下载文档原格式
万方数据万方数据万方数据万方数据基于攻击效果的WSN路由安全评估模型作者:詹永照, 饶静宜, 王良民, ZHAN Yong-zhao, RAO Jing-yi, WANG Liang-min作者单位:江苏大学计算机科学与通信工程学院,镇江,212013刊名:计算机科学英文刊名:COMPUTER SCIENCE年,卷(期):2010,37(7)参考文献(9条)1.张小川;李祖枢基于人工生命行为选择的智能体决策的研究[期刊论文]-计算机科学 2007(05)2.赵冬梅;马建峰;王跃生信息系统的模糊风险评估模型[期刊论文]-通信学报 2007(04)3.Krontiris I;Dimitriou T;Freiling F C Towards intrusion detection in wireless sensor networks 20074.包秀国;胡铭曾;张宏莉两种网络安全管理系统的生存性定量分析方法[期刊论文]-通信学报 2004(09)5.Jaquith A;李冬冬;韦荣Security Metrics:Replacing Fear,Uncertainty,and Doubt 20076.Maarouf I Efficient monitoring approach for reputation system-based trust-aware routing in wireless sensor networks 2009(05)7.肖道举;杨素娟;周开锋网络安全评估模型研究[期刊论文]-华中科技大学学报 2002(04)8.Zhang Y R;Xian M;Wang G Y A quantitative evaluation technique of attack effect of computer network based on network entropy[期刊论文]-Journal on Communications 2004(11)9.裴庆祺;沈玉龙;马建峰无线传感器网络安全技术综述[期刊论文]-通信学报 2007(08)本文链接:/Periodical_jsjkx201007016.aspx。
the state of the mobile touch web a taptu report january 2010This is the first report from Taptu in a monthly series that will track the growth of the Mobile Touch Web.what we didTaptu has been crawling and indexing the Mobile Touch Web since early 2009. We scan more than 100 million Web sites each month using specialized software that detects whether any given site is a full Web site or a Mobile Touch Web. We then categorize them by interest area and score them by quality.what we observedFrom our December Web scan, we are estimating a total global number of 326,000 Mobile T ouch Web sites. This compares with 148,000* iPhone apps in the App Store and 24,000** apps in the Android market. We measured a much higher proportion of Shopping & Services sites, 20% compared to 3.6% in the App Store. Conversely, we measured a much lower proportion of games, just 0.9% of Mobile Touch Web sites vs 18% of apps in the App Store (see Figure 1 on page 03). why it’s importantThere’s a 2nd wave of content arriving for the iPhone and other touchscreen devices – the Mobile Touch Web. At 326,000 sites it is already significantly larger than the App Store in pure volume terms. It’s derived from the Web, but these Web sites are created specifically for mobile touchscreen devices, with finger-friendly layouts and lightweight pages that are fast to load over cellular networks. This 2nd wave of content shows a significant concentration – 20% – in the Shopping and Services category. We forecast that the Mobile Touch Web is going to play an extremely important role in the future development of mobile commerce.contents04I ntroduction to theMobile Touch Web07G lobal overview:Mobile Touch Sites,all categories selected category analysis: 09S hopping & Servicescategory analysis11E ntertainment category analysis 12P laces Travel & Localcategory analysis14W orld Affairs category analysis 15M ens Interest category analysis 17W omens Interest category analysis 18M usic category analysis20S port category analysis21A bout Taptu & methodologyintroduction to the mobile touch web When the iPhone first arrived in 2007, there was very littletouchscreen-optimised content available, apart from the appsthat came preloaded with the device. Normal full Web sitescould be viewed under the Safari browser, the same sitesthat you browsed on your PC. Media content was availablefrom iTunes, just the same as you could buy for your iPod. Itwasn’t until the birth of the App Store a year later in July 2008that the first significant wave of iPhone-optimised contentarrived. It’s fair to say that the App Store’s rapid growth tookmany industry watchers by surprise. To date, more than148,000 different apps have been offered for download, allcreated and optimized for the iPhone’s touchscreen formfactor.Now there’s a 2nd wave of content arriving for the iPhoneand other touchscreen devices. It’s derived from the Web,but these Web sites are created specifically for mobiletouchscreen devices, with finger-friendly layouts andlightweight pages that are fast to load over cellular networks.We illustrate the growth and timing of this relative to thegrowth of iPhone and Android apps in Figure 1 below.Taptu has been crawling and indexing the Mobile Touch Websince early 2009. We scan more than 100 million Web siteseach month using specialized software that detects whetherany given site is a full Web site or a Mobile Touch Web site(see the later section on Methodology). We then categorizethem by interest area and score them by quality. This monthlyreport offers a snapshot of the data in our index to provideinsight into the key trends driving this 2nd big wave of mobilecontent.As of December 1st, we estimate a total number of326,600 Mobile Touch Web sites. This compares with148,000 iPhone apps in the App Store and 24,000 apps inthe Android market. The circular chart in Figure 2 shows theconstituent parts of the Mobile Touch Content ecosystemthat is growing up around these new devices.Touchscreen sites 326600iPhone apps 148000*Android apps 24000**Blackberry apps 4000Nokia apps 2500Mobile touch websitesiPhone apps Android apps figure 2analysis of the mobile touch content ecosystemfigure 1growth of mobile touch contentintroduction to the mobile touch web continued...In the Mobile Touch Web we see a much higherproportion of Shopping & Services sites, 20%compared to 3.6% in the App Store (see Figure3). This is not altogether surprising, since manyproducts and services do not really fit intoApple’s iTunes content-oriented billing system.Conversely in the App Store we see a muchhigher proportion of games (18% compared to0.9%) vs the Mobile Touch Web. This too is anintuitive result, since apps deliver a much richer,more interactive gaming experience than thecasual games available on the Mobile Web.Proponents of Mobile Web development citea number of reasons why developers willincreasingly favour Web-based services overapps. Unlike apps, which only run on singledevice platforms, Mobile Touch Web sites rununder any mobile browser which is built on theopen source Webkit components. With supportfor HTML 5 features already being rolled out inthese browsers, it’s getting easier and easier tocreate rich touch screen user experiences withthe browser without having to create platform-specific apps. In the future, using open standardAPIs (e.g. the Bondi initiative) Web developerswill be able to access deeper device functionssuch as geo-location.Once created, these Web-based services canbe easily wrapped (e.g. using Phonegap) asapps for distribution in app stores. This gives thedeveloper two parallel discovery mechanisms:i) visitors clicking on organic results in mobilesearch engines and ii) visitors downloading fromapp stores.Conversely, the proponents of Mobile Appdevelopment argue that a rich user experiencecan only be delivered from true applicationscreated for that specific mobile operatingsystem platform. We believe that this is a strongargument for certain types of apps. Gamesdevelopers will continue to focus on the appsroute, because high-quality games can onlybe created using platform specific app code.For many other types of app, the economics ofsoftware development and