A Quantitative security metric model for security controls secure virtual machine migration protocol as target assissment
Quantitative security metrics are desirable for measuring the performance of information security controls. Security metrics help to make functional and business decisions for improving the performance and cost of the security controls. However, defining enterprise-level security metrics has already been listed as one of the hard problems in the InfoSec Research Councilâ??s hard problems list. $OPRVWDOOWKHHIIRUWVLQGHÂ¿QLQJDEVROXWHVHcurity metrics for the enterprise security have not been proved fruitful. At the same time, with the maturity of the security industry, there has been a continuous emphasis from the regulatory bodies on establishing measurable security metrics. This paper addresses this need and proposes a relative security metric model that derives three quantitative security metrics named Attack Resiliency Measure (ARM), Performance Improvement Factor (PIF), and Cost/Benefit Measure (CBM) for measuring the performance of the security controls. For the effectiveness evaluation of the proposed security metrics, we took the secure virtual machine (VM) migration protocol as the target of assessment. The virtual-ization technologies are rapidly changing the landscape of the computing world. Devising security metrics for virtualized environment is even more challenging. As secure virtual machine migration is an evolving area and no VWDQGDUGSURWRFROLVDYDLODEOHVSHFLÂ¿FDOO\ IRU secure VM migration. This paper took the secure virtual machine migration protocol as the target of assessment and applied the proposed relative security metric model for measuring the Attack Resiliency Measure, Performance Improvement Factor, and Cost/Benefit Measure of the secure VM migration protocol.
: attack resiliency measure; cost-benefit measure; performance improvement factor; security assessment; formal verification, security controls; security metrics; virtual machine migration protocol