Deployment of a Security Assurance Monitoring Framework for Telecommunication Service Infrastructures on a VoIP Service

2008 New Technologies, Mobility and Security Pub Date : 2008-11-25 DOI:10.1109/NTMS.2008.ECP.38

Moussa Ouedraogo, D. Khadraoui, Benoît De Rémont, E. Dubois, H. Mouratidis

{"title":"Deployment of a Security Assurance Monitoring Framework for Telecommunication Service Infrastructures on a VoIP Service","authors":"Moussa Ouedraogo, D. Khadraoui, Benoît De Rémont, E. Dubois, H. Mouratidis","doi":"10.1109/NTMS.2008.ECP.38","DOIUrl":null,"url":null,"abstract":"In today's world, where most of the critical infrastructures are based on distributed systems, security failures have become very common, even within large corporations. A system with security loopholes can be damaging for companies, both in terms of reputation and finances, while customers are reluctant to use such systems. In that respect, providing stakeholders with quantifiable evidences that the countermeasures deployed on the system are operating adequately is an important step towards better control of security failures for network administrators on one hand, and an increase in end users' trust in using these systems on the other. It is in that perspective that BUGYO, a methodology to assess the security of telecommunication networks and services in terms of assurance levels, was proposed to address the shortcomings of existing security assurance and risks management methodologies in measuring, documenting and maintaining security assurance of telecommunication services. In this paper, we provide an overview of the BUGYO methodology and we demonstrate its applicability (mainly with respect to the specification of assurance metrics) on a VoIP service infrastructure based on open source components.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 New Technologies, Mobility and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NTMS.2008.ECP.38","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 17

Abstract

In today's world, where most of the critical infrastructures are based on distributed systems, security failures have become very common, even within large corporations. A system with security loopholes can be damaging for companies, both in terms of reputation and finances, while customers are reluctant to use such systems. In that respect, providing stakeholders with quantifiable evidences that the countermeasures deployed on the system are operating adequately is an important step towards better control of security failures for network administrators on one hand, and an increase in end users' trust in using these systems on the other. It is in that perspective that BUGYO, a methodology to assess the security of telecommunication networks and services in terms of assurance levels, was proposed to address the shortcomings of existing security assurance and risks management methodologies in measuring, documenting and maintaining security assurance of telecommunication services. In this paper, we provide an overview of the BUGYO methodology and we demonstrate its applicability (mainly with respect to the specification of assurance metrics) on a VoIP service infrastructure based on open source components.

查看原文本刊更多论文

在VoIP业务上部署电信业务基础设施安全保障监控框架

在当今世界，大多数关键基础设施都基于分布式系统，安全故障已经变得非常普遍，甚至在大型公司中也是如此。一个存在安全漏洞的系统可能会对公司的声誉和财务造成损害，而客户则不愿使用这样的系统。在这方面，为利益相关者提供可量化的证据，证明部署在系统上的对策正在充分运行，一方面是朝着更好地控制网络管理员的安全故障迈出的重要一步，另一方面是增加最终用户对使用这些系统的信任。正是从这一角度提出了BUGYO这一评估电信网络和服务安全保障水平的方法，以解决现有安全保障和风险管理方法在衡量、记录和维持电信服务安全保障方面的缺点。在本文中，我们概述了BUGYO方法，并演示了其在基于开源组件的VoIP服务基础设施上的适用性(主要是关于保证度量规范)。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 New Technologies, Mobility and Security

自引率

0.00%

发文量