Software Security Modeling Based on Petri Nets
- Department of Information Technology, Mazandaran University of Science and Technology, Babol, Iran
Nowadays, mostly security solutions are mainly focused on how to defend against various threats, including insider threats and outsider threats, instead of trying to solve security issues from their sources. This paper proposes a security modeling process and an approach to modeling and quantifying component security based on Petri Nets (PN) in the software design phase. Security prediction in the design phase provides the possibility to investigate and compare different solutions to the target system before realization. The analysis results can be used to trace back to the critical part for security enhancing.
Share and Cite
A. Mohsenzadeh, Software Security Modeling Based on Petri Nets, Journal of Mathematics and Computer Science, 15 (2015), no. 1, 70-77
Mohsenzadeh A., Software Security Modeling Based on Petri Nets. J Math Comput SCI-JM. (2015); 15(1):70-77
Mohsenzadeh, A.. "Software Security Modeling Based on Petri Nets." Journal of Mathematics and Computer Science, 15, no. 1 (2015): 70-77
- Software security
- Petri net
- Security models
C. C. Center, CERT/CC Statistics 1988-2005, Pittsburgh, CERT CC,http://www.cert.org/stats/cerCstats.html, Feb. , (2006)
B. Schneier , Secrets and Lies, John Wiley and Sons, Inc., (2000)
T. Murata, Petri nets: properties, analysis and applications, Proceedings of the IEEE , 77 (4) (1989), 541–580.
N. Yang, H. Yu, H. Sun, Z. Qian, Modeling UML sequence diagrams using extended Petri nets, in: International Conference on Information Science and Applications, ICISA2010, IEEE Computer Society, (2010), 596–603.
A. V. Ratzer, L. Wells, H. M. Lassen, M. Laursen, J. F. Qvortrup, M. S. Stissing, M. Westergaard, S. Christensen, K. Jensen, CPN tools for editing, simulating,and analysing coloured Petri nets, in:24th International Conference on Applications and Theory of Petri Nets, ICATPN 2003, in: Lecture Notes in Computer Science, vol.2679, Springer, Berlin, Heidelberg, (2003), 450–462.
S. Baarir, M. Beccuti, D. Cerotti, M. D. Pierro, S. Donatelli, G. Franceschinis, The great SPN tool: recent enhancements, ACM SIGMETRICS Performance Evaluation Review, 36 (4) (2009), 4–9.
N. R. Mead, T. Stehney , Security Quality Requirements Engineering (SQUARE) Methodology, Proc. of the 2005 workshop on software engineering for secure systems-building trustworthy applications, Missouri, USA, (2005), 1-7.
C. B. Haley, R. Laney, J. D. Moffett, et aI., Security Requirements Engineering: A Framework for Representation and Analysis, IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 34(1) (2008), 133-153.
D. Gordon, T. Stehney, N. Wattas, E. Yu , Quality Requirements Engineering (SQUARE): Case Study on Asset Management System, Phase II (CMU/SEI-2005-SR-005). Pittsburgh, PA, Software Engineering Institute , Carnegie Mellon University (2005)
Hui Wang, Zongpu Jia, Zihao Shen, Research on Security Requirements Engineering Process, 978-1-4244-3672-9/09/$25.00 ©IEEE , (2009), 1285-1288.