Article thumbnail

Security metrology and the monty hall problem

By Bennet S. Yee


Evaluating computing systems and classifying them by the security properties they provide is not new [13, 14]. Other researchers [8, 9] have pointed out the difficulty of evaluating security and the apparent binary nature of security given discoveries of system vulnerability. Here, I compare the role of security evaluations with that of cryptographic security parameters, and relate the difficulty of arriving at security metrics with the Monty Hall Problem. Additionally, I argue that trying to represent the security of a system by either a single numeric value or constructing some digraph using which systems are compared is a Quixotic affair: security needs are application dependent, and no single total or partial ordering can provide all the information needed. I give example scenarios that demonstrate the need for multi-faceted security rating systems.

Year: 2001
OAI identifier: oai:CiteSeerX.psu:
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)
  • (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.