Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
10.1145/2642803.2642806acmotherconferencesArticle/Chapter ViewAbstractPublication PagesecsawConference Proceedingsconference-collections
research-article

A tool for security metrics modeling and visualization

Published: 25 August 2014 Publication History

Abstract

Measuring the security level of an information system to acquire reliable perception of its state requires the use of various different security metrics that can provide extensive security evidence of the system. Visualization can then be used to facilitate the management of the security metrics and measurements and to enhance understanding on their relationships. This paper introduces a tool for modeling and monitoring the security state of a system and focuses on the visualization aspects of the tool. The security metrics of a system are organized hierarchically in the tool, so that more general and conceptual security metrics on the higher levels are connected to detailed, low-level measurements. The tool helps bring meaningfulness to the security metrics and helps the user be more aware of the security state of the system during runtime use of the tool. By having organized security evidence from high-level objectives to low-level measurements the user is able to act on the security incidents more proficiently.

References

[1]
Card, S.K., Mackinlay, J.D. and Shneiderman, B. 1999. Readings in Information Visualization: Using Vision to Think. Morgan Kaufmann Publishers, San Francisco, CA, 686 p.
[2]
Evesti, A., Savola, R., Ovaska, E. and Kuusijärvi, J. 2011. The design, instantiation, and usage of information security measuring ontology. In MOPAS 2011, The Second International Conference on Models and Ontology-based Design of Protocols, Architectures and Services (Budapest, Hungary, April 17 - 22, 2011), 1--9.
[3]
García, F., Bertoa, M. F., Calero, C., Vallecillo, A., Ruíz, F., Piattini, M. and Genero, M. 2006. Towards a consistent terminology for software measurement. Inf. and Softw. Technol., 48, 631--644.
[4]
Herzog, A., Shahmehri, N. and Duma, C. 2007. An Ontology of Information Security. Journal of Information Security and Privacy, 1, 1--23
[5]
ISO/IEC 15408-1:2009. Common Criteria for Information Technology Security Evaluation -- Part 1: Introduction and General Model. ISO/IEC.
[6]
ISO/IEC 27000:2012. Information Technology -- Security Techniques -- Information Security Management Systems -- Overview and Vocabulary. ISO/IEC
[7]
Koike, H. and Ohno, K. 2004. SnortView: Visualization System of Snort Logs. In Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC / DMSEC '04). pp. 143--147, DOI=10.1145/1029208.1029232, http://doi.acm.org/10.1145/1029208.1029232
[8]
Kuusijärvi, J. 2010. Interactive Visualization of Quality Variability at Runtime, VTT Publications, 746, Espoo, VTT, ISBN 978-951-38-7412-4. 111 p.
[9]
Marty, R. 2009. Applied Security Visualization. Addison-Wesley
[10]
McPherson, J., Kwan-Liu Ma, Krystosk, P., Bartoletti, T. and Christensen, M. 2004. PortVis: A Tool for Port-based Detection of Security Events. In Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC / DMSEC '04). ACM, New York, NY, USA. pp. 73--81. DOI=10.1145/1029208.1029220.
[11]
Monsch, J. P. and Marty, R. The Data Analysis and Visualization Linux ®, ver. 1.0.1, available at http://davix.secviz.org, 13.6.2014.
[12]
Savola, R. 2009. A Security Metrics Taxonomization Model for Software-Intensive Systems. JIPS, 5(4), 197--206.
[13]
Savola, R. M. 2013. Quality of security metrics and measurements. Computers & Security, Volume 37. 78--90. DOI=http://dx.doi.org/10.1016/j.cose.2013.05.002.
[14]
Savola, R. M., and Heinonen, P. 2011. A Visualization and Modeling Tool for Security Metrics and Measurements Management. In Information Security South Africa (ISSA), 2011 (pp. 1--8). IEEE.
[15]
Savola, R. M., Frühwirth, C. and Pietikäinen, A. 2012. Risk-driven Security Metrics in Agile Software Development -- an Industrial Pilot Study. Journal of Universal Computer Science. 18(12), 1679--1702.

Cited By

View all
  • (2018)Combining real-time risk visualization and anomaly detectionProceedings of the 12th European Conference on Software Architecture: Companion Proceedings10.1145/3241403.3241460(1-7)Online publication date: 24-Sep-2018
  • (2018)Aggregation of security metrics for decision makingProceedings of the 12th European Conference on Software Architecture: Companion Proceedings10.1145/3241403.3241458(1-7)Online publication date: 24-Sep-2018
  • (2015)Security Metrics, Secure Elements, and Operational Measurement Trust in Cloud EnvironmentsProceedings of the 11th International Workshop on Security and Trust Management - Volume 933110.1007/978-3-319-24858-5_3(37-51)Online publication date: 21-Sep-2015

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ECSAW '14: Proceedings of the 2014 European Conference on Software Architecture Workshops
August 2014
214 pages
ISBN:9781450327787
DOI:10.1145/2642803
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 August 2014

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Security metrics
  2. cyber security
  3. situation awareness
  4. visualization

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ECSAW '14

Acceptance Rates

ECSAW '14 Paper Acceptance Rate 29 of 43 submissions, 67%;
Overall Acceptance Rate 80 of 120 submissions, 67%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)9
  • Downloads (Last 6 weeks)2
Reflects downloads up to 16 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2018)Combining real-time risk visualization and anomaly detectionProceedings of the 12th European Conference on Software Architecture: Companion Proceedings10.1145/3241403.3241460(1-7)Online publication date: 24-Sep-2018
  • (2018)Aggregation of security metrics for decision makingProceedings of the 12th European Conference on Software Architecture: Companion Proceedings10.1145/3241403.3241458(1-7)Online publication date: 24-Sep-2018
  • (2015)Security Metrics, Secure Elements, and Operational Measurement Trust in Cloud EnvironmentsProceedings of the 11th International Workshop on Security and Trust Management - Volume 933110.1007/978-3-319-24858-5_3(37-51)Online publication date: 21-Sep-2015

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media