• DocumentCode
    589791
  • Title

    Measuring software security using SAN models

  • Author

    Dorri Nogoorani, S. ; Hadavi, M.A. ; Jalili, Rasool

  • Author_Institution
    Dept. of Comput. Eng., Sharif Univ. of Technol., Tehran, Iran
  • fYear
    2012
  • fDate
    13-14 Sept. 2012
  • Firstpage
    80
  • Lastpage
    86
  • Abstract
    Security is one of the important issues in developing and implementing software systems especially in highly critical applications. Quantification and measurement of security is one of the approaches adopted to achieve the desired degree of security. In this paper, Stochastic Activity Networks (SANs) are used to formally model the attacks on the system under investigation. To this end, the semi-Markov attack model is sketched. Having the semi-Markov model, Probability of Attack Success (PAS), Mean Time to First Breach (MTFB), and System Misuse Proportion (SMP) are measured according to the appropriate transformation of the model to a SAN model. As a case study, we have studied a high-level attack on a password authentication subsystem. The results prove the applicability and suitability of our proposed method in making the compromise between security and other system requirements.
  • Keywords
    Markov processes; message authentication; network theory (graphs); probability; safety-critical software; MTFB; PAS; SAN model; SMP; high-level attack; mean time to first breach; password authentication subsystem; probability of attack success; semiMarkov attack model; software security measurement; software security quantification; software system development; software system implementation; stochastic activity networks; system misuse proportion; system requirements; Authentication; Electronic mail; Network security; Password authentication; Security; Software systems; Steady-state; Stochastic processes; Stochastic Activity Network; password authentication; security measurement; security quantification;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Security and Cryptology (ISCISC), 2012 9th International ISC Conference on
  • Conference_Location
    Tabriz
  • Print_ISBN
    978-1-4673-2387-1
  • Type

    conf

  • DOI
    10.1109/ISCISC.2012.6408195
  • Filename
    6408195