PASCAL - Pattern Analysis, Statistical Modelling and Computational Learning

Towards More Secure Systems: How to Combine Expert Evaluations
Marco Benini and Sabrina Sicari
In: SecureComm 2008, 22-25 Sep 2008, Istanbul, Turkey.

Abstract

In previous works [2, 4] we have introduced a formal risk assessment method and we have shown its mathematical properties. The method allows to model a system as a structured set of vulnerabilities, each one potentially depending on the others: the goal of the method is to consider the influence of the dependencies and, thus, to provide a global risk assessment. A crucial point is the use of order-based metrics to measure the exploitability of a threat: orderbased metrics reduce the subjective aspects in the risk evaluation process. This work extends the previous ones by showing how to combine the risk evaluations performed by different experts whose degree of expertise may vary.

EPrint Type:Conference or Workshop Item (Paper)
Project Keyword:Project Keyword UNSPECIFIED
Subjects:Theory & Algorithms
ID Code:5231
Deposited By:Marco Benini
Deposited On:24 March 2009