publishing favoursthe Web development route. There is no needfor this to become a religious debate. Bothroutes will be important, and the route that ischosen will depend on the specific app and thedistribution strategy of the software developeror publisher.figure 3comparison of app storeand mobile touch web% of total App Store Mobile T ouch Web Games 18.0 0.9 Entertainment 14.4 2.2 Sport 3.7 1.2 Shopping & services*** 3.6 20.3 Music 3.3 1.5 Social 1.7 11.6Sources: *App Store data taken from Mobclix, Jan 17th 2010*** Data calculated from Business and Finance categories in App Storeintroduction to the mobile touch web continued...conclusion and predictionsThere’s a 2nd wave of content arriving for theiPhone and other touch screen devices – theMobile Touch Web. Unlike the first wave ofcontent – Mobile Touch Apps - this new typeof content can be created once to run on anytouch screen device equipped with a Webkit-based mobile browser. This is attractive tocontent publishers, especially smaller publisherswho cannot justify creating multiple app variants,one for every different mobile OS.This 2nd wave of content shows a significantconcentration – 20% – in the Shopping andServices category. We measured a muchhigher proportion of Shopping & Services sites,20% compared to 3.6% in the App Store. Weforecast that the Mobile Touch Web is going toplay an extremely important role in the futuredevelopment of mobile commerce.Today, the Mobile Touch Web is entering themainstream, comparable in volume terms tothe apps category. We predict that the MobileTouch Web will grow vigorously over the nextfive years, and will approach the quality of userexperience of Mobile Touch Apps across all theapp categories except for games. By the end of2010 we forecast that the Mobile Touch Web willhave grown to more than 500,000 sites, and to1 million sites by the end of 2011.mobile touch sites global overview january 2010Shopping & Services Photo & Design Social World Affairs Places, Travel & Local Men’s Interest Women’s Interest TechnologyOthermobile touch sites analysis of mobile touch sites T op categories % of sites Chg %Shopping & Services 20.3% 8.1%Photo & Design 16.3% 5.4%Social 11.6% 9.2%World Affairs 8.3% 5.8%Places,Travel & Local 6.6% 6.5%Mens Interest 5.3% 8.8%Womens Interest 4.7% 5.6%Technology 4.3% 9.7%News & Weather 3.7% 9.2%Adult 2.5% 16.3%Entertainment 2.2% 9.9%Music 1.5% 9.6%Sport 1.2% 11.0%Games 0.9% 9.7%Autos etc 0.9% 30.8%Fashion 0.3% 9.3%Celebrities 0.2% 8.8%Nature & Environment 0.3% 13.1%Gambling 0.2% 19.5%Other 8.5% 17.1%Global total number of Web sites scanned 112.6mSites estimated as touch-friendly 326,600 (0.29%)mobile touch sites global overviewjanuary 2010higher quality sitesT op categories % of sites Chg %Shopping & Services 23.9% 0.4%Social 16.2% (0.5%)World Affairs 12.1% 1.4%Places,Travel & Local 9.2% 1.4%Adult 5.2% 4.8%Mens Interest 5.0% 1.4%Womens Interest 4.8% 1.4%Photo & Design 2.4% 3.2%News & Weather 2.5% 11.8%Entertainment 2.2% 7.2%Technology 1.3% 13.6%Sport 1.1% 9.2%Games 1.0% 5.2%Music 1.0% 7.8%Autos etc 0.4% 10.7%Fashion 0.3% 4.3%Celebrities 0.2% 10.7%Nature & Environment 0.2% 17.3%Gambling 0.1% 26.9%Other 10.7% 0.2%Shopping & ServicesSocialWorld AffairsPlaces, Travel & LocalAdultMen’s InterestWomen’s InterestPhoto & DesignOtherhigher qualitysitesshopping & services mobile touch sites january 2010analysis of mobile touch sites*T op categories % of sites Chg %Business 33.2% 1.6%General 29.9% 0.5%Real Estate 16.6% 0.7%Adult - Paid 7.3% 0.4%Car 1.5% 9.2%Financial Services 0.8% 4.2%Gadget 0.4% 10.9%Shopping Assistants 0.5% 6.4%Food 0.3% 5.3%Games - Paid 0.2% 5.7%Music - Paid ringtones 0.1% 0.0%Other 9.2% 2.9%T otal 100.0% example sites in category Site Name Site URL Yellowbook Ebay /KL Realty /iPhone/Twistys /Auto Trader http://autotrader.mobi/Bank of America https:///mobile Dell Parents Choice /iphone/Whole Foods /Gameloft Napster Important: To view site, go to site URL on your touchscreen phone (Many sites do not render properly on PC browsers)BusinessGeneralReal EstateAdult - PaidCarFinancial ServicesOther shopping & servicesShopping & Business % of sites 20.3%example shopping & services mobile touch sites example entertainment mobile touch sitesoverstock /amazon ebayhttp://hot uk deals heat world celeb edge http://m.celebedge.ca perez hilton nbc /entertainment mobile touch sitesjanuary 2010Movies General Theatre TV Shows Videos Sites HumorWallpaper Sites Comic Strips Otherentertainmentanalysis ofmobile touch sites*T op categories% of sitesChg %Movies 23.5% 5.0%General 15.7% 9.4%Theater 12.6% 1.8%TV shows 8.5% 8.6%Video Sites 7.7% 9.7%Humor 4.8% 8.9%Wallpaper sites 4.4% 2.6%Comic Strips 2.5% 0.0%Podcasts 1.7% 3.3%Comic Magazines 1.7% 0.0%Ringtones 1.6% 0.0%Comedy1.2% 0.0%Anime 0.6% 22.2%Horror 0.5% 0.0%Fantasy 0.4% 16.7%Manga 0.3% 50.0%Cute Stuff 0.2% 0.0%Other 11.9% 10.4%T otal100.0%example sites in categorySite Name Site URLUniversal Pictures http://universalpictures.mobi/Disney /iphone/Backstage /Daily Motion /College Humor / /GoComics /Stitcher /ROK Comics /Ringo Station / /iPhone Alchemy /m/FEARnet /Syfy /Manga Fox /Elias Smiles Boing Boing/Entertainment % of sites:2.2%Important: To view site, go to site URL on your touchscreen phone (Many sites do not render properly on PC browsers)places, travel & local mobile touch sitesjanuary 2010Cities General Restaurants Hotels Otherplaces, travel and localanalysis ofmobile touch sites*T op categories% of sitesChg %Cities 75.2% 0.4%General 6.1% 12.5%Restaurants 3.3% 6.1%Hotels 2.8% 11.6%Attractions 1.5% 6.2%Venues 1.4% 3.8%Bars 1.1% 4.8%Cafes 1.1% 3.2%Clubs 0.6% 0.0%Weather0.5% 3.3%Museums 0.5% 8.0%Roads 0.4% 4.8%Mountains 0.3% 7.1%Beaches 0.2% 0.0%Galleries0.2% 0.0%Other 4.8% 13.7%T otal100.0%example sites in categorySite NameSite URLPocket London Guide /Lonely Planet /Glowbal Restaurant /mobile/Healdsburg Hotel /mobile/CItyPass /mobile/cp/ How’s the Bar http://howsthebar.mobi Lazy Larrys Travels /Club List Now /mobile2.php The Weather Channel /Velvet Foundation /Road Report http://roadreport.mobi Snow Lifts /Beach Watch /Smallest gallery /Travelocity/Places, Travel & Local % of sites 6.6%Important: To view site, go to site URL on your touchscreen phone (Many sites do not render properly on PC browsers)example places, travel &local mobile touch sitesexample world affairs mobile touch siteslastminute http://lastminute.mobilondonist breaking travel newswikitravelthe new york timesyahoo!usa todaythe economistworld affairs mobile touch sitesjanuary 2010Medicine General Religion WeatherFinance & Markets Science Environment world affairsanalysis ofmobile touch sites*T op categories% of sitesChg %Medicine 30.3% 0.6%General 23.7% 3.6%Religion 21.7% 0.4%Weather11.9% 0.1%Finance & Markets 3.7% 4.3%Science 2.2% 3.6%Environment 1.9% 7.2%Reference 1.4% 54.1%Politics 0.7% 11.5%Languages0.6% 12.5%History 0.2% 18.8%Quotations 0.2% 0.0%Military 0.2% 15.4%Crime 0.1% 12.5%Disasters0.0% 0.0%Other 1.2% 12.0%T otal100.0%example sites in categorySite Name Site URL Disease Control / Time /Cross Roads /Weather Underground / CNN Money http://cnnmoney.mobi/Discover Magazine /Treehugger