Towards Automatic Risk Analysis and Mitigation of Software Applications - Information Security Theory and Practice
Conference Papers Year : 2016

Towards Automatic Risk Analysis and Mitigation of Software Applications

Abstract

This paper proposes a novel semi-automatic risk analysis approach that not only identifies the threats against the assets in a software application, but it is also able to quantify their risks and to suggests the software protections to mitigate them. Built on a formal model of the software, attacks, protections and their relationships, our implementation has shown promising performance on real world applications. This work represents a first step towards a user-friendly expert system for the protection of software applications.
Fichier principal
Vignette du fichier
421627_1_En_8_Chapter.pdf (185.52 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01639603 , version 1 (20-11-2017)

Licence

Identifiers

Cite

Leonardo Regano, Daniele Canavese, Cataldo Basile, Alessio Viticchié, Antonio Lioy. Towards Automatic Risk Analysis and Mitigation of Software Applications. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. pp.120-135, ⟨10.1007/978-3-319-45931-8_8⟩. ⟨hal-01639603⟩
158 View
125 Download

Altmetric

Share

More