DocumentCode :
119418
Title :
OOPN-SRAM: A Novel Method for Software Risk Assessment
Author :
Xiaofei Wu ; Xiaohong Li ; Ruitao Feng ; Guangquan Xu ; Jing Hu ; Zhiyong Feng
Author_Institution :
Tianjin Key Lab. of Cognitive Comput. & Applic., Tianjin Univ., Tianjin, China
fYear :
2014
fDate :
4-7 Aug. 2014
Firstpage :
150
Lastpage :
153
Abstract :
This paper proposes a Software Risk Assessment Method based on Object-Oriented Petri Net (OOPN-SRAM), in which risk assessment procedure is divided into four steps, expressed as four corresponding objects, including asset recognition, weakness analysis, consequence property confirmation and risk calculation. Each object is modeled with Petri net. Specialists recognize software assets by the 1-9 scales method of Analytic Hierarchy Process (AHP). The weaknesses in a system are found by the vulnerability scanner. The damage degree and the exploitation likelihood of a weakness are evaluated by such authorities as Common Weakness Enumeration (CWE). The consequence properties are confirmed by specialists according to the software requirements. Finally, in the risk calculation, risk degree and overall risk value are calculated by using exponential method and weighted average method respectively. Furthermore, we illustrate the application of our OOPN-SRAM method with realistic examples including web-banking and forum, and make a comparison with traditional methods. The results show that OOPN-SRAM not only increases the efficiency of the evaluation process, but also makes the evaluation result more objective and accurate.
Keywords :
Petri nets; object-oriented methods; risk management; software development management; AHP method; CWE; OOPN-SRAM method; analytic hierarchy process; asset recognition; common weakness enumeration; consequence property confirmation; exponential method; object-oriented Petri net; risk assessment procedure; risk calculation; software requirements; software risk assessment; vulnerability scanner; weakness analysis; weighted average method; Availability; Computational modeling; Educational institutions; Object oriented modeling; Risk management; Security; Software; CWE; OOPN; risk assessment; software; vulnerability scanner;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Engineering of Complex Computer Systems (ICECCS), 2014 19th International Conference on
Conference_Location :
Tianjin
Print_ISBN :
978-1-4799-5481-0
Type :
conf
DOI :
10.1109/ICECCS.2014.28
Filename :
6923130
Link To Document :
بازگشت