Abstract
There is a need for a disciplined approach for evaluating a cyber defense prior to its introduction into an operational environment. This is necessary to assess whether the benefits of the defense will be worth its costs and risks. A traditional V&V workflow is adapted for this purpose. The considerations it must take into account are described, as is the collection and presentation of pertinent metrics. An example of this workflow is given for a cyber defense against a “reconnaissance attack” that threatens information integrity and confidentiality.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Byrne DJ, Morgan D, Tan K, Johnson B, Dorros C (2014) Cyber defense of space-based assets: verifying and validating defensive designs and implementations. In: Conference on systems engineering research (CSER 2014) procedia computer science, vol 28, pp 522–530
Buckshaw DL, Parnell GS, Unkenholz WL, Parks DL, Wallner JM, Saydjari OS (2005) Mission oriented risk and design analysis of critical information systems. Mil Oper Res V10:N2
Craven P, Ramachandran N, Vaughn J, Schneider T, Nehls M (2012) Test before you fly—high fidelity planetary environment simulation. In: Global space exploration conference (GLEX)
DeVale JP, Tan KMC (2010) Evaluating information assurance performance and the impact of data characteristics. In: 2010 IEEE international conference on technologies for homeland security (HST). IEEE, pp 15–21
Dumas LN, Walton AL (2000) Faster, better, cheaper: an institutional view. Acta Astonautica 47(2):607–621
FIPS PUB 199 (2004) Standards for security categorization of federal information and information systems. Computer Security Division, NIST. http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf
Jacobs J, Rudis B (2014) Data-driven security—analysis, visualization and dashboards. Wiley, New York, ISBN: 978-1-118-79372-5
Jyothsna V, Prasad VVR, Prasad KM (2011) A review of anomaly based intrusion detection systems. Int J Comput Appl 28(7):26–35
Mirkovic J, Benzel TV, Faber T, Braden R, Wroclawski JT, Schwab S (2010) The DETER Project: advancing the science of cyber security experimentation and test. In: Proceedings of the IEEE HST; 10 conference, Waltham
Wueest C (2014) Threats to virtual environments, Symantec. http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/threats_to_virtual_environments.pdf (retrieved 1 Sep 2014)
Acknowledgments
This research was carried out at the Jet Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space Administration. We gratefully acknowledge the members of JPL’s Cyber Defense Research Initiative for many fruitful discussions, use of their test environment and infrastructure, and use of their illustrative “reconnaissance attack.”
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Feather, M.S., Wilf, J.M. & Priest, J. Metrics for V&V of cyber defenses. Innovations Syst Softw Eng 12, 81–94 (2016). https://doi.org/10.1007/s11334-015-0261-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11334-015-0261-7