Article thumbnail

Security metrology and the monty hall problem

By Bennet S. Yee

Abstract

Evaluating computing systems and classifying them by the security properties they provide is not new [13, 14]. Other researchers [8, 9] have pointed out the difficulty of evaluating security and the apparent binary nature of security given discoveries of system vulnerability. Here, I compare the role of security evaluations with that of cryptographic security parameters, and relate the difficulty of arriving at security metrics with the Monty Hall Problem. Additionally, I argue that trying to represent the security of a system by either a single numeric value or constructing some digraph using which systems are compared is a Quixotic affair: security needs are application dependent, and no single total or partial ordering can provide all the information needed. I give example scenarios that demonstrate the need for multi-faceted security rating systems.

Year: 2001
OAI identifier: oai:CiteSeerX.psu:10.1.1.177.5745
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.bennetyee.org/ucsd-... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.