Predicting Availability of Systems using BBN in Aspect-Oriented Risk-Driven Development (AORDD)
نویسندگان
چکیده
Existing security standards targets qualitative evaluation of the security level of a system against a set of predefined levels. When doing trade-off between treatment strategies, we need to supplement the qualitative evaluation with quantitative estimates of operational security. Quantitative evaluation, such as probabilistic analysis, is frequently used within the dependability domain. To estimate and make trade-off decisions regarding security treatments, we separate treatments from the primary functionality model, and model treatment strategies as aspects using AspectOriented Modeling (AOM). In this paper, we develop a Bayesian Belief Network (BBN) based prediction system for estimating system availability. Availability is estimated using the variables mean time to misuse (MTTM), mean effort to misuse (METM), impact of misuse (MI), and frequency of misuse (MF). Misuses are addressed using treatment strategies. The quality of treatment strategies is estimated using the variables treatment cost (TC) and treatment effect (TE).
منابع مشابه
Combining Disparate Information Sources when Quantifying Operational Security
Quantitative estimation of security attributes makes it possible to do cost-effective development of security critical systems. By predicting the impact and cost of potential misuses, as well as the cost and effect of security treatment strategies, one can treat security risks at the right time for the correct cost. The Aspect-Oriented Risk-Driven Development (AORDD) framework supports cost-eff...
متن کاملDecision Support for Choice of Security Solution
In security assessment and management there is no single correct solution to the identi ed security problems or challenges. Instead there are only choices and tradeo¤s. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make e¤ective use of available resources and meet end...
متن کاملDecision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework
Security critical systems development needs to integrate both project and product risks assessment into the development. Such systems need to balance time to market constraints, cost demands, functional requirement, as well as security requirements. This advocate the use of techniques that support costeffective and risk-driven development. The aspect-oriented risk-driven development (AORDD) fra...
متن کاملExtending Security Requirement Patterns to Support Aspect-Oriented Risk-Driven Development
This paper presents a pattern representation of security concern solutions and their interactions that support aspect-oriented risk-driven development (AORDD). Security concern solutions are specified early in the development process, using UML as a rigorous notation for sets of patterns. A profile consisting of stereotypes and tagged values supports security concern requirement traceability th...
متن کاملAspect Oriented UML to ECORE Model Transformation
With the emerging concept of model transformation, information can be extracted from one or more source models to produce the target models. The conversion of these models can be done automatically with specific transformation languages. This conversion requires mapping between both models with the help of dynamic hash tables. Hash tables store reference links between the elements of the source...
متن کامل