Britannica /Politico Leo/ Current Archaeology /Idiots Quoted /iphone/ /SpotCrime /iphone.php Florida Evacuates /mobile/Topix/World Affairs % of sites 8.3%Important: To view site, go to site URL on your touchscreen phone (Many sites do not render properly on PC browsers)mens interest mobile touch sitesjanuary 2010Men’s Health Food & Drink Top Gadgets Colleges & Unis Othermens interestanalysis ofmobile touch sites*T op categories% of sitesChg %Men’s Health 71.5% 0.4%Food & Drink 10.0% 6.9%Top Gadgets 4.9% 0.0%Colleges & Unis 4.1% 16.2%Hobbies 3.3% 14.3%Careers & Jobs 2.4% 7.7%General 1.1% 10.7%Fitness1.0% 3.6%Glamour Models 0.7% 0.0%Girl Mag 0.2% 0.0%Other0.8% 9.5%T otal100.0%example sites in categorySite Name Site URLMen’s Health /Food Network http://www.foodnetwork.mobi/Gizmodo Westminster College /eHow Mobile /i/ /Spike Pump10/iphone/Sacha Dean Biyan /mobile/Playboy Mens Interest % of sites: 5.3%Important: To view site, go to site URL on your touchscreen phone (Many sites do not render properly on PC browsers)example mens interest mobile touch sitesexample womens interest mobile touch sites5ubox /ip/secret exit/ralph lauren rugby/trendhunterhttp://www.trendhunter .com/mobilefood network tvvictoria’s secretfashionismdolce & gabbannahttp://www.dolcegabbana.mobwomens interest mobile touch sitesjanuary 2010Women’s Health Food & Drink Colleges & Unis Careers & Jobs Beauty Hobbies Otherwomens interestanalysis ofmobile touch sites*T op categories% of sitesChg %Women’s Health 73.7% 0.4%Food & Drink 10.1% 6.6%Colleges & Unis 3.6% 11.8%Careers & Jobs 2.5% 9.2%Beauty 2.1% 5.3%Hobbies 1.5% 7.3%General 1.3% 5.6%Fitness 1.1% 6.9%Hair 1.1% 10.7%Astrology 0.6% 28.6%Love & Dating 0.5% 0.0%Other1.9% 17.0%T otal100.0%example sites in categorySite Name Site URLMiss Mint /Chow MIT/m/Guardian jobs http://guardianjobs.mobi/ /mobile DC Spring /iphone/ELLEgirl /That’s Fit /thatsfit Pantene /Starkiva/Romance Women /romance Womens Interest % of sites 4.7%Important: To view site, go to site URL on your touchscreen phone (Many sites do not render properly on PC browsers)music mobile touch sitesjanuary 2010General Radio Artists Events/Gigs Free Ringtones Videos Othermusicqnalysis ofmobile touch sites*T op categories% of sitesChg %General 32.3% 5.1%Radio 21.1% 7.2%Artists 18.6% 13.5%Events/ Gigs 9.1% 5.5%Free Ringtones 2.4% 7.1%Videos 2.0% 0.0%Info 0.8% 0.0%Lyrics 0.8% 66.7%Other12.9% 15.5%T otal100.0%example sites in categorySite Name Site URLSpin Magazine /AccuRadio /iphone/The Club http://the-club.mobi Glastonbury http://www.glastonbury.mobi/Zedge MyWaves /m/Billboard /Metro Lyrics /KompozMusic % of sites: 1.5%Important: To view site, go to site URL on your touchscreen phone (Many sites do not render properly on PC browsers)example music mobile touch sitesexample sport mobile touch siteslast.fm/ministry of sound//idionike espn/sport mobile touch sitesjanuary 2010MLB NBA NFL Golf Soccer Formula 1NHLsportanalysis ofmobile touch sites*T op categories% of sitesChg %General/Multi Sports 29.1% 5.8%MLB 7.3% 6.4%NBA 6.6% 4.7%NFL 5.7% 11.4%Golf 4.4% 3.4%Soccer 3.9% 12.5%Formula 1 1.9% 18.2%Indy Car1.7% 20.0%NCAA Football 1.6% 22.2%NHL 1.5% 0.0%Olympics 1.5% 42.9%NASCAR 1.0% 40.0%Boxing 1.0% 40.0%Horse Racing0.9% 20.0%Wrestling0.9% 0.0%Women’s Basketball 0.6% 0.0%Cricket 0.6% 33.3%Rugby Union 0.4% 0.0%Tennis0.4% 0.0%Women’s Soccer 0.1% 0.0%Other 29.0% 15.7%T otal100.0%example sites in categorySite Name Site URLESPN / /RealGM SB Nation GOLF .com / / /IndyCar Mobile /GatorZone /iphone/ /NBC Olympics /mobile/ Boxing/cats/box_spThoroughbred Daily News /WWE /WNBA/ England Cricket Board /mobile/Player 23 http://www.player23.mobi/US Open /mobile/SEC Sports /GO211/Sport % of sites 1.2%Important: To view site, go to site URL on your touchscreen phone (Many sites do not render properly on PC browsers)report methodology january 2010Taptu scans 110 million internet domainseach month, using a cluster of 750 servers,downloading approximately 10 terabytes of datafor each scan. Each scanned site is checkedagainst a number of tests for potential mobiletouchscreen-friendliness.Candidate sites are then filtered to identifyEnglish language sites, then further evaluatedfor site quality, then classified by type.“Higher quality” sites which as used as the basisof our category-level analysis are defined asthose with above average quality score for eithervisual quality or information quality. These qualityratings, together with site popularity data, areused as the basis for our selections of TaptuTop 10 Touch Screen Sites in each of thetopic categories.about taptu Founded in 2007, Taptu built a strong userbase and reputation for entertainment searchon mobile devices. The service was availableglobally in 5 languages, generated in excessof 1 million searches per day and over 3.2million users (June 2009) and picked up severalinternational awards along the way.Taptu has been crawling and indexing theMobile Touch Web since early 2009. Consumerscan now, for the first time, search and exploremillions of mobile touch web sites, apps, imagesand the realtime web from their touch screenmobile device. Taptu is also making this uniqueindex available to third parties via an API.sign-up for future reportsvisit /metricstry taptu for freePlease visit on your touch screen mobileDownload Taptu Touch Search from the AppleApp Store or Android marketplacemore info/blogget in touchemail hello@twitter @taptuthe state of the mobile touch web - a taptu report january 201021。
第34卷第1期电网技术V ol. 34 No. 1 2010年1月Power System Technology Jan. 2010 文章编号:1000-3673(2010)01-0056-06 中图分类号:TM 734 文献标志码:A 学科代码:470·4051基于Karush-Kuhn-Tucker最优条件的电网可疑参数辨识与估计曾兵,吴文传,张伯明(电力系统及发电设备控制和仿真国家重点实验室(清华大学电机工程与应用电子技术系),北京市海淀区 100084)A Method to Identify and Estimate Network Parameter Errors Based onKarush-Kuhn-Tucker ConditionZENG Bing, WU Wen-chuan, ZHANG Bo-ming(State Key Laboratory of Control and Simulation of Power Systems and Generation Equipment (Department of Electrical Engineering, Tsinghua University), Haidian District, Beijing 100084, China)ABSTRACT: Network parameter errors may strongly deteriorate the accuracy of state estimation results and affect both reliability and accuracy of other applications, thus state estimation program should possess the function to recognize and estimate element parameters. In this paper, firstly, based on Lagrangian algorithm an iterative method to identify incorrect parameters is proposed to generate branch parameter set to be modified; then a parameter estimation method based on the sensitivity of parameter to objective function, which represents how the parameters affect the quality of the state estimation solution, is researched, and for the chosen distrustful branch this method calculate the sensitivity of parameters of distrustful branch to objective function of state estimation; finally, the variable step-size successive approximation method is used to estimate the parameters of distrustful branch. This method eschews the numerical stability in traditional methods, so it is practicable. The results of IEEE 14-bus system and IEEE 30-bus systems show that the proposed method is corrective.KEY WORDS: network parameter errors identification; network parameter estimation; Karush-Kuhn-Tucker (KKT) condition摘要:电网元件参数的误差会导致能量管理系统的状态估计结果不准确,从而影响其他应用结果的可靠性和精确性,因此状态估计程序应当具有辨识和估计元件参数的功能。
