OOPN-SRAM: A Novel Method for Software Risk Assessment
ICECCS(2014)
摘要
This paper proposes a Software Risk Assessment Method based on Object-Oriented Petri Net (OOPN-SRAM), in which risk assessment procedure is divided into four steps, expressed as four corresponding objects, including asset recognition, weakness analysis, consequence property confirmation and risk calculation. Each object is modeled with Petri net. Specialists recognize software assets by the 1-9 scales method of Analytic Hierarchy Process (AHP). The weaknesses in a system are found by the vulnerability scanner. The damage degree and the exploitation likelihood of a weakness are evaluated by such authorities as Common Weakness Enumeration (CWE). The consequence properties are confirmed by specialists according to the software requirements. Finally, in the risk calculation, risk degree and overall risk value are calculated by using exponential method and weighted average method respectively. Furthermore, we illustrate the application of our OOPN-SRAM method with realistic examples including web-banking and forum, and make a comparison with traditional methods. The results show that OOPN-SRAM not only increases the efficiency of the evaluation process, but also makes the evaluation result more objective and accurate.
更多查看译文
关键词
cwe,oopn,software risk assessment,risk assessment procedure,exponential method,software development management,software, risk assessment, vulnerability scanner, oopn, cwe,oopn-sram method,software requirements,object-oriented petri net,ahp method,risk calculation,petri nets,asset recognition,risk assessment,risk management,software,consequence property confirmation,common weakness enumeration,weighted average method,vulnerability scanner,weakness analysis,analytic hierarchy process,object-oriented methods,security,availability,computational modeling
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络