8.2. Stochastic Modeling
At the highest level of a system’s description is the specification of the system’s functionality. The security policy is normally a part of this specification. This high-level description can be used to perform a qualitative assessment of system properties, such as the security levels obtained by Common Criteria evaluation [4]. Even though a qualitative evaluation can be used to rank a particular security design, its main focus is on the safeguards introduced during the development and design of a system. Moreover, such methods only evaluate static behavior of a system and do not consider dependencies of events or time aspects of failures. As a consequence, the achieved security level cannot be used to predict a system’s ...
Get Information Assurance now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.