Introduction to UnileverMarch 2010Contents•Vision3-4•Geographic reach5-6•Categories and brands7-9•Management & organisation10-11•Social responsibility12•Winning with Brands and Innovation13-20•Winning in the Market Place21-24•Winning through Continuous Improvement25•Winning with People26•Local roots with global scale27•The D&E opportunity28-34•Financial performance35•Commitment to shareholder value36•Legal structure, governance and shares 37-43•Contact information44Safe harbour statementThis document may contain forward-looking statements, including ‘forward-looking statements’within the meaning of the United States Private Securities Litigation Reform Act of 1995. Words such as ‘expects’,‘anticipates’, ‘intends’, ‘believes’or the negative of these terms and other similar expressions of future performance or results and their negatives are intended to identify such forward-looking statements. These forward-looking statements are based upon current expectations and assumptions regarding anticipated developments and other factors affecting the Group. They are not historical facts, nor are they guarantees of future performance. Because these forward-looking statements involve risks and uncertainties, there are important factors that could cause actual results to differ materially from those expressed or implied by these forward-looking statements, including, among others, competitive pricing and activities, economic slowdown, industry consolidation, access to credit markets, recruitment levels, reputational risks, commodity prices, continued availability of raw materials, prioritization of projects, consumption levels, costs, the ability to maintain and manage key customer relationships and supply chain sources, currency values, interest rates, the ability to integrate acquisitions and complete planned divestitures, the ability to complete planned restructuring activities, physical risks, environmental risks, the ability to manage regulatory, tax and legal matters and resolve pending matters within current estimates, legislative, fiscal and regulatory developments, political, economic and social conditions in the geographic markets where the Group operates and new or changed priorities of the Boards. Further details of potential risks and uncertainties affecting the Group are described in the Group’s filings with the London Stock Exchange, Euronext Amsterdam and the US Securities and Exchange Commission, including the 20-F Report and the Annual Report and Accounts 2009. These forward-looking statements speak only as of the date of this document. Except as required by any applicable law or regulation, the Group expressly disclaims any obligation or undertaking to release publicly any updates or revisions to any forward-looking statements contained herein to reflect any change in the Group’s expectations with regard thereto or any change in events, conditions or circumstances on which any such statement is based.Our visionWe are a successful, growing,sustainable businessWe work to create a better future every day.We help people feel good, look good and getmore out of life with brands and services that are good for them and good for others.We will inspire people to take small everyday actions that can add up to a big differencefor the world.We will develop new ways of doing business that will allow us to double the size of our company while reducing our environmentalimpact.New VisionWhere we will win New Vision40bn2xBehaviour•Focus on our consumers •Focus on our customers •Employee engagement •Community supportHow we will win•Grow everywhere•Winning with Brands and Innovation•Winning in the Market Place •Winning through Continuous Improvement•Winning with People1 in2 households in the world have a Unilever brand at home160 million times a day, in 170 countries, people use our products at key moments of their dayBalanced scale across geographiesAmericas €13bn 32% SalesWestern Europe€12bn30% SalesAsia AMET CEE€15bn38% Sales“Our deep roots in local cultures and markets a round the world give us our strong relationship with consumers and are the foundation for future growth. We will bring our wealth of knowledge and international expertise to the service of local consumers -a truly multi-local multinational”-extract from Unilever’s Corporate purposeLeading Category PositionsLocal Strength●Oral Care●Household CleaningWorld Number 2●Laundry●Daily Hair CareWorld Number 1●Savoury●Dressings●Tea●Ice Cream●Spreads●Deodorants●Mass SkinWith a broad based portfolioSavoury, Dressings & SCCBeverages and Ice CreamHome Care Personal Care33% Sales 19% Sales18% Sales30%SalesBig global brandsTop 25 brands =around ¾of Unilever’s salesChief Executive OfficerPresidentAsia Africa &CE EuropePresidentCategoriesPresidentAmericasChief HROfficerA global management teamNon-Executive Chairman Michael Polk Harish Manwani Vindi Banga Sandy Ogg Jean-Marc HuëtPaul Polman Michael TreschowPresidentWestern EuropeDoug BaillieChief R&DOfficerGeneviève BergerChiefFinanceOfficerPier LuigiSigismondiChief SCOfficerCategoriesDeliver global platformsResponsible for:Brand developmentInnovationResearch and Development Accountable for:Medium/long term market shareBrand health Innovation metrics Category value creationRegions and Categories Clear, distinct, complementary rolesRegionsExecute on the groundResponsible for:Managing the businessDeploying brands and innovationsCustomer managementAccountable for:Growth Profit Cash flowsShort term market sharesTo succeed also requires, we believe, the highest standards of corporate behaviour towards everyone we work with, the communities we touch, andthe environment on which we have an impactCorporate responsibilityUnilever has led the food industry category of the Dow Jones Sustainability Indexes (DJSI) for the past 11 years.•Eco-efficiency –reducing the impacts of our operations •Eco-innovation –reducing the impacts of our products •Sustainability programmes in agriculture and water •Our Code of Business Principles •Supporting local communitiesWinning with Brands and InnovationR&D -The engine that drives profitable growth •6 major R&Dcenters•Stronger links with Marketing •Investment in patents & clinical trial expertise •Open innovation•Leverage science across our categories•GenesisprojectsR&DSpray Technology DeodorantsStructured Oils and EmulsionsHair TechnologySkin Mildness and MoisturizingProduct Processing e.g. Ice CreamScience of TeaSome examples:Winning with Brands and InnovationR&D –Science and Technology StrengthsGenesisPrioritisation: from a multitude oftechnologies to identify the mostdisruptive+ Consumer needsand Category needsGENESIS-Projects >€50mincremental Sales-Starting in 2011-Cross-category Winning with Brands and InnovationR&D –Genesis projectsBouillon jellyproprietary technologyMaking foods healthierA unique slimming tea twice as rich in catechinsto help maintain yoursilhouetteDriving