QUANTITATIVE EVALUATION OF SOFTWARE SECURITY: AN APPROACH BASED ON UML/SECAM AND EVIDENCE THEORY

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

SEDAGHATBAF ALI; ABDOLLAHI AZGOMI MOHAMMAD

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY Year:2016 | Volume:8 | Issue:2 Page(s): 143-155

Download Full-Text

Persian Verion

View:

495

Download:

243

Cites:

Information Journal Paper

Title

QUANTITATIVE EVALUATION OF SOFTWARE SECURITY: AN APPROACH BASED ON UML/SECAM AND EVIDENCE THEORY

Author(s)

SEDAGHATBAF ALI | ABDOLLAHI AZGOMI MOHAMMAD | Issue Writer Certificate

Keywords

SOFTWARE ARCHITECTUREQ2

SECURITY EVALUATIONQ2

UNCERTAINTY QUANTIFICATIONQ2

EVIDENCE THEORYQ2

Abstract

Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient knowledge. This inaccuracy is ignored in most of the existing evaluation methods. The aim of this paper is to explicitly consider parameter uncertainty in the software SECURITY EVALUATION process. In particular, we use the Dempster-Shafer theory of evidence to formulate the uncertainties in input parameters and determine their effects on output measures. In the proposed method, security attacks are expressed using UML diagrams (i.e., misuse case and mal-activity diagrams) and security parameters are specified using the SecAM profile. UML/SecAM models are then transformed into attack trees, which allow quantifying the probability of security breaches. The applicability of the method is validated by a case study on an online marketing system.

Cites

No record.

References

No record.

Cite

APA: Copy

SEDAGHATBAF, ALI, & ABDOLLAHI AZGOMI, MOHAMMAD. (2016). QUANTITATIVE EVALUATION OF SOFTWARE SECURITY: AN APPROACH BASED ON UML/SECAM AND EVIDENCE THEORY. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 8(2 ), 143-155. SID. https://sid.ir/paper/241776/en

Vancouver: Copy

SEDAGHATBAF ALI, ABDOLLAHI AZGOMI MOHAMMAD. QUANTITATIVE EVALUATION OF SOFTWARE SECURITY: AN APPROACH BASED ON UML/SECAM AND EVIDENCE THEORY. THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY[Internet]. 2016;8(2 ):143-155. Available from: https://sid.ir/paper/241776/en

IEEE: Copy

ALI SEDAGHATBAF, and MOHAMMAD ABDOLLAHI AZGOMI, “QUANTITATIVE EVALUATION OF SOFTWARE SECURITY: AN APPROACH BASED ON UML/SECAM AND EVIDENCE THEORY,” THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, vol. 8, no. 2 , pp. 143–155, 2016, [Online]. Available: https://sid.ir/paper/241776/en

Related Journal Papers