J. Barzilai, Measurement and preference function modelling, International Transactions in Operational Research, vol.19, issue.2, pp.173-183, 2005.
DOI : 10.1016/0022-2496(77)90033-5

S. A. Butler, Security attribute evaluation method, Proceedings of the 24th international conference on Software engineering , ICSE '02, pp.232-240, 2002.
DOI : 10.1145/581339.581370
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.70.9285

E. Coatanea, Measurement Theory and Dimensional Analysis: Methodological Impact on the Comparison and Evaluation Process, Volume 3: 19th International Conference on Design Theory and Methodology; 1st International Conference on Micro- and Nanosystems; and 9th International Conference on Advanced Vehicle Tire Technologies, Parts A and B, 2007.
DOI : 10.1115/DETC2007-34364

L. Finkelstein and M. S. Leaning, A review of the fundamental concepts of measurement, Measurement, vol.2, issue.1, pp.25-34, 1984.
DOI : 10.1016/0263-2241(84)90020-4

D. S. Herrmann, Complete Guide to Security and Privacy Metrics. Measuring Regulatory Compliance, Operational Resilience, and ROI, 2007.

M. Howard, J. Pincus, and J. Wing, Measuring Relative Attack Surfaces, 2003.
DOI : 10.1007/0-387-24006-3_8

W. Jansen, Directions in security metric research, 2009.
DOI : 10.6028/NIST.IR.7564

A. Jaquith, Security metrics: replacing fear, uncertainty, and doubt, 2007.

E. Johansson and P. Johnson, Assessment of enterprise information security -an architecture theory diagram definition, Proc. of CSER-05, 2005.

E. Johansson and P. Johnson, Assessment of enterprise information security -estimating the credibility of the results, Proc. of SREIS-05, 2005.

E. Jonsson and T. Olovsson, A quantitative model of the security intrusion process based on attacker behavior, IEEE Transactions on Software Engineering, vol.23, issue.4, pp.235-245, 1997.
DOI : 10.1109/32.588541

I. Kramosil and J. Michalek, Fuzzy metrics and statistical metric spaces, Kybernetica, vol.11, issue.5, pp.336-344, 1974.

B. B. Madan, A method for modeling and quantifying the security attributes of intrusion tolerant systems, Performance Evaluation, vol.56, issue.1-4, pp.1-4167, 2004.
DOI : 10.1016/j.peva.2003.07.008

P. Manadhata and J. Wing, Measuring a system's attack surface, 2004.

P. Manadhata and J. M. Wing, An Attack Surface Metric, IEEE Transactions on Software Engineering, vol.37, issue.3, 2005.
DOI : 10.1109/TSE.2010.60

P. K. Manadhata, An approach to measuring a system's attack surface, 2007.

F. Martinelli, Analysis of security protocols as open systems, Theoretical Computer Science, vol.290, issue.1, pp.1057-1106, 2003.
DOI : 10.1016/S0304-3975(02)00596-0

R. Ortalo, Y. Deswarte, and M. Kaaniche, Experimenting with quantitative evaluation tools for monitoring operational security, IEEE Transactions on Software Engineering, vol.25, issue.5, pp.633-650, 1999.
DOI : 10.1109/32.815323

J. Pamula, A weakest-adversary security metric for network configuration security analysis, Proceedings of the 2nd ACM workshop on Quality of protection , QoP '06, 2006.
DOI : 10.1145/1179494.1179502

G. Stoneburner, A. Goguen, and A. Feringa, Risk management guide for information technology systems, 2001.
DOI : 10.6028/NIST.SP.800-30

P. Suppes and J. L. Zinnes, Basic measurement theory Institute for mathematical studies in the social science, 1962.

M. Walter and C. Trinitis, Quantifying the Security of Composed Systems, Proc. of PPAM-05, 2005.
DOI : 10.1007/11752578_124

A. J. Wang, Information security models and metrics, Proceedings of the 43rd annual southeast regional conference on , ACM-SE 43, pp.178-184, 2005.
DOI : 10.1145/1167253.1167295

L. Wang, An Attack Graph-Based Probabilistic Security Metric, Proc. of DBSec-09, 2008.
DOI : 10.1016/j.comcom.2006.06.018

L. Wang, S. Noel, and S. Jajodia, Minimum-cost network hardening using attack graphs, Computer Communications, vol.29, issue.18, pp.3812-3824, 2006.
DOI : 10.1016/j.comcom.2006.06.018