Search Results

Documents authored by Pieters, Wolter


Document
Socio-Technical Security Metrics (Dagstuhl Seminar 14491)

Authors: Dieter Gollmann, Cormac Herley, Vincent Koenig, Wolter Pieters, and Martina Angela Sasse

Published in: Dagstuhl Reports, Volume 4, Issue 12 (2015)


Abstract
This report documents the program and the outcomes of Dagstuhl Seminar 14491 "Socio-Technical Security Metrics". In the domain of safety, metrics inform many decisions, from the height of new dikes to the design of nuclear plants. We can state, for example, that the dikes should be high enough to guarantee that a particular area will flood at most once every 1000 years. Even when considering the limitations of such numbers, they are useful in guiding policy. Metrics for the security of information systems have not reached the same maturity level. This is partly due to the nature of security risk, in which an adaptive attacker rather than nature causes the threat events. Moreover, whereas the human factor may complicate safety and security procedures alike, in security this "weakest link" may be actively exploited by an attacker, such as in phishing or social engineering. In order to measure security at the level of socio-technical systems, one therefore needs to compare online hacking against such social manipulations, since the attacker may simply take the easiest path. In this seminar, we searched for suitable metrics that allow us to estimate information security risk in a socio-technical context, as well as the costs and effectiveness of countermeasures. Working groups addressed different topics, including security as a science, testing and evaluation, social dynamics, models and economics. The working groups focused on three main questions: what are we interested in, how to measure it, and what to do with the metrics.

Cite as

Dieter Gollmann, Cormac Herley, Vincent Koenig, Wolter Pieters, and Martina Angela Sasse. Socio-Technical Security Metrics (Dagstuhl Seminar 14491). In Dagstuhl Reports, Volume 4, Issue 12, pp. 1-28, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2015)


Copy BibTex To Clipboard

@Article{gollmann_et_al:DagRep.4.12.1,
  author =	{Gollmann, Dieter and Herley, Cormac and Koenig, Vincent and Pieters, Wolter and Sasse, Martina Angela},
  title =	{{Socio-Technical Security Metrics (Dagstuhl Seminar 14491)}},
  pages =	{1--28},
  journal =	{Dagstuhl Reports},
  ISSN =	{2192-5283},
  year =	{2015},
  volume =	{4},
  number =	{12},
  editor =	{Gollmann, Dieter and Herley, Cormac and Koenig, Vincent and Pieters, Wolter and Sasse, Martina Angela},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagRep.4.12.1},
  URN =		{urn:nbn:de:0030-drops-49744},
  doi =		{10.4230/DagRep.4.12.1},
  annote =	{Keywords: Security risk management, security metrics, socio-technical security, social engineering, multi-step attacks, return on security investment}
}
Document
Secure Architectures in the Cloud (Dagstuhl Seminar 11492)

Authors: Sabrina De Capitani di Vimercati, Wolter Pieters, and Christian W. Probst

Published in: Dagstuhl Reports, Volume 1, Issue 12 (2012)


Abstract
This report documents the outcomes of Dagstuhl Seminar 11492 ``Secure Architectures in the Cloud''. In cloud computing, data storage and processing are offered as services, and data are managed by external providers that reside outside the control of the data owner. The use of such services reduces the burden of the owners in managing their data, and may provide significant cost savings. However, cloud computing introduces new security and privacy concerns. In fact, there is little consensus on how to guarantee the confidentiality, integrity, and availability of data in cloud computing scenarios. Also, it is unclear to what extent parties can be held accountable in case something goes wrong. In this seminar, we searched for architectures, modelling approaches, and mechanisms that can help in providing guarantees for cloud security. We proposed the concept of verification-as-a-service that can guide architectures for verification of cloud architectures and configurations, as well as results of computations. We also proposed architectures for organising customisability of security and privacy for cloud customers.

Cite as

Sabrina De Capitani di Vimercati, Wolter Pieters, and Christian W. Probst. Secure Architectures in the Cloud (Dagstuhl Seminar 11492). In Dagstuhl Reports, Volume 1, Issue 12, pp. 11-26, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2012)


Copy BibTex To Clipboard

@Article{decapitanidivimercati_et_al:DagRep.1.12.11,
  author =	{De Capitani di Vimercati, Sabrina and Pieters, Wolter and Probst, Christian W.},
  title =	{{Secure Architectures in the Cloud (Dagstuhl Seminar 11492)}},
  pages =	{11--26},
  journal =	{Dagstuhl Reports},
  ISSN =	{2192-5283},
  year =	{2012},
  volume =	{1},
  number =	{12},
  editor =	{De Capitani di Vimercati, Sabrina and Pieters, Wolter and Probst, Christian W.},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagRep.1.12.11},
  URN =		{urn:nbn:de:0030-drops-33843},
  doi =		{10.4230/DagRep.1.12.11},
  annote =	{Keywords: attestation, auditing, cloud computing, security architectures, security modelling, verification}
}
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail