Welcome to the InfoSci Platform
Reference Hub3
Benchmarking Untrustworthiness: An Alternative to Security Measurement

Benchmarking Untrustworthiness: An Alternative to Security Measurement

Afonso Araújo Neto, Marco Vieira
Copyright: © 2010 |Volume: 1 |Issue: 2 |Pages: 23
ISSN: 1947-9050|EISSN: 1947-9069|EISBN13: 9781609604622|DOI: 10.4018/jdtis.2010040102
Cite Article Cite Article

MLA

Neto, Afonso Araújo, and Marco Vieira. "Benchmarking Untrustworthiness: An Alternative to Security Measurement." IJDTIS vol.1, no.2 2010: pp.32-54. http://doi.org/10.4018/jdtis.2010040102

APA

Neto, A. A. & Vieira, M. (2010). Benchmarking Untrustworthiness: An Alternative to Security Measurement. International Journal of Dependable and Trustworthy Information Systems (IJDTIS), 1(2), 32-54. http://doi.org/10.4018/jdtis.2010040102

Chicago

Neto, Afonso Araújo, and Marco Vieira. "Benchmarking Untrustworthiness: An Alternative to Security Measurement," International Journal of Dependable and Trustworthy Information Systems (IJDTIS) 1, no.2: 32-54. http://doi.org/10.4018/jdtis.2010040102

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Benchmarking security is hard and, although there are many proposals of security metrics in the literature, no consensual quantitative security metric has been previously proposed. A key difficulty is that security is usually more influenced by what is unknown about a system than by what is known. In this paper, the authors propose the use of an untrustworthiness metric for benchmarking security. This metric, based on the idea of quantifying and exposing the trustworthiness relationship between a system and its owner, represents a powerful alternative to traditional security metrics. As an example, the authors propose a benchmark for Database Management Systems (DBMS) that can be easily used to assess and compare alternative database configurations based on minimum untrustworthiness, which is a low-cost and high-reward trust-based metric. The practical application of the benchmark in four real large database installations shows that untrustworthiness is a powerful metric for administrators to make informed security decisions by taking into account the specifics needs and characteristics of the environment being managed.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.