Software Selection based on Quantitative Security Risk Assessment
نویسندگان
چکیده
Multiple software products often exist on the same server and therefore vulnerability in one product might compromise the entire system. It is imperative to perform a security risk assessment during the selection of the candidate software products that become part of a larger system. Having a quantitative security risk assessment model provides an objective criterion for such assessment and comparison between candidate software systems. In this paper, we present a software product evaluation method using such a quantitative security risk assessment model. This method utilizes prior research in quantitative security risk assessment, which is based on empirical data from the National Vulnerability Database (NVD), and compares the security risk levels of the products evaluated. We introduced topic modeling to build a security risk assessment model. The risk model is created using Latent Dirichlet Allocation (LDA) to classify the vulnerabilities into topics, which are then used as the measurement instruments to evaluate the candidate software product. Such a procedure could
منابع مشابه
ارائه یک روش نرم افزاری جهت استفاده از ارزیابی ریسک در بهینه سازی اقدامات حفاظت حریق ساختمان
Background and aims: The property loss and physical injuries due to fire events in buildings demonstrate the necessity of implementation of efficient and performance based fire safety measures. Effective and high efficiency protection is possible when design and selection of protection measures are based on risk assessment. This study aims at presenting a software method to make possible sele...
متن کاملA risk model for cloud processes
Traditionally, risk assessment consists of evaluating the probability of "feared events", corresponding to known threats and attacks, as well as these events' severity, corresponding to their impact on one or more stakeholders. Assessing risks of cloud-based processes is particularly difficult due to lack of historical data on attacks, which has prevented frequency-based identification...
متن کاملEstimating Security Risk for Web Applications using Security Vectors
Risk assessment has been getting increased attention as the new vulnerabilities and threats are emerging on daily basis. The popularity and complexity of web application present challenges to the security implementation for web engineering. It is well known that the earlier to perform risk assessment for software, the less cost needed to mitigate the security risks. However, quantitative estima...
متن کاملInformation Security Risk Assessment Based on Analytic Hierarchy Process
Abstract Information security risk assessment was an important component of information systems security engineering and the selection of assessment method had a direct impact on the final results of the assessment. But there were too many elements in the process of information security risk assessment. How to find the optimal elements from many elements to simplify the calculation of risk valu...
متن کاملQuantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کامل