More Web Proxy on the site http://driver.im/

research-article

A tool for security metrics modeling and visualization

Authors:

Outi-Marja Latvala,

Jarkko Kuusijärvi,

Antti EvestiAuthors Info & Claims

ECSAW '14: Proceedings of the 2014 European Conference on Software Architecture Workshops

Article No.: 3, Pages 1 - 7

https://doi.org/10.1145/2642803.2642806

Published: 25 August 2014 Publication History

Abstract

Measuring the security level of an information system to acquire reliable perception of its state requires the use of various different security metrics that can provide extensive security evidence of the system. Visualization can then be used to facilitate the management of the security metrics and measurements and to enhance understanding on their relationships. This paper introduces a tool for modeling and monitoring the security state of a system and focuses on the visualization aspects of the tool. The security metrics of a system are organized hierarchically in the tool, so that more general and conceptual security metrics on the higher levels are connected to detailed, low-level measurements. The tool helps bring meaningfulness to the security metrics and helps the user be more aware of the security state of the system during runtime use of the tool. By having organized security evidence from high-level objectives to low-level measurements the user is able to act on the security incidents more proficiently.

References

[1]

Card, S.K., Mackinlay, J.D. and Shneiderman, B. 1999. Readings in Information Visualization: Using Vision to Think. Morgan Kaufmann Publishers, San Francisco, CA, 686 p.

Digital Library

[2]

Evesti, A., Savola, R., Ovaska, E. and Kuusijärvi, J. 2011. The design, instantiation, and usage of information security measuring ontology. In MOPAS 2011, The Second International Conference on Models and Ontology-based Design of Protocols, Architectures and Services (Budapest, Hungary, April 17 - 22, 2011), 1--9.

[3]

García, F., Bertoa, M. F., Calero, C., Vallecillo, A., Ruíz, F., Piattini, M. and Genero, M. 2006. Towards a consistent terminology for software measurement. Inf. and Softw. Technol., 48, 631--644.

[4]

Herzog, A., Shahmehri, N. and Duma, C. 2007. An Ontology of Information Security. Journal of Information Security and Privacy, 1, 1--23

[5]

ISO/IEC 15408-1:2009. Common Criteria for Information Technology Security Evaluation -- Part 1: Introduction and General Model. ISO/IEC.

[6]

ISO/IEC 27000:2012. Information Technology -- Security Techniques -- Information Security Management Systems -- Overview and Vocabulary. ISO/IEC

[7]

Koike, H. and Ohno, K. 2004. SnortView: Visualization System of Snort Logs. In Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC / DMSEC '04). pp. 143--147, DOI=10.1145/1029208.1029232, http://doi.acm.org/10.1145/1029208.1029232

Digital Library

[8]

Kuusijärvi, J. 2010. Interactive Visualization of Quality Variability at Runtime, VTT Publications, 746, Espoo, VTT, ISBN 978-951-38-7412-4. 111 p.

[9]

Marty, R. 2009. Applied Security Visualization. Addison-Wesley

Digital Library

[10]

McPherson, J., Kwan-Liu Ma, Krystosk, P., Bartoletti, T. and Christensen, M. 2004. PortVis: A Tool for Port-based Detection of Security Events. In Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC / DMSEC '04). ACM, New York, NY, USA. pp. 73--81. DOI=10.1145/1029208.1029220.

Digital Library

[11]

Monsch, J. P. and Marty, R. The Data Analysis and Visualization Linux ®, ver. 1.0.1, available at http://davix.secviz.org, 13.6.2014.

[12]

Savola, R. 2009. A Security Metrics Taxonomization Model for Software-Intensive Systems. JIPS, 5(4), 197--206.

[13]

Savola, R. M. 2013. Quality of security metrics and measurements. Computers & Security, Volume 37. 78--90. DOI=http://dx.doi.org/10.1016/j.cose.2013.05.002.