sustainabilityStronger functional claimsNutritionFamily Goodness brings betternutrition for familygrowth.For better taste and with less fatDetergent concentration technology for less water, less transport, higher marginsAn unrivalled multi-sensorial experienceusing cold roller technologyMagnum TemptationDelicious light mayonnaise with only3% fat.With unique citrus fibre technologyHellmann’s LightDove NutriumComfort Fresh Technology ReleaseSuperior moisturisationin a liquidComfort with breakthroughtechnology“Do the moves to release thefreshness”Dove Go Fresh50 marketsNew Lipton Pyramid TeaAxe TwistHellmann’s with citrus fibre64 markets 38 markets40 marketsWinning with Brands and Innovation Bigger, better, faster innovationsPremiumMid tierFamilyValueWinning with Brands and InnovationAppeal to more consumers across needs and price pointsIce creamStork PktWillow ICBINB! LightVitaliteStork SB Ow n Label ButterCountry Life Block ICBINB!Kerrygold BlockUtterly Butterly Other Dairy Crest (inc Uniq)Flora ButteryOw n Label Health SpreadsKerrygoldGoldFlora E x Light & DietFlora OriginalFlora Light Flora Low /No SaltCountry Life SpreadableKerrygold Spreadable Flora Om ega 3 Plus Ow n Label Spreadable ButterClover StandardBertolli Standard Anchor SpreadableLurpak Spreadable Ow n Label Diet Health Flora Pro-Activ Light Benecol Buttery Flora Pro-Activ OliveBenecolFlora Pro-Activ E xtra LightPlaying the full piano:Average Unit Price Margarine UKBlue bar = Unilever brandPremiumMassEconomyWinning with Brands and InnovationAppeal to more consumers across needs and price pointsUnilever manages a number of partnerships globallyUnilever has unparalleled reach across the store, bringing unique ‘shopper insight’to our partnership with customersWinning in the Market PlaceCustomer Insight and Innovation Center Roll OutMCO UK/IreGo-LiveJan 2010Winning in the Market Place Market DevelopmentMore UsersConsumptionPenetrationMore UsageMore Benefits (trading up)Winning through Continuous ImprovementVirtuous Circle of Volume GrowthVolume growth givescost leverageRe-invest in compellingmixesPortfolio choices prioritise high margin attractive businessAmplified by savings and value improvementConstantly improve consumer value equationInnovation creates new added value businessPeople are the heart of our businessHarnessing, developing and rewarding their skills, energy and commitment isour priorityUnilever is one of the world’s most culturally diverse companies, withtop leadership from 20 nationsMore than 35% of managers worldwide arewomenWinning with PeopleLocal rootsGlobal scaleLocal roots with global scale•Global portfolio of brands and categories •Dedicated R&D investment •Shared values and standards of behaviour•Understanding of the local consumer •Brands and products across a wide range of income levels •Critical mass on the ground •Corporate reputation with local stakeholders and talent poolOur heritage and local expertise mean that D&E is in our DNALeveraging our scale brings us advantages over local competition1bn new consumers in next 10 years based onpopulation and income growthConsumer spending is growing faster in D&E than inthe developed worldRising per capita income gives disproportionate growth in per capita consumption for UnilevercategoriesThe D&E opportunityThe D&E pyramid …0.92.52.5AffluentAspiringStriving Population in 2009(billions)Have lotsAspiringNot yet…rapidly evolving into a diamond2020+ 0.9+ 0.4-0.52.92.01.8ChangeSource: Unilever estimates2.52.50.9Billions of people in D&E countries2009Market development opportunityPer Capita Consumption (US $ per year )Source : EuromonitorDetergents1.42.21.912.116.622.9India China Indonesia Brazil Germany USAShampoo0.31.01.15.46.77.5India China Indonesia Brazil USA GermanyIce Cream0.20.92.85.034.650.9India Indonesia China Brazil Germany USASkin care0.33.20.810.926.936.6India China Indonesia Brazil USA GermanyD&E MarketsNew consumersTrading consumers upConsumer penetrationConversion in foods1 billion newconsumers inthe next 10yearsLoose LeafTeaStandardteabagsPyramidteabagsRe-closablemulti-usesachetsDeo ministicks Mini cubesPackaged food opportunityA major driver of Unilever’s growthWestern Europe 38%North America 23%D&E 36%% 2004 SalesOther developed 3%D&E underlying sales growth c. 9% p.a. since early 1990sD&E 44%NorthAmerica 21%Western32%Western Europe 30%North America 18%D&E 50%Other Developed 2%% 2009 Sales14.815.114.515.2Unilever DevelopedMarkets D&E D&E ExclChina/RussiaD&E Growth is Profitable2009 Operating margin beforeRDIs** Restructuring, disposals and one-off itemsUnilever Financial Performance(*) Continuing operations(**) Restructuring, disposals and one-off itemsTotal Unilever200420052006200720082009€bnTurnover 37.238.439.640.240.539.8Operating Profit4.05.15.45.27.2 5.0Operating Profit before RDIs** 5.85.9 5.9Net Profit*2.73.3 3.74.15.3 3.7Earnings per share* €0.871.071.191.32 1.79 1.21Earnings per share before RDIs** € 1.391.43 1.33Net Cash Flow from operating activities5.5 4.4 4.5 3.93.95.8Commitment to shareholder value“…our road to sustainable, profitable growth, creating long term value for our shareholders, our people, and our business partners”extract from Unilever’s Corporate purpose Unilever measures its Total Shareholder Return, over a 3 year rolling period, amongst a peergroup of 20 other companies.Peer group in 2009•Avon •Beiersdorf •Cadbury Schweppes •Clorox •Coca-Cola •Colgate •Danone •Heinz •Kao •Kraft •Kimberley Clark•Lion•L’Oréal•Nestlé•Orkla•Pepsico•Procter&Gamble•Reckitt Benckiser•Sara Lee•ShiseidoUnilever’s TSR position relative to the peergroup over a rolling 3 year period7142119992000200120022003200420052006200720082009Unilever was formed in 1930 from two companies:It was a full business merger, operating as a single business entity Two separate legal parent companies were maintained:-Unilever NV (Netherlands) and Unilever PLC (UK).This works through an equalisation agreement and other contracts between the two companiesLegal structure, governance and sharesMargarine Unie (Netherlands)Lever Brothers(UK)Unilever NV and PLC have separate legal identities but operate as a single entityNV share holdersPLC shareholders DirectorsNV PLCEqualisation‘One Unilever’Operating UnitsUnilever firmly believes in maintaining high standards ofCorporate GovernanceThese have evolved in response to developments in Europe (UK Combined Code, Dutch Corporate Governance Code) and the US (Sarbanes Oxley, NYSE listing rules)Unilever operates a unified board: the boards of NV and PLC comprise the same directorsThere is a majority of independent, non-executive directors on the board. The Chairman is non-executiveThe boards have ultimate responsibility for the business as a wholeDetails of current arrangements can be found in the report and accounts in the investor centre at Unilever NV ordinary shares or certificates (depositary receipts) are listed on the stock exchanges in Amsterdam and as New York shares on the New York Stock Exchange. Unilever PLC ordinary shares are listed on the London Stock Exchange and as American Depositary Receipts in New York. Each ADR represents 