Title :
Measuring software security using SAN models
Author :
Dorri Nogoorani, S. ; Hadavi, M.A. ; Jalili, Rasool
Author_Institution :
Dept. of Comput. Eng., Sharif Univ. of Technol., Tehran, Iran
Abstract :
Security is one of the important issues in developing and implementing software systems especially in highly critical applications. Quantification and measurement of security is one of the approaches adopted to achieve the desired degree of security. In this paper, Stochastic Activity Networks (SANs) are used to formally model the attacks on the system under investigation. To this end, the semi-Markov attack model is sketched. Having the semi-Markov model, Probability of Attack Success (PAS), Mean Time to First Breach (MTFB), and System Misuse Proportion (SMP) are measured according to the appropriate transformation of the model to a SAN model. As a case study, we have studied a high-level attack on a password authentication subsystem. The results prove the applicability and suitability of our proposed method in making the compromise between security and other system requirements.
Keywords :
Markov processes; message authentication; network theory (graphs); probability; safety-critical software; MTFB; PAS; SAN model; SMP; high-level attack; mean time to first breach; password authentication subsystem; probability of attack success; semiMarkov attack model; software security measurement; software security quantification; software system development; software system implementation; stochastic activity networks; system misuse proportion; system requirements; Authentication; Electronic mail; Network security; Password authentication; Security; Software systems; Steady-state; Stochastic processes; Stochastic Activity Network; password authentication; security measurement; security quantification;
Conference_Titel :
Information Security and Cryptology (ISCISC), 2012 9th International ISC Conference on
Conference_Location :
Tabriz
Print_ISBN :
978-1-4673-2387-1
DOI :
10.1109/ISCISC.2012.6408195
