This paper discusses how information about the architecture and the vulnerabilities affecting a distributed system can be used to quantitatively assess the risk to which the system is exposed. Our approach to risk evaluation can be used to assess how much one should believe in system trustworthiness and to compare different solutions, providing a tool for deciding if the additional cost of a more secure component is worth to be afforded.
Assessing the risk of using vulnerable components / Dieter Balzarotti, Matteo Monga, Sabrina Sicari - In: Quality of protection : security measurements and metrics / [a cura di] Dieter Gollmann, Fabio Massacci, Artsiom Yautsiukhin. - New York : Springer, 2006. - ISBN 0387290168. - pp. 65-78 (( Intervento presentato al 1. convegno Quality of protection workshop tenutosi a Milano, Italy nel 2005.
Assessing the risk of using vulnerable components
M. Monga;
2006
Abstract
This paper discusses how information about the architecture and the vulnerabilities affecting a distributed system can be used to quantitatively assess the risk to which the system is exposed. Our approach to risk evaluation can be used to assess how much one should believe in system trustworthiness and to compare different solutions, providing a tool for deciding if the additional cost of a more secure component is worth to be afforded.
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