1 underlying ordinary PLC share.There are 1 714 727 700 NV ordinary shares in issue, each with a nominal value of€0.16.There are 1 310 156 361 PLC ordinary shares in issue, each with a nominal value of 31/9 pence.The equalisation agreement between NV and PLC is such that each NV ordinary share has the same rights and benefits as each PLC ordinary share.The combined share count excluding treasury stock, for calculating basic EPS, was2,804 million at the end of 2009.Further information can be found in the investor centre at Notes:*Relates to interim and final dividends per ordinary shareFinal 2008 dividends subject to AGM approval US dividends based on exchange rate on 4 Feb 2009Exchange Share TickerCash payment per share –2009*Amsterdam Unilever NV UNA €0.7795London Unilever PLC ULVR £0.6441New YorkUnilever NV NY UN $1.0867Unilever PLC NY UL $1.0047(*) This includes the final dividend of 2008 and the interim dividend for 2009.As agreed at the 2009 AGM’s, Unilever has moved to the payment of quarterly dividends with effect from 1st January 2010.During 2010, four quarterly dividends will be paid.Share listings and ownership Share listings as a percentage ofidentified capitalNV NY9%PLC 39%NV 48%PLC ADR4%Share ownership by country at theend of 2009Netherlands8%USA22%UK31% Other39%Taxation on dividends for US residentsThis information is intended to provide general guidance only. Actual tax treatments will depend on specific circumstances. US residents should consulttheir local tax advisers.The information shown is generally applicable to a typical US resident.Further information can be found in the Unilever Annual Report &Accounts,available on the investor centre at Share Unilever NV (Netherlands)Unilever PLC(UK)Local withholding tax US tax Effective tax on dividends15% eligible for credit Against US income taxMax 15%Max 15%NoneMax 15%Max 15%Further information and contact detailsThe IR team can be contacted by telephone as follows:+ 44 (0) 20 7822 6830Or by e-mail at:investor.relations@The shareholder centre at gives information on how to purchase Unilever stock.More information on Unilever is available at 。
SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGYShirley Radack, EditorComputer Security DivisionInformation Technology LaboratoryNational Institute of Standards and TechnologyMore than 100 years ago, Lord Kelvin (William Thomson, lst Baron Kelvin), the distinguished British mathematical physicist and engineer, observed that measurement is vital to knowledge and to continued progress in physical science. Lord Kelvin stated that: “To measure is to know,” and “If you can not measure it, you can not improve it.” These observations on measurements are relevant to our use of information technology (IT). Organizations rely on IT to carry out their daily operations and to deliver products and services to the public. Managers are challenged to use IT effectively and to protect their systems and information from security threats and risks. There have been many past efforts to develop security measurements that could help organizations make informed decisions about the design of systems, the selection of controls, and the efficiency of security operations. But the development of standardized measurements for IT has been a difficult challenge, and past efforts have been only partly successful.Security metrics are needed to provide a quantitative and objective basis for security operations. Metrics support decision making, quality assurance of software, and the reliable maintenance of security operations. To address this need for more precise measurement of security technology, the Information Technology Laboratory of the National Institute of Standards and Technology (NIST) recently published a report that examines past efforts to develop security metrics and points to possible areas of future research that could lead to improved metrics.National Institute of Standards and Technology Interagency Report (NISTIR) 7564, Directions in Security Metrics ResearchWritten by Wayne Jansen of NIST, Directions in Security Metrics Research provides background information on the various meanings and interpretations that have been applied to the term “security metrics.” The report examines critical aspects of security measurement as identified by past efforts and highlights the factors that are relevant to security metrics research. It then focuses on research efforts that are needed to advance the development of effective security metrics. An extensive reference list includes books, papers, and publications on security metrics.NISTIR 7564, which is summarized in this bulletin, is available at the NIST Web page /publications/PubsNISTIRs.html.What are Security MetricsIn general, a metric implies a system of measurement that is based on quantifiable measures. A method of measurement used to determine the unit of a quantity could be a measuring instrument, a reference material, or a measuring system. The measurement of an information system for security involves the application of a method of measurement to one or more parts of the system that have an assessable security property in order to obtain a measured value. The goal is to enable an organization to evaluate how well it is meeting its security objectives.The method of measurement that is employed should be reproducible, and should achieve the same result when performed independently by different competent evaluators. Also, the result should be repeatable, so that a second assessment by the original team of evaluators produces the same result. All results of measurements should be timely and relevant to the organization.Many of the traditional concepts in metrology that are used in the physical sciences, such as the use of fundamental units, scales, and uncertainty, either have not been applied to IT or have been applied less rigorously than in the physical sciences. Available quantitative metrics for IT system security generally reflect an evaluator’s reasoned estimates of security. These measures of information system security properties, which are often based on the evaluator’s expertise, intuition, and insight, may be subjective and non-repeatable.Issues in Developing Security MetricsPast efforts to develop security metrics include the Trusted Computer System Evaluation Criteria of the Department of Defense; the Information Technology Security Evaluation Criteria of the European Communities; the Systems Security Engineering Capability Maturity Model of the International Systems Security Engineering Association; and the international Common Criteria. These arrangements have had only limited success. A review of them suggests some essential factors that need to be addressed by researchers. • System security is dependent on measurement of both correctness and effectiveness. Correctness is the assurance that the security components of a system have been implemented correctly and that they do what they are intended to do. Effectiveness is the assurance that the security components meet their stated security objectives, and that they do not do anything other than the