CAESAR: A proposed method for evaluating security in component-based distributed information systems
Independent thesis Basic level (professional degree)Student thesis
Background: The network-centric defense requires a method for securing vast dynamic distributed information systems. Currently, there are no efficient methods for establishing the level of IT security in vast dynamic distributed information systems.
Purpose: The target of this thesis was to design a method, capable of determining the level of IT security of vast dynamic component-based distributed information systems.
Method: The work was carried out by first defining concepts of IT security and distributed information systems and by reviewing basic measurement and modeling theory. Thereafter, previous evaluation methods aimed at determining the level of IT security of distributed information systems were reviewed. Last, by using the theoretic foundation and the ideas from reviewed efforts, a new evaluation method, aimed at determining the level of IT security of vast dynamic component-based distributed information systems, was developed.
Results: This thesis outlines a new method, CAESAR, capable of predicting the security level in parts of, or an entire, component-based distributed information system. The CAESAR method consists of a modeling technique and an evaluation algorithm. In addition, a Microsoft Windows compliant software, ROME, which allows the user to easily model and evaluate distributed systems using the CAESAR method, is made available.
Place, publisher, year, edition, pages
Institutionen för systemteknik , 2004.
Informationsteknik, computer security, distributed systems, modeling, security evaluation
Computer and Information Science
IdentifiersURN: urn:nbn:se:liu:diva-2470OAI: oai:DiVA.org:liu-2470DiVA: diva2:19802