Attack simulation based software protection assessment method

2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security) Pub Date : 2016-06-13 DOI:10.1109/CyberSecPODS.2016.7502352

Gaofeng Zhang, P. Falcarin, Elena Gómez-Martínez, Shareeful Islam, Christophe Tartary, B. D. Sutter, Jérôme d'Annoville

{"title":"Attack simulation based software protection assessment method","authors":"Gaofeng Zhang, P. Falcarin, Elena Gómez-Martínez, Shareeful Islam, Christophe Tartary, B. D. Sutter, Jérôme d'Annoville","doi":"10.1109/CyberSecPODS.2016.7502352","DOIUrl":null,"url":null,"abstract":"Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving software assets. However, software developers still lacks a methodology for the assessment of the deployed protections. To solve these issues, we present a novel attack simulation based software protection assessment method to assess and compare various protection solutions. Our solution relies on Petri Nets to specify and visualize attack models, and we developed a Monte Carlo based approach to simulate attacking processes and to deal with uncertainty. Then, based on this simulation and estimation, a novel protection comparison model is proposed to compare different protection solutions. Lastly, our attack simulation based software protection assessment method is presented. We illustrate our method by means of a software protection assessment process to demonstrate that our approach can provide a suitable software protection assessment for developers and software companies.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"53 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSecPODS.2016.7502352","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving software assets. However, software developers still lacks a methodology for the assessment of the deployed protections. To solve these issues, we present a novel attack simulation based software protection assessment method to assess and compare various protection solutions. Our solution relies on Petri Nets to specify and visualize attack models, and we developed a Monte Carlo based approach to simulate attacking processes and to deal with uncertainty. Then, based on this simulation and estimation, a novel protection comparison model is proposed to compare different protection solutions. Lastly, our attack simulation based software protection assessment method is presented. We illustrate our method by means of a software protection assessment process to demonstrate that our approach can provide a suitable software protection assessment for developers and software companies.

查看原文本刊更多论文

基于攻击仿真的软件防护评估方法

软件保护是信息安全的一个重要方面，可以抵御恶意软件活动，保护软件资产。然而，软件开发人员仍然缺乏评估已部署保护的方法。为了解决这些问题，我们提出了一种新的基于攻击仿真的软件防护评估方法，对各种防护方案进行评估和比较。我们的解决方案依赖于Petri网来指定和可视化攻击模型，并且我们开发了基于蒙特卡罗的方法来模拟攻击过程并处理不确定性。然后，在此仿真和估计的基础上，提出了一种新的保护比较模型来比较不同的保护方案。最后，提出了基于攻击仿真的软件防护评估方法。我们通过软件保护评估过程来说明我们的方法，以证明我们的方法可以为开发人员和软件公司提供合适的软件保护评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)

自引率

0.00%

发文量