4th International ICST Conference on Security and Privacy in Communication Networks

Research Article

Towards More Secure Systems:How to Combine Expert Evaluations

Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1145/1460877.1460923,
    author={Marco Benini and Sabrina Sicari},
    title={Towards More Secure Systems:How to Combine Expert Evaluations},
    proceedings={4th International ICST Conference on Security and Privacy in Communication Networks},
    publisher={ACM},
    proceedings_a={SECURECOMM},
    year={2008},
    month={9},
    keywords={Risk assessment Algebraic metrics Composition of metrics},
    doi={10.1145/1460877.1460923}
}
  • Marco Benini
    Sabrina Sicari
    Year: 2008
    Towards More Secure Systems:How to Combine Expert Evaluations
    SECURECOMM
    ACM
    DOI: 10.1145/1460877.1460923
Marco Benini1,*, Sabrina Sicari1,*
  • 1: Dipartimento di Informatica e Comunicazione Università degli Studi dell’Insubria via Mazzini 5, IT-21100 Varese, Italy
*Contact email: marco.benini@uninsubria.it, sabrina.sicari@uninsubria.it

Abstract

In previous works[2,4] we have introduced a formal risk assessment method and we have shown its mathematical properties. The method allows to model a system as a structured set of vulnerabilities, each one potentially depending on the others: the goal of the method is to consider the influence of the dependencies and, thus, to provide a global risk assessment. A crucial point is the use of order-based metrics to measure the exploitability of a threat: order-based metrics reduce the subjective aspects in the risk evaluation process. This work extends the previous ones by showing how to combine the risk evaluations performed by different experts whose degree of expertise may vary.

Keywords
Risk assessment Algebraic metrics Composition of metrics
Published
2008-09-25
Publisher
ACM
Modified
2010-05-16
http://dx.doi.org/10.1145/1460877.1460923
Copyright © 2008–2024 ACM
EAI Logo

About EAI

Community

Publish with EAI