Software Security Modeling Based on Petri Nets

Volume 15, Issue 1, pp 70-77 http://dx.doi.org/10.22436/jmcs.015.01.06

Download PDF

Download XML

• Export citations
  • CITATIONS & REFERENCES
  • EndNote (.ENW)
  • Mendeley, JabRef (.BIB)
  • Papers, Zotero, Reference Manager, RefWorks (.RIS)
  • ARTICLE CITATION
  • EndNote (.ENW)
  • Mendeley, JabRef (.BIB)
  • Papers, Zotero, Reference Manager, RefWorks (.RIS)
  • REFERENCES
  • EndNote (.ENW)
  • Mendeley, JabRef (.BIB)
  • Papers, Zotero, Reference Manager, RefWorks (.RIS)

• 2808 Downloads
• 3228 Views

Authors

A. Mohsenzadeh - Department of Information Technology, Mazandaran University of Science and Technology, Babol, Iran

Abstract

Nowadays, mostly security solutions are mainly focused on how to defend against various threats, including insider threats and outsider threats, instead of trying to solve security issues from their sources. This paper proposes a security modeling process and an approach to modeling and quantifying component security based on Petri Nets (PN) in the software design phase. Security prediction in the design phase provides the possibility to investigate and compare different solutions to the target system before realization. The analysis results can be used to trace back to the critical part for security enhancing.

Share and Cite

Keywords

• Software security
• Petri net
• Security models

MSC

•  68N99
•  68Q85

References

• [1] C. C. Center, CERT/CC Statistics 1988-2005, Pittsburgh, CERT CC,http://www.cert.org/stats/cerCstats.html, Feb. , (2006)
  • Google Scholar


• [2] B. Schneier , Secrets and Lies, John Wiley and Sons, Inc., (2000)
  • Google Scholar


• [3] T. Murata, Petri nets: properties, analysis and applications, Proceedings of the IEEE , 77 (4) (1989), 541–580.
  • View Article
  • Google Scholar


• [4] N. Yang, H. Yu, H. Sun, Z. Qian, Modeling UML sequence diagrams using extended Petri nets, in: International Conference on Information Science and Applications, ICISA2010, IEEE Computer Society, (2010), 596–603.
  • Google Scholar


• [5] A. V. Ratzer, L. Wells, H. M. Lassen, M. Laursen, J. F. Qvortrup, M. S. Stissing, M. Westergaard, S. Christensen, K. Jensen, CPN tools for editing, simulating,and analysing coloured Petri nets, in:24th International Conference on Applications and Theory of Petri Nets, ICATPN 2003, in: Lecture Notes in Computer Science, vol.2679, Springer, Berlin, Heidelberg, (2003), 450–462.
  • View Article
  • MathSciNet
  • Google Scholar


• [6] S. Baarir, M. Beccuti, D. Cerotti, M. D. Pierro, S. Donatelli, G. Franceschinis, The great SPN tool: recent enhancements, ACM SIGMETRICS Performance Evaluation Review, 36 (4) (2009), 4–9.
  • View Article
  • Google Scholar


• [7] N. R. Mead, T. Stehney , Security Quality Requirements Engineering (SQUARE) Methodology, Proc. of the 2005 workshop on software engineering for secure systems-building trustworthy applications, Missouri, USA, (2005), 1-7.
  • View Article
  • Google Scholar


• [8] C. B. Haley, R. Laney, J. D. Moffett, et aI., Security Requirements Engineering: A Framework for Representation and Analysis, IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 34(1) (2008), 133-153.
  • View Article
  • Google Scholar


• [9] D. Gordon, T. Stehney, N. Wattas, E. Yu , Quality Requirements Engineering (SQUARE): Case Study on Asset Management System, Phase II (CMU/SEI-2005-SR-005). Pittsburgh, PA, Software Engineering Institute , Carnegie Mellon University (2005)
  • Google Scholar


• [10] Hui Wang, Zongpu Jia, Zihao Shen, Research on Security Requirements Engineering Process, 978-1-4244-3672-9/09/$25.00 ©IEEE , (2009), 1285-1288.
  • View Article
  • Google Scholar