Measurement of Operational Security
For all aspects of dependability, users want to know what to expect of actual system behaviour in operation. In the case of reliability, it is now possible to obtain such operational measures for systems even in the presence of design faults (e.g., software faults). Similarly, a measure of the security of a system should capture quantitatively the intuitive notion of ‘the ability of the system to resist attack’. That is, it should be operational, reflecting the degree to which the system can be expected to remain free of security breaches under particular conditions of operation (including attack). So-called ‘quality indicators’ (e.g., properties of development process, structural properties of the product, etc.) do not provide such operational measures. In particular, current security levels at best merely reflect the extensiveness of safeguards introduced during the design and development of a system. Whilst we might expect a system developed to a higher level than another to exhibit ‘more secure behaviour’ in operation, this cannot be guaranteed; more particularly, we cannot infer from knowledge of such a level what the actual security behaviour will be.
KeywordsSoftware Reliability Computer Security Design Fault Trojan Horse Software Fault
Unable to display preview. Download preview PDF.
- B. Littlewood, S. Brocklehurst, N.E. Fenton, P. Mellor, S. Page, D. Wright, J.E. Dobson, J.A. McDermid and D. Gollmann, “Towards operational measures of computer security,” Journal of Computer Security, (to appear).Google Scholar