A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
A Methodology for Architecture-Level Reliability Risk Analysis
IEEE Transactions on Software Engineering
Hierarchically Performed Hazard Origin and Propagation Studies
SAFECOMP '99 Proceedings of the 18th International Conference on Computer Computer Safety, Reliability and Security
A Definition for Information System Survivability
HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9 - Volume 9
Model-Based Performance Risk Analysis
IEEE Transactions on Software Engineering
QPME - Queueing Petri Net Modeling Environment
QEST '06 Proceedings of the 3rd international conference on the Quantitative Evaluation of Systems
Performance Modeling and Evaluation of Distributed Component-Based Systems Using Queueing Petri Nets
IEEE Transactions on Software Engineering
Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets
IEEE Transactions on Software Engineering
| Hi-index | 0.00 |
Analysis of software survivability in the early development phase is very important to validate and specify software architecture. Specifically, quantitative evaluation of survivability is very useful to determine the architecture and to estimate the risk. The risk factor can be quantified as a combination of the probability that a software system may be failed through security threat and the severity of the damages caused by the attack. In this paper, we devise a methodology for analysis of risk factor which originates from violations of security goal. We elaborate Extended Hierarchically combined Queueing Petri Nets (E-HQPN) to estimate the survival failure probability with regard to attack and combines it with the severity of the failure consequence obtained using the Functional Failure Analysis. We apply the methodology on the development of an e-business application using step-by-step approach.