Paper Info
Title
A policy-based methodology for security evaluation: A Security Metric for Public Key Infrastructures
Abstract
The security of complex infrastructures depends on many technical and organizational issues that need to be properly addressed by a security policy. For purpose of our discussion, we define a security policy as a document that states what is and what is not allowed in a system during normal operation; it consists of a set of rules that could be expressed in formal, semi-formal or very informal language. In many contexts, a system can be considered secure and trustworthy if the policy enforced by its security administrator is trustworthy too; from this standpoint it is possible to evaluate the system security by evaluating its policy. In this paper we present a policy-based methodology to formalize and compare policies, and a Security Metric to evaluate the security level that a system is able to grant. All the steps of the methodology will be illustrated with an operative approach, by directly applying it to a real case study: the semi-automated Cross Certification among Public Key Infrastructures.
Year
DOI
Venue
2007
10.3233/JCS-2007-15201
Journal of Computer Security
Keywords
Field
DocType
system security,security level,informal language,policy-based methodology,normal operation,complex infrastructure,security policy,security evaluation,security metric,security administrator,public key infrastructures,public key infrastructure
Security convergence,Security testing,Security through obscurity,Network security policy,Computer security,Computer science,Security service,Security policy,Security information and event management,Computer security model
Journal
Volume
Issue
ISSN
15
2
0926-227X
Citations 
PageRank 
References 
19
1.36
13
Authors
4
Name
Order
Citations
PageRank
Valentina Casola140247.27
Antonino Mazzeo254063.72
Nicola Mazzocca367478.37
valeria vittorini433933.14