Quantitative Measures of Security
To the casual, yet interested, reader, one of the most striking properties of the Trusted Computer System Evaluation Criteria  and its international successors is that none of these documents contain any attempt to relate their evaluation levels to a measure of how much effort must be expended to break into a system.  As a consequence, it’s impossible to evaluate rationally the marginal benefit of spending the extra money necessary to obtain a higher rating than a lower one.
KeywordsComputer Security Trojan Horse Extra Money Striking Property International Successor
Unable to display preview. Download preview PDF.
- National Computer Security Center, Trusted Computer System Evaluation Criteria, CSC-STD-001-83, Ft. Meade, MD, 1983.Google Scholar
- J. McLean, “New Paradigms for High-Assurance Systems,” Proc. of the New Paradigms Workshop, IEEE Press, forthcoming.Google Scholar
- J. McLean, “Security Models and Information Flow,” Proc. 1990 IEEE CS Symposium on Research in Security and Privacy, IEEE Press, 1990.Google Scholar
- J. Gray, “Toward a Mathematical Foundation of Information Flow Security,” Journal of Computer Security, Vol. 1, no. 3-4.Google Scholar
- J. Millen, “Covert Channel Capacity,” Proc. 1987 IEEE CS Symposium on Research in Security and Privacy, IEEE Press, 1987.Google Scholar
- I. Moskowitz and A. Miller, “The Channel Capacity of a Certain Noisy Timing Channel,” IEEE Transactions on Information Theory, Vol. 38, no. 4, 1992.Google Scholar
- J. McLean, “Models of Confidentiality: Past, Present, and Future,” Proc. Computer Security Foundations Workshop VI, IEEE Press, 1993.Google Scholar