quantitative evaluation of software security: an approach based on uml/secam and evidence theory

نویسندگان

a. sedaghatbaf

school of computer engineering, iran university of science and technology, tehran, iran m. abdollahi azgomi

school of computer engineering, iran university of science and technology, tehran, iran

چکیده

quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. however, an important question arises with respect to the accuracy of input parameters. in practice, security parameters can rarely be estimated accurately due to the lack of sufficient knowledge. this inaccuracy is ignored in most of the existing evaluation methods. the aim of this paper is to explicitly consider parameter uncertainty in the software security evaluation process. in particular, we use the dempster-shafer theory of evidence to formulate the uncertainties in input parameters and determine their effects on output measures. in the proposed method, security attacks are expressed using uml diagrams (i.e., misuse case and mal-activity diagrams) and security parameters are specified using the secam profile. uml/secam models are then transformed into attack trees, which allow quantifying the probability of security breaches. the applicability of the method is validated by a case study on an online marketing system.

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory

Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...

متن کامل

the effect of functional/notional approach on the proficiency level of efl learners and its evaluation through functional test

in fact, this study focused on the following questions: 1. is there any difference between the effect of functional/notional approach and the structural approaches to language teaching on the proficiency test of efl learners? 2. can a rather innovative language test referred to as "functional test" ge devised so so to measure the proficiency test of efl learners, and thus be as much reliable an...

15 صفحه اول

on translation of politeness strategies in dialogues involving female characters in translations and retranslations of novels translated before and after the islamic revolution of iran and their effects on the image of women: a polysystem theory approach

abstract reception environment has considerable effects on accepting a translation. as the expectations of a target culture and its values and needs change throughout history, its criteria for accepting a translation or rejecting it will change accordingly (gentzler, 2001). the expectations of iran, as the reception environment in the present study, have changed after the islamic revolution. i...

Pricing Security Software: Theory and Evidence

This paper presents a model of multi-product pricing for consumer security software. It highlights two aspects unique to this kind of software. The …rst is a supply-side e¤ect relating to the security software update process that alters its cost structure, and the second is a demand-side e¤ect relating to the fact that customers often get free substitutes for components of security software sui...

متن کامل

translation of collocations from english into persian, based on ghazalas theory

غزالا همایندها را به صورت ترکیبی از دو یا چند واژه که همواره در متون مختلف زبان ها همراه با هم می آیند تعریف می نماید. از دیدگاه او روند رو به رشد میل به ترجمه ی همایندها در مطالعات ترجمه، به دلیل اهمیت آنها در انسجام ساختار زبان است. این پایان نامه اساسا به ترجمه ی همایندها منحصر شده است. هدف آن بررسی کاربرد راهکارهای غزالا در مورد ترجمه ی همایندها از انگلیسی به فارسی است. هدف دیگر آن یافتن پر...

15 صفحه اول

منابع من

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید


عنوان ژورنال:
isecure, the isc international journal of information security

جلد ۸، شماره ۲، صفحات ۱۳۷-۱۴۹

میزبانی شده توسط پلتفرم ابری doprax.com

copyright © 2015-2023