|
Towards More Secure Systems: How to Combine Expert Evaluations
Marco Benini and Sabrina Sicari
In: SecureComm 2008, 22-25 Sep 2008, Istanbul, Turkey.
AbstractIn previous works [2, 4] we have introduced a formal risk assessment
method and we have shown its mathematical properties. The
method allows to model a system as a structured set of vulnerabilities,
each one potentially depending on the others: the goal of the
method is to consider the influence of the dependencies and, thus,
to provide a global risk assessment. A crucial point is the use of
order-based metrics to measure the exploitability of a threat: orderbased
metrics reduce the subjective aspects in the risk evaluation
process. This work extends the previous ones by showing how to
combine the risk evaluations performed by different experts whose
degree of expertise may vary. | EPrint Type: | Conference or Workshop Item (Paper) |
|---|
| Project Keyword: | Project Keyword UNSPECIFIED |
|---|
| Subjects: | Theory & Algorithms |
|---|
| ID Code: | 5231 |
|---|
| Deposited By: | Marco Benini |
|---|
| Deposited On: | 24 March 2009 |
|---|
[Edit]
|
