مرکز منطقه ای اطلاع رساني علوم و فناوري - Validating Cyber Security Requirements: A Case Study

DocumentCode :

2589825

Title :

Validating Cyber Security Requirements: A Case Study

Author :

Abercrombie, Robert K. ; Sheldon, Frederick T. ; Mili, Ali

fYear :

2011

fDate :

4-7 Jan. 2011

Firstpage :

Lastpage :

Abstract :

Vulnerabilities in a system may have widely varying impacts on system security. In practice, security should not be defined as the absence of vulnerabilities. In practice, security should not be quantified by the number of vulnerabilities. Security should be managed by pursuing a policy that leads us first to the highest impact vulnerabilities. In light of these observations, we argue in favor of shifting our focus from vulnerability avoidance/removal to measurable security attributes. To this effect, we recommend a logic be used for system security, which captures/represents security properties in quantifiable, verifiable, measurable terms - so that it is possible to reason about security in terms of its observable/ perceptible effects rather than its hypothesized causes. This approach is orthogonal to existing techniques for vulnerability avoidance, removal, detection, and recovery, in the sense that it provides a means to assess, quantify, and combine these techniques.

Keywords :

formal verification; security of data; cyber security requirement validation; security attributes; security policy; system security; system vulnerabilities; Availability; Certification; Computer security; Mobile communication; Vehicles;

fLanguage :

English

Publisher :

ieee

Conference_Titel :

System Sciences (HICSS), 2011 44th Hawaii International Conference on

Conference_Location :

Kauai, HI

ISSN :

1530-1605

Print_ISBN :

978-1-4244-9618-1

Type :

conf

DOI :

10.1109/HICSS.2011.480

Filename :

5718517

Link To Document :

https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2589825