Measuring Security: A Challenge for the Generation
Janusz Zalewski, Steven Drager, William McKeever, Andrew J. Kornecki
Citation: Position Papers of the 2014 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 3, pages 131–140 (2014)
Abstract. This paper presents an approach to measuring computer security understood as a system property, in the category of similar properties, such as safety, reliability, dependability, etc. First, a historical discussion of measurements is presented, beginning with views of Hermann von Helmholtz in his 19-th century work ``Z\"ahlen und Messen''. Then, contemporary approaches related to the principles of measuring software properties are discussed, with emphasis on statistical, physical and software models. A distinction between metrics and measures is made to clarify the concepts. A brief overview of inadequacies of methods and techniques to evaluate computer security is presented, followed by a proposal and discussion of a practical model to conduct experimental security measurements.