opinion

Free Access

Security assurance

Author:
Steven B. Lipner

Microsoft Corporation

Microsoft Corporation
View Profile

Authors Info & Claims

Communications of the ACM Volume 58 Issue 11November 2015pp 24–26https://doi.org/10.1145/2822513

Published:23 October 2015Publication History

Communications of the ACM

Abstract

How can customers tell they are getting it?

References

Denning, D.E. Toward more secure software. Commun. ACM 58, 4 (Apr. 2015), 24--26. Google ScholarDigital Library
Howard, M. and Lipner, S.B. The Security Development Lifecycle. Microsoft Press, 2006. Google ScholarDigital Library
ISO/IEC, ISO/IEC 27034-1:2011. Information technology---Security techniques---Application security---Part 1: Overview and concepts; http://www.iso.org/iso/catalogue_detail.htm?csnumber=44378.Google Scholar
Linux Foundation. Core Infrastructure Initiative site; https://www.coreinfrastructure.org/.Google Scholar
Lipner, S.B. The trustworthy computing security development lifecycle. In Proceedings of the Twentieth Annual Computer Security Applications Conference (Tucson, AZ, 2004). Google ScholarDigital Library
Lipner, S.B., Jaeger, T., and Zurko, M.E. Lessons from VAX SVS for high assurance VM systems. IEEE Security and Privacy (Nov.-Dec. 2012). Google ScholarDigital Library
Microsoft Corporation. Life in the Digital Crosshairs, 2014; http://bit.ly/1NnOoS4.Google Scholar
Panel: Security and Source Code Access: Issues and Realities. In Proceedings of the IEEE Symposium on Security and Privacy, 2000. Google ScholarDigital Library

Index Terms

Security assurance
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
  2. Professional topics
    1. Management of computing and information systems

Recommendations

System security assurance: A systematic literature review
Abstract
System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. ...
Highlights
- Systematic literature review of security assurance of the ICT and CPSs.
- Study ...
Read More
Quantitative security assurance metrics: REST API case studies
ECSA '18: Proceedings of the 12th European Conference on Software Architecture: Companion Proceedings

Security assurance is the confidence that a system meets its security requirements based on specific evidences that an assurance technique provide. The notion of measuring security is complex and tricky. Existing approaches either (1) consider one ...
Read More
Operational security assurance evaluation in open infrastructures
CRISIS '11: Proceedings of the 2011 6th International Conference on Risks and Security of Internet and Systems (CRiSIS)

Measuring and evaluating cyber security is of primary importance in IT systems. The fundamental need to assess security choices validity and effectiveness is growing. One of the main accepted approaches to this problem is a standardized offline security ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Communications of the ACM Volume 58, Issue 11
November 2015
112 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/2838899
Editor:
Moshe Y. Vardi
Association for Computing Machinery, New York, NY
Issue’s Table of Contents
Copyright © 2015 Owner/Author
Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 23 October 2015
Check for updates
Qualifiers
- opinion
- Popular
- Un-reviewed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 7
  Total Citations
  View Citations
- 1,524
  Total Downloads
- Downloads (Last 12 months)64
- Downloads (Last 6 weeks)37
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Security assurance

Communications of the ACM

Abstract

References

Cited By

Index Terms

Recommendations

System security assurance: A systematic literature review

Quantitative security assurance metrics: REST API case studies

Operational security assurance evaluation in open infrastructures

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

HTML Format

Caption

Security assurance

Communications of the ACM

Abstract

References

Cited By

Index Terms

Recommendations

System security assurance: A systematic literature review

Quantitative security assurance metrics: REST API case studies

Operational security assurance evaluation in open infrastructures

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

HTML Format

Share this Publication link

Share on Social Media