A generic security evaluation method for open distributed systems

Sammanfattning: Security is an important attribute of any informationsystem. Whether your business is small or large you have to beable to set the desired security levels for your system. Anon-decided or non-fulfilled security level target can easilyend up in unplanned costs. With a target set for the securitylevel it is possible to control how much to invest in securityand to forecast the costs for security incidents. The systemowners have a job in deciding and implementing the degree ofsecurity needed. Before they can make any decisions, they needto be provided with the best available facts about risks,costs, etc., to base their decisions on. That can be achievedby performing a security evaluation with risk analysis. As theuse of global networking grows and information systems changecharacteristics, become open, distributed, mobile and integratecommunication, computing, and media technology, there is a needfor security evaluation methods that can handle the newenvironment with new actors, new rules, shorter systemdevelopment and life times, and also new ways of using thesystems. Current risk analysis methods are inadequate becausethey are not focusing the emergent character of an opendistributed system environment where the system is also often,at least partly, in a virtual stage, and methods are criticizedfor being not precise, not updated, complicated, resourceintensive, harmful, misleading, tedious, subjective,inconsistent, etc. We will in this thesis propose a genericmethod for performing security evaluations in open distributedsystems. Although generic, it will also be possible to use themethod for various specific environments. The method may beapplied to real as well as to virtual systems, i.e. systemsthat are premature or in an early development stage. It willconsider security issues in open distributed systems, andevaluates what can happen when all components start to interactand when all sorts of users exploit the system. The explosivegrowth in global networking provides an attractive environmentfor criminals to operate in. This aspect is also considered.The method copes practically with security by adopting asystemic-holistic approach. It handles the multidimensionalattribute of open distributed environments where also limitedcontrol and vague and numerically imprecise information is afact to live with. The method acknowledges the emergence ofsystems and environments by introducing a repetitiveness withan adjusting capability both for the system as well as for themethod itself. The forecasts balance a subjective and objectiveview by introducing the concept of X-ify. X-ifying is the wayof mating together the best available experiencewith dataappropriate for the target system. The customizing data can bean assessment of asset attractiveness, actor capabilities,system and media vulnerabilities, and business values. In thisway it is possible to compensate for errors and disbelief inestimates, non-existing or outdated experience numbers.Qualitative measures are used to fill in the blanks whenquantitative measures are lacking, or opposite quantitativeevidence can assist building trust and robustness intoqualitative results.