intended tasks.Correctness is evaluated by examining the ability of the security-enforcing mechanisms to carry out their tasks precisely to the specifications. Correctness can be assessed during the development and operations processes by determining how well the system meets it stated objectives. Effectiveness is evaluated by assessing the strength of the security-enforcing mechanisms to withstand attacks in carrying out their function. This assessment determines how well the security-enforcing components are integrated and work together,the consequences of any known or discovered vulnerabilities, and the usability of the system.Security evaluations of correctness and effectiveness are done largely through reasoning rather than direct measurement of actual hardware and software components. Evaluators may make assumptions, and results may not be timely and reproducible. Organizations frequently require the use of standardized procedures and criteria, and conduct evaluator training classes to help eliminate some of the subjective practices. However, more automated methods for evaluating correctness and effectiveness would be useful.• Security metrics could lead to better assessments of the leading, coincident, or lagging indicators of the actual security state of the system. Leading and lagging indicators reflect security conditions that exist before or after a shift in security. Coincident indicators reflect security conditions that are happening concurrently with a shift in security. If a lagging indicator is treated as a leading or coincident indicator, the consequences due to misinterpretation and reaction can lead to serious problems. Simple counts, when used as a security measure, can be especially hard to classify and interpret. An increase in the number of viruses detected by antivirus software could be a leading indicator, because the increased activity indicates an elevated threat level; but the count could also be a lagging indicator, because an efficient antivirus mechanism has been implemented. Also, decreased activity could indicate that the antivirus mechanism is losing its effectiveness, other security-enforcing mechanisms are increasingly successful, or the system is simply not being subjected to many attacks.Many security measures can be viewed as lagging indicators. Over time, better understanding of a system and its weaknesses may lead to system security assessments that reflect a lower security standing and higher associated risk. This is often based on successful attacks on the system or other similar systems that reveal unexpected avenues of attack. Frequent repairs to systems make them more complicated to track. No metrics are available to measure the total state of security of a system.• Organizational security objectives vary because organizations have different purposes, hold different assets, have different exposure to the public, face different threats, and have different tolerances to risk. Also, most organizations do not have sufficient funds to protect all computational resources and assets at the highest degree possible and must prioritize based on criticality and sensitivity.Security metrics, which organizations use to determine how well they are meeting their security objectives, must meet the needs of different organizations. Since risks and policies are different, it is difficult to establish security metrics that could be used for system comparisons between organizations. There are similarities in high-level security objectives of organizations performing similar work. Security profiles of organizational security requirements and criteria can be used to standardize common sets of core requirements of such organizations for use in comparisons. However, these solutions have limitations insofar as only a portion of needed processes may be covered.• Measurements of the qualitative and quantitative properties of software have been difficult to achieve. Many desired properties such as complexity, usability, and scalability are qualities that can be expressed in general terms, but are difficult to define in objective, useful terms.Quantitative measures of security properties can be represented by terms such as low, medium, and high. Often, numeric values are used to represent rankings that are qualitative, such as, 1, 2, and 3, instead of low, medium, and high. The numeric difference between ranked values may be significant for some metrics, but may not be significant for security metrics. Quantitative valuations of several security properties may also be weighted and combined to derive a composite value, but these values can be misleading.Qualitative properties may be intangible and cannot be captured via direct measurement. In cases where no quality can be clearly identified, such as the taste of wine, either a panel of experts rates various qualities using a blind rating or some measurable characteristics that are believed to correlate well with the quality in question are assessed. Developing techniques such as these could improve software security assessments.• The security measurements of small components of a system do not necessarily indicate the security of the larger system. Security measurements have been more successful when the target of assessment is small and simple rather than large and complex. An evaluation, which focuses exclusively on cryptographic modules, generally requires less cost and time than an evaluation of a product that incorporates such modules. Larger systems generally have greater complexity and functionality, and the number of possible interactions increases as the number of components in a system increases, requiring more scrutiny and greater cost to evaluate.Two systems, both of which are considered to be secure, can be connected together resulting in a composite system that is not secure. Composability is a property that would lead to better security measurements; composability would allow the security measurements of small systems to contribute directly to the measurement of the larger systems of which they are a part.Areas of Research to Improve Security MetricsResearch efforts are needed to address these aspects of security measurements:• Determine good estimators of system security.• Reduce reliance on the human element in measurement and inherent subjectivity.• Offer a more systematic and speedy means to obtain meaningful measurements.• Provide understanding and insight into the composition of security mechanisms. NISTIR 7564 identifies the following areas of research, which pose difficult and multifaceted problems for researchers. While these problems may not be solvedcompletely and quickly, work toward the goals stated above could lead to the development of improved security metrics.