A New Approach to Evaluating Security Assurance
Résumé
This paper first analyzes the current gap in the literature in security assurance. It then proposes new metrics for the appraisal of security assurance at runtime. Our metrics are based on key concepts pertinent to gaining confidence on a security mechanism to meet its functions. Such parameters include: security correctness; security effectiveness and the quality of the security verification process. Validation of our approach has been achieved through tool implementation, application to case study and the opinion of IT security professionals on its usefulness.