By Topic

Threat-driven modeling framework for secure software using aspect-oriented Stochastic Petri nets

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Sherief, N.H. ; Coll. of Comput. & Inf. Technol., Arab Acad. for Sci., Technol. & Maritime Transp., Alexandria, Egypt ; Abdel-Hamid, A.A. ; Mahar, K.M.

Design-level vulnerabilities are a main source of security risks in software. To improve the reliability of software design, this paper presents a modified threat-driven modeling framework, to determine which threats require mitigation and how to mitigate the threats. To specify the functions and threat mitigations of a security design as a whole, aspect-oriented Stochastic Petri nets are used as a formal amplified model. Moreover, this paper proposes an adapted augmented approach to define software security metrics based on vulnerabilities included in the software systems and their impacts on software quality. The Common Vulnerability Scoring System (CVSS), a vulnerability scoring system designed to provide a standardized method for rating software vulnerabilities, is used as the basis in the metric definition and calculations. Furthermore, a case study is detailed, which shows the essence and feasibility of using aspect-oriented stochastic Petri net models for threat modeling and that the proposed security metrics are consistent with common practice.

Published in:

Informatics and Systems (INFOS), 2010 The 7th International Conference on

Date of Conference:

28-30 March 2010