• Formal Models of Security Measurement and Metrics. Security measurements that are conceived at a high level of abstraction and formalism are often difficult to interpret and apply in practice, such as when software patches, version updates, and configuration setting changes take place in operational environments. Formal models that depict security properties of operational IT systems and incorporate relevant objects of significance to system security measurement are needed.The research goal is to establish formal models with a level of detail that is sufficient to enable realistic predictions of operational system behavior and portray security measurements accurately. Attack surface metrics, which uses a formal model defined from an intuitive notion of a system’s attack surface (i.e., the ways in which the system can be entered and successfully attacked), is an example of the type of work envisioned. The formal model is characterized in terms of certain system resources—those methods, channels, and data items that an attacker can use to cause damage to the system. The surface measurement model can then be applied to compare attack surface measurements of systems along each of the three dimensions.Research into formal models could also benefit the design of decision support systems that manage security infrastructure risks by using security metrics to determine security investments. Decision support models that incorporate technical and organizational aspects of a system and also quantify the utility of a security investment based on established principles could be valuable.• Historical Data Collection and Analysis. Predictive estimates of the security of software components and applications under consideration should be extractable from historical data collected about the characteristics of other similar types of software and their vulnerabilities. Organizations could gain insight into security measurements by analyzing historical data collections to identify trends and correlations, and to discover unexpected relationships and interactions.The research goal is to identify characteristics of software components and applications that can be extracted and used to predict the security condition of other software. Available open source software repositories could serve as a starting point for the data collection, but this approach will require additional effort to incorporate vulnerability information and to identify the points at which the known vulnerabilities first appeared in the code set.A historical data collection could also be the basis for confirming the validity of independently proposed security measurements and methods of measurement, identifying whether measures are leading, lagging, or coincident indicators, and establishing estimates of latency and uncertainty for identified indicators. The data collection could also help in investigating new methods of detecting expected and unexpected relationships for use as estimators, and in developing mathematical and computationalmethodologies to improve analysis of the data collection. A subset of the historical data collection could also be used as reference materials for training or rating the proficiency of security evaluators.• Artificial Intelligence Assessment Techniques. Artificial Intelligence (AI) involves the design and implementation of systems that exhibit capabilities of the human mind, such as reasoning, knowledge, perception, planning, learning, and communication. AI encompasses a number of subdisciplines including machine learning, constraint satisfaction, search, agents and multi-agent systems, reasoning, and natural language engineering and processing. The application of AI to security metrics could lead to ways to reduce subjectivity and human involvement in performing security assessments.The research goal is to identify areas of security evaluations that could be performed using AI or AI-assisted techniques and to demonstrate their use. Dealing with uncertainty and inconsistency has been a part of AI from its origins. Recently, AI systems have been used to independently formulate, refine, and test hypotheses from observed data to uncover fundamental properties, and to manage uncertainty and inconsistencies. The expectation is that AI technologies can play a similar role in the context of security assessments.• Practicable Concrete Measurement Methods. The current practice of security assessment puts more emphasis on the soundness of the evaluation evidence of the design and the process used in developing a product than on the soundness of the product implementation. The rationale is that without a correct and effective design and development process, a correct and effective implementation is not possible. The emphasis on design and process evidence versus actual product software largely overshadows practical security concerns involving the implementation and deployment of operational systems.The research goal is to devise methods of measurement that address vulnerabilities occurring in implementation and deployment, and complementing existing security assessment practices that emphasize design and development process evidence. Various forms of black box security testing offer an example of a possible type of concrete measurement method. For example, fuzzing is a type of fault injection technique that involves sending various types of pseudorandom data to available interfaces to discover unknown flaws present in programs and systems. Fuzzing techniques have been shown to be an effective means for detecting security vulnerabilities that otherwise might escape detection.• Intrinsically Measurable Components. Development of computing components that are inherently attuned to measurement and that clearly exhibit security properties would be a significant improvement in the state of the art of security metrics. The research goal is to identify issues of mechanism and component design that facilitate or promote security measurement. Some potential methods include preparing strength of mechanism arguments in conjunction with the design and development of a security-enforcing component; establishing lower and upper bounds on mechanism strength, similar to theway performance bounds are calculated for sorting, matching, and other essential algorithms used in computing; and applying evaluation criteria during the system design process to establish component properties.Research results are available for cryptographic mechanisms that would allow bounds on the effort required to breach components to be determined, similar to metrics used to evaluate and identify weaknesses leading to failure in the physical security of storage safes and vaults. Extending this type of analysis to trust mechanisms is a more challenging problem, but not without promise. For example, components that rely on certain surety mechanisms, such as authentication modules designed for passwords or biometric modules for fingerprints, lend themselves to certain types of strength analysis. Information on NIST Security-Related PublicationsFor information about NIST standards, guidelines, and other security-related publications, see /publications/index.html.DisclaimerAny mention of commercial products or reference to commercial organizations is for information only; it does not imply recommendation or endorsement by NIST nor does it imply that the products mentioned are necessarily the best available for the purpose.。
