How to Quantify the Security Level of Embedded Systems? A Taxonomy of Security Metrics
\'Angel Longueira-Romero, Rosa Iglesias, David Gonzalez, I\~naki, Garitano
TL;DR
This paper reviews and classifies over 500 security metrics for embedded systems, reducing them to 169 relevant metrics, to establish a foundation for a standardized security evaluation methodology.
Contribution
It introduces a taxonomy for security metrics and provides a comprehensive literature survey, focusing on metrics applicable to embedded system security assessment.
Findings
77.5% of metrics relate to software security
Only 0.6% of metrics address hardware security
169 potential metrics identified for embedded system evaluation
Abstract
Embedded Systems (ES) development has been historically focused on functionality rather than security, and today it still applies in many sectors and applications. However, there is an increasing number of security threats over ES, and a successful attack could have economical, physical or even human consequences, since many of them are used to control critical applications. A standardized and general accepted security testing framework is needed to provide guidance, common reporting forms, and the possibility to compare the results along the time. This can be achieved by introducing security metrics into the evaluation or assessment process. If carefully designed and chosen, metrics could provide a quantitative, repeatable and reproducible value that would reflect the level of security protection of the ES. This paper analyzes the features that a good security metric should exhibit,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Security and Verification in Computing · Advanced Malware Detection Techniques