Título
How to Quantify the Security Level of Embedded Systems? A Taxonomy of Security MetricsAutor-a
Otras instituciones
IkerlanVersión
Postprint
Derechos
© 2020 IEEEAcceso
Acceso abiertoVersión del editor
https://doi.org/10.1109/INDIN45582.2020.9442219Publicado en
IEEE International Conference on Industrial Informatics (INDIN). Vol. 2020-July. N. artículo. 9442219. Pp. 153-158, 2020Editor
IEEEPalabras clave
Measurement
Embedded Systems
Conferences
Taxonomy ... [+]
Embedded Systems
Conferences
Taxonomy ... [+]
Measurement
Embedded Systems
Conferences
Taxonomy
Software
Hardware
security [-]
Embedded Systems
Conferences
Taxonomy
Software
Hardware
security [-]
Resumen
Embedded Systems (ES) development has been historically focused on functionality rather than security, and today it still applies in many sectors and applications. However, there is an increasing numb ... [+]
Embedded Systems (ES) development has been historically focused on functionality rather than security, and today it still applies in many sectors and applications. However, there is an increasing number of security threats over ES, and a successful attack could have economical, physical or even human consequences, since many of them are used to control critical applications. A standardized and general accepted security testing framework is needed to provide guidance, common reporting forms and the possibility to compare the results along the time. This can be achieved by introducing security metrics into the evaluation or assessment process. If carefully designed and chosen, metrics could provide a quantitative, repeatable and reproducible value that would reflect the level of security protection of the ES. This paper analyzes the features that a good security metric should exhibit, introduces a taxonomy for classifying them, and finally, it carries out a literature survey on security metrics for the security evaluation of ES. In this review, more than 500 metrics were collected and analyzed. Then, they were reduced to 169 metrics that have the potential to be applied to ES security evaluation. As expected, the 77.5% of them is related exclusively to software, and only the 0.6% of them addresses exclusively hardware security. This work aims to lay the foundations for constructing a security evaluation methodology that uses metrics so as to quantify the security level of an ES. [-]
Colecciones
- Congresos - Ingeniería [377]