A Knowledge Based Threat Analysis in Trustworthy Software Engineering

Xiao Hong Li; Feng Xu Liu; Zhi Yong Feng; Jin Liang Xing

doi:10.4028/www.scientific.net/AMM.130-134.3177

Paper Titles

The HGEDA Hybrid Algorithm for OLAP Data Cubes
p.3158

Exact Mathematical Model and its Numerical Solution of a Two-Layer Beam Subjected to Non-Uniform Temperature Rise
p.3163

A New Multi-User Beamforming Algorithm
p.3169

Context-Aware Model Based Facial Expression Nets Analysis
p.3173

A Knowledge Based Threat Analysis in Trustworthy Software Engineering
p.3177

Application of Least Square Influential Coefficient Based on Particle Swarm Optimization in Dynamic Balancing Measuring
p.3181

Study on the Wind Energy Utilization Coefficient Surface Identification of Wind Turbine
p.3185

Rotational Speed Control of Wind Power Generation Systems with Variable-Speed and Variable-Pitch
p.3190

Reservoirs Distribution and Hydrocarbon Accumulation of Ordovician Carbonate in Tazhong Uplift, Tarim Basin
p.3195

HomeApplied Mechanics and MaterialsApplied Mechanics and Materials Vols. 130-134A Knowledge Based Threat Analysis in Trustworthy...

A Knowledge Based Threat Analysis in Trustworthy Software Engineering

Abstract:

In recent years, the security of software becomes one significant feature of software. This paper improves trustworthy software engineering through a knowledge based expert system. We propose the knowledge collection and organization method, and threats analyzing algorithm in detail which are the kernel of the expert system. The software threat information is divided into threat state and exploit, and stored in the knowledge database together with the state production and exploit production representing the relationships between threat state and exploit. The threat analysis calculates the threat degree quantitatively of an application based on this knowledge in a formal way and give security advice to mitigate threats. Our method can reduce the work of an experienced security expert which is time consuming and economic costly, therefore popularizes the trustworthy software engineering.

You might also be interested in these eBooks

Mechanical and Electronics Engineering III

View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 130-134)

Pages:

3177-3180

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.130-134.3177

Citation:

Cite this paper

Online since:

October 2011

Authors:

Xiao Hong Li, Feng Xu Liu, Zhi Yong Feng, Jin Liang Xing

Keywords:

Expert System, Software Security, Threat Modeling, Trustworthy Software

Export:

RIS, BibTeX

Price:

Permissions CCC:

Request Permissions

Permissions PLS:

Request Permissions

Сopyright:

Citation:

References

[1] Common Vulnerabilities and Exposures. http: /www. cve. mitre. org [11 November 2006].

Google Scholar

[2] Meier JD. Web application security engineering. Security & Privacy, IEEE 2006; 4(4): 16-24. DOI: 10. 1109/MSP. 2006. 109.

Google Scholar

[3] Chen H, Wagner D. An Infrastructure for Examining Security Properties of Software. ACM conference on computer and communication security (2002).

Google Scholar

[4] Evans D, Larochelle D. Improving Security Using Extensible Lightweight Static Analysis. Software, IEEE 2002; 19 (1): 42-51. DOI: 10. 1109/52. 976940.

DOI: 10.1109/52.976940

Google Scholar

[5] Writing Secure Code (2nd edn). Microsoft Press.

Google Scholar

[6] Xiaohong Li, Ke He. A Uni¯ed Threat Model for Assessing Threat inWeb Applications. Information Security and Assurance 2008; DOI: 10. 1109/ISA. 2008. 47.

DOI: 10.1109/isa.2008.47

Google Scholar

[7] Dalton GC, Mills RF, Colombi JM, Raines RA. Analyzing attack trees using generalized stochastic Petri nets. Information Assurance Workshop, IEEE 2006; DOI: 10. 1109/IAW. 2006. 1652085.

DOI: 10.1109/iaw.2006.1652085

Google Scholar

[8] Tidwell T, Larson R, Fitch K, Hale J. Modeling Internet Attacks. Proceedings of the 2001 IEEE. R David, H Alla. Discrete, continuous, and hybrid Petri Nets. Springer.

Google Scholar