Title :
A qualitative and quantitative risk assessment method in software security
Author :
Zhang, Yi-kun ; Jiang, Su-yang ; Cui, Ying-an ; Zhang, Bao-wei ; Xia, Hui
Author_Institution :
Sch. o.f Comput. Sci. & Eng., XAUT, Xi´´an, China
Abstract :
Focusing on the software security risk assessment, this paper adopts the combination of the attack tree model analysis and the Bayesian Network analysis, which takes the advantage of both qualitative analysis and quantitative analysis to assess risks of software security. By the construction and pruning of the attack tree model, this method narrow down the scope of threats that are generated by software system at first. With a preliminary control of risk probability, and through the prior probability value, the conditional probability table and the Bayesian formula, this method can assess the risk probability of the software system accurately. Finally the risk assessment method makes up the deficiency of single risk assessment method, won more accurate evaluation results. It can obtain the software project risk rank more accurate and carries on the defense and the recovery to the risk partial modules.
Keywords :
belief networks; risk analysis; security of data; statistical analysis; trees (mathematics); Bayesian formula; Bayesian network analysis; attack tree model analysis; conditional probability table; qualitative risk assessment method; quantitative risk assessment method; risk probability; software security; Attack Tree Model; Bayesian Network; Software; Trustworthy;
Conference_Titel :
Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-6539-2
DOI :
10.1109/ICACTE.2010.5578960
