Using the trees to find the forest trustworthy computing as a systems-level issue

First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings. Pub Date : 2003-03-24 DOI:10.1109/IWIAS.2003.1192463

J. James, F. Mabry

{"title":"Using the trees to find the forest trustworthy computing as a systems-level issue","authors":"J. James, F. Mabry","doi":"10.1109/IWIAS.2003.1192463","DOIUrl":null,"url":null,"abstract":"There is a need to provide information system managers with better tools to estimate the trustworthiness of an information system. We believe it is necessary to consider trustworthiness of an enterprise information system as being more than an estimate of the reliability of the individual components. Some approach for analyzing component-level attacks to evaluate the impact on enterprise-level goals is needed as well as some approach for analyzing a series of information system attacks as part of a possible attack plan against the enterprise. Lower-level sensing of malicious activities and reaction to these activities is necessary to maintain reliability of individual information system components. However, toomuch of the current research effort is directed at component-level activity detection and reaction and too little of the current effort is directed at enterprise-level detection and reaction. We provide some thoughts on what is needed to be able to accumulate estimates of reliabilities of information system components into estimates of trustworthiness of information systems.","PeriodicalId":186507,"journal":{"name":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","volume":"134 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2003-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWIAS.2003.1192463","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

There is a need to provide information system managers with better tools to estimate the trustworthiness of an information system. We believe it is necessary to consider trustworthiness of an enterprise information system as being more than an estimate of the reliability of the individual components. Some approach for analyzing component-level attacks to evaluate the impact on enterprise-level goals is needed as well as some approach for analyzing a series of information system attacks as part of a possible attack plan against the enterprise. Lower-level sensing of malicious activities and reaction to these activities is necessary to maintain reliability of individual information system components. However, toomuch of the current research effort is directed at component-level activity detection and reaction and too little of the current effort is directed at enterprise-level detection and reaction. We provide some thoughts on what is needed to be able to accumulate estimates of reliabilities of information system components into estimates of trustworthiness of information systems.

查看原文本刊更多论文

使用树来找到森林可信计算作为一个系统级问题

有必要为信息系统管理人员提供更好的工具来估计信息系统的可信度。我们认为有必要考虑企业信息系统的可信度，而不仅仅是对单个组件可靠性的估计。需要一些分析组件级攻击以评估对企业级目标的影响的方法，以及一些分析一系列信息系统攻击的方法，这些攻击是针对企业的可能攻击计划的一部分。对恶意活动的低级感知和对这些活动的反应对于维护单个信息系统组件的可靠性是必要的。然而，目前太多的研究工作是针对组件级的活动检测和反应，而针对企业级的检测和反应的研究工作太少。我们就如何将信息系统组件的可靠性估计累积为信息系统的可信度估计提供了一些想法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

First IEEE International Workshop on Information Assurance, 2003. IWIAS 2003. Proceedings.

自引率

0.00%

发文量