Quantitative Measures of Security

  • John McLean
Conference paper
Part of the Dependable Computing and Fault-Tolerant Systems book series (DEPENDABLECOMP, volume 9)


To the casual, yet interested, reader, one of the most striking properties of the Trusted Computer System Evaluation Criteria [1] and its international successors is that none of these documents contain any attempt to relate their evaluation levels to a measure of how much effort must be expended to break into a system. [2] As a consequence, it’s impossible to evaluate rationally the marginal benefit of spending the extra money necessary to obtain a higher rating than a lower one.


Computer Security Trojan Horse Extra Money Striking Property International Successor 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    National Computer Security Center, Trusted Computer System Evaluation Criteria, CSC-STD-001-83, Ft. Meade, MD, 1983.Google Scholar
  2. [2]
    J. McLean, “New Paradigms for High-Assurance Systems,” Proc. of the New Paradigms Workshop, IEEE Press, forthcoming.Google Scholar
  3. [3]
    D. Denning, Cryptography and Data Security, Addison-Wesley, Reading, MA, 1982.MATHGoogle Scholar
  4. [4]
    J. McLean, “Security Models and Information Flow,” Proc. 1990 IEEE CS Symposium on Research in Security and Privacy, IEEE Press, 1990.Google Scholar
  5. [5]
    J. Gray, “Toward a Mathematical Foundation of Information Flow Security,” Journal of Computer Security, Vol. 1, no. 3-4.Google Scholar
  6. [6]
    J. Millen, “Covert Channel Capacity,” Proc. 1987 IEEE CS Symposium on Research in Security and Privacy, IEEE Press, 1987.Google Scholar
  7. [7]
    I. Moskowitz and A. Miller, “The Channel Capacity of a Certain Noisy Timing Channel,” IEEE Transactions on Information Theory, Vol. 38, no. 4, 1992.Google Scholar
  8. [8]
    J. McLean, “Models of Confidentiality: Past, Present, and Future,” Proc. Computer Security Foundations Workshop VI, IEEE Press, 1993.Google Scholar

Copyright information

© Springer-Verlag/Wien 1995

Authors and Affiliations

  • John McLean
    • 1
  1. 1.Center for High Assurance Computer SystemsNaval Research LaboratoryUSA

Personalised recommendations