Applicability of security metrics for adaptive security management in a universal banking hub system

ACM International Conference Proceeding Series

Volumn , Issue , 2010, Pages 197-204

  Blasi, Lorenzo ^a   Savola, Reijo ^b   Abie, Habtamu ^c   Rotondi, Domenico ^d  

^a Italy Innovation Center   (Italy)

^b VTT TECHNICAL RESEARCH CENTRE OF FINLAND   (Finland)

^c NORWEGIAN COMPUTING CENTER   (Norway)

^d TXT e solutions SpA ^*  (Italy)

Author keywords

adaptive security; security measures; security metrics

Indexed keywords

ADAPTIVE SECURITY; DISTRIBUTED MIDDLEWARE; HIGH STANDARDS; HUB SYSTEMS; SECURITY MEASURE; SECURITY METRICS; TRUST METRICS;

AUTHENTICATION; MIDDLEWARE; TECHNICAL PRESENTATIONS;

SOFTWARE ARCHITECTURE;

EID: 78149384657     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1842752.1842792     Document Type: Conference Paper

References (28)

1. Abie, H., Dattani, I., Novkovic, M., Bigham, J., Topham, S., and Savola, R. 2008. "GEMOM - Significant and measurable progress beyond the state of the art," ICSNC'08.
2. Savola, R., Abie, H., Bigham, J., and Rotondi, D. 2010. "Innovations and advances in adaptive secure message oriented middleware - the GEMOM project," RDCS '10.
3. Savola, R. and Abie, H. 2010. "Development of measurable security for a distributed messaging system," Int. Journal on Advances in Security, 2(4), 358-380, Publ. 2010.
4. Savola, R. and Abie, H. 2009. "Development of security metrics for a distributed messaging system," AICT '09.
5. Abie, H. 2009. "Adaptive security and trust management for autonomic message-oriented middleware," TSP '09.
6. Savola, R. 2009. "A security metrics taxonomization model for software-intensive systems," Journal of Information Processing Systems, 5(4), 197-206.
7. Savola, R. and Heinonen, P. 2010. "Security-measurability-enhancing mechanisms for a distributed adaptive security monitoring system," SECURWARE '10.
8. Society for Worldwide Interbank Financial Telecommunication (SWIFT). Web-site: www.swift.com [July 12, 2010].
9. Burr, W.E. et al. 2008. "Electronic authentication guideline," National Institute of Standards and Technology, U.S. Department of Commerce, NIST SP 800-63-1, Draft.
10. OASIS Standard 200401. 2004. "Web services security: SOAP message security 1.0," Organization for the Advancement of Structured Information Standards.
11. ITU Recommendation X.509 (08/05). 2005. "Information technology - Open systems interconnection - the directory: public-key and attribute certificate frameworks," International Telecommunication Union.
12. Chin, J., Parkin, M., Zhang, N., Nenadic, A., and Brooke, J.M. 2005. "An authentication strength linked access control middleware for the grid," SCS International Journal of Information Technology, 11(4), 1-12.
13. Zuccato, A., Dubus, S., and Bulut, E. 2008. "Methodology for service-oriented management of security assurance in communication infrastructures," High Assurance Systems Engineering Symposium HASE '08.
14. Lenstra, A.K. and Verheul, E.R. 2000. "Selecting cryptographic key sizes," PKC '00.
15. BlueKrypt - Cryptographic Key Length Recommendation. Website: www.keylength.com [July 12, 2010].
16. Barker, E. et al. 2007. "Recommendation for key management - Part 1: General (Revised)," National Institute of Standards and Technology, U.S. Department of Commerce, NIST Special Publication 800-57.
17. Blasi, L., Arenas, A., Aziz, B., Mori, P., Rovati, U., Crispo, B., Martinelli, F., and Massonet, P. 2008. "A secure environment for grid-based supply chains," eChallenges '08.
18. Wang, C. and Wulf, W.A. 1997. "Towards a framework for security measurement," NISSC '07.
19. Verendel, V. 2009. "Quantified security is a weak hypothesis," NSPW '09.
20. Howard, M., Pincus, J., and Wing, J.M. 2003. "Measuring relative attack surfaces", WADIS '03.
21. Chandra, S. and Khan, R.A. 2008. "Object oriented software security estimation life cycle - Design phase perspective," Journal of Software Engineering, 2(1), 39-46.
22. ISO/IEC 15408-1:2005. 2005. "Common Criteria for information technology security evaluation - Part 1: Introduction and general model," ISO/IEC.
23. Bulut, E., Khadraoui, D., and Marquet, B. 2007. "Multiagent based security assurance monitoring system for telecommunication infrastructures, " CNIS '07.
24. Savola, R. 2010. "On the feasibility of utilizing security metrics in software-intensive systems," Int. Journal of Computer Science and Network Security, 10(1), 230-239.
25. Herrmann, D.S. 2007. "Complete guide to security and privacy metrics - measuring regulatory compliance, operational resilience and ROI," Auerbach Publications.
26. Jaquith, A. 2007. "Security metrics: replacing fear, uncertainty and doubt," Addison-Wesley.
27. Bartol, N., Bates, B., Goertzel, K.M., and Winograd, T. 2009. "Measuring cyber security and information assurance: a state-of-the-art report," IATAC.
28. Jansen, W. 2009. "Directions in security metrics research," U.S. National Institute of Standards and Technology, NISTIR 7564.