About this Journal Submit a Manuscript Table of Contents
ISRN Artificial Intelligence
Volume 2013 (2013), Article ID 482949, 18 pages
http://dx.doi.org/10.1155/2013/482949
Review Article

Comparison of Adaptive Information Security Approaches

VTT Technical Research Centre of Finland, Kaitoväylä 1, 90571 Oulu, Finland

Received 27 May 2013; Accepted 24 August 2013

Academic Editors: P. Kokol, Y. Liu, and Z. Liu

Copyright © 2013 Antti Evesti and Eila Ovaska. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Abstract

Dynamically changing environments and threat landscapes require adaptive information security. Adaptive information security makes it possible to change and modify security mechanisms at runtime. Hence, all security decisions are not enforced at design-time. This paper builds a framework to compare security adaptation approaches. The framework contains three viewpoints, that is, adaptation, security, and lifecycle. Furthermore, the paper describes five security adaptation approaches and compares them by means of the framework. The comparison reveals that the existing security adaptation approaches widely cover the information gathering. However, the compared approaches do not describe how to decide a method to perform a security adaptation. Similarly, means how to provide input knowledge for the security adaptation is not covered. Hence, these research areas have to be covered in the future. The achieved results are applicable for software developers when selecting a security adaptation approach and for researchers when considering future research items.