{"title":"定义复杂系统的比较安全中的“最薄弱环节”","authors":"W. Pieters","doi":"10.1109/CloudCom.2013.101","DOIUrl":null,"url":null,"abstract":"Cloud architectures are complex socio-technical systems of systems, consisting not only of technological components and their connections, but also of physical premises and employees. When analysing security of such systems and considering countermeasures, the notion of \"weakest link\" often appears. Humans are then typically said to be the \"weakest link\" when it comes to security, but no proof is provided for this statement. One reason for this is the fact that there are no unified metrics of security that would apply to physical, digital and social components of complex systems alike. How does one compare the security of a room against the security of a piece of data, and how does social engineering an employee compare to exploiting a server vulnerability? Are we really comparing apples and oranges here, or would it be possible to present a comparative metric that would apply across the different domains? This paper explores the possibility of such a metric for complex systems, and proposes one in terms of the risk induced by an entity in the system. This also provides a foundation for the notion of \"weakest link\", in terms of the entity (set of entities) with the highest induced risk.","PeriodicalId":198053,"journal":{"name":"2013 IEEE 5th International Conference on Cloud Computing Technology and Science","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Defining \\\"The Weakest Link\\\" Comparative Security in Complex Systems of Systems\",\"authors\":\"W. Pieters\",\"doi\":\"10.1109/CloudCom.2013.101\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cloud architectures are complex socio-technical systems of systems, consisting not only of technological components and their connections, but also of physical premises and employees. When analysing security of such systems and considering countermeasures, the notion of \\\"weakest link\\\" often appears. Humans are then typically said to be the \\\"weakest link\\\" when it comes to security, but no proof is provided for this statement. One reason for this is the fact that there are no unified metrics of security that would apply to physical, digital and social components of complex systems alike. How does one compare the security of a room against the security of a piece of data, and how does social engineering an employee compare to exploiting a server vulnerability? Are we really comparing apples and oranges here, or would it be possible to present a comparative metric that would apply across the different domains? This paper explores the possibility of such a metric for complex systems, and proposes one in terms of the risk induced by an entity in the system. This also provides a foundation for the notion of \\\"weakest link\\\", in terms of the entity (set of entities) with the highest induced risk.\",\"PeriodicalId\":198053,\"journal\":{\"name\":\"2013 IEEE 5th International Conference on Cloud Computing Technology and Science\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 IEEE 5th International Conference on Cloud Computing Technology and Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CloudCom.2013.101\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE 5th International Conference on Cloud Computing Technology and Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CloudCom.2013.101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Defining "The Weakest Link" Comparative Security in Complex Systems of Systems
Cloud architectures are complex socio-technical systems of systems, consisting not only of technological components and their connections, but also of physical premises and employees. When analysing security of such systems and considering countermeasures, the notion of "weakest link" often appears. Humans are then typically said to be the "weakest link" when it comes to security, but no proof is provided for this statement. One reason for this is the fact that there are no unified metrics of security that would apply to physical, digital and social components of complex systems alike. How does one compare the security of a room against the security of a piece of data, and how does social engineering an employee compare to exploiting a server vulnerability? Are we really comparing apples and oranges here, or would it be possible to present a comparative metric that would apply across the different domains? This paper explores the possibility of such a metric for complex systems, and proposes one in terms of the risk induced by an entity in the system. This also provides a foundation for the notion of "weakest link", in terms of the entity (set of entities) with the highest induced risk.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
