Measurement of Operational Security

  • Bev Littlewood
Conference paper
Part of the Dependable Computing and Fault-Tolerant Systems book series (DEPENDABLECOMP, volume 9)


For all aspects of dependability, users want to know what to expect of actual system behaviour in operation. In the case of reliability, it is now possible to obtain such operational measures for systems even in the presence of design faults (e.g., software faults). Similarly, a measure of the security of a system should capture quantitatively the intuitive notion of ‘the ability of the system to resist attack’. That is, it should be operational, reflecting the degree to which the system can be expected to remain free of security breaches under particular conditions of operation (including attack). So-called ‘quality indicators’ (e.g., properties of development process, structural properties of the product, etc.) do not provide such operational measures. In particular, current security levels at best merely reflect the extensiveness of safeguards introduced during the design and development of a system. Whilst we might expect a system developed to a higher level than another to exhibit ‘more secure behaviour’ in operation, this cannot be guaranteed; more particularly, we cannot infer from knowledge of such a level what the actual security behaviour will be.


Software Reliability Computer Security Design Fault Trojan Horse Software Fault 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    B. Littlewood, S. Brocklehurst, N.E. Fenton, P. Mellor, S. Page, D. Wright, J.E. Dobson, J.A. McDermid and D. Gollmann, “Towards operational measures of computer security,” Journal of Computer Security, (to appear).Google Scholar

Copyright information

© Springer-Verlag/Wien 1995

Authors and Affiliations

  • Bev Littlewood
    • 1
  1. 1.Centre for Software ReliabilityCity UniversityLondonUK

Personalised recommendations