№1, 2013

METHODS FOR ASSESSING THE SECURITY OF COMPUTER SYSTEMS

Ramiz H.Shikhaliyev, Tural E.Yunusov

The article analyzed some of the standards and methods of security assessment of computer systems, such as the common criteria, the index of systemic vulnerability, modeling of multi-stage attacks, intrusion detection, and identified some problems. (pp. 74-80)

Keywords: computer systems, security assessment, security metrics, methods of security assessment
References
  • Olsen F. Input: IT security spending to catch its breath. http://www.fcw.com/article89546-07-13-05.
  • Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Information, Part 2: Security Functional Requirements, Part 3: Security Assurance Requirements, Version 3.1 Revision 1, September 2006.
  • Foss A.J., Barbosa S., Assessing Computer Security Vulnerability // Operating Systems Review, July 1995, vol. 29, no. 3, pp. 3–13.
  • Clark K., Tyree S., Dawkins J., Hale J. Qualitative and Quantitative Analytical Techniques for Network Security Assessment / Proceedings of the 2004 IEEE Workshop on Information Assurance and Security, June 10-11, 2004, United States Military Academy, West Point, NY, pp. 321–328.
  • Howard M., Pincus J. Wing J. Measuring Relative Attack Surfaces // Computer Security in the 21st Century, D.T. Lee, S.P. Shieh, and J.D. Tygar, editors, Springer, March 2005, 109–137.
  • Hallberg J., Hunstad A., Peterson A. Framework for System Security Assessment / Proceedings of the 2005 IEEE Workshop on Information Assurance, June, 2005, West Point, New York, USA, pp. 224–231.
  • Hallberg J., Hunstad A., Bond A., Peterson M., Pålsson N. System IT Security Assessment, Scientific Report, Swedish Research Agency, Linköping, FOI-R–1468–E, 2004.
  • Gacic D. FSA – Framework for Security Assessment of Distributed Information Systems. Master’s thesis, Royal Institute of Technology, Stockholm, Sweden, 2006.
  • Schudel G., Wood B. Adversary Work Factor as a Metric for Information Assurance / Proceedings of the New Security Paradigm Workshop, September 18-22, 2000, Ireland, 23–30.
  • Swanson M., Bartol N., Sabato J. and Hash J. Security metrics guide for information technology systems. Technical Report NIST Special Publication 800-55, NIST, July 2003.
  • Manadhata P., WingJ. An Attack Surface Metric, Carnegie Mellon University, CMU-CS-05-155, 2005.
  • Chew E, Swanson M., Stine K., Bartol N., Brown A. and Robinson W. Performance Measurement Guide for Information Security. NIST Special Publication 800-55 Revision 1, July 2008.
  • Vaughn R., Henning R., Siraj A. Information Assurance Measures and Metrics – State of Practice and Proposed Taxonomy / Proceedings of the 36th Hawaii International Conference on System Sciences, January 6-9, 2003, Big Island, HI, USA.
  • http://www.commoncriteriaportal.org/cc/
  • Howard M., Fending Off Future Attacks by Reducing Attack Surface, 2003.
  • Jaquith A. Metrics are nifty / Proceedings of the MetriCon 1.0 Workshop in conjunction with the USENIX Association’s Security Symposium, August 1, 2006, Vancouver, British Columbia, Canada. www.securitymetrics.org/content/attach/Metricon1.0/metricon-1.0-presentations.zip