Title :
Untrustworthiness: A trust-based security metric
Author :
Neto, Afonso Araujo ; Vieira, Marco
Author_Institution :
Dept. of Inf. Eng., Univ. of Coimbra, Coimbra, Portugal
Abstract :
Quantifying security is very hard and, although there are many proposals of security metrics in the literature, no consensual quantitative security metric has been proposed so far. A key difficulty is that security is, usually, more influenced by what is unknown about a system than by what is known about it. In this paper we present the idea of trust-based metrics, which are based on the idea of quantifying and exposing the trustworthiness relationship between a system and its owner. We defend that they represent a powerful alternative to traditional security metrics and are much easier to obtain. As an instantiation, we propose minimum untrustworthiness as a low-cost high-reward trust-based metric that can be easily used to assess and compare security aspects. We discuss what does it express, show how it can be computed and what are its advantages. Finally, we present preliminary work on the definition of an untrustworthiness benchmark for database configurations.
Keywords :
security of data; database configurations; low-cost high-reward trust-based metric; trust-based security metric; untrustworthiness benchmark; Charge measurement; Computer hacking; Current measurement; Data security; Databases; Informatics; Information security; Power system security; Proposals; Uncertainty;
Conference_Titel :
Risks and Security of Internet and Systems (CRiSIS), 2009 Fourth International Conference on
Conference_Location :
Toulouse
Print_ISBN :
978-1-4244-4498-4
Electronic_ISBN :
2151-4763
DOI :
10.1109/CRISIS.2009.5411967
