
doi: 10.1007/bfb0023302
This paper is based on a conceptual framework in which security can be split into two generic types of characteristics, behavioural and preventive. We show that, among the traditional security aspects, availability and confidentiality should be used to denote be havioural security. The third aspect, integrity, is interpreted in terms of fault prevention and is regarded as a preventive characteristic. A practical measure for behavioural characteristics, including reliability and safety, is defined. We show how the measure could be derived using traditional reliability methods, such as Markov modelling. The measure is meant for practical trade-offs within a class of computer systems. It quantifies system performance on user-specified service levels, which may be operational or failed. Certain levels may be related to confidentiality degradations or confidentiality failures. A simple example based on a Reference Monitor is given. Failures resulting from security breaches are normally not exponentially distributed. The calculation method must therefore be extended to handle situations with non-exponential failure rates. This is done by means of phase-type modelling, illustrated by introducing malicious software, such as a Trojan Horse, into the Reference Monitor.
| selected citations These citations are derived from selected sources. This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically). | 3 | |
| popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network. | Average | |
| influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically). | Top 10% | |
| impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network. | Average |
