This paper proposes a novel semi-automatic risk analysis approach that not only identifies the threats against the assets in a software application, but it is also able to quantify their risks and to suggests the software protections to mitigate them. Built on a formal model of the software, attacks, protections and their relationships, our implementation has shown promising performance on real world applications. This work represents a first step towards a user-friendly expert system for the protection of software applications.
Towards Automatic Risk Analysis and Mitigation of Software Applications / Regano, Leonardo; Canavese, Daniele; Basile, Cataldo; Viticchie', Alessio; Lioy, Antonio. - STAMPA. - (2016), pp. 120-135. (Intervento presentato al convegno WISTP 2016 - IFIP International Conference on Information Security Throey and Practice tenutosi a Heraklion, Crete (Greece) nel September 26–27, 2016) [10.1007/978-3-319-45931-8_8].
Towards Automatic Risk Analysis and Mitigation of Software Applications
REGANO, LEONARDO;CANAVESE, DANIELE;BASILE, CATALDO;VITICCHIE', ALESSIO;LIOY, ANTONIO
2016
Abstract
This paper proposes a novel semi-automatic risk analysis approach that not only identifies the threats against the assets in a software application, but it is also able to quantify their risks and to suggests the software protections to mitigate them. Built on a formal model of the software, attacks, protections and their relationships, our implementation has shown promising performance on real world applications. This work represents a first step towards a user-friendly expert system for the protection of software applications.File | Dimensione | Formato | |
---|---|---|---|
main.pdf
accesso aperto
Descrizione: Articolo
Tipologia:
1. Preprint / submitted version [pre- review]
Licenza:
Creative commons
Dimensione
365.43 kB
Formato
Adobe PDF
|
365.43 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2650551
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo