OOPN-SRAM: A Novel Method for Software Risk Assessment

Xiaofei Wu; Xiaohong Li; Ruitao Feng; Guangquan Xu; Jing Hu; Zhiyong Feng

doi:10.1109/ICECCS.2014.28

OOPN-SRAM: A Novel Method for Software Risk Assessment

Xiaofei Wu, Xiaohong Li, Ruitao Feng, Guangquan Xu, Jing Hu Zhiyong Feng

2014 19th International Conference on Engineering of Complex Computer Systems, pp.150-153

IEEE International Conference on Engineering Complex Computer Systems-ICECCS

International Conference on Engineering of Complex Computer Systems, 19th (Tianjin, China, 04/08/2014 - 07/08/2014)

16/10/2014

: https://doi.org/10.1109/ICECCS.2014.28

Software

Risk management

Object oriented modeling

Security

Computational modeling

Educational institutions

Availability

This paper proposes a Software Risk Assessment Method based on Object-Oriented Petri Net (OOPN-SRAM), in which risk assessment procedure is divided into four steps, expressed as four corresponding objects, including asset recognition, weakness analysis, consequence property confirmation and risk calculation. Each object is modeled with Petri net. Specialists recognize software assets by the1-9 scales method of Analytic Hierarchy Process (AHP). The weaknesses in a system are found by the vulnerability scanner. The damage degree and the exploitation likelihood of a weakness are evaluated by such authorities as Common Weakness Enumeration (CWE). The consequence properties are confirmed by specialists according to the software requirements. Finally, in the risk calculation, risk degree and overall risk value are calculated by using exponential method and weighted average method respectively. Furthermore, we illustrate the application of our OOPN-SRAM method with realistic examples including web-banking and forum, and make a comparison with traditional methods. The results show that OOPN-SRAM not only increases the efficiency of the evaluation process, but also makes the evaluation result more objective and accurate.

: OOPN-SRAM: A Novel Method for Software Risk Assessment
: Xiaofei Wu - Tianjin University
Xiaohong Li - Tianjin University
Ruitao Feng - Tianjin University
Guangquan Xu - Tianjin University
Jing Hu - Tianjin University
Zhiyong Feng - Tianjin University
: 2014 19th International Conference on Engineering of Complex Computer Systems, pp.150-153
: International Conference on Engineering of Complex Computer Systems, 19th (Tianjin, China, 04/08/2014 - 07/08/2014)
: IEEE International Conference on Engineering Complex Computer Systems-ICECCS
: IEEE
: 4
: 991013214582902368
: Information Technology; Faculty of Science and Engineering
: English
: Conference proceeding