Development of Measurable Security for a Distributed Messaging System
Systematically developed security metrics make it possible to gather sufficient and credible security evidence for run-time adaptive security management and off-line security engineering and management. This paper introduces and analyzes security metrics and parameter dependencies for one particular distributed messaging system. The focus is on the effectiveness and correctness of security-enforcing mechanisms. The security metrics development approach that the study utilizes is risk-driven, requirement-centric, and integrated with the development of Quality-of-Service metrics. In this approach, the security requirements are expressed in terms of lower-level measurable components by applying a decomposition approach.