Metrics-driven security objective decomposition for an E-health application with adaptive security management

Proceedings of the International Workshop on Adaptive Security, ASPI 2013

Volumn , Issue , 2013, Pages

  Savola, Reijo M ^a   Abie, Habtamu ^b  

^a VTT TECHNICAL RESEARCH CENTRE OF FINLAND   (Finland)

^b NORWEGIAN COMPUTING CENTER   (Norway)

Author keywords

adaptive security; e health; game theory; IoT; security metrics

Indexed keywords

EHEALTH; INTERNET OF THINGS; RISK ASSESSMENT;

ADAPTIVE SECURITY; E HEALTH; EHEALTH; MANAGEMENT TECHNIQUES; SECURITY LEVEL; SECURITY MANAGEMENT; SECURITY METRICS; SECURITY OBJECTIVES; SECURITY SOLUTIONS; THREAT SCENARIOS;

GAME THEORY;

EID: 85152504598     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2523501.2523507     Document Type: Conference Paper

References (26)

1. Abie, H. and Balasingham, I. 2012. Risk-Based Adaptive Security for Smart IoT in eHealth. In Proc. BODYNETS 2012, Workshop SeTTIT 2012, 269-275.
2. Alpcan, T. and Bacsar, T. 2011. Network Security: A Decision and Game Theoretic Approach, Cambridge University Press.
3. Bartol, N., Bates, B., Goertzel, K.M. and Winograd, T. 2009. Measuring cyber security and information assurance: a state-of-the-art report. Information Assurance Technology Analysis Center (IATAC).
4. Basili, V., Caldiera, G., and Rombach, H.D. 1994. The Goal Question Metric Approach. Marciniak, J. (ed.), Encyclopedia of Software Engineering, Wiley.
5. Burr, W.E. et al. 2011. Electronic Authentication Guideline. NIST Special Publication 800-63-1. National Institute of Standards and Technology.
6. Chen, G., Shen, D., Kwan, C., Cruz, J.B., Kruger, M., and Blasch, E. 2007. Game Theoretic Approach to Threat Prediction and Situation Awareness. Journal of Advances in Information Fusion, 2(1), 35-48
7. Cox, L. A. 2009. Game Theory and Risk Analysis. Risk Analysis, 29(8), 1062-1068. DOI=10.1111/j.1539-6924.2009.01247.x.
8. HIPAA. 1996. Health insurance portability and accountability act (HIPAA). U.S. Public Law, 104-191, 1996
9. Herrmann, D.S. 2007. Complete guide to security and privacy metrics - Measuring regulatory compliance, operational resilience and ROI. Auerbach Publications.
10. ISO/IEC 15408-1:2005. Common Criteria for Information Technology Security Evaluation - Part 1: Introduction and General Model. International Organization for Standardization and the International Electro Technical Commission.
11. ISO/IEC 27005:2008. Information technology - Security techniques - Information security risk management. International Organization for Standardization and International Electrotechnical Commission.
12. ITSEC. 1991. Information Technology Security Evaluation Criteria (ITSEC), Version 1.2. Commission for the European Communities.
13. Jafari, S., Mtenzi, F., Fitzpatrick, R., and O'Shea, B. 2010. Security metrics for e-healthcare information systems: a domain specific metrics approach. Int. Journal of Digital Society, 1(4), 238-245.
14. Jansen, W. 2009. Directions in Security Metrics Research. U.S. National Institute of Standards and Technology, NISTIR 7564.
15. Jaquith, A. 2007. Security metrics: replacing fear, uncertainty and doubt. Addison-Wesley.
16. Kirkman, D. 1998. Requirement Decomposition and Traceability, Requirements Engineering, 3(2), 107-114. DOI=10.1007/BF02919970
17. Koopman, P. 1995. A Taxonomy of Decomposition Strategies based on Structures, Behaviors, and Goals. In Proc. Design Theory & Methodology, 611-618.
18. Leister, W., Abie, H., and Poslad, S. 2012. Defining ASSET Scenarios - ASSET D6.1 Technical Note: Case study scenarios definition, Version 1. Technical Report DAR/17/12, Norwegian Computing Center.
19. Savola, R., Abie, H., and Sihvonen, M. 2012. Towards metrics-driven adaptive security management in E-health IoT applications. In Proc. BODYNETS 2012, Workshop SeTTIT 2012, 276-281.
20. Savola, R. and Abie, H. 2009. Development of measurable security for a distributed messaging system. Int. Journal on Advances in Security, 2(4), 358-380.
21. Savola, R. Strategies for Security Measurement Objective Decomposition. In Proc. Information Security for South Africa (ISSA), 2012, 1-8.
22. Shen, D., Chen, G., Blasch, E., and Tadda, G. 2007. Adaptive Markov Game Theoretic Data Fusion Approach for Cyber Network Defense. IEEE Military Communications Conference (MILCOM 2007), 1-7. DOI=10.1109/MILCOM.2007.4454758.
23. Shen, D., Chen, G., Cruz, J. J.B., Blasch, E., and Pham, K. 2009. An Adaptive Markov Game Model for Cyber Threat Intent Inference. Theory and Novel Applications of Machine Learning, Meng Joo Erand Yi Zhou (Ed.), ISBN: 978-953-7619-55-4, InTech, 317-334. DOI=10.5772/6690.
24. Wang, C., and Wulf, W.A. 1997. Towards a framework for security measurement. In Proc 20th National Information Systems Security, 522-533.
25. Weiss, S., Weissmann, O., and Dressler, F. 2010. A comprehensive and comparative metric for information security. In Proc. ICTSM'05, 0-10.
26. Xiaolin, C., Xiaobin, T. Yong, Z., and Hongsheng, X. 2008. A Markov Game Theory-based Risk Assessment Model for Network Information System. In Proc. 2008 International Conference on Computer Science and Software Engineering, 1057-1061. DOI=10.1109/CSSE.2008.949