Quality of Protection: Security Measurements and Metrics is an edited volume based on the Quality of Protection Workshop in Milano, Italy (September 2005). This volume discusses how security research can progress towards quality of protection in security comparable to quality of service in networking and software measurements, and metrics in empirical software engineering. Information security in the business setting has matured in the last few decades. Standards such as IS017799, the Common Criteria (ISO15408), and a number of industry certifications and risk analysis methodologies have raised the bar for good security solutions from a business perspective.

Designed for a professional audience composed of researchers and practitioners in industry, Quality of Protection: Security Measurements and Metrics is also suitable for advanced-level students in computer science.

Based on the first workshop on quality of protection Combines security metrics with empirical software engineering

Klappentext

Information security in the business setting has matured in the last few decades. Standards, such as IS017799, the Common Criteria's, and a number of industry and academic certifications and risk analysis methodologies, have raised the bar on what is considered good security solution, from a business perspective. Yet, the evaluation of security solutions has largely a qualitative flavor. Notions such as Security Metrics, Quality of Protection (QoP) or Protection Level Agreement (PLA) have only surfaced in the literature.

Quality of Protection: Security Measurements and Metrics is an edited volume based on the Quality of Protection Workshop at ESORICS 2005, the flagship European Symposium on Research in Computer Security. This book discusses how security research can progress towards a notion of quality of protection in security, comparable to the notion of quality of service in networking and software measurements and metrics, in empirical software engineering.

Quality of Protection: Security Measurements and Metrics is designed for a professional audience, composed of researchers and practitioners in industry. This book is also suitable for graduate-level students in computer science and telecommunications.

Inhalt
Motivations.- Why to adopt a security metric? A brief survey.- Service-oriented Assurance Comprehensive Security by Explicit Assurances.- Measurements: Reliability vs Security.- Software Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models.- A Discrete Lognormal Model for Software Defects Affecting Quality of Protection.- Time-to-Compromise Model for Cyber Risk Reduction Estimation.- Assessing the risk of using vulnerable components.- Collection and analysis of attack data based on honeypots deployed on the Internet.- Quantitative Security Models.- Multilevel Security and Quality of Protection.- A Conceptual Model for Service Availability.- A SLA evaluation methodology in Service Oriented Architectures.- Towards a Notion of Quantitative Security Analysis.- Metrics for Anonymity and Confidentiality.- The Lower Bound of Attacks on Anonymity Systems A Unicity Distance Approach.- Intersection Attacks on Web-Mixes: Bringing the Theory into Praxis.- Using Guesswork as a Measure for Confidentiality of Selectively Encrypted Messages.- Measuring Inference Exposure in Outsourced Encrypted Databases.