research-article

Security Measuring for Self-adaptive Security

Authors:

Habtamu Abie, and

Reijo SavolaAuthors Info & Claims

ECSAW '14: Proceedings of the 2014 European Conference on Software Architecture Workshops

August 2014

Article No.: 5, Pages 1 - 7

https://doi.org/10.1145/2642803.2642808

Published: 25 August 2014 Publication History

Abstract

Self-adaptive security is needed due to vast amount of changes in an execution environment and threat landscape, which all cannot be anticipated at software design-time. Self-adaptive security requires means for monitoring a security level and decision making capability to improve the current security level. In this paper, we describe how security metrics are able to support self-adaptive security. The paper analyses benefits and challenges of security measuring from the self-adaptive security perspective. Thus, five benefits and three challenges of security metrics in self-adaptive security are described. Furthermore, the paper derives requirements that measuring causes for self-adaptive security. Based on the derived requirements, extension components for the MAPE (Monitor, Analyse, Plan and Execute) reference model are proposed.

References

[1]

Evesti, A.; Ovaska, E. Comparison of Adaptive Information Security Approaches. ISRN Artificial Intelligence 2013, 1--18.

[2]

Yuan, E.; Malek, S. A taxonomy and survey of self-protecting software systems. In Proceedings of the Software Engineering for Adaptive and Self-Managing Systems, Zürich, Switzerland, 4-5 June, IEEE, 2012, pp. 109--118.

[3]

Yuan, E.; Esfahani, N.; Malek, S. A Systematic Survey of Self-Protecting Software Systems. ACM Trans.Auton.Adapt.Syst. 2014, 8, 17:1--17:41.

Digital Library

[4]

Abie, H.; Savola, R. M.; Bigham, J.; Dattani, I.; Rotondi, D.; Da Bormida, G. Self-Healing and Secure Adaptive Messaging Middleware for Business-Critical Systems. Int. J. on Advances in Security 2010, 3, 34--51.

[5]

Evesti, A.; Suomalainen, J.; Ovaska, E. Architecture and Knowledge-driven Self-adaptive Security in Smart Spaces. Computers 2013, 2, 34--66.

[6]

Salehie, M.; Tahvildari, L. Self-adaptive software: Landscape and research challenges. ACM Trans.Auton.Adapt.Syst. 2009, 4, 14:1--14:42.

Digital Library

[7]

García, F.; Bertoa, M. F.; Calero, C.; Vallecillo, A.; Ruíz, F.; Piattini, M.; Genero, M. Towards a consistent terminology for software measurement. Inf. and Softw. Technol. 2006, 48, 631--644.

[8]

Wang, C.; Wulf, W. A. Towards a Framework for Security Measurement. In Proceedings of the 20th National Information Systems Security Conference, Baltimore, Maryland, October, 1997, pp. 522--533.

[9]

Savola, R.; Abie, H. Development of measurable security for a distributed messaging system. Int. J. on Advances in Security 2009, 2, 358--380.

[10]

Kephart, J. O.; Chess, D. M. The vision of autonomic computing. Computer 2003, 36, 41--50.

Digital Library

[11]

Weiß, S.; Weissmann, O.; Dressler, F. A comprehensive and comparative metric for information security. In Proceedings of the ICTSM'05, 2005, pp. 1--10.

[12]

Jafari, S.; Mtenzi, F.; Fitzpatrick, R.; O'Shea, B. Security metrics for e-healthcare information systems: a domain specific metrics approach. Int.Journal of Digital Society 2010, 1, 238--245.

[13]

Abie, H.; Balasingham, I. Risk-based Adaptive Security for Smart IoT in eHealth. In Proceedings of the 7th International Conference on Body Area Networks, Oslo, Norway, September 24-26, ICST, 2012, pp. 269--275.

[14]

ISO/IEC 27001:2005. Information technology - Security techniques - Information security management systems-Requirements. Int. Organ.Stand. Int. Electrotech. Comm. 2005.

[15]

ISO/IEC 27004:2009 Information technology - Security techniques - Information security management -- Measurement. Int. Organ. Stand. Int. Electrotech 2009.

[16]

Savola, R. On the feasibility of utilizing security metrics in software-intensive systems. International Journal of Computer Science and Network Security 2010, 10, 230--239.

[17]

Savola, R. M. Quality of security metrics and measurements. Comput.Secur. 2013, 37, 78--90.

Digital Library

Cited By

Alyari RKarimpour JIzadkhah H(2019)Specifying a New Requirement Model for Secure Adaptive SystemsThe Computer Journal10.1093/comjnl/bxz12463:8(1148-1167)Online publication date: 26-Dec-2019
https://doi.org/10.1093/comjnl/bxz124

Index Terms

Security Measuring for Self-adaptive Security
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Correctness
        Access protection

Recommendations

Quantitative security assurance metrics: REST API case studies
ECSA '18: Proceedings of the 12th European Conference on Software Architecture: Companion Proceedings

Security assurance is the confidence that a system meets its security requirements based on specific evidences that an assurance technique provide. The notion of measuring security is complex and tricky. Existing approaches either (1) consider one ...
Read More
Design security for internet-based workflow management systems adopting security agents
AIKED'05: Proceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases

With the expansion of WFMS(workflow management systems) across the Internet, collaboration among enterprises increase. The security problems of Intranet-based WFMS, which is operated on Intranet, are critical, and the effectiveness of Internet-Based ...
Read More
IoT Security: Practical guide book
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ECSAW '14: Proceedings of the 2014 European Conference on Software Architecture Workshops

August 2014

214 pages

ISBN:9781450327787

DOI:10.1145/2642803

General Chair:
Uwe Zdun

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 August 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ECSAW '14

ECSAW '14: European Conference on Software Architecture Workshops

August 25 - 29, 2014

Vienna, Austria

Acceptance Rates

ECSAW '14 Paper Acceptance Rate 29 of 43 submissions, 67%;

Overall Acceptance Rate 80 of 120 submissions, 67%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
362
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Alyari RKarimpour JIzadkhah H(2019)Specifying a New Requirement Model for Secure Adaptive SystemsThe Computer Journal10.1093/comjnl/bxz12463:8(1148-1167)Online publication date: 26-Dec-2019
https://doi.org/10.1093/comjnl/bxz124

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents