Introduction to the special issue on evaluating the security of complex systems

Abstract

Recent security breaches show the need to secure large, distributed, complex systems. A fundamental, but little discussed aspect of security is how to evaluate when a complete system is secure. Purely formal methods cannot handle this level of complexity. Code checking does not consider the interaction of separate modules working together and is hard to scale. Model-based approaches, such as patterns and problem frames, can be effective for handling large systems. Their use in evaluating security appears promising. A few works in this direction exist, but there is a need for more ideas. This Special Issue focuses on global, model-based, architectural, and systems-oriented evaluation methods.