Abstract
Operational security assurance evaluation requires building security metrics models to express the expected security status of the system, and collecting data from the operational system to express the current state against these models. Many factors impact the confidence we can have in these metrics and their reported status. One major factor is the trust we can put in the provided measurement data. This paper describes the properties of a trusted measurement base, use of secure element functions and different probe form factors, and their impact on defining confidence levels for the measurement data. A way of quantifying this confidence level and using it as part of security metrics models is defined. Cloud computing is used as a domain to illustrate these concepts and the process of their application. The cloud environment is especially challenging for this type of assurance due to mixed ownership and potentially limited visibility into the infrastructure.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amazon, AWS CloudHSM. http://aws.amazon.com/cloudhsm/. Accessed May 2015
Berger, S., Cáceres, R., Goldman, K., Perez, R., Sailer, R., van Doorn, L.: vTPM: virtualizing the trusted platform module. In: Proceedings of the 15th USENIX Security Symposium (2006)
Berger, S., et al.: Scalable attestation: a step toward secure and trusted clouds. In: IEEE International Conference on Cloud Engineering (2015)
Chen, C., Raj, H., Saroiu, S., Wolman, A.: cTPM: a cloud TPM for cross-device trusted applications. In: Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation (NSDI) (2014)
Haddad, S., Hecker, A., Marquet, B., Dubus, S., Kanstrén, T., Savola, R.: Operational security assurance evaluation in open infrastructures. In: 6th IEEE International Conference on Risk and Security of Internet and Systems (CRISIS), Timisoara, Romania, 26–28 September 2011
ISO/IEC Guide 99:2007, International vocabulary of metrology e basic and general concepts and associated terms (VIM), International Organization for Standardization and the International Electrotechnical Commission (2007)
Kanstrén, T., Lehtonen, S., Savola, R., Kukkohovi, H., Hatonen, K.: Architecture for high confidence cloud security monitoring. In: Proceedings of IEEE International Conference on Cloud Engineering (IC2E) (2015)
Kanstrén, T., Lehtonen, S., Kukkohovi, H.: Opportunities in using a secure element to increase confidence in cloud security monitoring. In: Proceedings of the 8th IEEE International Conference on Cloud Computing (CLOUD) (2015)
Latvala, O-M., et al.: A tool for security metrics modeling and visualization. In: Proceedings of the European Conference on Software Architecture Workshops (2014)
Ouedraogo, M., et al.: Appraisal and reporting of security assurance at operational systems level. J. Syst. Softw. 8(1), 193–208 (2012)
Ouedraogo, M., et al.: Taxonomy of quality metrics for assessing assurance of security correctness. Softw. Qual. J. 21, 67–97 (2013)
Savola, R.: A security taxonomization model for software-intensive systems. J. Inf. Process. Syst. 5(4), 197–206 (2009)
Savola, R.: Quality of security metrics and measurements. Comput. Secur. 37, 78–90 (2013)
Schryen, G., Volkamer, M., Ries, S., Habib, S.-M.: A formal approach towards measuring trust in distributed systems. In: Proceedings of the ACM Symposium on Applied Computing, (SAC) (2011)
Tomlinson, A.: Introduction to the TPM. In: Smart Cards, Tokens, Security and Applications, pp. 155–172. Springer, Heidelberg (2008)
Trusted Computing Group, TPM Main Specification Version 1.2 Level 2, Revision 116 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Kanstrén, T., Evesti, A. (2015). Security Metrics, Secure Elements, and Operational Measurement Trust in Cloud Environments. In: Foresti, S. (eds) Security and Trust Management. STM 2015. Lecture Notes in Computer Science(), vol 9331. Springer, Cham. https://doi.org/10.1007/978-3-319-24858-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-24858-5_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24857-8
Online ISBN: 978-3-319-24858-5
eBook Packages: Computer ScienceComputer Science (R0)