Home // International Journal On Advances in Systems and Measurements, volume 4, numbers 1 and 2, 2011 // View article
Authors:
Reijo M. Savola
Petri Heinonen
Keywords: security monitoring; security metrics; adaptive security management; security measurability; message-oriented systems
Abstract:
Decision-making in adaptive security management relies on sufficient and credible security evidence gathered from the system under investigation, expressed and interpreted in the form of metrics. If security measurability is not paid enough attention in advance, the availability and attainability of security evidence is often a major challenge. We propose and analyze practical and systematic security-measurability-enhancing mechanisms and system architectural design choices that enable and support adaptive and distributed security monitoring of software-intensive systems. The mechanisms are discussed in detail in the context of an adaptive, distributed message-oriented system. Examples of associated security monitoring techniques implemented in this environment are given. The study also discusses the feasibility of the proposed mechanisms. Security-measurability-enhancing mechanisms are crucial to the wider acceptance of security metrics, measurements, and associated tools and methods.
Pages: 1 to 19
Copyright: Copyright (c) to authors, 2011. Used with permission.
Publication date: September 15, 2011
Published in: journal
ISSN: 1942-261x