Towards More Secure Systems:How to Combine Expert Evaluations

Marco Benini; Sabrina Sicari

4th International ICST Conference on Security and Privacy in Communication Networks

Research Article

Towards More Secure Systems:How to Combine Expert Evaluations

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1145/1460877.1460923,
    author={Marco Benini and Sabrina Sicari},
    title={Towards More Secure Systems:How to Combine Expert Evaluations},
    proceedings={4th International ICST Conference on Security and Privacy in Communication Networks},
    publisher={ACM},
    proceedings_a={SECURECOMM},
    year={2008},
    month={9},
    keywords={Risk assessment Algebraic metrics Composition of metrics},
    doi={10.1145/1460877.1460923}
}

Marco Benini
Sabrina Sicari
Year: 2008
Towards More Secure Systems:How to Combine Expert Evaluations
SECURECOMM
ACM
DOI: 10.1145/1460877.1460923

Marco Benini¹^,*, Sabrina Sicari¹^,*

1: Dipartimento di Informatica e Comunicazione Università degli Studi dell’Insubria via Mazzini 5, IT-21100 Varese, Italy

*Contact email: marco.benini@uninsubria.it, sabrina.sicari@uninsubria.it

Abstract

In previous works[2,4] we have introduced a formal risk assessment method and we have shown its mathematical properties. The method allows to model a system as a structured set of vulnerabilities, each one potentially depending on the others: the goal of the method is to consider the influence of the dependencies and, thus, to provide a global risk assessment. A crucial point is the use of order-based metrics to measure the exploitability of a threat: order-based metrics reduce the subjective aspects in the risk evaluation process. This work extends the previous ones by showing how to combine the risk evaluations performed by different experts whose degree of expertise may vary.

Keywords: Risk assessment Algebraic metrics Composition of metrics

Published: 2008-09-25
Publisher: ACM
Modified: 2010-05-16

: http://dx.doi.org/10.1145/1460877.1460923