Quantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
نویسندگان
چکیده مقاله:
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient knowledge. This inaccuracy is ignored in most of the existing evaluation methods. The aim of this paper is to explicitly consider parameter uncertainty in the software security evaluation process. In particular, we use the Dempster-Shafer theory of evidence to formulate the uncertainties in input parameters and determine their effects on output measures. In the proposed method, security attacks are expressed using UML diagrams (i.e., misuse case and mal-activity diagrams) and security parameters are specified using the SecAM profile. UML/SecAM models are then transformed into attack trees, which allow quantifying the probability of security breaches. The applicability of the method is validated by a case study on an online marketing system.
منابع مشابه
quantitative evaluation of software security: an approach based on uml/secam and evidence theory
quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. however, an important question arises with respect to the accuracy of input parameters. in practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملthe effect of functional/notional approach on the proficiency level of efl learners and its evaluation through functional test
in fact, this study focused on the following questions: 1. is there any difference between the effect of functional/notional approach and the structural approaches to language teaching on the proficiency test of efl learners? 2. can a rather innovative language test referred to as "functional test" ge devised so so to measure the proficiency test of efl learners, and thus be as much reliable an...
15 صفحه اولon translation of politeness strategies in dialogues involving female characters in translations and retranslations of novels translated before and after the islamic revolution of iran and their effects on the image of women: a polysystem theory approach
abstract reception environment has considerable effects on accepting a translation. as the expectations of a target culture and its values and needs change throughout history, its criteria for accepting a translation or rejecting it will change accordingly (gentzler, 2001). the expectations of iran, as the reception environment in the present study, have changed after the islamic revolution. i...
Pricing Security Software: Theory and Evidence
This paper presents a model of multi-product pricing for consumer security software. It highlights two aspects unique to this kind of software. The rst is a supply-side e¤ect relating to the security software update process that alters its cost structure, and the second is a demand-side e¤ect relating to the fact that customers often get free substitutes for components of security software sui...
متن کاملtranslation of collocations from english into persian, based on ghazalas theory
غزالا همایندها را به صورت ترکیبی از دو یا چند واژه که همواره در متون مختلف زبان ها همراه با هم می آیند تعریف می نماید. از دیدگاه او روند رو به رشد میل به ترجمه ی همایندها در مطالعات ترجمه، به دلیل اهمیت آنها در انسجام ساختار زبان است. این پایان نامه اساسا به ترجمه ی همایندها منحصر شده است. هدف آن بررسی کاربرد راهکارهای غزالا در مورد ترجمه ی همایندها از انگلیسی به فارسی است. هدف دیگر آن یافتن پر...
15 صفحه اولمنابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ذخیره در منابع من قبلا به منابع من ذحیره شده{@ msg_add @}
عنوان ژورنال
دوره 8 شماره 2
صفحات 141- 153
تاریخ انتشار 2016-07-01
با دنبال کردن یک ژورنال هنگامی که شماره جدید این ژورنال منتشر می شود به شما از طریق ایمیل اطلاع داده می شود.
میزبانی شده توسط پلتفرم ابری doprax.com
copyright © 2015-2023