Home // International Journal On Advances in Security, volume 2, number 4, 2009 // View article

Development of Measurable Security for a Distributed Messaging System

Authors:
Reijo M. Savola
Habtamu Abie

Keywords: security metrics; security indicators; security strength; security requirements; messaging systems

Abstract:
Systematically developed security metrics make it possible to gather sufficient and credible security evidence for runtime adaptive security management and off-line security engineering and management. This study introduces and analyzes security metrics and parameter dependencies for one particular distributed messaging system. The focus is on the effectiveness and correctness of security-enforcing mechanisms. The security metrics development approach that the study utilizes is risk-driven, requirement-centric, and integrated with the development of Quality-of-Service metrics. In this approach, the security requirements are expressed in terms of lower-level measurable components by applying a decomposition approach. Security metrics are then developed based on the leaf components of the decomposition. The paper also analyzes the benefits and shortcomings of the metrics development approach and introduces a trust, confidence and trustworthiness calculation model for basic measurable components of the decomposition.

Pages: 358 to 380

Copyright: Copyright (c) to authors, 2009. Used with permission.

Publication date: March 17, 2010

Published in: journal

ISSN: 1942-2636