Digital Library

[14]

Savola, R. M., and Heinonen, P. 2011. A Visualization and Modeling Tool for Security Metrics and Measurements Management. In Information Security South Africa (ISSA), 2011 (pp. 1--8). IEEE.

[15]

Savola, R. M., Frühwirth, C. and Pietikäinen, A. 2012. Risk-driven Security Metrics in Agile Software Development -- an Industrial Pilot Study. Journal of Universal Computer Science. 18(12), 1679--1702.

Cited By

Väisänen TNoponen SLatvala OKuusijärvi JPérez JMirandola RChen H(2018)Combining real-time risk visualization and anomaly detectionProceedings of the 12th European Conference on Software Architecture: Companion Proceedings10.1145/3241403.3241460(1-7)Online publication date: 24-Sep-2018
https://dl.acm.org/doi/10.1145/3241403.3241460
Ahmed YNaqvi SJosephs MPérez JMirandola RChen H(2018)Aggregation of security metrics for decision makingProceedings of the 12th European Conference on Software Architecture: Companion Proceedings10.1145/3241403.3241458(1-7)Online publication date: 24-Sep-2018
https://dl.acm.org/doi/10.1145/3241403.3241458
Kanstrén TEvesti A(2015)Security Metrics, Secure Elements, and Operational Measurement Trust in Cloud EnvironmentsProceedings of the 11th International Workshop on Security and Trust Management - Volume 933110.1007/978-3-319-24858-5_3(37-51)Online publication date: 21-Sep-2015
https://dl.acm.org/doi/10.1007/978-3-319-24858-5_3

Index Terms

A tool for security metrics modeling and visualization
1. Software and its engineering
  1. Software notations and tools
    1. Development frameworks and environments
      1. Integrated and visual development environments

Recommendations

A Survey on Systems Security Metrics

Security metrics have received significant attention. However, they have not been systematically explored based on the understanding of attack-defense interactions, which are affected by various factors, including the degree of system vulnerabilities, ...
Security metrics for source code structures
SESS '08: Proceedings of the fourth international workshop on Software engineering for secure systems

Software security metrics are measurements to assess security related imperfections (or perfections) introduced during software development. A number of security metrics have been proposed. However, all the perspectives of a software system have not ...
Designing Sound Security Metrics

This article begins with an introduction to security metrics, describing the need for security metrics, followed by a discussion of the nature of security metrics, including the challenges found with some security metrics used in the past. The article ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ECSAW '14: Proceedings of the 2014 European Conference on Software Architecture Workshops

August 2014

214 pages

ISBN:9781450327787

DOI:10.1145/2642803

General Chair:
Uwe Zdun

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 August 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ECSAW '14

ECSAW '14: European Conference on Software Architecture Workshops

August 25 - 29, 2014

Vienna, Austria

Acceptance Rates

ECSAW '14 Paper Acceptance Rate 29 of 43 submissions, 67%;

Overall Acceptance Rate 80 of 120 submissions, 67%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
350
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Väisänen TNoponen SLatvala OKuusijärvi JPérez JMirandola RChen H(2018)Combining real-time risk visualization and anomaly detectionProceedings of the 12th European Conference on Software Architecture: Companion Proceedings10.1145/3241403.3241460(1-7)Online publication date: 24-Sep-2018
https://dl.acm.org/doi/10.1145/3241403.3241460
Ahmed YNaqvi SJosephs MPérez JMirandola RChen H(2018)Aggregation of security metrics for decision makingProceedings of the 12th European Conference on Software Architecture: Companion Proceedings10.1145/3241403.3241458(1-7)Online publication date: 24-Sep-2018
https://dl.acm.org/doi/10.1145/3241403.3241458
Kanstrén TEvesti A(2015)Security Metrics, Secure Elements, and Operational Measurement Trust in Cloud EnvironmentsProceedings of the 11th International Workshop on Security and Trust Management - Volume 933110.1007/978-3-319-24858-5_3(37-51)Online publication date: 21-Sep-2015
https://dl.acm.org/doi/10.1007/978-3-319-24858-5_3

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents