Issue No. 03 - May/June (2011 vol. 9)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2011.56
Sal Stolfo , Columbia University
Steven M. Bellovin , Columbia University
David Evans , University of Virginia
To become a legitimate science, computer security requires metrics. However, metrics are the one thing most lacking in our current understanding of computer security. Computer security metrics can be based on computational complexity or on economic or biological metaphors, or they can be empirical. Any successful metric must address multiple layers of security.
computer security, cybersecurity metrics, defense in depth, intrusion detection systems, adversary models
S. Stolfo, D. Evans and S. M. Bellovin, "Measuring Security," in IEEE Security & Privacy, vol. 9, no. , pp. 60-65, 2011.