This paper proposes a novel semi-automatic risk analysis approach that not only identifies the threats against the assets in a software application, but it is also able to quantify their risks and to suggests the software protections to mitigate them. Built on a formal model of the software, attacks, protections and their relationships, our implementation has shown promising performance on real world applications. This work represents a first step towards a user-friendly expert system for the protection of software applications.

Towards Automatic Risk Analysis and Mitigation of Software Applications / Regano, Leonardo; Canavese, Daniele; Basile, Cataldo; Viticchie', Alessio; Lioy, Antonio. - STAMPA. - (2016), pp. 120-135. (Intervento presentato al convegno WISTP 2016 - IFIP International Conference on Information Security Throey and Practice tenutosi a Heraklion, Crete (Greece) nel September 26–27, 2016) [10.1007/978-3-319-45931-8_8].

Towards Automatic Risk Analysis and Mitigation of Software Applications

REGANO, LEONARDO;CANAVESE, DANIELE;BASILE, CATALDO;VITICCHIE', ALESSIO;LIOY, ANTONIO
2016

Abstract

This paper proposes a novel semi-automatic risk analysis approach that not only identifies the threats against the assets in a software application, but it is also able to quantify their risks and to suggests the software protections to mitigate them. Built on a formal model of the software, attacks, protections and their relationships, our implementation has shown promising performance on real world applications. This work represents a first step towards a user-friendly expert system for the protection of software applications.
2016
978-3-319-45930-1
978-3-319-45931-8
File in questo prodotto:
File Dimensione Formato  
main.pdf

accesso aperto

Descrizione: Articolo
Tipologia: 1. Preprint / submitted version [pre- review]
Licenza: Creative commons
Dimensione 365.43 kB
Formato Adobe PDF
365.43 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2650551
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo