ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Framework for malware resistance metrics
Full text PdfPdf (170 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 2nd ACM workshop on Quality of protection table of contents
Alexandria, Virginia, USA
SESSION: Network security metrics table of contents
Pages: 39 - 44  
Year of Publication: 2006
ISBN:1-59593-553-3
Author
Hanno Langweg  Gjøvik University College, Gjøvik, Norway
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 10,   Downloads (12 Months): 96,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1179494.1179503
What is a DOI?

ABSTRACT

We survey existing security metrics in software architecture and software engineering. Metrics are adapted to indicate resistance of an application against local malicious software (malware) attacks. A repository of generic attacks is presented as well as the concept of resistance classes for software products.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
C. Attanasio, P. Markstein, and R. Phillips. Penetrating an operating system: a study of VM/370 integrity. IBM Systems Journal, 15(1):102--116, 1976.
2
Michael Backes , Matthias Schunter, From absence of certain vulnerabilities towards security proofs: pushing the limits of formal verification, Proceedings of the 2003 workshop on New security paradigms, August 18-21, 2003, Ascona, Switzerland  [doi>10.1145/986655.986666]
 
3
Bundesnetzagentur. Einheitliche Spezifizierung der Einsatzbedingungen für Signaturanwendungskomponenten. Arbeitsgrundlage für Entwickler/Hersteller und Prüf-/Bestätigungsstellen, Version 1.4, 2005-07-19. http://www.bundesnetzagentur.de/media/archive/2648.pdf, 2005.
 
4
ISO 15408-2:1999, Evaluation criteria for IT security - part 2: Security functional requirements, 1999.
 
5
Common Criteria for information technology security evaluation, version 3.0, revision 2, july 2005. part 2: Functional security components, 2005.
 
6
ISO 18045:2004, Methodology for IT security evaluation {Common Evaluation Methodology, version 2.2, "CEM"}, 2004.
 
7
Common Methodology for information technology security evaluation, version 3.0, revision 2, july 2005, 2005.
 
8
Donald Paul Clements, Fuzzy ratings for computer security evaluation., 1977
 
9
F. Cohen. Computer Viruses. Phd thesis, University of Southern California, 1985.
 
10
CORAS methodology. {modified 2004-10-17, down-loaded 2005-05-23}, 2004.
 
11
CTCPEC: The Canadian Trusted Computer Product Evaluation Criteria. Version 3.0e. Canadian System Security Centre, 1993.
 
12
M. Dacier. Vers une évaluation quantitative de la sécurité informatique. Phd thesis, Institut National Polytechnique de Toulouse, 1994.
 
13
D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2):198--208, 1983.
 
14
M. Howard, J. Pincus, and J. Wing. Measuring relative attack surfaces. In Proceedings of Workshop on Advanced Developments in Software and Systems Security, Taipei, December 2003, 2003.
 
15
A. Hunstad, J. Hallberg, and R. Andersson. Measuring IT security - a method based on common criteria's security functional requirements. In Proceedings of the 2004 IEEE Workshop on Information Assurance, pages 226--233. IEEE Computer Society, 2004.
 
16
Information Technology Security Evaluation Criteria (ITSEC). Version 1.2, 28.06.1991. Commission of the European Communities, 1991.
 
17
Information Technology Security Evaluation Manual (ITSEM). Version 1.0, 10.09.1993. Commission of the European Communities, 1993.
18
Carl E. Landwehr , Alan R. Bull , John P. McDermott , William S. Choi, A taxonomy of computer program security flaws, ACM Computing Surveys (CSUR), v.26 n.3, p.211-254, Sept. 1994  [doi>10.1145/185403.185412]
 
19
H. Langweg. Malware attacks on electronic signatures revisited. In J. Dittmann, editor, 'Sicherheit 2006'. Konferenzband der 3. Jahrestagung Fachbereich Sicherheit der Gesellschaft für Informatik., pages 244--255. Gesellschaft für Informatik, 2006.
 
20
F. Leitold. Mathematical model of computer viruses. In U. Gattiker, editor, EICAR 2000 Best Paper Proceedings, Annual Meeting of European Institute for Computer Antivirus Research, Brussels, Belgium, March 4-7, 2000, pages 194--217, 2000.
 
21
Alfred J. Menezes , Scott A. Vanstone , Paul C. Van Oorschot, Handbook of Applied Cryptography, CRC Press, Inc., Boca Raton, FL, 1996
 
22
P. Myers. Subversion: The Neglected Aspect of Computer Security. Msc thesis, Naval Postgraduate School, 1980.
 
23
P. Neumann. Architectures and formal representations for secure systems. final report sri project 6401 deliverable a002. Technical report, SRI International, 1996.
 
24
Security Metrics Guide for Information Technology Systems. NIST Special Publication 800-55, 2003.
 
25
Steven Noel , Sushil Jajodia , Brian O'Berry , Michael Jacobs, Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs, Proceedings of the 19th Annual Computer Security Applications Conference, p.86, December 08-12, 2003
 
26
J. Saltzer and M. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278--1308, 1975.
27
Gregg Schudel , Bradley Wood, Adversary work factor as a metric for information assurance, Proceedings of the 2000 workshop on New security paradigms, p.23-30, September 18-21, 2000, Ballycotton, County Cork, Ireland  [doi>10.1145/366173.366185]
 
28
Oleg Sheyner , Joshua Haines , Somesh Jha , Richard Lippmann , Jeannette M. Wing, Automated Generation and Analysis of Attack Graphs, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.273, May 12-15, 2002
 
29
Systems Security Engineering Capability Maturity Model (SSE-CMM), Version 3.0. SSE-CMM Project, 2003.
 
30
TCSEC: DoD 5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria. Department of Defense, 1985.
 
31
Charles Cresson Wood , William W. Banks , Sergio B. Guarro , Abel A. Garcia , Viktor E. Hampel , Henry P. Sartorio, Computer security: a comprehensive controls checklist, Wiley-Interscience, New York, NY, 1987
 
32
ISO 13568:2000, Formal specification - Z notation - syntax, type and semantics, 2000.

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.8 Metrics

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Invasive software (e.g., viruses, worms, Trojan horses)


General Terms:
Design, Measurement, Security


Keywords:
malware, resistance, software architecture

Collaborative Colleagues:
Hanno Langweg: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player