFTWARE RELIABILITY RESEARCH Statistical Computer Performance Evaluation. pp. 465- 484 ,(1972) , 10.1016/B978-0-12-266950-7.50028-1
B. Littlewood, J. L. Verrall, A Bayesian reliability growth model for computer software Journal of The Royal Statistical Society Series C-applied Statistics. ,vol. 22, pp. 332- 346 ,(1973) , 10.2307/2346781
T.M.P. Lee, Statistical models of trust: TCBs vs. people ieee symposium on security and privacy. pp. 10- 19 ,(1989) , 10.1109/SECPRI.1989.36274
J. D. Musa, A theory of software reliability and its application IEEE Transactions on Software Engineering. ,vol. SE-1, pp. 312- 327 ,(1975) , 10.1109/TSE.1975.6312856
Bev Littlewood, How to Measure Software Reliability and How Not To IEEE Transactions on Reliability. ,vol. R-28, pp. 103- 110 ,(1979) , 10.1109/TR.1979.5220510
D.E. Eckhardt, L.D. Lee, A Theoretical Basis for the Analysis of Multiversion Software Subject to Coincident Errors IEEE Transactions on Software Engineering. ,vol. SE-11, pp. 1511- 1517 ,(1985) , 10.1109/TSE.1985.231895
Predicting Software Reliability Philosophical Transactions of the Royal Society A. ,vol. 327, pp. 513- 527 ,(1989) , 10.1098/RSTA.1989.0007
Abdalla A. Abdel-Ghaly, P. Y. Chan, Bev Littlewood, Evaluation of competing software reliability predictions IEEE Transactions on Software Engineering. ,vol. 12, pp. 950- 967 ,(1986) , 10.1109/TSE.1986.6313050
S. Brocklehurst, B. Littlewood, New ways to get accurate reliability measures (software) IEEE Software. ,vol. 9, pp. 34- 42 ,(1992) , 10.1109/52.143100
Richard E. Barlow, Frank Proschan, Statistical Theory of Reliability and Life Testing: Probability Models ,(1981)