formal approach on modeling and predicting of software system security: stochastic petri net
نویسندگان
چکیده
to evaluate and predict component-based software security, a two-dimensional model of software security is proposed by stochastic petri net in this paper. in this approach, the software security is modeled by graphical presentation ability of petri nets, and the quantitative prediction is provided by the evaluation capability of stochastic petri net and the computing power of markov chain. each vulnerable component is modeled by stochastic petri net and two parameters, successfully attack probability (sap) and vulnerability volume of each component to another component. the second parameter, as a second dimension of security evaluation, is a metric that is added to modeling to improve the accuracy of the result of system security prediction. an isomorphic markov chain is obtained from a corresponding spn model. the security prediction is calculated based on the probability distribution of the mc in the steady state. to identify and trace back to the critical points of system security, a sensitive analysis method is applied by derivation of the security prediction equation. it provides the possibility to investigate and compare different solutions with the target system in the designing phase.
منابع مشابه
Formal approach on modeling and predicting of software system security: Stochastic petri net
To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...
متن کاملA Formal Petri Net Based Model for Antivirus Update Agent System
In this paper, a formal model for antivirus update agent system is presented based on mobile agent technology and predicate/transition Petri nets. The mobile agent system contains two mobile agents called DCA and UNA. It sends out agents to update antivirus on client computers in a network. Each agent takes on a specified responsibility. First, DCA roams through the network and check the last d...
متن کاملA Formal Petri Net Based Model for Antivirus Update Agent System
In this paper, a formal model for antivirus update agent system is presented based on mobile agent technology and predicate/transition Petri nets. The mobile agent system contains two mobile agents called DCA and UNA. It sends out agents to update antivirus on client computers in a network. Each agent takes on a specified responsibility. First, DCA roams through the network and check the last d...
متن کاملMapping CRC Card into Stochastic Petri Net for Analyzing and Evaluating Quality Parameter of Security (TECHNICAL NOTE)
CRC cards are unconventional method for identifying and describing classes, behavior and its responsibilities and collaborators of class. Representation of three categories of class, responsibilities and collaborators can give proper image of scenario. These cards are effective method for analyzing scenarios. With all positive features of CRC cards, of weaknesses of these cards are failure to s...
متن کاملTime Management Approach on a Discrete Event Manufacturing System Modeled by Petri Net
Discrete event system, Supervisory control, Petri Net, Constraint This paper presents a method to manage the time in a manufacturing system for obtaining an optimized model. The system in this paper is modeled by the timed Petri net and the optimization is performed based on the structural properties of Petri nets. In a system there are some states which are called forbidden states an...
متن کاملEmbedded System Modeling and Verification Based on Deterministic and Stochastic Petri Net ?
Embedded systems are interrupt-driven systems, which achieve interactions with peripherals and environment through the interrupt mechanism, and handle exceptions. However, due to the randomness of trigger method, response with priority, and preemptive execution, interrupt behaviors are hard to accurately predict and interrupt defects are difficult to track. Once a program error is caused by int...
متن کاملمنابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
journal of ai and data miningناشر: shahrood university of technology
ISSN 2322-5211
دوره 3
شماره 1 2015
میزبانی شده توسط پلتفرم ابری doprax.com
copyright © 2015-2023