Abstract
Carefully designed security metrics of practical relevance can be used to provide evidence of the security behavior of the system under development or operation. This study investigates a practical development of security metrics for a distributed messaging system based on threat and vulnerability analysis and security requirements. Our approach is thus requirement-centric. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Both non-attack strategy oriented and attacker behaviour oriented metrics are investigated. The available on-line evidence information of the security performance of the system is integrated with off-line metrics to enable holistic decision-making for security management of the system.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
