A novel approach to evaluate software vulnerability prioritization

نویسندگان

  • Chien-Cheng Huang
  • Feng-Yu Lin
  • Frank Yeong-Sung Lin
  • Yeali S. Sun
چکیده

The aim of this study is to formulate an analysis model which can express the security grades of software vulnerability and serve as a basis for evaluating danger level of information program or filtering hazardous weaknesses of the system and improve it to counter the threat of different danger factors. Through the utilization of fuzzy analytic hierarchy process (FAHP), we will organize the crossover factors of the software blind spots and build an evaluation framework. First of all, via the fuzzy Delphi method the aspects and relative determinants affecting security will be filtered out. Then we will identify the value equation of each factor and settle down the fuzzy synthetic decision making model of software vulnerability. Thanks to this model we will be able to analyze the various degrees to which the vulnerability is affecting the security and this information will serve as a basis for future ameliorations of the system itself. The higher the security score obtained therefore imply securer system. Beside this, this study also propose an improvement from the traditional fuzzy synthetic decision making model for measuring the fuzziness between enhancement and independence of various aspects and criteria. Furthermore taking into consideration the subjectivity of human in reality and constructing the fuzzy integral decision making model. Through case study, we show that the evaluation model in question is practical and can be applied on the new software vulnerabilities and measure their degree of penetration. The fuzzy integral decision making emphasize through formulation the multiply-add effect between different factors ecuri influencing information s

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Vulnerability Assessment of Historical Land uses in Khansar Region and Their Prioritization in Rescue Operations with a Disaster Management Approach

Background and Objective. In recent decades, vulnerability assessment in urban land uses such as historic building in order to increase their resilience and resistance to various human and natural hazards has received more attention. Due to the special geographic condition and special topography of the region, Khansar historical land uses are exposed to all kind of disaster and damages and a co...

متن کامل

Formal approach on modeling and predicting of software system security: Stochastic petri net

To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...

متن کامل

Evaluation and prioritization of occupational safety and health risks of Shahid Sadoughi Hospital in Yazd in 2019

Introduction: Today, it is essential to pay attention to the opportunities and threats in health services, especially in hospitals, to identify and evaluate the existing risks and manage them in these centers. Hospital risk management is a program to reduce the occurrence and prevalence of preventable accidents and is of great economic, human and moral importance in the hospital environment. Th...

متن کامل

Regression Test Case Prioritization – A Contribution-Based Approach

Regression test case prioritization techniques have traditionally been studied as a function of objective metrics such as code coverage and fault proneness, which require much data analysis and computation from software release to release. Moreover, such techniques have traditionally been evaluated as a function of fault detection effectiveness. Consequently, not only applying the techniques is...

متن کامل

A Vulnerability Prioritization System Using A Fuzzy Risk Analysis Approach

In this work, we present a fuzzy systems approach for assessing the relative potential risk associated with computer network assets exposed to attack by vulnerabilities. We use this approach to rank vulnerabilities so that analysts can prioritize their work based on the potential risk exposure of assets and networks. We associate vulnerabilities with individual assets, and therefore networks, a...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • Journal of Systems and Software

دوره 86  شماره 

صفحات  -

تاریخ انتشار 2013