Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory

Authors

  • A. Sedaghatbaf School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran
  • M. Abdollahi Azgomi School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran
Abstract:

Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient knowledge. This inaccuracy is ignored in most of the existing evaluation methods. The aim of this paper is to explicitly consider parameter uncertainty in the software security evaluation process. In particular, we use the Dempster-Shafer theory of evidence to formulate the uncertainties in input parameters and determine their effects on output measures. In the proposed method, security attacks are expressed using UML diagrams (i.e., misuse case and mal-activity diagrams) and security parameters are specified using the SecAM profile. UML/SecAM models are then transformed into attack trees, which allow quantifying the probability of security breaches. The applicability of the method is validated by a case study on an online marketing system.

Upgrade to premium to download articles

Sign up to access the full text

Already have an account?login

similar resources

quantitative evaluation of software security: an approach based on uml/secam and evidence theory

quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. however, an important question arises with respect to the accuracy of input parameters. in practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...

full text

the effect of functional/notional approach on the proficiency level of efl learners and its evaluation through functional test

in fact, this study focused on the following questions: 1. is there any difference between the effect of functional/notional approach and the structural approaches to language teaching on the proficiency test of efl learners? 2. can a rather innovative language test referred to as "functional test" ge devised so so to measure the proficiency test of efl learners, and thus be as much reliable an...

15 صفحه اول

on translation of politeness strategies in dialogues involving female characters in translations and retranslations of novels translated before and after the islamic revolution of iran and their effects on the image of women: a polysystem theory approach

abstract reception environment has considerable effects on accepting a translation. as the expectations of a target culture and its values and needs change throughout history, its criteria for accepting a translation or rejecting it will change accordingly (gentzler, 2001). the expectations of iran, as the reception environment in the present study, have changed after the islamic revolution. i...

Pricing Security Software: Theory and Evidence

This paper presents a model of multi-product pricing for consumer security software. It highlights two aspects unique to this kind of software. The …rst is a supply-side e¤ect relating to the security software update process that alters its cost structure, and the second is a demand-side e¤ect relating to the fact that customers often get free substitutes for components of security software sui...

full text

translation of collocations from english into persian, based on ghazalas theory

غزالا همایندها را به صورت ترکیبی از دو یا چند واژه که همواره در متون مختلف زبان ها همراه با هم می آیند تعریف می نماید. از دیدگاه او روند رو به رشد میل به ترجمه ی همایندها در مطالعات ترجمه، به دلیل اهمیت آنها در انسجام ساختار زبان است. این پایان نامه اساسا به ترجمه ی همایندها منحصر شده است. هدف آن بررسی کاربرد راهکارهای غزالا در مورد ترجمه ی همایندها از انگلیسی به فارسی است. هدف دیگر آن یافتن پر...

15 صفحه اول

My Resources

Save resource for easier access later

Save to my library Already added to my library

{@ msg_add @}


Journal title

volume 8  issue 2

pages  141- 153

publication date 2016-07-01

By following a journal you will be notified via email when a new issue of this journal is published.

Hosted on Doprax cloud platform doprax.com

copyright © 2015-2023