Quantitative Measures of Security

  • John McLean
Conference paper
Part of the Dependable Computing and Fault-Tolerant Systems book series (DEPENDABLECOMP, volume 9)


To the casual, yet interested, reader, one of the most striking properties of the Trusted Computer System Evaluation Criteria [1] and its international successors is that none of these documents contain any attempt to relate their evaluation levels to a measure of how much effort must be expended to break into a system. [2] As a consequence, it’s impossible to evaluate rationally the marginal benefit of spending the extra money necessary to obtain a higher rating than a lower one.


Computer Security Trojan Horse Extra Money Striking Property International Successor 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    National Computer Security Center, Trusted Computer System Evaluation Criteria, CSC-STD-001-83, Ft. Meade, MD, 1983.Google Scholar
  2. [2]
    J. McLean, “New Paradigms for High-Assurance Systems,” Proc. of the New Paradigms Workshop, IEEE Press, forthcoming.Google Scholar
  3. [3]
    D. Denning, Cryptography and Data Security, Addison-Wesley, Reading, MA, 1982.MATHGoogle Scholar
  4. [4]
    J. McLean, “Security Models and Information Flow,” Proc. 1990 IEEE CS Symposium on Research in Security and Privacy, IEEE Press, 1990.Google Scholar
  5. [5]
    J. Gray, “Toward a Mathematical Foundation of Information Flow Security,” Journal of Computer Security, Vol. 1, no. 3-4.Google Scholar
  6. [6]
    J. Millen, “Covert Channel Capacity,” Proc. 1987 IEEE CS Symposium on Research in Security and Privacy, IEEE Press, 1987.Google Scholar
  7. [7]
    I. Moskowitz and A. Miller, “The Channel Capacity of a Certain Noisy Timing Channel,” IEEE Transactions on Information Theory, Vol. 38, no. 4, 1992.Google Scholar
  8. [8]
    J. McLean, “Models of Confidentiality: Past, Present, and Future,” Proc. Computer Security Foundations Workshop VI, IEEE Press, 1993.Google Scholar

Copyright information

© Springer-Verlag/Wien 1995

Authors and Affiliations

  • John McLean
    • 1
  1. 1.Center for High Assurance Computer SystemsNaval Research LaboratoryUSA

Personalised recommendations